last executing test programs: 2m31.557057604s ago: executing program 4 (id=134): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000130d00"/20, @ANYRES32=0x0, @ANYBLOB="d11101000000000008000500", @ANYRES32=r1, @ANYBLOB="140012800c0001006d6163766c616e"], 0x3c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd}]}}) 2m30.98142542s ago: executing program 4 (id=140): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x13ff, 0x0, &(0x7f0000000340)='\x00', 0x1, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0}) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f0000000140)={0x0, 0x6}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x11, &(0x7f00000000c0)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x800005}}, {@journal_dev={'journal_dev', 0x3d, 0xb08}}, {@delalloc}, {@data_writeback}, {@lazytime}, {@data_ordered}]}, 0x1, 0x631, &(0x7f0000000e80)="$eJzs3c1vVFUbAPDn3k6/3/edQt6ouJBGYyBRWlrAEGMC3bgiBD92riotBBkooTVaJLFNcGNi3LgwceVC/C+UxK0Lty7cuDIkxBgWYlDG3Jk7ZTrt9Hs6pf39kmnvndM557lNn54zZ86ZCWDPGsy+pBEHIuJaElGsKytEXjhY/bn7f9w8n92SKJff+j2Jmx8nc/V1Jfn3/vzB/xQj+SmN2N+xtN3p2RuXx0ulyev5+fDMlWvD07M3jly6Mn5x8uLk1dFXRk+eOH7i5MjRTV1fHtPf2Zczt977oPjp2Xe++ephMvLtL2eTOB2P8tiy62p8bPemWs5+Z4NRrnqwqCCNOLnJuneKP4u1v5OK7uwPIim0MyLWI42IUxHRGRFPRzE64nGyFuOTN9oaHNBS5SQqfdRgGdh7kmhadKkn/yexVE9LYwK2Q20cUHtuv9zz4KXSVg5JgG1yb6w6V1fN/c6IqOV/oTo3GD2VuYG++0n9PE9lXm1zM3NVWRs//nD2VnaLJvNwQGvMzddmuRv7/6SSmwNRfQ7Qdz9dlP9j+SggzV8neLOx4jVOng82nMt/2D5z8xHxTN7/d8Wa8z/Nc7eW/+9usH35DwAAAAAAAFvnzlhEvLzc+r90Yf1P1zLrf/oj4vQWtL/663/p3fwg2YLmgDr3xiJeW3b978Ia34GO/Oy/lfUAncmFS6XJoxHxv4g4HJ3d2flIQ731K4SPfLb/y2bt16//y25Z+7W1gHlNdwsNa4kmxmfGN3vdQMS9+YhnK+t/D+b3LF7/k/X/yTL9f5bf19bYxv4Xb59rVrZ6/gOtUv464tCy/f/j4Xay8vtzDFfGA8O1UcFSz330+XfN2pf/0D5Z/9+3cv53J/Xv1zO9vvq7IuLYbKHcrHyj4/+u5O2OWv2ZD8dnZq6PRHQlZ5beP7q+mGG3quVDLV+y/D/8wsrzfwvj/7o87I2IuTW2+dSj/l+blen/oX2y/J9Yuf8vLu7/138wenvg+2btn1tT/3+80qcfzu8x/wf1lr4fx1oTtC3hAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMATLo2I/0SSDi0cp+nQUER/RPw/+tLS1PTMSxem3r86kZVVPv8/rX3Sb7F6ntQ+/3+g7ny04fxYROyLiC86eivnQ+enShPtvngAAAAAAAAAAAAAAAAAAADYIfore/7L3Y37/zO/dbQ7OqDlCvl3+Q57T2HDjyx3b2kgwLbbeP4DT7L5deV/Z0tjAbZf8/x/8LBc0XD368+3PCZgexj/w961wfz3cgHsAvp/2KvWOKfX0+o4gHbQ/wMAAAAAwK6y7+Cdn5OImHu1t3LLdOVlvW2NDGi1tN0BAG1jDS/sXYWpdkcAtIsN/UCycPRX42b/iuar/5PWBAQAAAAAAAAAAAAALHHoQPP9//YGwO628v5/a/thN1th//9yye/tAmAXaf7RH/p+2O08xwdW6+3t/wcAAAAAAAAAAACAHaDnxuXxUmny+vTsk3dwameEsb6DufHN1VPu3glXsfjgUWtq7oyInXGBW3CQJVupNFkuR6z+w7W34GhjzO39twQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADz2bwAAAP///UcgJw==") 2m29.919082843s ago: executing program 32 (id=142): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000003c0), 0x3) getsockopt$bt_hci(r0, 0x11a, 0x3, 0x0, 0x0) 2m29.910405723s ago: executing program 4 (id=147): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xfffffffc, @loopback={0xfec0ffff00000000}, 0xfffffffe}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) 2m29.582770884s ago: executing program 4 (id=150): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x81012, r0, 0x0) 2m28.646108712s ago: executing program 4 (id=154): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=@base={0x2, 0x4, 0x8, 0x9}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{}, 0x0, &(0x7f0000000880)=r1}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xd, 0x4, 0x4, 0x7, 0x0, r0, 0x10000}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001000), &(0x7f0000000880), 0xde9, r2}, 0x38) 2m27.212305031s ago: executing program 4 (id=161): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newchain={0x24, 0x64, 0x1, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xfff1, 0xc}, {0x0, 0x2}, {0xd, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x24044801}, 0x20040000) 2m26.698262619s ago: executing program 33 (id=161): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newchain={0x24, 0x64, 0x1, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xfff1, 0xc}, {0x0, 0x2}, {0xd, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x24044801}, 0x20040000) 2m20.454510912s ago: executing program 5 (id=195): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x4, 0x101, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x800}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x98) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000045c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 2m20.232597689s ago: executing program 5 (id=196): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r0, &(0x7f00000002c0)=""/4096, 0x1000) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000) 2m19.411474762s ago: executing program 5 (id=203): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r1) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x40, r3, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x7}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x44}, 0x20004000) 2m18.192162234s ago: executing program 5 (id=208): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f00000059c0)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303235362c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0002d1c71f8348abae1fff96ec907a723dca530cf5aea9622c1169c27c91b4d703f02da55a70e4108d30dd0a1b6e467d05c6c0237e3772dfb37da0e9705c62c7f6dc21ef782f52303a65f3196af86a3d58c8bfb0ef60c974b0e0b44af5ce33f407facb3838bd4bf9b7a99d612518ac3ddddf95b10ead9f78580da79051b5011a94bc44336ebf9378b479860af435366b6d4cdb9c5ffd949b52f82ac9c92de853"], 0x5, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 2m16.774306085s ago: executing program 5 (id=212): syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x82, &(0x7f0000000700)=ANY=[@ANYBLOB='iocharset=default,noadinicb,gid=forget,gid=ignore,nostrict,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c616e63686f723d30303030000088be0900303030303030303030312c7569643d666f726765742c00215e8c2e42462f3ab5e1f7c0527abbb422be9178aa60681964adb069ae876c4a599d560075ac47c0de1a9bb9146af6433efdcdac853a8e8f16d6bad90ecce0a1fab46f48331e6b3c325c08df3c334e4da28067a30b3b1dc64bf692c712fc273bc1702008f563765c6f3e67d97e1369973c2a87f0ecca7320819863179fb85e394a8cf1d62c70d8306633b6958ebf998a0685bc5cdd1f97291328743add4c867115fae1082f8faf482e15eb939968"], 0xfd, 0xc34, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUnrIY4k/yYajiD/K4/++/bAbAwAAAAAAAAAAAAAAAAAA8IlWxHuR4sV3j6b16J9TvN25XL/QvLjQnRW2N/dvb8707e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW/hkLNS6C7XY0y2PROztBvduodZdyPereOjtucNC42A0Y2chqnv/be/ZfGyUz//3I8VvvvsfvQd+7/n/c91P15/w8dM/3nn+v3jzhvbp+f9E37oX8+9GBmsRw6tXlgaPRAyvvPHmsfaV5uXW5Vbn1PHjXx4f//LJ44OHIoYvtRdafUu7PlQAAAAAAAAAAAAAAAAAD1Yq4rcjRfNHW6keEdeq8VqjZ8afOfb0QAxU461uGLf12vSFs/WXF68sLbdWVlrz9ZlOe25xvnWvuxuuhnvNTEzuS2fuamSf2z8y/PLi0hvL7cu/v3rb7x8bPntxZXW5OXf7r2MkiohG/5qxqsEzE5NVoxfazU5VdWqPBmYOpiL+M1LMnaqnz+d1efxfGe8N9pXtH/+/1re+Wt6n8X+fumk/KRXx00jxG3/+ZHy+audjccsxy+X+OlKMnf5cLheHynK9NnTfK9AdGViW/d9I8fc/u7Fsr+9P7JR9/v6O7sFXnv/DkeIHf/q9+NW87sb3P+yM/+w//4/dvKF9Ov+f6Vv32A3vK9h118nn/1ikeOmJt+PX8roPe/9HEdvb29+KOJoLX38/xz6d/8/2rRuN7n5/fe+6DwAAAAAAAAAA8MgaTEX8TaR4erKWXsjr7uXv/83fvKF9+vtfv9i3bv4BzVe064MKAAAAAAfEYCrivUhxefXt62Oo+8Z/3zj+87d25l6fSDd9W/053y9U7w3Yyz//6zea9zu7+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dRn7zKf+kakeOW/n83l0pGyXG8e+NHq1+Hzi51jZxcWFueaq82LC6369FJzrlXW/Uyk2Pqrz+W6RTW/em+++e4c78PbvbnYlyPF5N/2ynbnYu/NTd6dD7w7F3tZ9lOR4r/+7sayvXmsP7tT9kRZ9i8jxdf/6fZlj+yUPVmW/V6k+OHX672yj5Vle+9H7b6TdLgWC63n5hYXbnkVKgAAAAAAAAAAAAAAAAAAANyvwVTEn0SK/7myHmt52H+e/783A3+tV/atb/bN93+Ta9U8/6PV/P93Wv4o8/+P7llPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZGiiDcjxdL5rbQxVH7uGj7X7ly9NjMxeftqI6mqOVCVL3+Gnz9x8tSXXhg/3csPr7/XnorXpi+crb+8eGVpubWy0pqvz3Tac4vzrXvewm7r7xy6rrHqANSvvH51/tKllfqJ507e8PW10Q+GHj8yemb8mWNP98rOTExOTveVqQ3ex97vq3E7DkURfxEpnv3+j9M/D0UUsftjcZdrZ7+NVJ0YqzoxMzFZdWSh3eysll9O9Q5EEVHvq9ToHaMHcC52pRGxVja/bPBY2b3ppeZy8+JCqz7VXF5tr7YXO1Op29qyP/Uo4nSKWI+IzaFbNzcYRbweKb57eCv9y1DEQO84fPH89FePn7hzO4p97OM9KNtZH4xYLx6Bc3aADUUR/xApfvLO0fjXoYhadH/iCxGv9hd8KSKVF8apiPdvcx3xaKpFEf9Xnv8zW+mdofJ+0LuvnPta/SudS4t9ZXv3lYP0fNi+/2txZA92e+8O+L1pOIr4YXXH30r/5r9rAAAAAAAAAAAAAAAAgAOkiF+OFC++ezRV44Ovjyludy7XLzQvLnSH9fXG/tUj/rDM7e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjVsX29va3uvVruX7OtZzrtYiirJ8/b+aMAzJ2DwAAAAAAAAAAAAAAAAAA+Hgpqn9SfOcbW6maS7URMRvd3DAf6Mfe/wcAAP//3sf+xA==") mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file7\x00', 0x21c0, 0x103) r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) 2m13.316469685s ago: executing program 5 (id=215): syz_clone3(&(0x7f0000000100)={0x801400, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r1) userfaultfd(0x80001) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x84, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 2m12.978428425s ago: executing program 34 (id=215): syz_clone3(&(0x7f0000000100)={0x801400, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r1) userfaultfd(0x80001) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x84, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 2m3.460995686s ago: executing program 0 (id=272): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8000000}) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',default_permissions'], 0x0, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f0000008100)="58785f58471eb4b5b3ff3946acaad41068511507291e72541d949ffc8a54ff637ccef1fe8511899ea7f3c82cbc6539763a34f6760c1608c911801ca672e62708ba4fc023749076ff6a0daba0caa57000acbd9ecf5e97201f7f14e715bc8c089c3d65e92fd65dedb76d61715067ccf6dfec2b56a48f2b274b564d90c3d868f2bdc07b7e636ad78904bca826fa69b7783e7be2b8e7c997b99225467747875695f6d500cb82b479fe9486bb94e06f796f89906bbfccc964830f86986760ade90c3f7a9dde3172a5124c1889075ad30b5ee2a5f257a6ac790a8e89b247ccbc8d241b7b95f8fc649deffc1bc37d51a8c3dfae38ac968eb48695de38df941f9632ef9ad6779e41ccea8a3ff1cac4fa4b47a152a8f9a1bb0094f41580bbf60fa11cfaf2c535a12c866e9414ee9b58226fbdb0d221e1bdc50e3fa300351364f6350030383856f1f809aee19f337f3d3435ae6754916be1eec24643cec1bd1007ffa38418735988cc901603895f66bd6450d54f99e1246ded898499d2a447f899c00368ce1dd4a4f4cf9cdf7d4f8b38dcb98a598ac490f1086ec712b0cb94610abfdb25b0f6947b46e1dd628897ab68445568578049fa6140250a5d821d70f102fadc2fa273a6e486f250712ec847de3b02a121e19775311e8629045f3404bdfa3207aecdac43c3571b86a9423bd716aa67cb688f9ee4f2b14ea42c89f2766c78fd4ec41ab34eebb4256e885bd7e3abe4348772993bb630aa3397084bbc66cdad664d6a9d33767cc375a44dbc0b08931053a6780a796fd31e1d7c512599f9e010883a52c07ec0938ce1acb3fe3baac6af9fb7e9d7942662e41bd3626d240d5ed34ebcbcc0ccf1c3280c76fbf6cdfb04bdb2d3b4ec6a8961b1eb036b211eff6247b95039cc67d222f2ff122340c56d74b4fffa79a202144bb10ad766f1fd6b32abc3e09213da84b36698e5c67dbd76342baf2fdbd26e9563dadd01fce19d7ec025d05d0494e53229379d13c1cae48ec058cff0bc1ccdc94a74b11a9bc87c580bb6a3f45fe15d15d89bf6102dc1085bfe27b2ab462aaf642b8ceed519cf88b31e9e00fdc23e8f6967a72b4c38b2458656dbf26dd75586731bb519a97d0ff43f4358cd40c7ed371ae8a24f46e320d4c4c0a1b8c42f10908a1c283d8032d76f52d4509d78c2f3a0716c37bc0c786ce9174a88d468e88a6d154e4712778aecded0ca5de28e52c04e33672ecea5135438e908aa1bf00e65ba6dacc4bd018b7bb1c30aa5d9acc679220cb5e7207f1759bd7722d10469225aae24973031a21358532a63aab42f33b1f8f40d545fec7799703ba067592b34247fbc7375acdcb3883ace7d34cf33484f2cf662f3f0e18b5c475ae311fb20f6e6b85320b2bc37e56512dc27815b37bfd9f172be1a119197eb53b535c440fd7f24724e1d466309c0f8556965bd02d75c3dbe2baa0c6a515db07af1f77306577d0b38f0aa8cb188cf5523368951b8210f4bfc6afa0d058ad84656d27a46faef225e6268396ecb54a5182591bff3a86792db5454e238afe7c26eae85fd3c1c060760d89223bbdbe8966ae2558f47d799839cd959c974b69ad262cf8ab4fee554288e767ede9bc5d7f0cfba05966ef7858e41db363122680abe978345d45e4b52b73fe9f52ad26371a5b0539d88aa0c572aa01a41b079dde5a14e031ad903629d06c8d85ad82828c25a9ba7ce0fef2316eb011643e47feca7d280833f8b3008841fb2d88ea84df65b03aa5baaa29d6234ed5db8db461fc5df77aad38690277cd5dac1ed3c23c9f2778295578561f9a4d31159a826b4b62b2a867e6e8a9514edddaacad22106880e6633fb2f3b17c8d10bec633d6128489f7253b3e3e38e5942743ddd1547dfab27a152549f61891e3a5ad17f733b042f7ef915ad7423b9719fee9142407fe1d10ec8b64a21cd24fd39de4496ca3f394f07149bdbf1393181b5afee090ff40ee31d34a9c6a113e3823fac425fa85e212de1a9f7c4937ba64f3327961fccf85e6fa29be12de9589671d60d4658b1562ce7dedcde8ec79d265c13f5e197b66989c3f067d2801fcd78bb92b45e55fb4089a7cd3b179284af782ae0327ba56fc307a281772384448ee465dccefe41be8d75c8cd0eb5c0217d7ca706848f9b82500b77c2d838cbd536304556af87d3b6fb9183b5dc9cf2d0f7ecbb24d9f790151b9c6092dfb2c14decbe6448362cd7c13515f66a99c37b56134d12e8c7f1a5b75e14e47f84d8658f0b65ea91014e2e4fd361f03dbf8ca509d426ca1bba7e43ce918268393ff16b17d9e1bb49fb2b4f6eeb8b4b226c79303b19412a55b7ea7c8774ccebd8d66abe117a8be9a3c4faea730902136df57aff991b59dd71610ba4c8e1cded8287c21c56526f4fb6c502ea73ae310d56640990b3e695b278de6e1eebd51108cf7547c0e457e5fdf59691baf080dd3f5dc3c9a10bd4cc5e10ba42d4d3d9dc4f7ebe0bd2981a1d6fb06f7457dca1e56fac3f0fa7ca19ec2fb7940ee837e960d93a73bf085eaa2888fe3025aadd33cae85d63273be6ae3a92e35d78602d8e23b9460f04b7c0e0e710d10fdb0dd3fa9b880865603500d81dc7e968e8046569830b526e441f25f8b0af47d524aa80fd7dd9c3f72facec2032e2c06bc33c6b739c5368bf54e32b6acdca9d2d14276a8348ae92bfbd60f6aceecf98f3c6fe70747499b25667a96c52e21236421b27deafbc6b5e2b8a4ea2a0d3cd5ee1a10f3153b529b5c04a1961223a943842e17ee0cd114ce6983536400fc40f3d4708436954803fd60caf2b5ed7e4ce90bc75385e2424191c6a5038fa15d99aade49fa1affe63fb73078a6bb4ee560b0b521aeb33f507bdf876829f4d3f695197468e41503a10870a8e6df800608ac33dfdecc03f64d03fb6180287a684063c7edfc8db1366f6bb502fe446085f6acc4741b273a0b736f0f55da28967390bc7434db54ad0da9d1d002ceaa5c3e53efa95e7aaa792db32501a072e669da29fb734d771a6fa8c753fb2fcc204e31d668992473e7937fcf751bc79b125db1725f2a495bd2a4207e4db8d44810a4db5113705c5cb8733866ade3375d1bdbcb965cbd927e7d285f2933bf037911959088b64cfac0ff1e39244f2e9416653ed87ec564eb686af1062354a8bd7034c1022cb0d0b6996762ef4a0a3ab4f3deb459f023a867a38fcad2a10fcf0872862b386ff7c5ea7ce13abb112d1f0ed0723870eccc76d16f7e3cc00e28945bb93d9f2bd8e2017993102f0824867ec141f20df951202a2ab1cd796516ca0b4fdd9e6de8b82fcd30f9ab85cf0a5547e1ad1ef1ad5be7a878a16864d7c06b4ae002f3ba485a9bb36b8a591ecb64a4a5c0fd3b4beb015f58ea4cfe190f3b46cc4d9108d10c52a9de859814edac575d2a3d937a9b31db049e70aa76c085ab63d61c1317205c228f7027fa39125de8fec40ed7982e36a7cfa9fedca30f0b692bd4c7794f6b56d69ada1fed168cf03cc57321fe37e3a8cea4bd093e87b657fe5acb13d2591bebb52898362ddf0335810c70a4838faf8fff16301d16707eaa38e52f913f8aa3e27b2387ca1a217ac69966e287ad5cb0286535d5d00b7006661dbc7923a066945c1a2040a4e95d7b0de4dc8217bf1d4e9b6cccc671fdd9a5770c21e749b407df8c463a3bf17e47bfcba6a890a0435d3fbb7252fe072b149b7bfeb185b088686dd70e0c9cda275497b553aff2b319f7d7b0ed64002c5f9f6ccfc3d55d8c908d314487452f37a650f4561326a84c660b6111702a87db03595b5d080c60288203f091de9f78b997e47233f4bab9b044a98ab118a6c45b7ca746cc2fb90182a923d67216412e24a955c0c2307acc47bdd319955249d8412a5ccf444437f53f524c69ba0167c920f0c1f775cd1a225636200a9e4adf61f418d20f717339d0c8c5386af0936f628cc589a8d5581c1c8cad0b564a3f38b606473280a3fa586a5ba932fd38eeb23096df29a92ab54c409f88ef4f03217f0bb90fea539e629d8a025c802f6b5c3d735fe950c8ff7136e6db287851dfbffea1ef81491a50cb75a103367e85afa3484d6af865dfbca91dc05632b0d94aa384ee0c585424a5ddf80babe0b913b0a2eedda34c7ea7814642a69f8eae868274b16fe0f52fb60b201e6685dad3f419413d5b8186992855a25ffe0d4773a14c7977181a120cbc42af4f9acca3fee1d54ccc125ea49b62ab60c58a0ecdf50ee7c16f3b6b12b254fc08fcc85d409eef7c3f30cf705617f926a17e6588a9fd7e34be9fd863a7b157a2d9a336356d568c2d2dbaf76c2d2b2ff8703748b860e36f02b04d6e4f2fd49511f12ce395dc18622cd51948a32cc432cd797d8a68838cebbbdd9bcb6f2e85719785706012e894cb043bb9a53998131fd4aae3321d81fc001e718c4a99c0580af1d4a0c81665cc5adcf337c8bc00fc0fb3c7be0d5e5ff6a6fae5891858eafedbed69223170ccc71ce36ae439d769c3520972601fbab93f54808d6950cb7cf1e5a3b32d8c6a975e3adccca0b2ee28a4eb5ca3b0ceb9d31a8f767c3f4486a62215171738007675a55abf5916513f7eb9b21ff291f2b4b48bbfcf394cf861fe016b3680be422a8bff49963ce096d1bc17186822b1392e68b1a05fa6c70bd2d9a164f12301a6e78caa8f4cd43749704829f54c5d93637aeef80794d3f206741363e74fa181c9f1dc47557553de620794f096c59ccd74a178f5adb466ad5a62fffc1886f56ebceca4ed46ed2396bcbc31160b4eb1b7d69642e33315e3adbdbe1b9794931e7babf745ecfca37dd4190013793d530df12d6521bc069a05a94e0ffe91900a0c2209a6914d2f85bd161ff77284198129a9b1ba600bda3e52769d39c1bd61c4a70c627c3ad89aa0bdf0c93a2c35e166da9a08b4d2f92deacb6e9034274305b6d254c4052868ba32bec9aa3cec75debe24e78e43374efffe444722a983935f9007fe3de37dd83c52be16e034d09592a179275dd0c91281be579cd19c0162123886893713f25cdae19cf258926bf2070741111eee6b3df708c3fc416b7d046c948bf8500779c0cd5460e640bb1f860f58052b8087e6eb2f16e48f4984c9f9fc9fb2652ac5305861ece5362db08ae912ba055af766da1322057d0bfa647d98b8d4f1e7ed43ecdf1050c0eb19dae93b8014da57241cdab4ffacf0ec1348d4a89b3e8ff187098d83d8eba34e5c7ad4215f1977968a9d337d08fd1188754e7cf41baf0189ccaa5f3b1005f807b0255ce1920ca7d919e4684af70c3d089a99922727c607a2b06e713dd61122842a913036f6cd64dfb313fbdf639fcbd712852bb85337d056685b0a54225ae27e1e8c7ce5acd1f017b8f712c268b9cc0ee26d26c63955df0591f52ef3ef5e6f0a8b0a40fccec5f945431a2e81c35720d178feb481092e4f51978493c5fd502f252bc0152f145f268ead14932990069169483ecc7abc901657460c8730715c078b61059bd2621f50fb838376e0b808a3f118f761efea45bbac4274016960063cc67c428e72e516685552dc3bf473e442d76f2d3ed07b319694490054302a538b52e3b8496b7e37fbf4a2ffff2b484f98fdb14c66ecb8447834733f8a7a5a3c83de34b6647842dd56d8201f9d9240f3b3a5b5cbccf174a08853d06fd164fe74e04608ae12df8a35b73517d22a87c7ebca60942932d03102ff7e8644611b5520b5ebce950945498ce19210c866e48284d18fb7e049deaa43ee5283e3dfad7316ba85490e93182d13efe7ba64ee5ceeaabcff3eb24d46a3a129dd5a6b82e8c48210cb1e6564833f3e15dda4dec383b4319741cebf6374cf2c5d64722afccf7c4e2d81ae28d45f2c35b764281f1f08fec8f8e9277277ae1ae8a8981f85e041d2450afc9374e978f73b66da9aadb2087223f28e21e946eb07710ec86cdcad0948d4ca93827ea34e28806d172c3feb83471ed2d4d7ada2360b209d16b9d35861082d85b6be3c3589a6bdaf6f9b5d52ac8fd7388e32b24f1d5d34b5442c1ceebde311decd709f075d064f07bc60ab14c101ef51039eed56ae1e0a374e3e956603737b3a16db684a81e9b8998a0bb9b17a0876a92b2a3b9924f44b16ae4c7ff376ea8a8c91b504c1dbeb522cf846fc3ec6b9a01f452eeb35cade34c6a0463b92c46e013ee7906ee934141870ddd1464ae688805933504a2dc7cb1f947e28bf22f5eea6afb5de3b950056bf44065b84fd5589385d0feec4ef1db4fb4b595957130e575dc383e3686f4674143debb23e17b398f32683fb4805f297369d0e5f2e63af6891491e4e37186b4a3dffbbdcfff63d1fea4e12d24ef96fde3ed7a323a3605cdf5eaa43da738004556c2c20aa30c40079bc2e9ebe102c1fcf5259f1e3acc6b2a2bc9da4d0b1252433c58a1810581152a235e93deabf7f728eace350bcc4db4f249d4234bbd858c4e61a0eda4e3db0ae530c78eb63425502d651fd0cb986341ba69c44ede18eb3ebf25b2336cdda02447a9e20426d8206368c63b5fd6828612d3b99f627e331bab0009579de8270c36aa03861c300d34f2a3703870712325190073e6c17d8699f6744acb1b5468f93b57ab0366796181a4f543511d7ea2b32606c33cda61e81ed1c2194d305be47a3f1a9145d023620af12e79ec188573526ec35b9ce44e95fdb3530bd0431dd12a227d0ffe317cda1bbd787979261d6c9cf728b3d6bec3ba6ae15a595a30fc242bc5f25d837c1c642219afcfe043bb68a82965574b8b2139789235b262cf4af95a538e6954acf8e27ac3c95328df6e4bd615a376cd96bbc9e0d9802fbb40f80a848225e076219e26e0e63f57330b8bda69ec8dbd8b3272798cbfbb085b1885a1c22b3e2df2a879020ac1110b7af4f53ac97f556596ba0e164df0c85842026a87cf9631c9c9d851549efd8ca37e3b863e88436d5da5f4d3b5b5528e2d08d92b0d3ac6a06a0699653718e93a25b5afe254a068e300751eb6c67e3f5a1813d58d428f1ec108b88ec81444ccb50e8452941510c11f2e80bfd712f64b32b686c92ce922baf6c8eed1e9f0717a654d53b3ce1001880de80b5b15362b20286db9dfdf6c41f48aae84d5ab12ac45310f0eefc56e54113bcf95c1b2a259895af2ae9c679de4e2b898bf8a40a199a2059f8248c1303351dca3fb38906a682f66a94ee6ae6eafa7144758fabbaa60debd6eaaee7b2f1051781084b3c9d626263d011a3daf971b708750a77614753b89b5e1a77a52510ced5708083fb48c554dfd6aacfcf97650f3a3b3f97566050e76da968d4eceb83bc1e005ed1596d6e0ec5e2c90231e62496d7435ec5b28f805e3b7aefdd3718e4ff53065b8e4b15175d80eec59218d8278e711c6049bf6d62ae7069578e957135463d7616b37c1e4bf44d60dac6c7aa04cbbc4a64bb0cc0b059abb6b26f8ed5203232ddd8a6c5882e6e6c53068a71bc84c5834104e85bc96db2163798a3881929248b8c788e5bdc9e46e5f7f3f6ad43fad6fa381a0b924bd938702470b330fb90ba73d557c0d203d55edaed6e3a01aeb53b061dad57713ab27e1a9e0d06b534a65d85beb061bb5258bbb38179ea612a6f402affb8ca018ebf0d6f61d44d5a657c080c7d2dbc9b08c07713b17b0f173ada59b57abb401212f4f1fa026491b48d08cf46a704ab43e46de8ea596d68658523b61a156278b3b77bd1f4491381bfd874ed72b00675fd5b4b7c0ec13c6837434ba8e22230d32e7bb1287e488e14f5c5602cd4ca88012b244c7f23f4897e27027aa862ca139bc8b5fe14be7554832ab02e4ba19699a1e66825d94c7c44451062819a38d3376f0a3716b210c7adf4bfbbc303058aa2e054b3bd53539764f177b11b05451705550f90196997de3d1d480e500cd9d234078cb1a09c63d8911381d327402702c2765fe92b8ba3a0189b2b11b7460996c36eaae3ecb4f4e63bfafd7953ff086dfc0b12e616bbdca4707631467b830d244bd3f4371744bc8a4baac728a397818875d1b6a4a2f0d10be607122a6fe813f52e4456b8a5eb6c9ee0cf889f777a03cc26a055f9f259cfc4f8552b568a4b371260af062619dfb215ecfe7b318f8d627d2777bd5103d6ca2948d19d5812112962b63c2bf3d090ff19185dbc5ad49a580451de717c0baa288cd96669babe88a8b1ab6d0936c4c407878786695f46f59ef06c5c2166b661542c598b6e0551d490946182841184a7a0e669c6ccd73a342f65c4525dc7522dccab15fa72bd07588b5bca71635b9466ca72a504c74cca1c573e8d40d83d1b5c5326481ff8a2055a2e0fb997fe8e4787deaa2a8a57afe74a971e7f1f280895f2fc9d99c41416adef7b70ec47e7a12d0ca3c0ab1dba3c2d65bb172fde1fcd7f97692d3d8c9657e3277ce95947d59bf37dde3f35f7a5d76575f5c14caf7f0926c0896995a5f42efd0d38c42de202bea5b5db39bf697f9a96b54aefec723db523893186634763e7399bfa8029c2708dc817984528601c77a1d78bd4b2c85f10f5ca9363badcdab51a1b315cafa5c2ef64f60395f53efb9d60d89e1b2a5f147508c90d2b09476eee3cb9b5957669a77cd2c522909480dea9be3406d1779ffe4539f2e03efb5f8c2d040f0ea776ff869a36862246294d0ced556a129ef78327617052dc1ef5cfb4e5986ba2f0e063b90e1657d8977b58827a3c4e3d556eb3cf0540685f7c9eda461aa2ecc539fec3d2d56be99a518f11752f2be2f670c5fbe8010ac4eae0ede31c1a48f747ff2eac9fc069d3700a40bf5fcda80a3a4f5fa920f117a72de6da51195d2d7f0cc92ff7835bce2ba6b564832f582df56b24cf30c8297a826a4bbfe0afeb1da3e986b3d0a95509e0037d212a70178ecb246061e067238ea9238e4c4a9a7c6fc5dcba290970f50c52598423336c523f2de7580d059fb53934cb0beb208585e897fafeba30853e54badefa197478fe6b9f26ed0d33babb53acee7b7221d8e0cad7a6bd0d9383ced6391bf88ca7aa50c75c136075e87b92445f02fbbc92f7cb65fe2bbe0bf0c9fc2577da63a56f1efbeb276c1f4d01da6f6f7a842212d96dd45edcd2aee7f2c553ace15eb9336bb1804ec252998c5c8b25033894b05c01ce7c77b73ec0e239478c67d5378fe5a53fe6269025d54006e9bb1cbd09b81a39615517c609f3d74e377888f641587121f0f097b48d8be85800295ebab9407978a9cd379966577cb6e1f5261e4305696a2cdd50d8cb1964d3ae18ec730d40f9c782533efba47db8378c6aa15ce85985e211fff2659729599802a7b585cbef3a2762595f67e2054a0fb4457b146e7a656abb2c4b2387d760f7e5b8b7864132317d5ba29a662f50af8dc182d2fbe216db8e997ac856bc59855ca48999699cd6c5576cc47bf8a8c30638c7e08847e5083aa82068940409461d1065c2b53292d3ab145d5bb590bcd278e48ebd34920b18a2e1731c1855ae5a3ed637ff568d205a08cf98c58f5d79c99912e6c1ab257ece0d68ef13d69a56364419aac7df43f43d5faa9ad851c9810648f9050012e55475109ca3ada3452b78a7964377e0d862e022c73ca3ed6cee8c5fbb2d7c12f91c4851fea7c5b02e0a3c5364b7fcca110f20f8858465c498d7e9c6049417fc5c7d4e0059852a6d794af426e938a401cf43b2ba9f4f3f6f0f2eb710ecf3c0c36c4b3072597f805eca9cb14602292ec7d5601e6b1555c8d024aa4bb81a4cff98cb03725cb184ea7dbed6814106a1402bf68a2e51660af930a500d5530651a0dbf2fdc01a31a99be25350b5c8a5fe01155343d028c03e09009ef2c386a24eba8d842cac581402c8faec7dca1623afe25a230d8d4a8bd23df3cf12abedc2a50e387285acf1b3105011a2bdefb204a53b20be213b50f5244511f25852271e05c03fb9a799ac7ea675ffbde8de181368748a9707674e7e70f28a75e4036b6cf9e0693f91a65be4478b6630067ad8dae030a4b7b9784a206b2f7cfeeefc65aae11fc20190f4d6387bab05fa6e17f0bfbfb0c4f604878771aeace0676d12325e61b19a5317c4d4bb9fe6f3fc8b171f1116528b7cbcc4a91c26a729b512196828075f4d0aeac98887e2a6a19b4e1f1f66233962961c0d49df14c3e6123c9ec8dd7152ad045000107365fd5ed7ce6a6d65ae0736a7e227f77c9b0903d4589ac58ceb691583cdb93ae3fc792c886663cb7c5b0640deb66e29b3c69d2f1a3d1d47d7b672ee3c49e90bd406aa84a0189808924c4e67c5495b045e779c58ca65b42889f52d7315c66be3716dc8592b4875629cd0cb02c29d42bdf9ca5c16bc9051c2a6c09d0695bfba58c19a995838c022e9936c407d8999aa65e4a9d6d8eff99f8dcfac9b561375b6d1293441b9d32533161062c053c63ef09f6100cd748700a710f5bfc2a6297b15242b1f41e21bd004b885d6429a0d334a8c115f7d53d278dad24c9d295b97c50eb340d1e6d523f1757e2014c1605c3bd35f0cfdb74f79850423a37e2f95dfe41c56df09724d21065377f1818311f0c70aaf6fb2d4fc8d9eef576136617371d85481770ce9c390859eacfebba34e75a238ce80bcccadd6c42e8e186be3c15451131fbe9e345c05ab8e23f917d269686a9b5f06dd474f95757b9e5a3328416595539cbdfa69efa9702e5a268b1a70c6e5ff2c118a6e574bfecf17b1576e4f20fee566b0b2b5388476a68562991ac01412fa463b0f9e586ad4bde59e91a4b303268b5d8644cb7996cfbba422facd59875ed6ac057e563412255c412be0928a0b6fdb6f35d7008b5d5528ca796a4a69bd90b993a52da9c7d62f4b71a2763f822bb39f3ed39cc5ad5a4d51b5c27d31d105000f3f1e705ed5c42067106f3fe6d30151021bcab7f3a1ad9175b3d3644325aa676b9e057bf9d9aa3348b1d9b31bd639c59bb63f46a6c18794ae006db3b1ee20368160a82e26aee5a9fdc6b44df8be294f3ac0a1275e57ebf5e384b141ce89dd51aaf2248274468894645ba54bc4e6b9788b1eb5043c1f0dffe2e13c6179d0238d8cd037b6fe3e484445ab458fa09e4e8010d3288aa6e6cdbfba4b62c7984d058da8993d5de1df75a1ce8e3bd5875709fd2ede4cd5843e7102ed4031ed096a0c6e3ae9d522ad95ef4af83599507dd32fe3325819cdd7718c9797e921e6e365175e1dd53991edcd2baf27df8b1670d01967e97b3e3e75d297f908deedf2e3b91bd61973e8aa75a5a6f9db11525dd35556bbd13873602a320af74677832f93bd01f1e0631c882c8ab254a26b73a60a6c90cf9b96bd576e05b9befbce882c5d29198451bd15acaa894a5276ea9d870f49a33ee9d2429ef35a905b281deb75be54fa0c9e47be5876d7dce01986f2d0e7ae6df9b87a0ba6cfa55cec0c65dd386db5adc427eac18a00c9aded475417add4ebb8880ef3dd218a9ec3e6e13456f8de1630774e918fe5288dbaec3dd2a74698ec9e28ad573761b9e78af3d5c7a61e3eefc1a54c25bb841529b3fc9137836a2e7eff5ffae8e44f0257160da51ec0b3d144b92f1f43d2782513705baf5930903602d40cb4de87feca7243d2248a78a5d684e303ae147acc96e0b755eea77092b5f6efa723afc8a4240c75529dfe1c2fb75aa42d67e6b6c9a44c575738725815a9af1ced5", 0x2000, &(0x7f0000000340)={&(0x7f0000000180)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000002080)="6d797d42fb74562ec642068eb410c60f8cdc42cf09864b1dd1d244ec3ecfb9103306a02bd120cd2c684eee7cd734914ad7ec2bdd4402eeab7a2972f1672f126c4b5f6c5ff748548170bdf1020c2c3d09186940feb185436981cd578c3a2bdc19c16209468100cc1d67247885420cbc0ea004f07283bc4a5cf8499ad5ef4df93b2fa2eb26895ed9260cc61afbc766adadf7809b3a8f76d9f835acae2dac8abc42896374a6a82a8894552441bd0202daa10048b49d3bc74bba1e5258ab8ac5169facb96d9f68705a7709f6d9a66a9988c13d13a2b8b34d9f234e1c5fae79e4cb76ff3102e98465512d2402087dcb3eff6bfac7bc4d2fdc9ea25f5289d52ed75ffcd83a2781eb4a23fdd078d1e53495305e3ed5bb4e060e89d6eb2b13586f7f5df32e34390d70f074b4f92c4624312698d86578f3d951021db151806fc314c98d819604d8d9572efc7dd71c0d1a9176ffbd48361908e927e03caa4c1cd8805fe755e616d983442660299e9dd34e5612eff964a45d613a832a0ef8e4410fcdb0313712795b369c08f907c91a4f20e5c18ff903e0ee410d77bc076f49debfd67c49d33e2438a02618023527d1c54cec66790638c9ee70c29de0406b3483ca1663245edcda56dc9612e93f40f19cbde5cabb8816d7b75a266e404a8e5364d43c08cf5cc645b533c4b6fe349819c5374fac7a923a7a803ab138c873aee3718921043a60a0ce84df8b991dfa525f0955acbc592057b2409d032981ad824f037ef068501f955898c4500049f0b30014832e3b668f5873305ebd1e094f244caa90610be83a5f674decf451a82d9edca6664da89cad8dc212943828570fb365b41993f89c6d36c579157c4055a77eb1dad1dc466e743129e5e3098f4432fbe289111e102223ff04d02e8108b0925ce76118445efa09233e579f398ab373303c0bb64ff82ddb597040e58a61f82cc5614beaec13ed297a8daa9514468283037e5d0077c9803b69421070718fba4865e4b9c6d7d272c562cc4dd998e16fe288dac68b0bdf05eb2a02fd40b900944d10a94f2b3be9b6c6dc628044aa9eaf34e0474771c10bef03f6af2029643acc1e97efa0748cfca63aa9546bbfa6d7533c4dab0b931ac35b331aef91a80d5ea08ba35cf66e1779298d3338114c12f024970d12af8d67f9b165c15a8b7e37c14c2d512dca76cf6077e2011bb47cc993f3088027b2d53daca574e8b443fddf5c252788854be8aec357db43f2147f23061641d2910a4a503a3a9ca86b3656d37d443e5e4207bb38b6e8879bf3de21309eb90113ccaa75e1d1e0900efc17aecd35078b8f3d579d2d4fb576127278290d6a9ea379e22dcc4ad369d3405311efbc74702020d6cdb31267c2e4dfc6a34bf39c9db32da7f387760909843fbd02e9e291e838fcd8faac4c9ad909cc19440bb775070496ef69250f4cf90372c0f1835dacd4d605a69334d73b1228cce41fe3c6457a37531bbab6d8b15a8214ff3002d29016932de969f05ed64b720ad249b8164ea82fde08303277e7d5f0d3e86bd6021024bdb1d24afe3ae28cece041943db60034fa11c3b6ec7b09c117b086fa4016e68e46678a7c5e91c40d2866295247276109a8778b043b51ffe3ec33dbb665806cf6ca41e7143885b6ca920fd8caf475ddcc698a09d368c721f048efe9e0d372d9cc58deba32f81e7e7f6d53209050d72545bbf04356ea95c9bcec3b8b87f56963111c5454b30a12b8479afc26361a7e00a66c03aae8ebc3348ac2e9b0f52453a32efa9b8ec038e671122dc2965d3b7395051974088f4aa47a76327a0dffce6db0a2cd65e2da5539fd7673911d5605cadf30d85563a60afd58767b6adc549173818de01b0de192894a76bc4e62d8c9e341729e6ef37574cf63c27674081202b8ab9cb9d92d346b1c2dadb253532c1674b2440504f8430c0a2ae5829b016af877831ecce9b13743e821436a6c1c46a1176922dbf2721d9722edf72817f8d15fa5c7ecad046df91bb57b8d16244527c855a40403ddf1757c31361c8bec9b5701b5c10a1e96547fa2c93e03f264a366a96666e24d7f908f6fa4c3f26722961e70adfc4ccd413c2c05adeda400de500babfb80a4e4ae5e9e04444c55f006337c0a98c33f04ae0a6620a1acbc26b5c7d125c30ca542c64604a109c6022029da452a717b219456cca6bc9959f088a5f2360c390b531baf92ae2429a2d0b6c7a20c137a3a0050ae2216b871c03c56410d28472d1035bb870f94589b93ceb57a504bba5acb7a6f77699fc10ea96d8e8fb913ca78c0af33a8435344b71531207344d78ac349894aab972c1b471d52b266bbe4313ef2ba71e7a4680ff442a358699c1e18322dfd50c55b637b6e6d5f02fa61b0e8ae4ef7cbb6359f70028a6b60fe901b2ad97a62b5d527efaf5ebe23fccd80d80e02eabb1be14d40faac8a56b4785fe47c8ff4ac4ad7fcef2134b1ec599074dd45d2b7a5c45845787e0490d9d7db95b58b18f14ae6ccc39623ba0fdf64c8d027f1e7652cc90e82732d4292f4ab0f959a44ff906484fcf83e222088345541ba2b1c50b63711d8adb63c8556452c142de8a06f4b28a86f629cc1dc713dcddcfebc8b1420a603fb970ddaedfc82250637327beb5c0ad04947477bc9aec0914cd78cbf5060e4ef7806b3443c85dbe79b8e87807b1a8d141583998c412d89c23dca4aa16af321dead51a12a73be98bd8ebb4d58b3ccd2d67ec936f2596afff2ba4166015aa4cc6c433acf33df30e3d40a0d6468944a07d1f9eba1bb9eb03dbfb42ba790dc1e7f66ad1834fad94440bffe3879509120b6a5cd1890281bf0f4c2d1be00fbe6b2d09ebdf594110f2bda035262d4830dbe64aa3152612df991a6fe1d035e0b301cf527d74140c85ad79acc001fd2ddb3f283c21e8d253c6c4685584f753e01aae2dee4158c68e2e612f056eb602ad8199d84784e05b363292956247d1fd8e4201330d6060d66e10e316143015908554e5325550d61b8af87a92237edd75cf687919ed0164de95042cbcfe96b9102fe3b71f43bbb1fc24d9d2d0d81dad29ac18cce353ca7c4a7c32e12e451654addc5dc6a44d001c40913eaaf14dacab7037a68e9875ae51321d1852820794206fcc1cdd51443d5e3fcd1dc4dbf728d1ed8dc29437db0154c2f59d1d0d0b0048cb56ad965682afeda337b172cf6a77be36ab8424b919e493628846bbf485d5fefd73228e40295fa2070027f6f2ed565024b82d1058a1be0d0c364b765f2a58f382e378692d1ca4fc7f09f867ed4684dd82dd4c76e0e640f5f87d1c6c2fafdb733f1cef6572cb5e104ae9c94d26c81cbc9a5fd8fbe61ddbdc683b7f4030132b932abf0d66afafc9a9d3121f0ed962a14294bf0ba7b1d33d7808efa427b5531cd881b5c87ec159bc9557009d9762010a497ad52b57283cde9715b48a3e35a22aec3730a0cb476a59f438684346ce0c14f22d5f1e5826d3f670e9ef60f6dd51a11fd32eed673b9d0a12d8eeb8046b96c51cfc54c21b2c48c4a89273963b8345b01159f53f6b6589333afd871875b930d7a4e2e1f5dfb44157ca004a739b0e98562c83b1d8414220f677f2882ef6ab1039fc5f132d7f55046d0c9545033624338e2ca6bdfcdd9d78306818c6214f524a7d036c80b5506f97fe383c1cae3c73dd2a0c628bff47d13dc7d9f88a3c1bb84ccbcb82fd881c6f5e9aa7516bec86fd6bee49f4db3bbf468922f1ef37c499b011e36173edc0ccb92d13dda668cf88bb99649e606fee23d3d3bc1fcbdfb40c7d4a4a60b89c63e65d02a283137561ccacd0c71cf70c6f039ebd1d29cd58571fa07d74187a7931d3d8b7db3062594b696b0e11a587724440bd77aa01fbe26a031a4c3f16ef3ba7f7544d01e8b7dd0b74f3025fe54cd01be16ee80ab0cd7c56671390f2e9bd62b212cf3ff58da7207846bacf85858130a89a2cb45da85b3ee574e8bb43c6642a3060b6f07228951aeab0fe4f4099b86bf07ec39262acca7319df3d5d057baa794234b89eccf36da5d32e4a5283386a0a271be30f75917ffd9f6d96eb8b50a7f6a0b861c5d12a624f3630a18e3bc94eb58bc835cef0a1b77952df6443cc12f221fb8460f4862f382abe13b409056644ec46fde96e1992e79ec0acdf3066f77bbcd6cf1a24d9b49ce84bd3bc58cd898da801d6b1ab12fd7cecc29894b98d616ccff855116a8985653ca88722dc00aed777dfe1839251be42716824dc0c40b6548319f613faffb2f1900a1f563724b0dcb7aa694110d268e945747d860d4bcaba7837342e3d7f207547ba8c093e8d2a1a5e3e098d19343de5fa773642cfb1a2e49f98df7e13254787cc35b2d689db16e551917c0db1034b175d1f4647c35c4cfe8a871cc7983b052050be9d24ed6e6f70d9d4b7cdebc9ba7a761b8c5f2207761a6fe9db5d4ac975dbe398ae05ed180f028037f2d9684dd3b28135e150db8a8adc6c34d0cca2cb95e6babf8702f26062d0ff0f88fc915caee5597a006e211c61f6fa4ca685e79655af85cb3489f94cd9836af4b80cd20ed23ed8f3f4107814407715b471354c5274595963b00482f3723ca88f4eee346c78bd29d65899163d848c9844991e976ff817120a13ce40aab11632b6fdd9d00acb82a5ac7769a0a7ed5d30ae077bf393f5de5b12114e4d1a32c7297bc5e14b673c78cc675b097d56f7a35c3206b1584996972153e2446465492528e0565718252139e1cf500f05a0ca529d58f5b91fa9bb2822c21248a7a8a92d0a7be5f4d249087176c7c23e27d72bd232fca3f7b36970daf2ccd64be4a798a6c30a068fbae324b4c158715949b37c3942f0eee35b90d2fe9d322420917532f6dceaf8633f4f9618f099ece4186e1adc1323b827c984ba54c887b462e169867c2e063fb60b7906434ef362200559e4d02413667dde0c6111750995824c316305f2ddfa3035ee09fdbc28c7f3c095f5a4382ce033746394a37b4d8a61ae8c7270d3863df7382a4786d7bed9543538166dfd01d122a384a7a3de7958c0272a35856f175fa29ee100d2a0f3a6dacbbe8702cf7e8d307ac0cc7921539a371a1c2e7f834db5a903069c07ff562fee851ac9cc3f2f045146db26b13401258733c67d820d06aa068b789300ac90481f84725311544e9a2363f2ce502c02c100bb41e18a103c79bd2bf14f6b52290fa60d978c284f927829b5027ae0ea842efb3450a8ddcabf0eaff6a6a8300de389e78cee73bd8de9a2809e346ff6c79dceca4277eee4b0dae1a3e1740f306044d6e67a5783e665f9637a8f8154f9ebecf95f48146c750826fccebbb1bef247666a710cd71dcf3ac3aa9d0bcbd4c4ad432bba642366e4a3b12981901358ee1d7babbb7e10737cbd8a1c159d8dd9dd521c48d2911ebb8162b51ea32185c37097c299c0e477914b49d04cabf5033a5a3660f829ce4dfb2f821e6cb19ce37df64f79eca0649ea8c6b41c6c5d08fb1dae021314609946310c833d08d46c026ddc5dbb7ac62f1123be2004729daa8156ee12bdde9529c7498c8d1a3fd59aa07b9ab7870c4e57b2f54dcc26edd206b28870cf346d741b46bcb508a5f9805ed63c6cb03a9334abfea33626b0681e59b1cecb02202c3190260b8e2963ee84d9a6b5e6be99cbf6a17e4a11e154c2a50d625ef1fd4690cb8e030e46e07c891e6db43626525d464302c44dbf65f71a485f9ea05c347b870bf63fddeaaa2336d9eca1d4c56e8a2734287f0f8a185bd8e3165a681175d1ee9d24f48c9182fd40179ea3d128c0b43c4e2c85eeefa4c932fcaf9297488a3d44e602477d94193410728a0ef0f6730e64b8cfb3e2235c6241d1252196f943d9eb9b2ce70f8c5cf21394875081f56ceb6749a8bfa43e0e545fbc6903b63c55b67ba1e064a682d58fb7117eab5407d1c998aa53a0ca190b0a4aaaa657299cee41be166a7622789b81cff0e892ba87c6ff22f29ed512ebe40cf7306b7597607de5c1c6fb2980a03cc0c6f396ecc27b6b5a3fb0a3f3375fccc397527797f6d1e98f9a873882f85a4e5b11eea65cddb12b0cec9e531a3b5de958963e20d8a520aa71588aa3ab92186e64a710ef07debe3fce6313ea69fd5bd45ca3d50e5c98ac632d5479bc0763b05509ffca67158ad8665cb858e4a8eae29ae667cfa8e39dbd15ca03846298faf7169187feae6e84deaee4ae51cd2016a867b3d11c4e6ec3ae39aeb8c8ec36a885e475f3e1e47e1fa464ef9569aba053cd066907a112612de411a5be0868543116f32d0781323c744dfeef87601981afe063122bac14b9059a68d9f356e85ec04c2767cbe79e245d7916daf222b5134ce684f7dec8fc0630cc9aeb5fbc38dfd19628ece15342c941e52be8abf0d82ed7b0b4bf5e6184edcae53949ef5987fd7fc479fc9921f2f332ae68f5dde23a3dd0b4713c3d18913edd9ce59870f7d50fdf33f3d2e8e5045d35555b4db5f48946e1b8d8d682f0c2bdd2d0de6bfff349e5e826cfb2d18d7bb43347362f13f5e80619451527bf0d3cc617881ef718466bf2efcb5f1404c573df09e00a5c0d1648b04860ee20d9e79d4ebac94a35e0a4919b1ab0db9e9dbdce1324223850e2e137ebb0c0e1cd690a3c5c9f8576538cba5e3831e6ba56809644e389ee984df3ea8e4743d5d03619b713c984fe8b43c589b78715b9147384b5bb15af8898cd82b31aca722cbe7938f119251d9142f2661f09b49f99d8988c66198dfb9db7f225086bed1deffa78995a56f905a7ab978a9c557ea1ad306bc0cd1cd8e5acaec1e4430a42068adec4a73f891c8010f0271c38685ca66c36313d15ab5bb6948c089b1fccf7fbb340eb03446a9bcda34b2d14a11e09f71e799fda19dd85293e2b0e2ca3e68145b4ea5705592562962cc6c0b65c88d06067903716656a0a7742850b956b609740c913f54225ae18ffb46162d6a0c1dac8b6c59541c8ef6bfcfa87ad59cb0e8ef6ef1d7f739c0a56cf975f9cca9ee89bac15cae197d02fc72505d23ebc6153491adccd22262979d2909fb8abd25683894e5a776824b81598a833e339a582b9ce3f8d7ce59fc3147eb3e92751867ee9c3506692b25b2d7f38d97280e85c01bf6d71a602d039aec747620d33660a9d5c9cf4010d01f9cb86db4704872307942df56f04cf6c17e57612635e769218cc91da9e2de29aac4563d695a6ebe249c14ba5332b54150a291bec28417febc4c3efae9e14a0323e561dbc80e98bf71deccff5babbcdc8015ef7a86a52781a67a4915645cfb18379084c58110f1294b2e08a6994d1a3dd4fb79437a75cdb05f36a7b3fdb449c0cea5682d37e5b0217676ff7a383a19d48860476b23ccb66779093b0f6b5b6a1ff0cef503dadf5b67382b2a501d0c13d89eec496374f43fcfa751864330479e0d1f7aa0883c2aafbb5c21b06cbea3c8b515fb1f6d061e269c3de372dc48f0b1c0a935de648a0fc4a1a32ce6aaa8432240bbc977a0ece5fd60d92ba49f1443bfc83668e8251260a5b275098e4a072d44726b91d850bd9c2485cacbf2b33be73785421c2fb259b0c1c0955339713f75ca72b9bc56a7167d8a942015385eb4f1bc3e07b23a71779d043a4f420b0fd9e889d398c955f13542c811683636b71a2fb178e951e37ed5519146c5d61e697d1148458c2f224dc6911363edd1b4d30c5cb12d0e2fb035adc33656615c05266f32c2faf5144e24086c97816c87569feb1fd41775263999ff057d9832b872506aba01db7482251f65a74c66cc01b83056970f843ef58df0d89c44f9265d5bfb50c287f330795b30848341dd26683e5df82bfc1cd1a3f2df3dae99fc38edcc614b39c8a8fa6ada4b5dff08914a92b6a16b05f13bbdbdc5e9f14a08e827ee5f364ce115e12bce05122f0dea62d8dd41222fafa3c6bdecea63d3fbd0bfdef667d6ac12b6918273631bf0ec25da2783f06f77a9a0ef2490afe43f3e8b0f553c0c1078141ec0d8f426b1924bd464e4240cda50e9b8a97050360a617eb4f88baa158da8672572f641b20ab3bcbab3d38ff3c84c5c3bf309e26c8ba735503700028c0806c29e02d0a0ed73b9c5c2f2a39f57ee08b935e6e056f01733a12b08603987b14aa7fc542c65a0c03e278723127bced6ac65d2386cf847a73057d19795d5a7517e71d5e480b7380866a64da32fcd1158af9a82559898a7931535a4b75326e2769711ff857d180f16acf316130574fd37bdb658b877f06db42ab96641bc75e3d4ad7fdd9028072139dd3019b03aad32907debef345bcc57423ddfc94683884a00c5f864b8c2dd5af081fa970da251d3afc65dd360c661d8ee2ab58dc9060e2d98b39ae95bb89c319cc93c9e653bf9db205338dc5528c11a391137fe496d726f1407945b243a49a1f3a786047fc47d5e5074e0ec678f26f30cba747d50070c00323d16cff4b06089830931ca704d386140f9c201a5b50a116410be001135aeaf30d7918ccdaf35482659fbb2933e97f1a2e0fc20e6a610e37511d06d4cf931e54ce8f5ab5f688e460e3943bbbe6949a8b4ae309ee31330ece6cb9dfcae0035f3808b7295776ae7bdafffadb6113faac5cd966c2875abb7b20f1b298b48cb78c467f1be92cd3a9d0fd35b7720334274a53a6cbd041b85b6f8f9d622293f0e95a8835204de1faeb7fcdcc57fbdf0afc2e6422bc114355cb5bc979f1bf6d0fb6eb31ee98e06cdcaa1ac36ed3246d85cbdaf999da5d6a7187e8622e6d224c5549a2f2802691a08242ed44a47fc9ad627af949ec3ab5b191025ac75ee7746e2762b530a622a716edbf341e4f9e04fa5d3f77c78dcde06f3845f45c8c1954120ac5949da541882d99adbbca4b0e422e4364289ff1a903bfd1ee63faaa40ef43d3e54249909066e1727591a9632cc8440dcedf931a823e9b542d51aee43897bbbc1f652ae774c326e8400a3a6ab8d90a04e5724fb39c05875ce5afff0502bb6164bc65c107593c155da4b77f136a34c9ec39a4e70cdc4f7fec68245402b2c0fb508eac623ab41a184d3bebe5e9f24c6590c1fee571ed55a76b8554b12116a36101691397d532b46924e6ccb688ab52ffc44f8a670d542477ebd3756d6ef5373024d3f915c187a35feaf39b76453ff835f73862bad13f19e76d47c70122911431e5f71b05a9728631df66b162e708584e83349db1a68368a37cfb4e16c9987a956b3018f2f12c639bf90b5fb0f0560fa7c19887a9d12316dab9bb515cddbae2e9056a556919476b47546c0dae631a88eb8bb9da49879f56efd3d1b65d50bb01c8b4ddc20374877189915cc5824200dfac8f422364b7178f2e7799665b464ac9ec54ffd87fc8dc68e08ab178059ec02bff4ae3c683d0c96796765bdc188c1a4ef46cfa9e6376678245f8d0c907e83e6eb78ffb19e75534925b5b5bfa489fb9cd2c68f00a079c9b34dc45e76044bbfc87c75bbdc5ed0ea7ca0f249007be79116fefa74085f982f670f821ccd0bb14e1086b677f379fd1a1c96bbb4a7338e867d3f91f41b0a7eb2f1104c2ed1593691e601f2e045b3db1cac5dc0d3b302b54967558057e767c4a96f0355d97beace9fe05f0513629b2dd4e86e523d16d7e2e129264e1749b07c062d3a92d96fff5cc976855540eb441a3cef8fc59bf236c85e778b04e30fa807c3ea634af17f005fb55b55f082ca54fc154e6b9df95b951ab9612da7223efc8b63f4528dc3353a15988790d507d9fda18dc8c4adefebc12567e040fd49d2d571437bada1c08054f45545e5cb33c8db8e5b4f2d6735a7fad407fea2ac6e516016c186b7a9b5586650178b3c201eb4fcda3a22291c1f5d66557675dfc73b17edd463abd17a3ec0f1b28adeb4c294c3792c5d2665d504610d37de5dc68fa03e16243ebca169797205d2b24cd64cb1e37328530d68c9a279e36aa0c7f718831ac30607633eab2c9e1b8d6b78649a78fd573d07f0edc18d2f52da2213e2ad44a4bfb3a80ae71d8cf57a2ae2658999d542f7c46da5a30f0f4a82296d0c95e4c6f046db42a00d8631b120a64ee260bf4dbf29103d4e2233fed2ec9ae65fb109f212f967c34e0efb52f56a9a7ab4de472f9cdb0fbcd19fed42d80216c4c717e77a5e6a9118423e0a6dc9d2f3cef598fb9bed6b4e66b279ebbc265560a471d132a854ff230673e843338dcb1ae202c797cfa59dd18eb46e313f1b0dcafdb6518c1da6b08aa1c92b0333a0b65358356a8d03a454f96add1237380049b2567a24836b7bfbdfa58186f2e295e0911dcad6c5413fb36a6e637156291efc016e8513664d515d3ddba1d2c63fa6c5a3331c3cb2f5e2eaad83a75588aca785ada46973d8a2d89686a416720a8f98e1a1eaa8c95aa0bea1dad03ec69bc4bf8300a821f67db4e0c1aab57ef1d1e06880130f6ffe76297acc62879f60e03933666a0da462b7a6b584d28041a3fbafe9a08b7a4664c46b8d40ce4f31a14b122ad74cc4a003f591e019e23cf764795d4235cc8d491c58d3be78a781a708d9fda492306a5afa7c0a43f52f39cafc6a6abc850bbbfa6254fdfd5115727210e19ec8a8857c10a9e9d5cb3001c6e04132667a30a6528e8b59661b483e5365761ac0f5c61e339833b35fd8159875177ed2b78df49ef83b45584c4609562ed2e8bb9add69e88fc0774517a15575f0250d26ae8f6f138daba5311b492c986005bef123a6fc3c1912e378cae2b64e58542293489d5a0f8b582b089c1b05f3ad0aec776b9dcfc0feb1386a98b7e2e09671a73f0eca92364d7f6da861280815b71e48934bc3d321da07878290ec81d3c5c64b8d7f55c1d2e2713edbb5fef28bc36d02302b01c4c29e5df4a9692b41e8d9364e2e408c55b9b14d3ad93889a48787df0673c3df6ba3d9222ee348199aba478e2d398b1e4ae012ca19473b3454327e5bfefb3c56576b6a6c035466f7641464806e63d7086223395a58d886b0dbedd365ce840a6990f56d697605b7d0ac60809270e4e392e89413cc94cea1cb277c4aee023bf90ded9910c96eeead4c6a10ca17151c4966f84bea565746eab573e4295e564d41bc5a6cc9df38c3d7cbd4cd618bd9f292daf95472839fe71c1edc202b6b8b5b939250b089b0dc978397fbaa7533fcce0c4b2eed8ad47779aa4b21504307c7d15e0bcb01bb60e5bafabe66e4b689e4873a1067063e17ba7d647a9a047b1b4ef7350402653b564ae1b34b8597a2357891c90ca2af6b68b794680a0511279fd213eec48dfddba7cbeeb9f9335a0679b1e6db44f27b12d898575d157c2159a86f676df18858857582bffdc006d4732257ade5dde2d1b2cf316fe2a7c5b44505cc808eae5427c43d50e9b99f9317e437df2bc640351e3e8ac249c42f782d07886b6d8875c253ee0e489f1196fa604747586df87e18a893721e6cecfe61dd82daf9b3e4f1eb745c93402c121bb639c56b91bdc77262acfa55389ede1f092733d8a69ae759f82ceda537ffbf32b65138aa3e43e8883048eccf0929de8dee297c5eee97ac7633beae01198e1b00c11276502e7660cd1f59ac619200042656c6e9757b082d374c80182290845f1bc8f2589eaf96948f148ebe675ee7fdb83e32a18eade32f99cca160a4d3504c4bea9c82cfdfe1dd80fbda7c484f2c17c20eea", 0x2000, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x78, 0x0, 0x0, {0x4, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x2010, 0x0, 0x4009, 0x2, 0x0, 0x0, 0x0, 0x400}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2m3.212119616s ago: executing program 0 (id=273): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4400000010000104000000000200000000940bf1", @ANYRES32=0x0, @ANYBLOB="07800000000000001c0012800b0001006970766c616e00000c000280060001000000000008000500", @ANYRES32=r2], 0x44}}, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000400)={@broadcast, @local, @val={@val={0x88a8, 0x3, 0x1, 0x3}, {0x8808, 0x6, 0x0, 0x2}}, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "f2a400", 0x44, 0x2f, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, {[], {{0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x22eb}, {}, {}, {}, {0x8, 0x22eb, 0x3, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x2, {0x0, 0xfffd}}}, {0x8, 0x6558, 0x800002}}}}}}}, 0x0) 2m2.91431356s ago: executing program 0 (id=275): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x0) r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x840, 0xd5) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x30000009}) open$dir(&(0x7f0000000100)='./file0\x00', 0x26201, 0x6) 2m2.496636034s ago: executing program 0 (id=277): syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2000844, &(0x7f0000000040)={[{@fat=@errors_remount}, {@fat=@debug}, {@fat=@uid}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1}}, {@fat=@dmask={'dmask', 0x3d, 0x5}}, {@nodots}, {@nodots}, {@nodots}, {@nodots}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x10}}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x9}}, {@dots}, {@nodots}, {@nodots}]}, 0x1, 0x23d, &(0x7f0000000a40)="$eJzs3cFq1EAcBvB/220be7Fn8RDw4qmobxBkBTEgrOSgJwPVSytCeome9jF8Bh/Jx+ipt4hN6NZUPUjadJvfD5Z87MfAzGVnDzO77x9+Ojr8fPKx+fEtkiSNWcQyziL2YzO2orXRPTfP805ctgwAYN0sFmU29hwY0MbVt6oqK7cjYvdKU3y/mUkBAAAAAAAAAAAwNOf/AWB6nP+/+6oqK/e672+/c/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGM9Z09xv/vEae34AwPDs/wAwPfZ/AJge+z8ATM+bt+9eZXk+X6RpEnG6rIu6aJ9t/+JlPn+SnttfjTqt62K7y/n8adun/X6vG//sj/1OPH7U9r+656/zXr8bh9e9eAAAAAAAAAAAAAAAAAAAALglDtILvfv9W21/8Le+TZd+H6B3f38WD2Y3tgwAAAAAAAAAAAAAAAAAAABYaydfvh6Vx8cfKkG4CPfiP0YlcTsmLwwSxv5kAgAAAAAAAAAAAAAAAACA6Vld+h17JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwntX//19fGHuNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDT8DAAA//8GmZGk") creat(&(0x7f00000004c0)='./bus\x00', 0x14c) mount(&(0x7f0000000480)=@loop={'/dev/loop', 0x0}, &(0x7f00000001c0)='./bus\x00', 0x0, 0x801400, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x4600, 0xe898d2275f586839) preadv2(r0, &(0x7f0000000980)=[{&(0x7f0000001200)=""/4096, 0xffffffa4}], 0x1, 0x8000, 0x9, 0x1b) 2m2.158254394s ago: executing program 0 (id=279): unshare(0x2c020400) msgget$private(0x0, 0x722) msgsnd(0x0, &(0x7f0000000400)=ANY=[@ANYRESHEX], 0x2000, 0x0) msgsnd(0x0, &(0x7f00000001c0)=ANY=[@ANYRESHEX], 0x8, 0x0) msgctl$IPC_RMID(0x0, 0x0) 2m1.685776245s ago: executing program 0 (id=282): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x4c, r3, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7ff}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x4}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 2m1.031420678s ago: executing program 35 (id=282): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x4c, r3, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7ff}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x4}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 1m52.041029951s ago: executing program 6 (id=340): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f00000015c0)={0x3002000, 0x0, 0x0, 0x0, {0x3e}, 0x0, 0x0, 0x0, 0x0}, 0x58) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 1m51.551061675s ago: executing program 6 (id=342): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 1m50.943983232s ago: executing program 6 (id=346): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010100, @in6=@mcast1, 0x0, 0x9, 0x0, 0x0, 0x2}, {0xfffffffffffffffe, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x32}, 0x0, @in=@broadcast, 0x4, 0x3, 0x1, 0x0, 0xf000000}}, 0xe8) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) 1m50.614339241s ago: executing program 6 (id=348): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f00000003c0)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0/file0\x00') 1m50.125995917s ago: executing program 6 (id=351): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="7bf24827ed91"}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x20000884) 1m49.701381314s ago: executing program 6 (id=353): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) r1 = syz_io_uring_setup(0xed0, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2}, &(0x7f0000000100)=0x0, &(0x7f0000000500)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0xff39) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1) 1m49.231436637s ago: executing program 36 (id=353): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) r1 = syz_io_uring_setup(0xed0, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2}, &(0x7f0000000100)=0x0, &(0x7f0000000500)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0xff39) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1) 4.72316528s ago: executing program 7 (id=1056): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 3.844095526s ago: executing program 7 (id=1065): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x4}}}]}, 0x3c}}, 0x4000010) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 3.596986973s ago: executing program 3 (id=1068): syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd60fc7771001406fffe8000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="fb01"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 3.501633146s ago: executing program 7 (id=1069): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="18020000fcfff1ff00000000000000008500000036000000850000005000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000280)={r0, r2, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0xd81, &(0x7f0000000880)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @multicast, @void, {@llc={0x4, {@snap={0xaa, 0x1, 'Y', "7be237", 0xfbfb, "94eb66355f9852cff6fec34c83a1b2fea9f659f3b9d4ed7aeda45ee022d92a62c73c63ae4bab533a9c7f3408ea151f4776435e4cd0c0738fd7ac9d07c3133fa30d50e73b5da44e7ffc3fb234a5185ef218962f938227f51fc06ec923a8d01584d433b0992c836ca7562b0674bcc6e2fad03b2bf711625706d817f7eaa9274526673f8ae5469436f0c2baa406f40c7a7bd3fe5a0c8000538a6d5debc7e7c45cb22b3697436775a55695ef02328ad67ac3ccf094dd924602b03e0da22d97d967e32bb77a06407e388c35c65310287447623fed81bc639cf3544b9082903dd1c6c888c688c8126395568bff09ce2b499c2e0a095d8508db2f79f6e243d2bc03bfcdb46b8ee295373170d4a90b64729053466ac9fa4ef950abb0e528aac6d943a26c0880c8ccbbc811399424d6073d14f36007f17be7a7dc3637c59a53dd782a17bae3675b232022c9a6b074e99259b300c22834966fbeacf088569d923180d8f06b318d72d7aadd3fb3b4e568e052245231f52b24c4ff7f0d317f73d41c076a36cd25501b10296348071302434a012de8f063fd84413e0286a62be7a7c71b5f5393fc939ca68e7138abe946c6f86c73d5250ff89c947c4c1450b21fc724cc43bbdbdef55b1e6005a6dbd1598b6946ab3d505e4d7d216552af3f5795a4c27f629d91c36011741618729f810e88ff95d6555b2062f87b5f313099a4c0ffee325d1914fae3b61578ea5d9b0c3f5ce1a5895986cfa4b06f79c4d76b0b7bc8308dd11470d995ab1442a191f6c4e5aec6b0b9063f2781f661db1a317460639ac3c14686db6a916bf394ad37597f63908f338161235e3cbaef8b6a9eabdd4b7ebd9ca67194ae8f6af507117be78719ea16d232d79a628a812bab98582c5812c58bb97d86196e58d9707052baa9b0b47cbf3127b2ad10849cebd19df220b4b10a075d40d1f6414a38e2e58d8283e5dd1c4ddf7a516b292b261ece8391f81ab26a6ec882f7aa59c091c817e8f36a7bb99484ebaf3e8c1709ed6d80b80c7ef2c94434918bd1a58fe832c3b69c4272f9fc9b99cff9de718f1d6d92756aa3dffd6dd570c4f2898191b7a65ff10487c589a7f28ac5ad20e5048ec1495b7a9b9ba9af6cf4ba0c6c853d4aaaf1edb2500d315e8bf0a4d433535e5a520fb136f5dc874775ec9776828f05b04908c47170bc736a32c50d5e7591e5c81773cec4272d3cc3364d93f34f168fec1e5026bcda7355e8b0f04defecdc5ea9dd6445b2c1610f31dfc35a759ee01a2a563df4bdd1ed512f1a03a0addd8e0ae940814ca78a7f430491f4e948e195156ba8bc0e9a43a3949e4364ba5d03f92bd7baf78ed615d820780e9c26d0e582f99b03d1fc0d3745dd8392bc921bb3ecd57d859148241a73de50d59cef217c64dc321a17d0c8c01f81361345627a7c34a3142971c53d426d5aa1c3b7f8228dda042cc4fc04ae158c26c36542e49a1899792e4b22ab05543ae551ccbfce8089fedb60ac214e01566cf53519b3a0f85dcad2ba6c10439df2a8a2d5210a524265f7b470cf682824d676eb10470bc3edd2a2f1fd2ba839f50b157d7358642226726f749bdd905e2c60346d98a4dbd6ec791fba3f5b9814fe28e5ee1d193dc16260c6710abd2005d7a98547bef7907c60b4c661118b325725323250ebf3dc492689472076dcd52f840009e3d493c5764b6c40d2cf5a3327ac4621ee125cdf0a2cf2b28996ccc1080abd9cf10b8ee1cefd6a480d7bc7af6955399058a30e4c3919342145aeedf5e302ceca275a0f06c3a2ce8de8781eecb4c3e874d08b3d70863370bd7fdbf60efe47c0274b76eea3314a8eb6062b4a928095a6303f90322ec5db4471590bf7620b9f6fd0f37ad5b76f0c0ca008c9cd2dd95a7f4836396aaa3f719eedb3057d23ac8610eca43e6ef10430b3f415220245d3cb03d3e3c0800bfe4d6e6459975d1cadc1ba94bc70fe1d11430c77fe35e5390af9c80ae3d98d5fe84272b76a6531494b650b5a44790ebe11f5b6bf20c41a6f57fab330ccbcab8f06fef0b976ab1a50a3c8e2a59c82b1003abeb76e0f37e9ab9a56b13ccc192127b8c661fb2cf01f81f002209b0a9f03aacff608515b66fa1274c96bcdced1cfe9566ddd847263b8bb6c3b428abf73a6aef917a73f0b862f3a9c6e8211cfb94ff94ea538e3f891352c86f8667c1313eff8ce892d9c9439d385e41420e1a05a12147317cd87520afd479fb7db84b3d14dc54978c819efde9c408725124e21c816c5d9ec71e8d323e19ef59a7a017f497fcc25bba64102dc764360eff36a8d68f56714910bb820d91e07f3e9582a96490365a516e6e892a4ba092202fb9fe68930cc9e9a41e8d7ab57343a6066bd3ffd8d2d57460d4472d67574e73d0dae2f6684600176ed6a2ff02d42932d719e4013c86f7cd8a0e2b7a2545345aedd5f19f5e7d426ad2e2c0aedc847d8fa8b1ed570f4f81332e61c3b8789338018e80eb824dcc50c30bc795c1987ffe91e4fb28bc5614c4a0a333f96fe9510e09e6e9376b24ff0d5825fc7b6e85b5fbe9d7766e6627ec545bae50ab353c45cd9cd1a558f6ff3f924c13cb63361fbdc8fa1b111ed2f3be012de5fda0319b9679cd9483428c21e87de7e9a0ec8dcd4804355ef3aa831cfd967a7795961f10f9662dd0e4a8cbdb905009678261df8eb758b21173fe07b0c27b2a24712e46b6c9f9c991997bbc877c841e9873ff38907c5a891d2ef19bb409fd9aa3b49b1a5d8308ebaa99cf7aaa8cc9ff633c04af0f922faf72ab1ec9e578891b56b038d3235000e9700545fc11fc6bcea3cfa7a15bf011500439acf1713f91733242c62ef26d241a0046ff863cfdd3b85ea50816cd1d4998c722c88c7e3edbbc2efdd3e7688defa9d4e1c6f3755684b3ac4aaeab04f38d8c2440b1527b28aaf8df16fff9f94f5b570da447f088a378ca6b612fbd2d4b45ff96824f59319c2f02c12971c2d746fa5fb6f7fe3bc18924ef063d23ebbd425a2df6307a7cf70189e86bea694f81770eec567bef3f72a1e7f9f8b71ea971d968ec95a225e7bb5888f2d320d5ff07ed089ac03b799f290803f802a9a1ce1b30b56781ecd68088dc1410903761e8fc98eeabbe0f4b830811a8b4a930e6c9344cdca09bb29e67677cd874538359dc1335a11ee61b71ae2066b1a9d6d8bddac3928e966c1979e6327c4dda2d2cf9e341fe103119f2924ffe3b194581bfbd8b9236133a85d436c8690272348ca5c27f7e0b812a63aa2930d27e464a92d1ecd6bb91c0b6b3c8f2f38a6d140eb1c7c4d3e0494e7b6225d00fdfbd938debafb5cc7e76cf0418fb0b474009d6a72c3f19a840655cd47072149d15926f3aca66eb1a32d5d8df5aefa454409629c822ff9d0d4cbb5c41172dabaf7bf469afe4e748ef057d60d652b4d2171bd6fd865a93fc5aff4f763a81ee9915175da49cbe3656f5acd0e723abdf1e6d4d3a25e9f5b2db3d6484fe59fac468f86906c3fdc18cb53f2100ce3daf68825870ae8c205a4f5007c29a6abd95347e69f7c7763006b552e8836bf7c282d4133260ab80e62b051f7494bd5c203fd7c5f162c68ae65e2c659a5f9c873d601b9e5649fbd5bcfa2cda1b0eab21bdd4455ee1452301e5609154c2119dbaf3d582741eb95b999cfacbb50036bc7b40cc09c514efe62bb7de696920c4019942a51f27513f6130c5c0b1ceb839a290cf4b0881384513c2354c2455d6b59a0e1407490e82cbf14e9e38ae4e53a8227fbdc111e329aac549c612c1aa9200da478081c88016d826fd48b6d4d1422e60d47e7a9ab55aba949168f77a4129a6353f0cbcd147dab1465075b630093e3ca7209e1baa0aefe672193c27299e988fbeb2e49a65415009e2ff2fe82acc36b63fed24a99e9804fa589884d778f8c1e12b76f05fbb1c39c280ca4960ecb46ad59c06b80dfc734c3a64a3838fccd33aa55a24de1d06585edd76d72b1db01562334e48353cab9ea667f2b07efde0f60e57eb5bcd6072bcc65e2da75568ca6d6807c2aca11f4720a4756af57075b89678a2c542d75a35eff7813dc048e4c85cab1ed432a345375f159c48a6c2758e3d50fe4ced16a381c0fa4ac7484eeb0ea3c3e236c461ce3079d101123be1602584f9e568e92376b4156d86bed40b9de7a59adb4f45a9a661d85fd46ba4d8e87c915fc8ed64ed7975e1f564913bbd980112919ef319af8ed16e5d6d10712adca14a4c0415768b7dcffe5b76104a3c2bb436eb53dc0fca123614bd547392d4072119c1b417164fe97bb5b3ebf7eee318c3c3e801575608eef8d03397771d888fc7d2613bbcbfb2971c69c086605ea9365afa37bfa3a41fa275fec155a174a8a7c2ff3663017be79dcef41f44e4130ace4df8b898b298e0f1eeecb48dc45dbe1acbb2f0c3ff853f852279914006511075952d3b35fee582af203752be1c141e754a62bc479601a2bee38da911620590ef5f994bfc2ffac16bf263161d4cacb8e03fc0b551ad3a99e4424f233caabf26ad2535bbb650b9b53d3bd90553b276b264f708699c7491fab8cdc307b10531758aa724cb0259bcbfe5fabe371926d677e1ede7c83b9d1710e88d543a4ebbbeb9c92af4f26e83c337ad50e9a920bfe65d0dd65637b59b6c8182924cece441bc59a8e8734832889590eaaed670487d50d65d69fd6a2d305402da26d39179e7ecd3c888f60f086c5acb5ca1fc5032af9c75c2d4f379f662983e84e3d608b444d15cc37409b5765026258635d3fe67dd78ea73b70fd9d41fa2f8ac1e28af35581dce9adf26988cdab7833bf87eb3f5f399d0ed48cfd2856add0289077f14c9953721de8abc95fa8fdb4e5e5d89e59bd1e0f381e55df12747ed6b3418b8b133c"}}}}}, 0x0) 3.110253805s ago: executing program 7 (id=1071): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000000dc0)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x3205850, 0x0, 0xff, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) getdents64(r0, 0x0, 0x0) 3.102692338s ago: executing program 9 (id=1072): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000002040), 0x82401, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x48) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x1, 0x6, 0x4, 0x0, 0x7, 0x8, 0x652, 0x7, 0x8000009657, 0x1, 0x6, 0x0, 0x10, 0x800000000b, 0x80000000000000, 0xcc0, 0xffffffffffffffff, 0x1, 0x94d6, 0x10000000000001, 0x0, 0x809, 0x0, 0x7, 0x80003, 0xf64d}) 2.870260129s ago: executing program 9 (id=1073): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) sendto$inet(r0, 0x0, 0x0, 0x200047fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x134}, 0x1, 0x0, 0x0, 0x24040841}, 0x48009) 2.438295051s ago: executing program 1 (id=1076): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x490, 0x168, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3c0, 0xffffffff, 0xffffffff, 0x3c0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x148, 0x168, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x810001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x228, 0x258, 0x0, {}, [@common=@ipv6header={{0x28}, {0x20}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4f0) syz_emit_ethernet(0x46, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd61bbddf000103afffe80000000000000f96fd2c6b5250587fe8000000000000000000000000000aa2e0000706700000f8100907800030008"], 0x0) 2.3806195s ago: executing program 7 (id=1077): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feffe7d5b2a4f9810fc5c81195554c"], 0xc8) dup3(r1, r0, 0x0) 2.005563125s ago: executing program 1 (id=1079): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@FILEID_UDF_WITH_PARENT={0x14, 0x52, {{0x3, 0x6, 0x7, 0xa}, 0x10001, 0x9}}, 0x0, 0x0) 1.832600029s ago: executing program 7 (id=1081): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@uuid_null}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 1.800805904s ago: executing program 8 (id=1082): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$AUDIT_ADD_RULE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001840)=ANY=[], 0x420}, 0x1, 0x0, 0x0, 0x40100}, 0x8000) accept$ax25(r1, 0x0, 0x0) 1.765557458s ago: executing program 9 (id=1083): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c"], 0x7c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c46f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000066b60d00b0c2c1254f0963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a3000000005dc2ed0e0b29e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e582160ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d70c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d600234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0a0000000400000006000000ff00000042"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000080), 0x619, r0}, 0x38) 1.345454911s ago: executing program 37 (id=1081): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@uuid_null}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 1.340734708s ago: executing program 9 (id=1085): add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffb) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/profiling', 0x22042, 0x10) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0xbfd1, 0x0) 1.339135296s ago: executing program 1 (id=1086): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x52, r2, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}}, 0x0) 1.337988391s ago: executing program 2 (id=1087): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000180)={0x44, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x2}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x2c9}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x3}]}, 0x44}}, 0x0) 1.337613119s ago: executing program 8 (id=1088): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffd66, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000040a0101"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000001700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 1.220532227s ago: executing program 3 (id=1089): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x3fc, 0x3, 0x0, 0x7}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r0, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000d40)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x2, 0x1, 0x1}}, 0x80, 0x0}}], 0x2, 0x0) 1.161000369s ago: executing program 8 (id=1090): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$LINK_DETACH(0x22, 0x0, 0x0) 1.070284589s ago: executing program 2 (id=1091): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f00000000c0)={[{0x2b, 'io'}]}, 0x4) 1.025677965s ago: executing program 3 (id=1092): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, &(0x7f0000000680)={0x1, 0x2, 0x202, 0xfffd, 0xffffffffffffffff, 0x200000000000008, 0xfffffffffffffffd, 0x200, 0x10000000000008, 0x2c, 0x80000005, 0x2}) 837.088682ms ago: executing program 2 (id=1093): r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r2, 0x0) 751.485597ms ago: executing program 8 (id=1094): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c00000046000701fefffffffcdbdf25047c00000800018004"], 0x1c}}, 0xc000) 702.539344ms ago: executing program 1 (id=1095): syz_init_net_socket$x25(0x9, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000f00000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 691.78834ms ago: executing program 3 (id=1096): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x6, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000001000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x7e, &(0x7f00000000c0)=ANY=[], 0x0) 520.43471ms ago: executing program 2 (id=1097): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000100000001"], 0x18}, 0x0, 0x20040000}) io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 514.965041ms ago: executing program 8 (id=1098): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = dup2(r0, r0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000001c0)=0x2) read$FUSE(r1, &(0x7f00000063c0)={0x2020}, 0x2020) 375.481596ms ago: executing program 1 (id=1099): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000003a00)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x5, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x3}, 0x1c, &(0x7f0000001880)=[{&(0x7f0000001140)="53d9", 0x2}], 0x1, &(0x7f0000001940)=ANY=[@ANYBLOB="14000000000000002900000043000000070000000000000014000000000000002900000034000000000000000000000014000000000000002900000043000000530000000000000080"], 0xc8}}, {{&(0x7f0000001a40)={0xa, 0x4e24, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c, &(0x7f0000001ac0)=[{&(0x7f0000001a80)="bd", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1af3050000f2bd5b", 0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) 365.127112ms ago: executing program 9 (id=1100): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000005c0)={'filter\x00', 0x0, 0x0, 0x0, [0xffffffff, 0x3, 0x7fffffffffffffff, 0xfffffffffffffffa, 0xa43, 0x8000000000000001], 0x0, 0x0}, 0x78) 338.819241ms ago: executing program 3 (id=1101): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.net/cgroup.procs\x00', 0x0, 0x82) close(0x3) open_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="10000000020000000b"], 0x0) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) 285.750317ms ago: executing program 2 (id=1102): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) r0 = inotify_init1(0x80800) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1) inotify_add_watch(r0, &(0x7f0000000180)='./file0\x00', 0x10000000) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x60000000) 112.586915ms ago: executing program 8 (id=1103): r0 = eventfd2(0x0, 0x0) socket(0x2, 0x3, 0xff) io_setup(0x3ff, &(0x7f0000000500)=0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x2, 0x0, 0x7, 0x40, 0x4}, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, 0x200, r0, 0x0, 0x0, 0x4, 0x0, 0x1, r0}]) 36.673686ms ago: executing program 9 (id=1104): r0 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r2, 0x7}, 0x8) 843.976µs ago: executing program 1 (id=1105): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file0/file1\x00', &(0x7f0000000180)='system.posix_acl_default\x00', 0x0, 0x0, 0x2) 537.486µs ago: executing program 2 (id=1106): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbb0180c200000386dd"], 0x9e) 0s ago: executing program 3 (id=1107): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): 95][ T6714] Tainted: [L]=SOFTLOCKUP [ 158.211204][ T6714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 158.211218][ T6714] Call Trace: [ 158.211227][ T6714] [ 158.211237][ T6714] dump_stack_lvl+0xe8/0x150 [ 158.211273][ T6714] f2fs_handle_critical_error+0x37c/0x540 [ 158.211311][ T6714] f2fs_write_end_io+0xc1d/0xfd0 [ 158.211363][ T6714] __submit_merged_bio+0x256/0x650 [ 158.211399][ T6714] __submit_merged_write_cond+0x269/0x530 [ 158.211433][ T6714] f2fs_write_data_pages+0x2806/0x3360 [ 158.211502][ T6714] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 158.211550][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.211578][ T6714] ? css_rstat_updated+0x23a/0x530 [ 158.211648][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.211676][ T6714] ? rcu_is_watching+0x15/0xb0 [ 158.211705][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.211732][ T6714] ? __lock_acquire+0x6b5/0x2cf0 [ 158.211784][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.211812][ T6714] ? __lock_acquire+0x6b5/0x2cf0 [ 158.211857][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.211884][ T6714] ? do_raw_spin_lock+0x12b/0x2f0 [ 158.211919][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.211952][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.211979][ T6714] ? do_raw_spin_unlock+0xf5/0x210 [ 158.212009][ T6714] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 158.212042][ T6714] do_writepages+0x32e/0x550 [ 158.212078][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.212108][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.212140][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.212168][ T6714] ? do_raw_spin_unlock+0xf5/0x210 [ 158.212202][ T6714] filemap_fdatawrite+0x1e9/0x2f0 [ 158.212242][ T6714] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 158.212319][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.212352][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.212385][ T6714] ? do_raw_spin_unlock+0xf5/0x210 [ 158.212420][ T6714] f2fs_sync_dirty_inodes+0x30e/0x810 [ 158.212472][ T6714] f2fs_write_checkpoint+0x9c6/0x2490 [ 158.212507][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.212536][ T6714] ? stack_depot_save_flags+0x33/0x810 [ 158.212604][ T6714] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 158.212685][ T6714] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 158.212719][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.212747][ T6714] ? kfree+0x1be/0x650 [ 158.212795][ T6714] kill_f2fs_super+0x308/0x710 [ 158.212837][ T6714] ? __pfx_kill_f2fs_super+0x10/0x10 [ 158.212899][ T6714] deactivate_locked_super+0xbc/0x130 [ 158.212936][ T6714] cleanup_mnt+0x437/0x4d0 [ 158.212969][ T6714] ? _raw_spin_unlock_irq+0x23/0x50 [ 158.212999][ T6714] task_work_run+0x1d9/0x270 [ 158.213034][ T6714] ? __pfx_task_work_run+0x10/0x10 [ 158.213066][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.213105][ T6714] exit_to_user_mode_loop+0xed/0x480 [ 158.213140][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.213169][ T6714] ? rcu_is_watching+0x15/0xb0 [ 158.213197][ T6714] do_syscall_64+0x2b7/0xf80 [ 158.213224][ T6714] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.213248][ T6714] ? trace_irq_disable+0x37/0x100 [ 158.213280][ T6714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.213305][ T6714] RIP: 0033:0x7fe28619c117 [ 158.213327][ T6714] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 158.213365][ T6714] RSP: 002b:00007ffc107728b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 158.213390][ T6714] RAX: 0000000000000000 RBX: 00007fe28620471f RCX: 00007fe28619c117 [ 158.213406][ T6714] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc10772970 [ 158.213422][ T6714] RBP: 00007ffc10772970 R08: 00007ffc10773970 R09: 00000000ffffffff [ 158.213438][ T6714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc10773a00 [ 158.213453][ T6714] R13: 00007fe28620471f R14: 000000000002694f R15: 00007ffc10773a40 [ 158.213491][ T6714] [ 158.280168][ T7276] XFS (loop7): Quotacheck: Done. [ 158.356565][ T6714] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 158.502091][ T52] Bluetooth: hci2: command tx timeout [ 158.508999][ T6714] CPU: 0 UID: 0 PID: 6714 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 158.509034][ T6714] Tainted: [L]=SOFTLOCKUP [ 158.509043][ T6714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 158.509058][ T6714] Call Trace: [ 158.509068][ T6714] [ 158.509078][ T6714] dump_stack_lvl+0xe8/0x150 [ 158.509115][ T6714] f2fs_handle_critical_error+0x37c/0x540 [ 158.509156][ T6714] f2fs_write_end_io+0xc1d/0xfd0 [ 158.509212][ T6714] __submit_merged_bio+0x256/0x650 [ 158.509251][ T6714] __submit_merged_write_cond+0x269/0x530 [ 158.509290][ T6714] f2fs_write_data_pages+0x2806/0x3360 [ 158.509369][ T6714] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 158.509421][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509449][ T6714] ? css_rstat_updated+0x23a/0x530 [ 158.509517][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509544][ T6714] ? rcu_is_watching+0x15/0xb0 [ 158.509574][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509606][ T6714] ? __lock_acquire+0x6b5/0x2cf0 [ 158.509663][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509690][ T6714] ? __lock_acquire+0x6b5/0x2cf0 [ 158.509738][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509765][ T6714] ? do_raw_spin_lock+0x12b/0x2f0 [ 158.509802][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509835][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509862][ T6714] ? do_raw_spin_unlock+0xf5/0x210 [ 158.509892][ T6714] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 158.509927][ T6714] do_writepages+0x32e/0x550 [ 158.509966][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.509998][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.510031][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.510058][ T6714] ? do_raw_spin_unlock+0xf5/0x210 [ 158.510095][ T6714] filemap_fdatawrite+0x1e9/0x2f0 [ 158.510136][ T6714] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 158.510224][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.510255][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.510289][ T6714] ? do_raw_spin_unlock+0xf5/0x210 [ 158.510325][ T6714] f2fs_sync_dirty_inodes+0x30e/0x810 [ 158.510381][ T6714] f2fs_write_checkpoint+0x9c6/0x2490 [ 158.510415][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.510443][ T6714] ? stack_depot_save_flags+0x33/0x810 [ 158.510513][ T6714] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 158.510607][ T6714] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 158.510641][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.510668][ T6714] ? kfree+0x1be/0x650 [ 158.510719][ T6714] kill_f2fs_super+0x308/0x710 [ 158.510763][ T6714] ? __pfx_kill_f2fs_super+0x10/0x10 [ 158.510830][ T6714] deactivate_locked_super+0xbc/0x130 [ 158.510867][ T6714] cleanup_mnt+0x437/0x4d0 [ 158.510900][ T6714] ? _raw_spin_unlock_irq+0x23/0x50 [ 158.510930][ T6714] task_work_run+0x1d9/0x270 [ 158.510968][ T6714] ? __pfx_task_work_run+0x10/0x10 [ 158.511000][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.511041][ T6714] exit_to_user_mode_loop+0xed/0x480 [ 158.511076][ T6714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.511104][ T6714] ? rcu_is_watching+0x15/0xb0 [ 158.511133][ T6714] do_syscall_64+0x2b7/0xf80 [ 158.511160][ T6714] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.511184][ T6714] ? trace_irq_disable+0x37/0x100 [ 158.511217][ T6714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.511241][ T6714] RIP: 0033:0x7fe28619c117 [ 158.511263][ T6714] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 158.511284][ T6714] RSP: 002b:00007ffc107728b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 158.511310][ T6714] RAX: 0000000000000000 RBX: 00007fe28620471f RCX: 00007fe28619c117 [ 158.511327][ T6714] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc10772970 [ 158.511342][ T6714] RBP: 00007ffc10772970 R08: 00007ffc10773970 R09: 00000000ffffffff [ 158.511359][ T6714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc10773a00 [ 158.511375][ T6714] R13: 00007fe28620471f R14: 000000000002694f R15: 00007ffc10773a40 [ 158.511419][ T6714] [ 158.511429][ T6714] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 158.891980][ T7309] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8 [ 158.931890][ T6474] XFS (loop7): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 158.982503][ T5821] ocfs2: Unmounting device (7,2) on (node local) [ 159.396425][ T7313] loop1: detected capacity change from 0 to 1024 [ 159.516418][ T7313] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.746482][ T7320] loop7: detected capacity change from 0 to 512 [ 159.796451][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.826546][ T7324] loop2: detected capacity change from 0 to 256 [ 159.850015][ T7324] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 159.905361][ T7082] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.003382][ T7082] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.036325][ T7082] bond0 (unregistering): Released all slaves [ 160.451190][ T6986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.551907][ T52] Bluetooth: hci2: command tx timeout [ 160.824004][ T7269] chnl_net:caif_netlink_parms(): no params data found [ 160.990251][ T7082] hsr_slave_0: left promiscuous mode [ 161.035305][ T7082] hsr_slave_1: left promiscuous mode [ 161.056838][ T7082] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.074948][ T7082] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.096525][ T7082] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.128716][ T7082] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.198586][ T7328] loop1: detected capacity change from 0 to 40427 [ 161.218067][ T7082] veth1_macvtap: left promiscuous mode [ 161.231916][ T7082] veth0_macvtap: left promiscuous mode [ 161.243369][ T7328] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 161.253513][ T7082] veth1_vlan: left promiscuous mode [ 161.268386][ T7328] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 161.273114][ T7082] veth0_vlan: left promiscuous mode [ 161.306266][ T7328] F2FS-fs (loop1): invalid crc value [ 161.615840][ T7344] loop8: detected capacity change from 0 to 32768 [ 161.623205][ T7328] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 161.667419][ T7344] JBD2: Ignoring recovery information on journal [ 161.674528][ T7328] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 161.694976][ T7328] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 161.796610][ T7328] syz.1.372: attempt to access beyond end of device [ 161.796610][ T7328] loop1: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 161.844881][ T7344] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 161.864012][ T7328] syz.1.372: attempt to access beyond end of device [ 161.864012][ T7328] loop1: rw=8423424, sector=53248, nr_sectors = 8 limit=40427 [ 162.024000][ T5825] syz-executor: attempt to access beyond end of device [ 162.024000][ T5825] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 162.071929][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 162.071964][ T5825] Tainted: [L]=SOFTLOCKUP [ 162.071973][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 162.071985][ T5825] Call Trace: [ 162.071995][ T5825] [ 162.072004][ T5825] dump_stack_lvl+0xe8/0x150 [ 162.072038][ T5825] f2fs_handle_critical_error+0x37c/0x540 [ 162.072073][ T5825] f2fs_write_end_io+0xc1d/0xfd0 [ 162.072118][ T5825] __submit_merged_bio+0x256/0x650 [ 162.072153][ T5825] __submit_merged_write_cond+0x269/0x530 [ 162.072189][ T5825] f2fs_write_data_pages+0x2806/0x3360 [ 162.072256][ T5825] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 162.072303][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072331][ T5825] ? css_rstat_updated+0x23a/0x530 [ 162.072420][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072446][ T5825] ? rcu_is_watching+0x15/0xb0 [ 162.072471][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072499][ T5825] ? mod_memcg_lruvec_state+0x1b8/0x320 [ 162.072533][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072560][ T5825] ? lru_gen_update_size+0x7c9/0xd10 [ 162.072605][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072631][ T5825] ? __lock_acquire+0x6b5/0x2cf0 [ 162.072692][ T5825] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 162.072725][ T5825] do_writepages+0x32e/0x550 [ 162.072761][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072791][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072823][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.072850][ T5825] ? do_raw_spin_unlock+0xf5/0x210 [ 162.072884][ T5825] filemap_fdatawrite+0x1e9/0x2f0 [ 162.072924][ T5825] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 162.072999][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.073029][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.073061][ T5825] ? do_raw_spin_unlock+0xf5/0x210 [ 162.073093][ T5825] f2fs_sync_dirty_inodes+0x30e/0x810 [ 162.073143][ T5825] f2fs_write_checkpoint+0x9c6/0x2490 [ 162.073208][ T5825] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 162.073237][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.073324][ T5825] kill_f2fs_super+0x308/0x710 [ 162.073387][ T5825] ? __pfx_kill_f2fs_super+0x10/0x10 [ 162.073446][ T5825] deactivate_locked_super+0xbc/0x130 [ 162.073480][ T5825] cleanup_mnt+0x437/0x4d0 [ 162.073513][ T5825] ? _raw_spin_unlock_irq+0x23/0x50 [ 162.073542][ T5825] task_work_run+0x1d9/0x270 [ 162.073576][ T5825] ? __pfx_task_work_run+0x10/0x10 [ 162.073607][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.073645][ T5825] exit_to_user_mode_loop+0xed/0x480 [ 162.073679][ T5825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.073705][ T5825] ? rcu_is_watching+0x15/0xb0 [ 162.073733][ T5825] do_syscall_64+0x2b7/0xf80 [ 162.073758][ T5825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.073781][ T5825] ? trace_irq_disable+0x37/0x100 [ 162.073811][ T5825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.073835][ T5825] RIP: 0033:0x7f9efdf9c117 [ 162.073856][ T5825] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 162.073876][ T5825] RSP: 002b:00007ffd62b095e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 162.073901][ T5825] RAX: 0000000000000000 RBX: 00007f9efe00471f RCX: 00007f9efdf9c117 [ 162.073917][ T5825] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd62b096a0 [ 162.073932][ T5825] RBP: 00007ffd62b096a0 R08: 00007ffd62b0a6a0 R09: 00000000ffffffff [ 162.073949][ T5825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd62b0a730 [ 162.073964][ T5825] R13: 00007f9efe00471f R14: 000000000002788a R15: 00007ffd62b0a770 [ 162.074001][ T5825] [ 162.074010][ T5825] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 162.109774][ T7344] syz.8.377 (7344) used greatest stack depth: 18040 bytes left [ 162.533900][ T6714] ocfs2: Unmounting device (7,8) on (node local) [ 162.641746][ T52] Bluetooth: hci2: command tx timeout [ 163.164896][ T7390] loop1: detected capacity change from 0 to 128 [ 163.213763][ T7390] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 163.254507][ T7390] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.402772][ T5825] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 163.661731][ T5918] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 163.707651][ C1] hrtimer: interrupt took 16920 ns [ 163.749977][ T7082] team0 (unregistering): Port device team_slave_1 removed [ 163.830714][ T7082] team0 (unregistering): Port device team_slave_0 removed [ 163.851884][ T5918] usb 9-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x43, changing to 0x3 [ 163.886830][ T5918] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x3 has invalid maxpacket 65, setting to 64 [ 163.897727][ T5918] usb 9-1: config 0 interface 0 has no altsetting 0 [ 163.916364][ T5918] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 163.931879][ T5918] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 163.957978][ T5918] usb 9-1: Product: syz [ 163.971728][ T5918] usb 9-1: Manufacturer: syz [ 163.976513][ T5918] usb 9-1: SerialNumber: syz [ 164.000532][ T5918] usb 9-1: config 0 descriptor?? [ 164.018162][ T7397] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 164.039408][ T5918] usb 9-1: selecting invalid altsetting 0 [ 164.308619][ T7397] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 164.352229][ T7397] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 164.384064][ T7397] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 164.412986][ T7397] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled [ 164.413807][ T5944] usb 9-1: USB disconnect, device number 2 [ 164.714159][ T52] Bluetooth: hci2: command tx timeout [ 165.084663][ T7417] loop2: detected capacity change from 0 to 32768 [ 165.113785][ T7417] (syz.2.398,7417,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 165.132514][ T7417] (syz.2.398,7417,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 165.216063][ T7417] JBD2: Ignoring recovery information on journal [ 165.239242][ T7269] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.298963][ T7269] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.306955][ T7269] bridge_slave_0: entered allmulticast mode [ 165.315799][ T7269] bridge_slave_0: entered promiscuous mode [ 165.351468][ T7417] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 165.386747][ T7269] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.402410][ T7269] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.409815][ T7269] bridge_slave_1: entered allmulticast mode [ 165.427778][ T7431] loop1: detected capacity change from 0 to 1024 [ 165.444721][ T7269] bridge_slave_1: entered promiscuous mode [ 165.619089][ T7269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.636794][ T7431] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.705700][ T7269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.776094][ T7437] loop7: detected capacity change from 0 to 1024 [ 165.842763][ T7438] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 165.897968][ T7437] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.962994][ T7438] EXT4-fs (loop1): Remounting filesystem read-only [ 166.024932][ T5821] ocfs2: Unmounting device (7,2) on (node local) [ 166.051062][ T7437] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000. [ 166.064322][ T7269] team0: Port device team_slave_0 added [ 166.135679][ T7444] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000. [ 166.170921][ T7269] team0: Port device team_slave_1 added [ 166.271817][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.411290][ T6474] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.420515][ T7269] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.448035][ T7269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 166.484528][ T52] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 166.493598][ T52] Bluetooth: hci1: Injecting HCI hardware error event [ 166.502798][ T52] Bluetooth: hci1: hardware error 0x00 [ 166.511755][ T7269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.578838][ T6986] veth0_vlan: entered promiscuous mode [ 166.593278][ T7269] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.600340][ T7269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 166.626551][ T7269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.709614][ T6986] veth1_vlan: entered promiscuous mode [ 166.824226][ T7269] hsr_slave_0: entered promiscuous mode [ 166.846737][ T7269] hsr_slave_1: entered promiscuous mode [ 166.866654][ T7269] debugfs: 'hsr0' already exists in 'hsr' [ 166.878682][ T7463] loop1: detected capacity change from 0 to 1024 [ 166.885424][ T7269] Cannot create hsr debugfs directory [ 166.981995][ T7463] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.728684][ T7467] loop7: detected capacity change from 0 to 32768 [ 167.767442][ T7467] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 167.808182][ T6986] veth0_macvtap: entered promiscuous mode [ 167.825280][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.876865][ T7461] loop2: detected capacity change from 0 to 131072 [ 167.888152][ T7461] F2FS-fs (loop2): Test dummy encryption mode enabled [ 167.899470][ T7461] F2FS-fs (loop2): invalid crc value [ 168.035481][ T7461] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 168.060626][ T7461] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 168.063568][ T7467] XFS (loop7): Ending clean mount [ 168.145520][ T7461] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2" [ 168.147314][ T6986] veth1_macvtap: entered promiscuous mode [ 168.159425][ T7467] XFS (loop7): Quotacheck needed: Please wait. [ 168.301114][ T7467] XFS (loop7): Quotacheck: Done. [ 168.538669][ T6474] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 168.619228][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 168.642286][ T52] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 168.667050][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.743789][ T7495] loop1: detected capacity change from 0 to 4096 [ 168.772332][ T7495] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 168.827789][ T1001] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.867241][ T3470] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.956194][ T7495] ntfs3(loop1): ino=0, attr_set_size [ 169.004236][ T7498] ntfs3(loop1): ino=0, attr_set_size [ 169.038835][ T7495] ntfs3(loop1): ino=0, attr_set_size [ 169.105207][ T7498] ntfs3(loop1): no free space to extend mft [ 169.194575][ T37] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.214824][ T37] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.440646][ T7502] macvlan0: entered allmulticast mode [ 169.447585][ T7502] veth1_vlan: entered allmulticast mode [ 169.470123][ T7503] veth1_vlan: left allmulticast mode [ 169.600864][ T7503] macvlan0 (unregistering): left allmulticast mode [ 170.069392][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.105458][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.210798][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.233706][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.419307][ T7523] loop1: detected capacity change from 0 to 32768 [ 170.634282][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.678045][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.718889][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.762701][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.762749][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.762775][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.762801][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.762827][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.762853][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.762878][ T30] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 170.791565][ T30] hid-generic 00A0:0006:0003.0003: hidraw0: HID v0.05 Device [syz1] on syz0 [ 170.845725][ T7269] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 170.880743][ T7534] sctp: [Deprecated]: syz.9.283 (pid 7534) Use of int in max_burst socket option deprecated. [ 170.880743][ T7534] Use struct sctp_assoc_value instead [ 170.910941][ T9] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 171.093892][ T7269] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 171.118720][ T9] usb 9-1: config 0 has an invalid interface number: 212 but max is 0 [ 171.143370][ T9] usb 9-1: config 0 has no interface number 0 [ 171.196263][ T7269] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 171.211764][ T9] usb 9-1: config 0 interface 212 has no altsetting 0 [ 171.238836][ T9] usb 9-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=ca.e6 [ 171.287434][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.299257][ T7269] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 171.333809][ T9] usb 9-1: Product: syz [ 171.346025][ T9] usb 9-1: Manufacturer: syz [ 171.370785][ T9] usb 9-1: SerialNumber: syz [ 171.387260][ T9] usb 9-1: config 0 descriptor?? [ 171.425029][ T9] HFC-S_USB 9-1:0.212: probe with driver HFC-S_USB failed with error -5 [ 171.623668][ T5944] usb 9-1: USB disconnect, device number 3 [ 171.939878][ T7269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.069545][ T7269] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.225828][ T7082] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.233033][ T7082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.235706][ T7572] input: syz1 as /devices/virtual/input/input9 [ 172.338146][ T7082] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.345352][ T7082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.617089][ T7269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.898328][ T7598] loop7: detected capacity change from 0 to 512 [ 172.934673][ T7599] loop8: detected capacity change from 0 to 512 [ 172.979331][ T7598] EXT4-fs: Ignoring removed bh option [ 173.013073][ T7599] msdos: Unknown parameter 'ts' [ 173.081762][ T7598] EXT4-fs: Ignoring removed mblk_io_submit option [ 173.171266][ T7598] EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 173.242290][ T7598] EXT4-fs (loop7): revision level too high, forcing read-only mode [ 173.286080][ T7598] EXT4-fs (loop7): orphan cleanup on readonly fs [ 173.334793][ T7598] Quota error (device loop7): do_insert_tree: Free block already used in tree: block 4 [ 173.358194][ T7598] Quota error (device loop7): qtree_write_dquot: Error -5 occurred while creating quota [ 173.389085][ T7599] loop8: detected capacity change from 0 to 8192 [ 173.411186][ T7598] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.439: Failed to acquire dquot type 1 [ 173.449055][ T7598] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.439: Invalid block bitmap block 0 in block_group 0 [ 173.508205][ T7598] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.439: Invalid block bitmap block 0 in block_group 0 [ 173.594326][ T7613] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 173.606669][ T7269] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.633867][ T7613] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 173.643764][ T7598] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.439: Invalid block bitmap block 0 in block_group 0 [ 173.720586][ T7598] Quota error (device loop7): write_blk: dquota write failed [ 173.757949][ T7617] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 173.770061][ T7598] Quota error (device loop7): qtree_write_dquot: Error -28 occurred while creating quota [ 173.801925][ T7598] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.439: Failed to acquire dquot type 1 [ 173.870099][ T7598] Quota error (device loop7): write_blk: dquota write failed [ 173.895106][ T7269] veth0_vlan: entered promiscuous mode [ 173.944238][ T7269] veth1_vlan: entered promiscuous mode [ 173.971924][ T7598] Quota error (device loop7): qtree_write_dquot: Error -28 occurred while creating quota [ 174.061813][ T7598] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.439: Failed to acquire dquot type 1 [ 174.085947][ T7269] veth0_macvtap: entered promiscuous mode [ 174.146801][ T7598] EXT4-fs (loop7): 1 orphan inode deleted [ 174.181088][ T7269] veth1_macvtap: entered promiscuous mode [ 174.195729][ T7598] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 174.283139][ T7269] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.448649][ T6474] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.102409][ T7269] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.215522][ T7622] loop9: detected capacity change from 0 to 40427 [ 175.238555][ T6818] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.300779][ T7622] F2FS-fs (loop9): invalid crc value [ 175.472692][ T6818] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.521694][ T6818] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.621086][ T6818] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.656149][ T7622] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 175.691856][ T7622] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 175.838227][ T7655] loop8: detected capacity change from 0 to 2048 [ 175.897302][ T7655] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.091996][ T6986] syz-executor: attempt to access beyond end of device [ 176.091996][ T6986] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 176.132254][ T6986] CPU: 0 UID: 0 PID: 6986 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 176.132293][ T6986] Tainted: [L]=SOFTLOCKUP [ 176.132302][ T6986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 176.132316][ T6986] Call Trace: [ 176.132326][ T6986] [ 176.132335][ T6986] dump_stack_lvl+0xe8/0x150 [ 176.132372][ T6986] f2fs_handle_critical_error+0x37c/0x540 [ 176.132410][ T6986] f2fs_write_end_io+0xc1d/0xfd0 [ 176.132461][ T6986] __submit_merged_bio+0x256/0x650 [ 176.132496][ T6986] __submit_merged_write_cond+0x269/0x530 [ 176.132531][ T6986] f2fs_write_data_pages+0x2806/0x3360 [ 176.132599][ T6986] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 176.132652][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.132680][ T6986] ? css_rstat_updated+0x23a/0x530 [ 176.132738][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.132766][ T6986] ? rcu_is_watching+0x15/0xb0 [ 176.132794][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.132821][ T6986] ? __lock_acquire+0x6b5/0x2cf0 [ 176.132872][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.132899][ T6986] ? __lock_acquire+0x6b5/0x2cf0 [ 176.132942][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.132969][ T6986] ? do_raw_spin_lock+0x12b/0x2f0 [ 176.133004][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133035][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133062][ T6986] ? do_raw_spin_unlock+0xf5/0x210 [ 176.133091][ T6986] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 176.133123][ T6986] do_writepages+0x32e/0x550 [ 176.133160][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133190][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133221][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133252][ T6986] ? do_raw_spin_unlock+0xf5/0x210 [ 176.133286][ T6986] filemap_fdatawrite+0x1e9/0x2f0 [ 176.133325][ T6986] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 176.133417][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133448][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133480][ T6986] ? do_raw_spin_unlock+0xf5/0x210 [ 176.133514][ T6986] f2fs_sync_dirty_inodes+0x30e/0x810 [ 176.133565][ T6986] f2fs_write_checkpoint+0x9c6/0x2490 [ 176.133598][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133630][ T6986] ? stack_depot_save_flags+0x33/0x810 [ 176.133691][ T6986] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 176.133768][ T6986] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 176.133802][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.133829][ T6986] ? kfree+0x1be/0x650 [ 176.133874][ T6986] kill_f2fs_super+0x308/0x710 [ 176.133915][ T6986] ? __pfx_kill_f2fs_super+0x10/0x10 [ 176.133975][ T6986] deactivate_locked_super+0xbc/0x130 [ 176.134010][ T6986] cleanup_mnt+0x437/0x4d0 [ 176.134042][ T6986] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.134070][ T6986] task_work_run+0x1d9/0x270 [ 176.134105][ T6986] ? __pfx_task_work_run+0x10/0x10 [ 176.134135][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.134174][ T6986] exit_to_user_mode_loop+0xed/0x480 [ 176.134208][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 176.134234][ T6986] ? rcu_is_watching+0x15/0xb0 [ 176.134262][ T6986] do_syscall_64+0x2b7/0xf80 [ 176.134288][ T6986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.134311][ T6986] ? trace_irq_disable+0x37/0x100 [ 176.134342][ T6986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.134365][ T6986] RIP: 0033:0x7f5be0d9c117 [ 176.134386][ T6986] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 176.134405][ T6986] RSP: 002b:00007ffe805962f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 176.134430][ T6986] RAX: 0000000000000000 RBX: 00007f5be0e0471f RCX: 00007f5be0d9c117 [ 176.134446][ T6986] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe805963b0 [ 176.134461][ T6986] RBP: 00007ffe805963b0 R08: 00007ffe805973b0 R09: 00000000ffffffff [ 176.134478][ T6986] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe80597440 [ 176.134493][ T6986] R13: 00007f5be0e0471f R14: 000000000002af3a R15: 00007ffe80597480 [ 176.134530][ T6986] [ 176.136843][ T6986] F2FS-fs (loop9): Stopped filesystem due to reason: 3 [ 176.292356][ T6818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.564682][ T6818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.941077][ T7702] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.998994][ T7702] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.625111][ T7711] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 177.675497][ T7715] netlink: 'syz.7.461': attribute type 1 has an invalid length. [ 177.711719][ T7715] netlink: 136 bytes leftover after parsing attributes in process `syz.7.461'. [ 177.754009][ T7715] netlink: 'syz.7.461': attribute type 1 has an invalid length. [ 177.792861][ T7715] netlink: 12 bytes leftover after parsing attributes in process `syz.7.461'. [ 178.182837][ T7724] loop3: detected capacity change from 0 to 64 [ 178.242053][ T7693] loop8: detected capacity change from 0 to 32768 [ 178.289248][ T7693] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.459 (7693) [ 178.422162][ T7693] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 178.481773][ T7693] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm [ 178.790712][ T7749] loop1: detected capacity change from 0 to 512 [ 178.808984][ T7693] BTRFS info (device loop8): enabling ssd optimizations [ 178.832530][ T7749] EXT4-fs (loop1): Test dummy encryption mode enabled [ 178.839345][ T7749] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 178.861168][ T7693] BTRFS info (device loop8): turning on flush-on-commit [ 178.900667][ T7693] BTRFS info (device loop8): enabling free space tree [ 178.926574][ T7749] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.469: bad orphan inode 131083 [ 178.937048][ T7693] BTRFS info (device loop8): enabling auto defrag [ 178.963255][ T7693] BTRFS info (device loop8): use lzo compression, level 1 [ 179.025328][ T7749] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.038560][ T7693] BTRFS info (device loop8): max_inline set to 4096 [ 179.132564][ T7749] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 179.345439][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.376653][ T7767] loop3: detected capacity change from 0 to 256 [ 179.403949][ T7767] exfat: Deprecated parameter 'namecase' [ 179.562435][ T6714] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 179.587097][ T7767] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5cb490d, utbl_chksum : 0xe619d30d) [ 180.478029][ T7770] loop9: detected capacity change from 0 to 32768 [ 180.519939][ T7770] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 180.675460][ T7770] XFS (loop9): Ending clean mount [ 181.095664][ T6986] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 181.450924][ T7818] loop1: detected capacity change from 0 to 8192 [ 181.656742][ T7831] input: syz1 as /devices/virtual/input/input10 [ 181.774591][ T7824] loop2: detected capacity change from 0 to 65536 [ 181.848612][ T7824] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 181.857778][ T7824] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 181.986793][ T7824] XFS (loop2): Ending clean mount [ 182.029141][ T7824] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 [ 182.042114][ T7824] XFS (loop2): Unmount and run xfs_repair [ 182.047843][ T7824] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 182.055375][ T7824] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 182.064293][ T7824] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10 ................ [ 182.073398][ T7824] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 182.082523][ T7824] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03 .....J.......... [ 182.091384][ T7824] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00 ...9..?......... [ 182.100851][ T7824] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00 ...........?.... [ 182.109770][ T7824] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 182.118714][ T7824] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 182.128934][ T7824] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x6 len 2 error 74 [ 182.141421][ T7824] XFS (loop2): page discard on page ffffea0001adc800, inode 0x26, pos 66560. [ 182.162556][ T7824] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 [ 182.173649][ T7824] XFS (loop2): Unmount and run xfs_repair [ 182.179379][ T7824] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 182.187434][ T7824] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 182.197853][ T7824] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10 ................ [ 182.206769][ T7824] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 182.215716][ T7824] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03 .....J.......... [ 182.224614][ T7824] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00 ...9..?......... [ 182.235856][ T7824] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00 ...........?.... [ 182.244786][ T7824] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 182.254280][ T7824] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 182.263829][ T7824] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x6 len 2 error 74 [ 182.275243][ T7824] XFS (loop2): page discard on page ffffea0001adca00, inode 0x26, pos 98304. [ 182.287225][ T7824] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 [ 182.298287][ T7824] XFS (loop2): Unmount and run xfs_repair [ 182.304078][ T7824] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 182.311455][ T7824] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 182.320391][ T7824] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10 ................ [ 182.329295][ T7824] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 182.340825][ T7824] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03 .....J.......... [ 182.349759][ T7824] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00 ...9..?......... [ 182.358757][ T7824] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00 ...........?.... [ 182.367670][ T7824] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 182.376557][ T7824] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 182.385522][ T7824] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x6 len 2 error 74 [ 182.397079][ T7824] XFS (loop2): page discard on page ffffea0001fd3d00, inode 0x26, pos 131072. [ 182.611110][ T5821] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 182.680456][ T5821] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair. [ 182.741222][ T7851] loop3: detected capacity change from 0 to 32768 [ 182.753464][ T7851] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.497 (7851) [ 182.770272][ T7851] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 182.780750][ T7851] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 182.789353][ T7851] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 182.997115][ T7851] BTRFS info (device loop3): rebuilding free space tree [ 183.082192][ T7851] BTRFS info (device loop3): disabling free space tree [ 183.089116][ T7851] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 183.098967][ T7851] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 183.132773][ T7851] BTRFS info (device loop3): setting nodatasum [ 183.138968][ T7851] BTRFS info (device loop3): setting nodatacow [ 183.145265][ T7851] BTRFS info (device loop3): enabling ssd optimizations [ 183.152880][ T7851] BTRFS info (device loop3): using spread ssd allocation scheme [ 183.161818][ T7851] BTRFS info (device loop3): turning on async discard [ 183.168609][ T7851] BTRFS info (device loop3): enabling disk space caching [ 183.175712][ T7851] BTRFS info (device loop3): force clearing of disk cache [ 183.276733][ T7883] loop2: detected capacity change from 0 to 128 [ 183.322851][ T7883] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 183.424124][ T7269] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 184.817277][ T5933] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 184.920633][ T7884] loop1: detected capacity change from 0 to 32768 [ 184.966289][ T7884] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.501 (7884) [ 185.017202][ T5933] usb 10-1: config 0 has an invalid interface number: 168 but max is 0 [ 185.038666][ T5933] usb 10-1: config 0 has no interface number 0 [ 185.064755][ T5933] usb 10-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06 [ 185.106511][ T7884] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 185.107984][ T5933] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.146390][ T7884] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 185.186712][ T5933] usb 10-1: config 0 descriptor?? [ 185.434205][ T791] kernel read not supported for file /input/mouse0 (pid: 791 comm: kworker/0:2) [ 185.474726][ T7884] BTRFS info (device loop1): turning off barriers [ 185.481270][ T7884] BTRFS info (device loop1): enabling free space tree [ 185.545567][ T7884] BTRFS info (device loop1): use zstd compression, level 3 [ 185.559660][ T5933] usb 10-1: string descriptor 0 read error: -71 [ 185.583633][ T5933] usb-storage 10-1:0.168: USB Mass Storage device detected [ 185.638850][ T5933] usb-storage 10-1:0.168: Quirks match for vid 05ab pid 0060: 2 [ 185.841901][ T5933] usb 10-1: USB disconnect, device number 2 [ 186.913955][ T7970] loop3: detected capacity change from 0 to 512 [ 187.087241][ T7970] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.153084][ T5825] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 187.157402][ T7970] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.189324][ T7978] netlink: 4 bytes leftover after parsing attributes in process `syz.9.522'. [ 187.476100][ T7958] loop8: detected capacity change from 0 to 32768 [ 187.511541][ T7269] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.572761][ T7958] (syz.8.517,7958,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 187.628508][ T7958] (syz.8.517,7958,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 187.745517][ T7958] JBD2: Ignoring recovery information on journal [ 187.772037][ T30] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 187.895388][ T7958] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 187.995597][ T30] usb 3-1: Using ep0 maxpacket: 32 [ 188.061865][ T30] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 188.075484][ T30] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.138884][ T30] usb 3-1: config 0 descriptor?? [ 188.368153][ T30] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 188.423759][ T30] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 188.474908][ T30] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 188.511938][ T30] usb 3-1: media controller created [ 188.580426][ T30] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 188.687507][ T6714] ocfs2: Unmounting device (7,8) on (node local) [ 189.353141][ T30] az6027: usb out operation failed. (-71) [ 189.359234][ T30] stb0899_attach: Driver disabled by Kconfig [ 189.383739][ T30] az6027: no front-end attached [ 189.383739][ T30] [ 189.404353][ T30] az6027: usb out operation failed. (-71) [ 189.440472][ T976] kernel read not supported for file /video7 (pid: 976 comm: kworker/1:2) [ 189.449446][ T30] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 189.474239][ T30] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input11 [ 189.545969][ T30] dvb-usb: schedule remote query interval to 400 msecs. [ 189.588757][ T30] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 189.649308][ T30] usb 3-1: USB disconnect, device number 6 [ 189.950600][ T30] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 190.221986][ T24] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 190.402089][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 190.424705][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 190.476936][ T24] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 190.496369][ T24] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 190.521742][ T24] usb 2-1: Product: syz [ 190.529208][ T24] usb 2-1: Manufacturer: syz [ 190.544403][ T24] usb 2-1: SerialNumber: syz [ 190.570521][ T24] usb 2-1: config 0 descriptor?? [ 190.582500][ T8060] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 190.781733][ T5933] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 190.886713][ T8088] loop9: detected capacity change from 0 to 1024 [ 190.961486][ T5933] usb 9-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 190.995486][ T5933] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.023320][ T5933] usb 9-1: Product: syz [ 191.038582][ T5933] usb 9-1: Manufacturer: syz [ 191.061889][ T5933] usb 9-1: SerialNumber: syz [ 191.097776][ T5933] usb 9-1: config 0 descriptor?? [ 191.146300][ T5933] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 191.253659][ T50] hfsplus: b-tree write err: -5, ino 4 [ 191.363729][ T8070] loop7: detected capacity change from 0 to 32768 [ 191.397982][ T8070] (syz.7.546,8070,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 191.477736][ T8070] (syz.7.546,8070,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 191.547898][ T8070] JBD2: Ignoring recovery information on journal [ 191.690027][ T8070] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 191.711806][ T24] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 191.763219][ T8077] loop3: detected capacity change from 0 to 32768 [ 191.872771][ T24] usb 10-1: Using ep0 maxpacket: 8 [ 191.913342][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 191.923921][ T24] usb 10-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 191.946389][ T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.978186][ T24] usb 10-1: Product: syz [ 192.002015][ T24] usb 10-1: Manufacturer: syz [ 192.029021][ T24] usb 10-1: SerialNumber: syz [ 192.069893][ T24] usb 10-1: config 0 descriptor?? [ 192.112441][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 192.117467][ T24] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 192.120907][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.147975][ T9] usb 3-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 192.153604][ T6474] ocfs2: Unmounting device (7,7) on (node local) [ 192.171745][ T5933] gspca_sunplus: reg_r err -71 [ 192.176588][ T5933] sunplus 9-1:0.0: probe with driver sunplus failed with error -71 [ 192.209165][ T5933] usb 9-1: USB disconnect, device number 4 [ 192.225145][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 192.252728][ T9] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 192.296410][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.359653][ T9] usb 3-1: config 0 descriptor?? [ 192.578021][ T8115] loop3: detected capacity change from 0 to 128 [ 192.627046][ T8115] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 192.690221][ T8115] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.808416][ T9] hid-thrustmaster 0003:044F:B65D.0004: unbalanced collection at end of report description [ 192.845584][ T9] hid-thrustmaster 0003:044F:B65D.0004: parse failed with error -22 [ 192.856207][ T9] hid-thrustmaster 0003:044F:B65D.0004: probe with driver hid-thrustmaster failed with error -22 [ 193.009493][ T9] usb 2-1: USB disconnect, device number 5 [ 193.078574][ T5898] usb 3-1: USB disconnect, device number 7 [ 193.140291][ T24] gspca_sonixj: reg_w err -71 [ 193.153136][ T24] sonixj 10-1:0.0: probe with driver sonixj failed with error -71 [ 193.209694][ T24] usb 10-1: USB disconnect, device number 3 [ 193.314765][ T7269] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 193.519741][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.526351][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.662964][ T8130] loop1: detected capacity change from 0 to 32768 [ 193.726323][ T8130] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 193.734601][ T8130] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 193.885100][ T8130] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 193.894926][ T5933] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 193.916623][ T5933] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 194.267598][ T5933] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 350ms [ 194.294672][ T5933] gfs2: fsid=syz:syz.0: jid=0: Done [ 194.314096][ T8130] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 194.770279][ T8170] loop8: detected capacity change from 0 to 512 [ 194.805658][ T8170] EXT4-fs: Ignoring removed nobh option [ 194.828666][ T8170] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 194.922088][ T8170] EXT4-fs (loop8): 1 truncate cleaned up [ 194.930596][ T8170] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.168136][ T6714] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.224030][ T8177] vxcan1: entered allmulticast mode [ 195.292523][ T8177] vxcan1: left allmulticast mode [ 195.619260][ T8165] loop9: detected capacity change from 0 to 32768 [ 195.653798][ T8165] (syz.9.572,8165,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 195.727234][ T8165] (syz.9.572,8165,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 195.829867][ T8165] JBD2: Ignoring recovery information on journal [ 195.923638][ T8169] loop2: detected capacity change from 0 to 32768 [ 195.938448][ T8169] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.573 (8169) [ 195.952549][ T8195] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 196.038949][ T8169] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 196.062038][ T8169] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 196.105727][ T8165] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 196.241962][ T5933] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 196.297761][ T8169] BTRFS info (device loop2): rebuilding free space tree [ 196.388925][ T8169] BTRFS info (device loop2): disabling free space tree [ 196.409393][ T5933] usb 9-1: Using ep0 maxpacket: 16 [ 196.422279][ T5933] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 196.431241][ T8169] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 196.454323][ T5933] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 196.497798][ T8169] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 196.514264][ T5933] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 196.550480][ T5933] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.559236][ T8169] BTRFS info (device loop2): turning off barriers [ 196.581390][ T8169] BTRFS info (device loop2): force clearing of disk cache [ 196.598239][ T5933] usb 9-1: Product: syz [ 196.611696][ T5933] usb 9-1: Manufacturer: syz [ 196.618681][ T5933] usb 9-1: SerialNumber: syz [ 196.624715][ T6986] ocfs2: Unmounting device (7,9) on (node local) [ 196.695286][ T5933] usb 9-1: config 0 descriptor?? [ 196.772317][ T5933] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 196.808903][ T5933] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 196.836071][ T5821] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 196.960544][ T8186] loop3: detected capacity change from 0 to 32768 [ 197.138483][ T8186] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 197.338353][ T8186] XFS (loop3): Ending clean mount [ 197.382498][ T5933] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 197.424450][ T5933] em28xx 9-1:0.0: Config register raw data: 0x41 [ 197.435131][ T8186] XFS (loop3): Quotacheck needed: Please wait. [ 197.592245][ T8186] XFS (loop3): Quotacheck: Done. [ 197.650293][ T5898] usb 9-1: USB disconnect, device number 5 [ 197.814655][ T8256] loop7: detected capacity change from 0 to 128 [ 197.837507][ T5898] em28xx 9-1:0.0: Disconnecting em28xx [ 197.877310][ T5898] em28xx 9-1:0.0: Freeing device [ 197.940172][ T8256] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 197.996522][ T7269] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 198.099336][ T8256] ext4 filesystem being mounted at /58/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 198.543731][ T6474] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 198.643762][ T5898] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 198.859141][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 198.888027][ T5898] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 198.951668][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.990381][ T5898] usb 3-1: config 0 descriptor?? [ 199.026979][ T8268] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 199.610811][ T5898] elan 0003:04F3:0755.0005: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0 [ 199.761292][ T8302] loop8: detected capacity change from 0 to 128 [ 199.804065][ T5898] usb 3-1: USB disconnect, device number 8 [ 199.837199][ T8302] vfat: Unknown parameter 'uni_xlat0BqHDUe' [ 200.012036][ T8283] loop3: detected capacity change from 0 to 131072 [ 200.020845][ T8283] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 200.029136][ T8283] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 200.038421][ T8283] F2FS-fs (loop3): invalid crc value [ 200.123092][ T8283] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 200.135292][ T8303] fido_id[8303]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 200.166128][ T8283] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 200.173495][ T8283] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 200.242177][ T8311] loop7: detected capacity change from 0 to 512 [ 200.252757][ T31] audit: type=1800 audit(1770271487.885:64): pid=8283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.594" name="file2" dev="loop3" ino=8 res=0 errno=0 [ 200.266852][ T8311] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 200.368588][ T8311] EXT4-fs (loop7): 1 truncate cleaned up [ 200.386596][ T8311] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.847062][ T6474] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.037615][ T8332] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 201.162507][ T8332] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 201.370070][ T8337] loop8: detected capacity change from 0 to 1024 [ 201.392650][ T8337] EXT4-fs: Ignoring removed mblk_io_submit option [ 201.495183][ T8337] EXT4-fs (loop8): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 201.534856][ T8337] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.619182][ T8337] EXT4-fs error (device loop8): ext4_map_blocks:825: inode #15: comm syz.8.614: lblock 0 mapped to illegal pblock 0 (length 6) [ 201.641261][ T8337] EXT4-fs error (device loop8): ext4_ext_remove_space:2955: inode #15: comm syz.8.614: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 201.773298][ T8349] EXT4-fs error (device loop8): ext4_map_blocks:825: inode #15: comm syz.8.614: lblock 0 mapped to illegal pblock 0 (length 1) [ 202.030614][ T6714] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 202.429935][ T9] IPVS: starting estimator thread 0... [ 202.447004][ T8360] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 202.539431][ T8372] loop3: detected capacity change from 0 to 1024 [ 202.581751][ T8370] IPVS: using max 26 ests per chain, 62400 per kthread [ 202.618456][ T8372] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 202.654601][ T8372] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 202.691983][ T8372] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 202.742899][ T8372] EXT4-fs error (device loop3): ext4_get_journal_inode:5849: inode #32: comm syz.3.624: iget: special inode unallocated [ 202.795108][ T8372] EXT4-fs (loop3): no journal found [ 202.814977][ T8372] EXT4-fs (loop3): can't get journal size [ 202.838879][ T8382] loop7: detected capacity change from 0 to 64 [ 202.856362][ T8372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 203.010322][ T7269] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.356964][ T8397] netlink: 'syz.7.631': attribute type 3 has an invalid length. [ 203.405783][ T8397] netlink: 12 bytes leftover after parsing attributes in process `syz.7.631'. [ 203.465129][ T8397] netlink: 'syz.7.631': attribute type 3 has an invalid length. [ 203.502442][ T8397] netlink: 12 bytes leftover after parsing attributes in process `syz.7.631'. [ 203.932061][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz.2.639'. [ 204.165439][ T8427] netlink: 452 bytes leftover after parsing attributes in process `syz.2.642'. [ 204.393769][ T52] Bluetooth: hci2: command tx timeout [ 204.432648][ T8393] loop9: detected capacity change from 0 to 32768 [ 204.514416][ T8393] XFS (loop9): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 204.669547][ T8393] XFS (loop9): Ending clean mount [ 204.969703][ T6986] XFS (loop9): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 206.163311][ T8464] loop9: detected capacity change from 0 to 32768 [ 206.228044][ T8464] ocfs2: Slot 0 on device (7,9) was already allocated to this node! [ 206.254366][ T8464] JBD2: Ignoring recovery information on journal [ 206.425375][ T8464] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 206.831358][ T8513] loop2: detected capacity change from 0 to 1024 [ 206.838152][ T8517] loop3: detected capacity change from 0 to 512 [ 206.887045][ T8513] EXT4-fs: Ignoring removed orlov option [ 206.900655][ T8513] EXT4-fs: Ignoring removed bh option [ 206.911265][ T6986] ocfs2: Unmounting device (7,9) on (node local) [ 206.940818][ T8513] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.018903][ T8513] EXT4-fs error (device loop2): mb_free_blocks:2037: group 0, inode 18: block 145:freeing already freed block (bit 9); block bitmap corrupt. [ 207.081316][ T8519] 9pnet: p9_errstr2errno: server reported unknown error [ 207.184713][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.047256][ T8553] sctp: [Deprecated]: syz.7.687 (pid 8553) Use of int in max_burst socket option deprecated. [ 208.047256][ T8553] Use struct sctp_assoc_value instead [ 208.357868][ T8567] loop7: detected capacity change from 0 to 128 [ 208.486326][ T8569] loop3: detected capacity change from 0 to 256 [ 208.609466][ T8569] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 209.244412][ T8596] loop8: detected capacity change from 0 to 128 [ 209.253949][ T8596] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256 [ 209.301533][ T31] audit: type=1800 audit(1770271496.925:65): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.704" name="file1" dev="loop8" ino=94 res=0 errno=0 [ 209.321996][ T5933] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 209.493655][ T5933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.548587][ T5933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.608937][ T8605] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 209.612243][ T5933] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 209.709475][ T5933] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 209.749793][ T5933] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.806058][ T5933] usb 2-1: config 0 descriptor?? [ 210.011707][ T5898] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 210.191765][ T5898] usb 10-1: Using ep0 maxpacket: 32 [ 210.241524][ T5898] usb 10-1: config 0 has an invalid interface number: 67 but max is 0 [ 210.263121][ T5898] usb 10-1: config 0 has no interface number 0 [ 210.315534][ T5898] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 210.358878][ T5933] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 210.378549][ T8621] loop7: detected capacity change from 0 to 8192 [ 210.385028][ T5898] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.415545][ T5898] usb 10-1: Product: syz [ 210.433690][ T5898] usb 10-1: Manufacturer: syz [ 210.438413][ T5898] usb 10-1: SerialNumber: syz [ 210.503080][ T5898] usb 10-1: config 0 descriptor?? [ 210.547034][ T5898] smsc95xx v2.0.0 [ 210.914922][ T8637] netlink: 75 bytes leftover after parsing attributes in process `syz.8.719'. [ 210.958218][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 210.967365][ T5898] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 210.978941][ T5898] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 211.271436][ T8644] input: syz0 as /devices/virtual/input/input12 [ 211.399947][ T5898] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 211.444427][ T5898] smsc95xx 10-1:0.67: probe with driver smsc95xx failed with error -71 [ 211.499966][ T5898] usb 10-1: USB disconnect, device number 4 [ 211.605093][ T8650] loop7: detected capacity change from 0 to 2048 [ 211.725086][ T8658] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 212.293761][ T8675] loop9: detected capacity change from 0 to 128 [ 212.407812][ T8675] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 212.468355][ T8671] loop2: detected capacity change from 0 to 32768 [ 212.488095][ T5923] usb 2-1: USB disconnect, device number 6 [ 212.504402][ T8671] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 212.505040][ T8675] ext4 filesystem being mounted at /47/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 212.512664][ T8671] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 212.641422][ T8671] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 212.655549][ T5944] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 212.668803][ T5944] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 212.770993][ T5841] udevd[5841]: inotify_add_watch(7, /dev/loop1, 10) failed: No such file or directory [ 212.908431][ T5944] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 239ms [ 212.943640][ T5944] gfs2: fsid=syz:syz.0: jid=0: Done [ 212.967071][ T8671] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 213.283484][ T6986] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 213.287868][ T8671] gfs2: fsid=syz:syz.0: found 1 quota changes [ 213.968095][ T8712] loop7: detected capacity change from 0 to 8192 [ 214.396933][ T8737] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input14 [ 214.408389][ T8736] input: syz0 as /devices/virtual/input/input13 [ 216.062510][ T8757] loop8: detected capacity change from 0 to 131072 [ 216.071573][ T8765] loop7: detected capacity change from 0 to 2048 [ 216.100331][ T8759] loop9: detected capacity change from 0 to 4096 [ 216.133518][ T8757] F2FS-fs (loop8): Test dummy encryption mode enabled [ 216.153686][ T8757] F2FS-fs (loop8): invalid crc value [ 216.177364][ T8763] loop3: detected capacity change from 0 to 131072 [ 216.202642][ T8763] F2FS-fs (loop3): Test dummy encryption mode enabled [ 216.211345][ T8763] F2FS-fs (loop3): invalid crc value [ 216.223996][ T8759] ntfs3(loop9): Different NTFS sector size (2048) and media sector size (512). [ 216.235449][ T8757] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 216.246894][ T8757] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 216.275027][ T8765] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.356031][ T8763] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 216.356692][ T31] audit: type=1800 audit(1770271503.995:66): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.762" name="file1" dev="loop7" ino=15 res=0 errno=0 [ 216.412733][ T8763] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 216.558564][ T31] audit: type=1800 audit(1770271504.085:67): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.757" name="file1" dev="loop8" ino=10 res=0 errno=0 [ 216.610103][ T6474] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.026816][ T8788] netlink: 774 bytes leftover after parsing attributes in process `syz.2.768'. [ 217.109603][ T8786] loop7: detected capacity change from 0 to 4096 [ 217.453624][ T8796] loop9: detected capacity change from 0 to 512 [ 217.565973][ T8796] EXT4-fs error (device loop9): ext4_orphan_get:1391: inode #15: comm syz.9.770: inode has both inline data and extents flags [ 217.655483][ T8796] EXT4-fs error (device loop9): ext4_orphan_get:1396: comm syz.9.770: couldn't read orphan inode 15 (err -117) [ 217.776446][ T8796] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 217.923957][ T30] IPVS: starting estimator thread 0... [ 218.031824][ T8811] IPVS: using max 25 ests per chain, 60000 per kthread [ 218.207595][ T6986] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.759125][ T8839] netlink: 'syz.8.783': attribute type 29 has an invalid length. [ 218.800642][ T8839] netlink: 'syz.8.783': attribute type 29 has an invalid length. [ 218.857838][ T8839] netlink: 36 bytes leftover after parsing attributes in process `syz.8.783'. [ 219.299356][ T8844] loop2: detected capacity change from 0 to 32768 [ 219.314148][ T8844] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 219.322432][ T8844] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 219.416954][ T8844] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 219.428139][ T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 219.442395][ T8852] loop8: detected capacity change from 0 to 128 [ 219.452911][ T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 219.534125][ T8852] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 219.581459][ T8852] hpfs: filesystem error: improperly stopped [ 219.611056][ T8855] loop9: detected capacity change from 0 to 512 [ 219.631530][ T8852] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 219.640356][ T8855] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 219.689622][ T8852] hpfs: You really don't want any checks? You are crazy... [ 219.725334][ T8852] hpfs: hpfs_map_sector(): read error [ 219.774332][ T8852] hpfs: code page support is disabled [ 219.791701][ T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 338ms [ 219.821981][ T8852] hpfs: hpfs_map_4sectors(): unaligned read [ 219.834895][ T9] gfs2: fsid=syz:syz.0: jid=0: Done [ 219.871043][ T8852] hpfs: hpfs_map_4sectors(): unaligned read [ 219.887872][ T8844] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 219.931095][ T8852] hpfs: filesystem error: unable to find root dir [ 220.560438][ T8873] loop3: detected capacity change from 0 to 2048 [ 220.629486][ T8873] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 222.151480][ T8908] loop7: detected capacity change from 0 to 32768 [ 222.160469][ T8915] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 222.233728][ T8908] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 222.241998][ T8908] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 222.309842][ T8908] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 222.328440][ T30] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 222.335479][ T30] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 222.597748][ T30] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 262ms [ 222.628630][ T30] gfs2: fsid=syz:syz.0: jid=0: Done [ 222.686701][ T8908] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 222.817833][ T8938] loop9: detected capacity change from 0 to 1024 [ 222.878890][ T8938] EXT4-fs: Ignoring removed oldalloc option [ 222.960185][ T8938] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.976861][ T8934] loop3: detected capacity change from 0 to 4096 [ 223.000436][ T8944] netlink: 20 bytes leftover after parsing attributes in process `syz.1.812'. [ 223.201777][ T8938] EXT4-fs (loop9): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 223.357026][ T8909] loop2: detected capacity change from 0 to 32768 [ 223.419238][ T8909] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.796 (8909) [ 223.492205][ T6986] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.668118][ T8909] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 223.750600][ T8909] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 224.027419][ T8909] BTRFS info (device loop2): enabling ssd optimizations [ 224.072837][ T8909] BTRFS info (device loop2): turning on async discard [ 224.079668][ T8909] BTRFS info (device loop2): enabling free space tree [ 224.261761][ T5911] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 224.385795][ T5821] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 224.491205][ T5911] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 224.530862][ T5911] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 224.574591][ T5911] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 224.620108][ T5911] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 224.676542][ T5911] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 224.769579][ T5911] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 224.823336][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 224.865017][ T5911] usb 4-1: Product: syz [ 224.916966][ T5911] usb 4-1: Manufacturer: syz [ 224.983616][ T5911] cdc_wdm 4-1:1.0: skipping garbage [ 225.031210][ T5911] cdc_wdm 4-1:1.0: skipping garbage [ 225.132089][ T5911] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 225.133549][ T8989] loop8: detected capacity change from 0 to 32768 [ 225.150768][ T8989] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.820 (8989) [ 225.192617][ T5911] cdc_wdm 4-1:1.0: Unknown control protocol [ 225.262564][ T8989] BTRFS info (device loop8): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 225.273265][ T8989] BTRFS info (device loop8): using blake2b (blake2b-256-lib) checksum algorithm [ 225.395523][ T8989] BTRFS info (device loop8): enabling ssd optimizations [ 225.402653][ T8989] BTRFS info (device loop8): turning on async discard [ 225.409478][ T8989] BTRFS info (device loop8): enabling free space tree [ 225.416320][ T8989] BTRFS info (device loop8): use zstd compression, level 3 [ 225.519951][ T31] audit: type=1800 audit(1770271513.145:68): pid=8989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.820" name="file1" dev="loop8" ino=260 res=0 errno=0 [ 225.580211][ T8971] loop9: detected capacity change from 0 to 40427 [ 225.613795][ T8971] F2FS-fs (loop9): build fault injection rate: 690 [ 225.668890][ T8971] F2FS-fs (loop9): invalid crc value [ 225.776921][ T9021] loop2: detected capacity change from 0 to 1024 [ 225.814333][ T6714] BTRFS info (device loop8): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 225.895089][ T9021] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.942873][ T24] usb 4-1: USB disconnect, device number 2 [ 226.137038][ T8971] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 226.218486][ T8971] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 226.317562][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.470695][ T6986] syz-executor: attempt to access beyond end of device [ 226.470695][ T6986] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 226.515606][ T6986] CPU: 1 UID: 0 PID: 6986 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 226.515654][ T6986] Tainted: [L]=SOFTLOCKUP [ 226.515664][ T6986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 226.515679][ T6986] Call Trace: [ 226.515688][ T6986] [ 226.515700][ T6986] dump_stack_lvl+0xe8/0x150 [ 226.515737][ T6986] f2fs_handle_critical_error+0x37c/0x540 [ 226.515778][ T6986] f2fs_write_end_io+0xc1d/0xfd0 [ 226.515831][ T6986] __submit_merged_bio+0x256/0x650 [ 226.515868][ T6986] __submit_merged_write_cond+0x269/0x530 [ 226.515905][ T6986] f2fs_write_data_pages+0x2806/0x3360 [ 226.515978][ T6986] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 226.516070][ T6986] ? __lock_acquire+0x6b5/0x2cf0 [ 226.516124][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516154][ T6986] ? __lock_acquire+0x6b5/0x2cf0 [ 226.516196][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516249][ T6986] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 226.516282][ T6986] do_writepages+0x32e/0x550 [ 226.516322][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516353][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516386][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516414][ T6986] ? do_raw_spin_unlock+0xf5/0x210 [ 226.516449][ T6986] filemap_fdatawrite+0x1e9/0x2f0 [ 226.516491][ T6986] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 226.516573][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516606][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516645][ T6986] ? do_raw_spin_unlock+0xf5/0x210 [ 226.516680][ T6986] f2fs_sync_dirty_inodes+0x30e/0x810 [ 226.516733][ T6986] f2fs_write_checkpoint+0x9c6/0x2490 [ 226.516769][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.516797][ T6986] ? stack_depot_save_flags+0x33/0x810 [ 226.516861][ T6986] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 226.516943][ T6986] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 226.516977][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.517006][ T6986] ? kfree+0x1be/0x650 [ 226.517056][ T6986] kill_f2fs_super+0x308/0x710 [ 226.517100][ T6986] ? __pfx_kill_f2fs_super+0x10/0x10 [ 226.517164][ T6986] deactivate_locked_super+0xbc/0x130 [ 226.517202][ T6986] cleanup_mnt+0x437/0x4d0 [ 226.517236][ T6986] ? _raw_spin_unlock_irq+0x23/0x50 [ 226.517266][ T6986] task_work_run+0x1d9/0x270 [ 226.517302][ T6986] ? __pfx_task_work_run+0x10/0x10 [ 226.517333][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.517371][ T6986] exit_to_user_mode_loop+0xed/0x480 [ 226.517407][ T6986] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.517435][ T6986] ? rcu_is_watching+0x15/0xb0 [ 226.517463][ T6986] do_syscall_64+0x2b7/0xf80 [ 226.517492][ T6986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.517516][ T6986] ? trace_irq_disable+0x37/0x100 [ 226.517548][ T6986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.517573][ T6986] RIP: 0033:0x7f5be0d9c117 [ 226.517596][ T6986] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 226.517624][ T6986] RSP: 002b:00007ffe805962f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 226.517649][ T6986] RAX: 0000000000000000 RBX: 00007f5be0e0471f RCX: 00007f5be0d9c117 [ 226.517666][ T6986] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe805963b0 [ 226.517682][ T6986] RBP: 00007ffe805963b0 R08: 00007ffe805973b0 R09: 00000000ffffffff [ 226.517700][ T6986] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe80597440 [ 226.517716][ T6986] R13: 00007f5be0e0471f R14: 0000000000037414 R15: 00007ffe80597480 [ 226.517757][ T6986] [ 226.517767][ T6986] F2FS-fs (loop9): Stopped filesystem due to reason: 3 [ 226.522848][ T5918] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 226.881351][ T9036] rdma_op ffff888054d0a9f0 conn xmit_rdma 0000000000000000 [ 227.059571][ T9041] loop3: detected capacity change from 0 to 1024 [ 227.076657][ T5918] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 227.119015][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.154604][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.167008][ T9041] EXT4-fs: Ignoring removed orlov option [ 227.227220][ T9041] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 227.237504][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.258770][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.283935][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.310819][ T9041] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.336468][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.346764][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.355952][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.367113][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.375255][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.385594][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.400916][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.408980][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.418291][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.457030][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.469584][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.485851][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.540035][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.560604][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.581752][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.661922][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.673015][ T5918] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.694671][ T5918] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.706256][ T7269] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.780532][ T5918] usb 8-1: config 0 interface 0 has no altsetting 0 [ 227.844020][ T5918] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 227.870254][ T5918] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 227.924760][ T5918] usb 8-1: Product: syz [ 227.929059][ T5918] usb 8-1: Manufacturer: syz [ 227.955548][ T5918] usb 8-1: SerialNumber: syz [ 228.030432][ T5918] usb 8-1: config 0 descriptor?? [ 228.056964][ T5918] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 228.438325][ T9] usb 8-1: USB disconnect, device number 3 [ 228.449260][ T9] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 228.534584][ T9038] loop8: detected capacity change from 0 to 32768 [ 228.634049][ T9038] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 228.749516][ T9038] XFS (loop8): Ending clean mount [ 228.769857][ T9038] XFS (loop8): Quotacheck needed: Please wait. [ 228.857612][ T9038] XFS (loop8): Quotacheck: Done. [ 228.953035][ T6714] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 229.043797][ T9100] loop2: detected capacity change from 0 to 128 [ 229.069933][ T9100] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 229.118287][ T9100] hpfs: filesystem error: improperly stopped [ 229.135770][ T9100] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 229.164099][ T9100] hpfs: You really don't want any checks? You are crazy... [ 229.192133][ T9100] hpfs: hpfs_map_sector(): read error [ 229.227942][ T9100] hpfs: code page support is disabled [ 229.262192][ T9100] hpfs: hpfs_map_4sectors(): unaligned read [ 229.301217][ T9100] hpfs: hpfs_map_4sectors(): unaligned read [ 229.328739][ T9100] hpfs: filesystem error: unable to find root dir [ 229.409986][ T9100] hpfs: hpfs_map_4sectors(): unaligned read [ 230.546120][ T9134] netlink: 'syz.3.853': attribute type 29 has an invalid length. [ 230.584520][ T9108] loop7: detected capacity change from 0 to 32768 [ 230.591211][ T9134] netlink: 'syz.3.853': attribute type 29 has an invalid length. [ 230.620442][ T9134] netlink: 500 bytes leftover after parsing attributes in process `syz.3.853'. [ 230.647582][ T9134] unsupported nla_type 58 [ 230.755955][ T9108] JBD2: Ignoring recovery information on journal [ 230.928904][ T9108] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 231.008878][ T9140] loop8: detected capacity change from 0 to 128 [ 231.027403][ T9114] loop2: detected capacity change from 0 to 32768 [ 231.114111][ T9114] XFS (loop2): Mounting V5 filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d in no-recovery mode. Filesystem will be inconsistent. [ 231.385122][ T9114] XFS (loop2): ro->rw transition prohibited on norecovery mount [ 231.593099][ T5821] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 231.657006][ T9169] loop3: detected capacity change from 0 to 128 [ 232.012131][ T9169] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 232.056187][ T9169] hpfs: filesystem error: improperly stopped [ 232.067273][ T6474] ocfs2: Unmounting device (7,7) on (node local) [ 232.095335][ T9169] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 232.156043][ T9169] hpfs: You really don't want any checks? You are crazy... [ 232.190886][ T9169] hpfs: hpfs_map_sector(): read error [ 232.220181][ T9169] hpfs: code page support is disabled [ 232.241879][ T9169] hpfs: hpfs_map_4sectors(): unaligned read [ 232.261886][ T9169] hpfs: hpfs_map_4sectors(): unaligned read [ 232.297928][ T9169] hpfs: filesystem error: unable to find root dir [ 232.761419][ T9182] loop9: detected capacity change from 0 to 8192 [ 233.419343][ T9215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.871'. [ 233.477226][ T9217] loop7: detected capacity change from 0 to 512 [ 233.558932][ T9217] EXT4-fs error (device loop7): ext4_orphan_get:1417: comm syz.7.872: bad orphan inode 11862016 [ 233.586539][ T9217] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 233.649833][ T9217] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.927008][ T6474] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 233.978435][ T9215] bond0: (slave bond_slave_1): Releasing backup interface [ 233.985218][ T9232] loop3: detected capacity change from 0 to 128 [ 234.029887][ T9232] EXT4-fs: Ignoring removed nobh option [ 234.103777][ T9232] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 234.170146][ T9232] ext4 filesystem being mounted at /81/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 234.441483][ T7269] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 235.203522][ T9276] loop7: detected capacity change from 0 to 8 [ 235.324745][ T9276] squashfs image failed sanity check [ 235.415854][ T976] hid_parser_main: 4 callbacks suppressed [ 235.415879][ T976] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 235.506924][ T976] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 237.265898][ T9273] loop8: detected capacity change from 0 to 262144 [ 237.375446][ T9273] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 237.385720][ T9273] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 237.726877][ T9281] loop9: detected capacity change from 0 to 32768 [ 237.968468][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.903'. [ 238.012612][ T9315] netlink: 'syz.2.903': attribute type 30 has an invalid length. [ 238.145874][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.903'. [ 238.151784][ T7691] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.194917][ T9315] netlink: 'syz.2.903': attribute type 30 has an invalid length. [ 238.204980][ T7691] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.292089][ T7691] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.331568][ T7691] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.475819][ T9325] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 238.669266][ T9334] loop2: detected capacity change from 0 to 256 [ 238.747074][ T9334] FAT-fs (loop2): Directory bread(block 64) failed [ 238.803036][ T9334] FAT-fs (loop2): Directory bread(block 65) failed [ 238.836275][ T9334] FAT-fs (loop2): Directory bread(block 66) failed [ 238.868284][ T9334] FAT-fs (loop2): Directory bread(block 67) failed [ 238.905967][ T9334] FAT-fs (loop2): Directory bread(block 68) failed [ 238.924920][ T9334] FAT-fs (loop2): Directory bread(block 69) failed [ 238.949786][ T9343] loop9: detected capacity change from 0 to 512 [ 238.957606][ T9334] FAT-fs (loop2): Directory bread(block 70) failed [ 238.996476][ T9334] FAT-fs (loop2): Directory bread(block 71) failed [ 239.005637][ T9343] EXT4-fs error (device loop9): ext4_orphan_get:1391: inode #15: comm syz.9.913: inode has both inline data and extents flags [ 239.080743][ T9334] FAT-fs (loop2): Directory bread(block 72) failed [ 239.105780][ T9343] EXT4-fs error (device loop9): ext4_orphan_get:1396: comm syz.9.913: couldn't read orphan inode 15 (err -117) [ 239.120300][ T9334] FAT-fs (loop2): Directory bread(block 73) failed [ 239.172919][ T9343] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000070000 r/w without journal. Quota mode: writeback. [ 239.231063][ T9334] syz.2.909: attempt to access beyond end of device [ 239.231063][ T9334] loop2: rw=8912896, sector=1160, nr_sectors = 4 limit=256 [ 239.312624][ T9334] syz.2.909: attempt to access beyond end of device [ 239.312624][ T9334] loop2: rw=8388608, sector=1160, nr_sectors = 4 limit=256 [ 239.349291][ T9358] loop3: detected capacity change from 0 to 512 [ 239.382597][ T9360] EXT4-fs (loop9): shut down requested (2) [ 239.443206][ T9358] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.530460][ T6986] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000070000. [ 239.745062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 239.832781][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 239.938769][ T7269] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.083279][ T9379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.923'. [ 240.187935][ T9379] netlink: 'syz.1.923': attribute type 1 has an invalid length. [ 240.217654][ T9379] netlink: 'syz.1.923': attribute type 2 has an invalid length. [ 240.415716][ T9385] loop2: detected capacity change from 0 to 1024 [ 240.521079][ T9385] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 240.623273][ T9385] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.760380][ T9385] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: block 3: comm syz.2.924: lblock 3 mapped to illegal pblock 3 (length 3) [ 240.785314][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 240.799448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 240.867429][ T9396] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.924: bg 0: block 112: padding at end of block bitmap is not set [ 240.926980][ T9385] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 241.002044][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 241.005547][ T9363] loop7: detected capacity change from 0 to 32768 [ 241.013396][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 241.061758][ T9396] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 64 with max blocks 3 with error 117 [ 241.061952][ T9385] EXT4-fs (loop2): This should not happen!! Data will be lost [ 241.061952][ T9385] [ 241.088121][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 241.126855][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 241.139248][ T9363] ea_get: extended attribute size too large: 2617245744 > INT_MAX [ 241.187048][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 241.243552][ T9396] EXT4-fs (loop2): This should not happen!! Data will be lost [ 241.243552][ T9396] [ 241.396891][ T9403] loop3: detected capacity change from 0 to 4096 [ 241.536481][ T9407] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 241.555410][ T7694] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: block 8: comm kworker/u8:16: lblock 8 mapped to illegal pblock 8 (length 8) [ 241.615742][ T7694] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 241.649778][ T9410] xt_CT: You must specify a L4 protocol and not use inversions on it [ 241.683583][ T7694] EXT4-fs (loop2): This should not happen!! Data will be lost [ 241.683583][ T7694] [ 241.730130][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 242.401692][ T9] usb 10-1: new full-speed USB device number 5 using dummy_hcd [ 242.622081][ T9] usb 10-1: unable to get BOS descriptor or descriptor too short [ 242.642521][ T9] usb 10-1: not running at top speed; connect to a high speed hub [ 242.701787][ T9] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 242.740222][ T9436] binder: 9435:9436 ioctl c0306201 200000000480 returned -14 [ 242.745976][ T9] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 242.824831][ T9] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 242.853985][ T9] usb 10-1: New USB device strings: Mfr=248, Product=1, SerialNumber=3 [ 242.881901][ T9] usb 10-1: Product: syz [ 242.900049][ T9] usb 10-1: Manufacturer: syz [ 242.912850][ T9] usb 10-1: SerialNumber: syz [ 244.019510][ T9445] loop2: detected capacity change from 0 to 131072 [ 244.027747][ T9445] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0) [ 244.035940][ T9445] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 244.052421][ T9445] F2FS-fs (loop2): invalid crc value [ 244.058942][ T9] usb 10-1: cannot find UAC_HEADER [ 244.157984][ T9433] loop7: detected capacity change from 0 to 32768 [ 244.196017][ T9445] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 244.221455][ T9445] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 244.228600][ T9445] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 244.255002][ T9] snd-usb-audio 10-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 244.283152][ T9433] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.936 (9433) [ 244.297302][ T9445] F2FS-fs (loop2): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7 [ 244.350272][ T9] usb 10-1: USB disconnect, device number 5 [ 244.402730][ T9433] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 244.448072][ T6250] udevd[6250]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 244.511439][ T9433] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm [ 244.889322][ T9433] BTRFS info (device loop7): setting nodatasum [ 244.951972][ T9433] BTRFS info (device loop7): allowing degraded mounts [ 244.970049][ T9433] BTRFS info (device loop7): disabling tree log [ 245.011717][ T9433] BTRFS info (device loop7): turning on async discard [ 245.018533][ T9433] BTRFS info (device loop7): enabling free space tree [ 245.529298][ T9433] BTRFS info (device loop7): balance: start -d -m [ 245.545270][ T9450] loop8: detected capacity change from 0 to 40427 [ 245.588498][ T9433] BTRFS info (device loop7): balance: canceled [ 245.615780][ T9450] F2FS-fs (loop8): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 245.692665][ T9450] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 245.741739][ T9450] F2FS-fs (loop8): invalid crc value [ 245.914929][ T6474] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 246.060749][ T9513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.954'. [ 246.207801][ T9450] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 247.551699][ T5923] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 247.786487][ T5923] usb 8-1: Using ep0 maxpacket: 16 [ 247.823002][ T5923] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 247.887155][ T5923] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 247.951671][ T5923] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.115963][ T5923] usb 8-1: config 0 descriptor?? [ 248.162323][ T9547] netlink: 12 bytes leftover after parsing attributes in process `syz.8.963'. [ 248.220856][ T5923] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input15 [ 248.251899][ T9547] block nbd0: Unsupported socket: should be TCP or UNIX. [ 248.347228][ T9525] loop9: detected capacity change from 0 to 32768 [ 248.544472][ T9540] loop3: detected capacity change from 0 to 131072 [ 248.565428][ T9540] F2FS-fs (loop3): invalid crc value [ 248.614862][ T5172] bcm5974 8-1:0.0: could not read from device [ 248.634842][ T9525] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 248.682196][ T9540] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 248.706235][ T9540] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 248.757371][ T5172] bcm5974 8-1:0.0: could not read from device [ 248.804334][ T5923] usb 8-1: USB disconnect, device number 4 [ 248.826893][ T6250] bcm5974 8-1:0.0: could not read from device [ 248.912786][ T9525] XFS (loop9): Ending clean mount [ 248.952761][ T9525] XFS (loop9): Quotacheck needed: Please wait. [ 249.212781][ T9525] XFS (loop9): Quotacheck: Done. [ 249.475233][ T6986] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 249.535778][ T9580] netlink: 32 bytes leftover after parsing attributes in process `syz.3.966'. [ 249.546780][ T9580] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 249.991133][ T9585] sctp: [Deprecated]: syz.3.971 (pid 9585) Use of int in maxseg socket option. [ 249.991133][ T9585] Use struct sctp_assoc_value instead [ 250.179297][ T9593] loop8: detected capacity change from 0 to 256 [ 250.872821][ T9608] Invalid ELF header magic: != ELF [ 251.505223][ T9629] netlink: 'syz.8.986': attribute type 34 has an invalid length. [ 251.519020][ T9631] sctp: [Deprecated]: syz.7.987 (pid 9631) Use of struct sctp_assoc_value in delayed_ack socket option. [ 251.519020][ T9631] Use struct sctp_sack_info instead [ 251.551774][ T5944] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 251.731499][ T5944] usb 4-1: Using ep0 maxpacket: 32 [ 251.762482][ T5944] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 251.791574][ T5944] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 251.800304][ T5944] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 251.858038][ T9638] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 251.882935][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 251.924236][ T5944] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 251.973400][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 252.013572][ T9606] loop2: detected capacity change from 0 to 32768 [ 252.020199][ T5944] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 252.121861][ T5944] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 252.165817][ T9606] (syz.2.978,9606,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 252.258519][ T5944] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 252.297343][ T9606] (syz.2.978,9606,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 252.344664][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.354632][ T9651] netlink: 20 bytes leftover after parsing attributes in process `syz.1.993'. [ 252.448739][ T9606] JBD2: Ignoring recovery information on journal [ 252.459409][ T5944] usb 4-1: config 0 descriptor?? [ 252.495924][ T9627] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 252.626050][ T9606] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 252.699763][ T12] ocfs2: Finishing quota recovery on device (7,2) for slot 0 [ 252.796780][ T5944] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 252.941225][ T9606] binfmt_misc: register: failed to install interpreter file ./file0 [ 253.020874][ T9645] loop9: detected capacity change from 0 to 131072 [ 253.054085][ T9645] F2FS-fs (loop9): invalid crc value [ 253.062042][ T24] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 253.148469][ C0] usblp0: nonzero read bulk status received: -71 [ 253.153948][ T9645] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 253.186337][ T9627] usblp0: error -71 reading from printer [ 253.194235][ T9645] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e4 [ 253.221882][ C1] usblp0: nonzero read bulk status received: -71 [ 253.234668][ T5923] usb 4-1: USB disconnect, device number 3 [ 253.243906][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.265376][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.277012][ T5923] usblp0: removed [ 253.287748][ T24] usb 8-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 253.346531][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.403047][ T24] usb 8-1: config 0 descriptor?? [ 253.434176][ T5821] ocfs2: Unmounting device (7,2) on (node local) [ 253.939737][ T9671] bridge_slave_0: left allmulticast mode [ 253.958216][ T9661] loop8: detected capacity change from 0 to 32768 [ 253.997830][ T9661] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.995 (9661) [ 254.010743][ T9671] bridge_slave_0: left promiscuous mode [ 254.027047][ T24] hid-led 0003:1D34:0004.0008: probe with driver hid-led failed with error -71 [ 254.039204][ T9671] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.070295][ T24] usb 8-1: USB disconnect, device number 5 [ 254.127158][ T9671] bridge_slave_1: left allmulticast mode [ 254.163471][ T9661] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 254.174311][ T9671] bridge_slave_1: left promiscuous mode [ 254.180124][ T9671] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.211865][ T9661] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm [ 254.291534][ T9671] bond0: (slave bond_slave_0): Releasing backup interface [ 254.368710][ T9671] bond0: (slave bond_slave_1): Releasing backup interface [ 254.450895][ T9671] team0: Port device team_slave_0 removed [ 254.505590][ T9661] BTRFS info (device loop8): turning off barriers [ 254.535223][ T9671] team0: Port device team_slave_1 removed [ 254.577309][ T9661] BTRFS info (device loop8): enabling free space tree [ 254.609243][ T9671] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.621868][ T9661] BTRFS info (device loop8): use zstd compression, level 3 [ 254.653358][ T9671] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.797333][ T9671] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.857198][ T9671] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.907474][ T9671] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 254.959030][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 254.965576][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.112946][ T5944] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 255.147899][ T6714] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 255.292108][ T9718] netlink: 96 bytes leftover after parsing attributes in process `syz.9.1013'. [ 255.313884][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 255.358314][ T5944] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 255.399131][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.443462][ T5944] usb 4-1: config 0 descriptor?? [ 255.471755][ T9706] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 255.928693][ T5944] elan 0003:04F3:0755.0009: unknown main item tag 0x0 [ 255.967835][ T5944] elan 0003:04F3:0755.0009: unknown main item tag 0x0 [ 256.012174][ T5944] elan 0003:04F3:0755.0009: unknown main item tag 0x0 [ 256.053012][ T5944] elan 0003:04F3:0755.0009: unknown main item tag 0x0 [ 256.076762][ T5944] elan 0003:04F3:0755.0009: unknown main item tag 0x0 [ 256.142380][ T5944] elan 0003:04F3:0755.0009: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 256.215061][ T5944] usb 4-1: USB disconnect, device number 4 [ 256.463259][ T9744] fido_id[9744]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 256.682658][ T5944] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 256.792714][ T9763] o2cb: This node has not been configured. [ 256.807304][ T9763] o2cb: Cluster check failed. Fix errors before retrying. [ 256.825046][ T9763] (syz.1.1031,9763,1):user_dlm_register:674 ERROR: status = -22 [ 256.842677][ T5944] usb 9-1: Using ep0 maxpacket: 8 [ 256.848657][ T9763] (syz.1.1031,9763,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 256.865864][ T5944] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 256.905405][ T5944] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 256.927276][ T5944] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 256.949066][ T5944] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 256.977249][ T5944] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 257.031200][ T5944] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 257.042245][ T5836] Bluetooth: hci5: command 0x0406 tx timeout [ 257.047968][ T5944] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.281735][ T5918] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 257.327358][ T5944] usb 9-1: GET_CAPABILITIES returned 0 [ 257.335377][ T5944] usbtmc 9-1:16.0: can't read capabilities [ 257.451812][ T5918] usb 2-1: Using ep0 maxpacket: 8 [ 257.476854][ T5918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 257.562187][ T5918] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 257.632072][ T5944] usb 9-1: USB disconnect, device number 6 [ 257.660917][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.773303][ T5918] usb 2-1: config 0 descriptor?? [ 258.074563][ T9773] loop3: detected capacity change from 0 to 131072 [ 258.092420][ T9773] F2FS-fs (loop3): Test dummy encryption mode enabled [ 258.114592][ T9773] F2FS-fs (loop3): invalid crc value [ 258.116044][ T5918] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 258.123142][ T9779] loop9: detected capacity change from 0 to 128 [ 258.155846][ T9779] FAT-fs (loop9): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 258.175176][ T791] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 258.350145][ T9779] FAT-fs (loop9): error, clusters badly computed (0 != 1) [ 258.361388][ T9773] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 258.363883][ T791] usb 8-1: Using ep0 maxpacket: 32 [ 258.386141][ T9773] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 258.422839][ T5918] usb 2-1: USB disconnect, device number 7 [ 258.428814][ C0] iowarrior 2-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 258.447926][ T9779] FAT-fs (loop9): Filesystem has been set read-only [ 258.482115][ T791] usb 8-1: config 0 has an invalid interface number: 51 but max is 0 [ 258.539618][ T791] usb 8-1: config 0 has no interface number 0 [ 258.542111][ T9779] FAT-fs (loop9): error, clusters badly computed (1 != 2) [ 258.549623][ T9784] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1039'. [ 258.575044][ T791] usb 8-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 258.592107][ T9779] FAT-fs (loop9): error, clusters badly computed (2 != 3) [ 258.609504][ T791] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.619863][ T9784] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1039'. [ 258.621987][ T9779] FAT-fs (loop9): error, clusters badly computed (3 != 4) [ 258.647431][ T791] usb 8-1: Product: syz [ 258.658558][ T791] usb 8-1: Manufacturer: syz [ 258.672230][ T791] usb 8-1: SerialNumber: syz [ 258.701406][ T791] usb 8-1: config 0 descriptor?? [ 258.722122][ T9779] FAT-fs (loop9): error, clusters badly computed (4 != 5) [ 258.743716][ T791] quatech2 8-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 258.767595][ T9779] FAT-fs (loop9): error, clusters badly computed (5 != 6) [ 258.847198][ T9779] FAT-fs (loop9): error, clusters badly computed (6 != 7) [ 258.890004][ T9779] FAT-fs (loop9): error, clusters badly computed (7 != 8) [ 258.924807][ T9779] FAT-fs (loop9): error, clusters badly computed (8 != 9) [ 258.978992][ T9779] FAT-fs (loop9): error, clusters badly computed (9 != 10) [ 259.029092][ T791] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 259.094816][ T791] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 259.193100][ T9775] loop2: detected capacity change from 0 to 32768 [ 259.213188][ T6986] FAT-fs (loop9): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 259.253742][ T9775] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1036 (9775) [ 259.328565][ T9775] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 259.391863][ T9775] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 259.462350][ C0] usb 8-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 259.470359][ T791] usb 8-1: USB disconnect, device number 6 [ 259.517507][ T791] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 259.610146][ T791] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 259.649921][ T791] quatech2 8-1:0.51: device disconnected [ 259.682376][ T9775] BTRFS info (device loop2): enabling ssd optimizations [ 259.711784][ T9775] BTRFS info (device loop2): turning on flush-on-commit [ 259.722743][ T9775] BTRFS info (device loop2): enabling free space tree [ 259.735749][ T9775] BTRFS info (device loop2): enabling auto defrag [ 259.758228][ T9775] BTRFS info (device loop2): use lzo compression, level 1 [ 259.796474][ T9775] BTRFS info (device loop2): max_inline set to 4096 [ 259.807347][ T9817] loop8: detected capacity change from 0 to 7 [ 259.849481][ T9817] Dev loop8: unable to read RDB block 7 [ 259.917220][ T9817] loop8: unable to read partition table [ 259.938531][ T9817] loop8: partition table beyond EOD, truncated [ 259.982746][ T9817] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 260.227913][ T5821] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 261.226395][ T9849] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 261.277134][ T9852] loop3: detected capacity change from 0 to 256 [ 261.712844][ T5944] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 261.882017][ T5918] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 261.893561][ T5944] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 261.898550][ T9873] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1070'. [ 261.903310][ T5944] usb 9-1: config 0 has no interface number 0 [ 261.925285][ T5944] usb 9-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 261.934762][ T5944] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.955634][ T5944] usb 9-1: Product: syz [ 261.959848][ T5944] usb 9-1: Manufacturer: syz [ 261.964767][ T5944] usb 9-1: SerialNumber: syz [ 261.972871][ T5944] usb 9-1: config 0 descriptor?? [ 262.033993][ T5918] usb 4-1: Using ep0 maxpacket: 8 [ 262.048260][ T5918] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 262.075437][ T5918] usb 4-1: config 179 has no interface number 0 [ 262.085576][ T5918] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 262.113300][ T5918] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 262.127582][ T9875] loop7: detected capacity change from 0 to 512 [ 262.141121][ T5918] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 262.171785][ T5918] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 262.194226][ T5944] usb 9-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 262.203208][ T9875] EXT4-fs (loop7): Test dummy encryption mode enabled [ 262.221352][ T5918] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 262.246617][ T5944] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 262.260867][ T9875] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 262.282681][ T5918] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 262.292878][ T5944] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 262.300955][ T5944] usb 9-1: media controller created [ 262.321041][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.336869][ T9875] EXT4-fs error (device loop7): ext4_orphan_get:1417: comm syz.7.1071: bad orphan inode 131083 [ 262.368680][ T5944] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 262.385954][ T9865] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 262.420066][ T9875] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 262.525994][ T9875] overlayfs: upper fs needs to support d_type. [ 262.606857][ T9875] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 13: comm syz.7.1071: path /: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 262.656361][ T5944] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 262.702380][ T6474] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /136/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 262.757984][ T9888] xt_hashlimit: max too large, truncated to 1048576 [ 262.785639][ T5918] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input16 [ 262.955948][ T9865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.007549][ T9865] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.009642][ T5944] usb 9-1: USB disconnect, device number 7 [ 263.187422][ T8425] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.309007][ T24] usb 4-1: USB disconnect, device number 5 [ 263.309110][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 263.323274][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 263.708686][ T3470] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.876012][ T3470] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.203744][ T3470] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.206716][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 264.234730][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 264.243697][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 264.251943][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 264.260400][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 264.500095][ T3470] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.252449][ T5836] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 265.269792][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 265.269832][ T5836] Tainted: [L]=SOFTLOCKUP [ 265.269841][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 265.269858][ T5836] Workqueue: hci2 hci_rx_work [ 265.269897][ T5836] Call Trace: [ 265.269907][ T5836] [ 265.269917][ T5836] dump_stack_lvl+0xe8/0x150 [ 265.269952][ T5836] sysfs_create_dir_ns+0x271/0x2a0 [ 265.269989][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270021][ T5836] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 265.270059][ T5836] ? do_raw_spin_unlock+0xf5/0x210 [ 265.270096][ T5836] kobject_add_internal+0x62b/0xd00 [ 265.270138][ T5836] kobject_add+0x163/0x240 [ 265.270168][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270202][ T5836] ? __pfx_kobject_add+0x10/0x10 [ 265.270233][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270261][ T5836] ? _raw_spin_unlock+0x28/0x50 [ 265.270298][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270338][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270367][ T5836] ? get_device_parent+0x366/0x3a0 [ 265.270396][ T5836] device_add+0x408/0xb70 [ 265.270425][ T5836] hci_conn_add_sysfs+0xd5/0x210 [ 265.270463][ T5836] le_conn_complete_evt+0xf1d/0x1430 [ 265.270489][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270529][ T5836] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 265.270553][ T5836] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 265.270583][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270614][ T5836] ? __pfx___mutex_lock+0x10/0x10 [ 265.270652][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270680][ T5836] ? skb_pull_data+0xfb/0x200 [ 265.270725][ T5836] hci_le_conn_complete_evt+0x187/0x470 [ 265.270776][ T5836] hci_event_packet+0x7af/0x12c0 [ 265.270824][ T5836] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 265.270864][ T5836] ? __pfx_hci_event_packet+0x10/0x10 [ 265.270899][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270934][ T5836] ? kcov_remote_start+0x49a/0x7a0 [ 265.270962][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.270991][ T5836] ? hci_send_to_monitor+0xe2/0x590 [ 265.271024][ T5836] hci_rx_work+0x3ee/0x1030 [ 265.271067][ T5836] ? process_scheduled_works+0xa0f/0x17a0 [ 265.271108][ T5836] process_scheduled_works+0xaec/0x17a0 [ 265.271180][ T5836] ? __pfx_process_scheduled_works+0x10/0x10 [ 265.271216][ T5836] ? do_raw_spin_lock+0x12b/0x2f0 [ 265.271248][ T5836] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 265.271275][ T5836] ? schedule+0x90/0x360 [ 265.271302][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.271336][ T5836] worker_thread+0xda6/0x1360 [ 265.271406][ T5836] kthread+0x726/0x8b0 [ 265.271439][ T5836] ? __pfx_worker_thread+0x10/0x10 [ 265.271477][ T5836] ? __pfx_kthread+0x10/0x10 [ 265.271503][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.271537][ T5836] ? _raw_spin_unlock_irq+0x23/0x50 [ 265.271560][ T5836] ? __pfx_kthread+0x10/0x10 [ 265.271591][ T5836] ret_from_fork+0x51b/0xa40 [ 265.271618][ T5836] ? __pfx_ret_from_fork+0x10/0x10 [ 265.271646][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.271672][ T5836] ? __switch_to+0xc82/0x1410 [ 265.271714][ T5836] ? __pfx_kthread+0x10/0x10 [ 265.271744][ T5836] ret_from_fork_asm+0x1a/0x30 [ 265.271800][ T5836] [ 265.594688][ T5836] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 265.610345][ T5836] Bluetooth: hci2: failed to register connection device [ 265.648982][ T5836] ================================================================== [ 265.657091][ T5836] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x87d/0x13e0 [ 265.665088][ T5836] Read of size 8 at addr ffff88807ddbb480 by task kworker/u9:4/5836 [ 265.673061][ T5836] [ 265.675381][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 265.675414][ T5836] Tainted: [L]=SOFTLOCKUP [ 265.675422][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 265.675438][ T5836] Workqueue: hci2 hci_rx_work [ 265.675473][ T5836] Call Trace: [ 265.675481][ T5836] [ 265.675490][ T5836] dump_stack_lvl+0xe8/0x150 [ 265.675520][ T5836] print_report+0xba/0x230 [ 265.675543][ T5836] ? l2cap_connect_cfm+0x87d/0x13e0 [ 265.675567][ T5836] kasan_report+0x117/0x150 [ 265.675593][ T5836] ? l2cap_connect_cfm+0x87d/0x13e0 [ 265.675621][ T5836] l2cap_connect_cfm+0x87d/0x13e0 [ 265.675651][ T5836] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 265.675676][ T5836] ? __pfx_bt_err+0x10/0x10 [ 265.675700][ T5836] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 265.675725][ T5836] hci_connect_cfm+0x95/0x140 [ 265.675747][ T5836] le_conn_complete_evt+0xf65/0x1430 [ 265.675770][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.675800][ T5836] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 265.675821][ T5836] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 265.675846][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.675872][ T5836] ? __pfx___mutex_lock+0x10/0x10 [ 265.675897][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.675921][ T5836] ? skb_pull_data+0xfb/0x200 [ 265.675956][ T5836] hci_le_conn_complete_evt+0x187/0x470 [ 265.675995][ T5836] hci_event_packet+0x7af/0x12c0 [ 265.676027][ T5836] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 265.676061][ T5836] ? __pfx_hci_event_packet+0x10/0x10 [ 265.676090][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.676122][ T5836] ? kcov_remote_start+0x49a/0x7a0 [ 265.676149][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.676173][ T5836] ? hci_send_to_monitor+0xe2/0x590 [ 265.676199][ T5836] hci_rx_work+0x3ee/0x1030 [ 265.676233][ T5836] ? process_scheduled_works+0xa0f/0x17a0 [ 265.676270][ T5836] process_scheduled_works+0xaec/0x17a0 [ 265.676318][ T5836] ? __pfx_process_scheduled_works+0x10/0x10 [ 265.676349][ T5836] ? do_raw_spin_lock+0x12b/0x2f0 [ 265.676375][ T5836] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 265.676399][ T5836] ? schedule+0x90/0x360 [ 265.676427][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.676455][ T5836] worker_thread+0xda6/0x1360 [ 265.676502][ T5836] kthread+0x726/0x8b0 [ 265.676529][ T5836] ? __pfx_worker_thread+0x10/0x10 [ 265.676561][ T5836] ? __pfx_kthread+0x10/0x10 [ 265.676583][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.676611][ T5836] ? _raw_spin_unlock_irq+0x23/0x50 [ 265.676630][ T5836] ? __pfx_kthread+0x10/0x10 [ 265.676655][ T5836] ret_from_fork+0x51b/0xa40 [ 265.676677][ T5836] ? __pfx_ret_from_fork+0x10/0x10 [ 265.676695][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.676719][ T5836] ? __switch_to+0xc82/0x1410 [ 265.676750][ T5836] ? __pfx_kthread+0x10/0x10 [ 265.676774][ T5836] ret_from_fork_asm+0x1a/0x30 [ 265.676813][ T5836] [ 265.676821][ T5836] [ 265.956990][ T5836] Allocated by task 5836: [ 265.961301][ T5836] kasan_save_track+0x3e/0x80 [ 265.965982][ T5836] __kasan_kmalloc+0x93/0xb0 [ 265.970575][ T5836] __kmalloc_cache_noprof+0x3d1/0x6e0 [ 265.975936][ T5836] l2cap_chan_create+0x51/0x790 [ 265.980793][ T5836] l2cap_sock_new_connection_cb+0x182/0x2e0 [ 265.986683][ T5836] l2cap_connect_cfm+0x368/0x13e0 [ 265.991703][ T5836] hci_connect_cfm+0x95/0x140 [ 265.996369][ T5836] le_conn_complete_evt+0xf65/0x1430 [ 266.001655][ T5836] hci_le_conn_complete_evt+0x187/0x470 [ 266.007211][ T5836] hci_event_packet+0x7af/0x12c0 [ 266.012145][ T5836] hci_rx_work+0x3ee/0x1030 [ 266.016649][ T5836] process_scheduled_works+0xaec/0x17a0 [ 266.022197][ T5836] worker_thread+0xda6/0x1360 [ 266.026961][ T5836] kthread+0x726/0x8b0 [ 266.031019][ T5836] ret_from_fork+0x51b/0xa40 [ 266.035593][ T5836] ret_from_fork_asm+0x1a/0x30 [ 266.040353][ T5836] [ 266.042657][ T5836] Freed by task 9953: [ 266.046622][ T5836] kasan_save_track+0x3e/0x80 [ 266.051289][ T5836] kasan_save_free_info+0x46/0x50 [ 266.056317][ T5836] __kasan_slab_free+0x5c/0x80 [ 266.061070][ T5836] kfree+0x1be/0x650 [ 266.064960][ T5836] l2cap_sock_cleanup_listen+0xf0/0x440 [ 266.070499][ T5836] l2cap_sock_release+0x6a/0x230 [ 266.075425][ T5836] sock_close+0xc3/0x240 [ 266.079652][ T5836] __fput+0x44f/0xa70 [ 266.083630][ T5836] task_work_run+0x1d9/0x270 [ 266.088212][ T5836] exit_to_user_mode_loop+0xed/0x480 [ 266.093490][ T5836] do_syscall_64+0x2b7/0xf80 [ 266.098072][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.103960][ T5836] [ 266.106268][ T5836] The buggy address belongs to the object at ffff88807ddbb000 [ 266.106268][ T5836] which belongs to the cache kmalloc-2k of size 2048 [ 266.120318][ T5836] The buggy address is located 1152 bytes inside of [ 266.120318][ T5836] freed 2048-byte region [ffff88807ddbb000, ffff88807ddbb800) [ 266.134292][ T5836] [ 266.136611][ T5836] The buggy address belongs to the physical page: [ 266.143002][ T5836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ddb8 [ 266.151751][ T5836] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 266.160250][ T5836] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 266.168309][ T5836] page_type: f5(slab) [ 266.172287][ T5836] raw: 00fff00000000040 ffff88813fe27000 0000000000000000 dead000000000001 [ 266.180865][ T5836] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 266.189447][ T5836] head: 00fff00000000040 ffff88813fe27000 0000000000000000 dead000000000001 [ 266.198194][ T5836] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 266.206859][ T5836] head: 00fff00000000003 ffffea0001f76e01 00000000ffffffff 00000000ffffffff [ 266.215521][ T5836] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 266.224176][ T5836] page dumped because: kasan: bad access detected [ 266.230573][ T5836] page_owner tracks the page as allocated [ 266.236266][ T5836] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5820, tgid 5820 (syz-executor), ts 93800110178, free_ts 93734130202 [ 266.257622][ T5836] post_alloc_hook+0x228/0x280 [ 266.262382][ T5836] get_page_from_freelist+0x24dc/0x2580 [ 266.267923][ T5836] __alloc_frozen_pages_noprof+0x18d/0x380 [ 266.273718][ T5836] alloc_pages_mpol+0x232/0x4a0 [ 266.278558][ T5836] allocate_slab+0x86/0x3a0 [ 266.283057][ T5836] ___slab_alloc+0xd82/0x1760 [ 266.287727][ T5836] __slab_alloc+0x65/0x100 [ 266.292136][ T5836] __kmalloc_node_noprof+0x5bc/0x7f0 [ 266.297409][ T5836] qdisc_alloc+0x92/0x900 [ 266.301731][ T5836] qdisc_create_dflt+0x8e/0x4c0 [ 266.306578][ T5836] dev_activate+0x378/0x1150 [ 266.311158][ T5836] __dev_open+0x67a/0x830 [ 266.315478][ T5836] __dev_change_flags+0x1f7/0x690 [ 266.320497][ T5836] netif_change_flags+0x88/0x1a0 [ 266.325426][ T5836] do_setlink+0xf82/0x4590 [ 266.329835][ T5836] rtnl_newlink+0x15a9/0x1be0 [ 266.334503][ T5836] page last free pid 12 tgid 12 stack trace: [ 266.340458][ T5836] __free_frozen_pages+0xbf8/0xd70 [ 266.345556][ T5836] __slab_free+0x2ce/0x320 [ 266.349967][ T5836] qlist_free_all+0x97/0x100 [ 266.354544][ T5836] kasan_quarantine_reduce+0x148/0x160 [ 266.360001][ T5836] __kasan_slab_alloc+0x22/0x80 [ 266.364838][ T5836] __kmalloc_cache_noprof+0x36f/0x6e0 [ 266.370195][ T5836] ipv6_add_addr+0x55e/0x1100 [ 266.374874][ T5836] addrconf_add_linklocal+0x20c/0x460 [ 266.380238][ T5836] addrconf_addr_gen+0x2f8/0x360 [ 266.385171][ T5836] addrconf_notify+0xb1e/0x1050 [ 266.390017][ T5836] notifier_call_chain+0x19d/0x3a0 [ 266.395121][ T5836] netif_state_change+0x27d/0x3a0 [ 266.400133][ T5836] linkwatch_do_dev+0x117/0x170 [ 266.404978][ T5836] __linkwatch_run_queue+0x572/0x7f0 [ 266.410263][ T5836] linkwatch_event+0x4c/0x60 [ 266.414852][ T5836] process_scheduled_works+0xaec/0x17a0 [ 266.420406][ T5836] [ 266.422708][ T5836] Memory state around the buggy address: [ 266.428318][ T5836] ffff88807ddbb380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 266.436362][ T5836] ffff88807ddbb400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 266.444411][ T5836] >ffff88807ddbb480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 266.452450][ T5836] ^ [ 266.456495][ T5836] ffff88807ddbb500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 266.464547][ T5836] ffff88807ddbb580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 266.472591][ T5836] ================================================================== [ 266.502675][ T5832] Bluetooth: hci0: command tx timeout [ 266.520573][ T5836] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 266.527793][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 266.538832][ T5836] Tainted: [L]=SOFTLOCKUP [ 266.543161][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 266.553229][ T5836] Workqueue: hci2 hci_rx_work [ 266.557943][ T5836] Call Trace: [ 266.561225][ T5836] [ 266.564154][ T5836] vpanic+0x1e0/0x670 [ 266.568152][ T5836] panic+0xc5/0xd0 [ 266.571884][ T5836] ? __pfx_panic+0x10/0x10 [ 266.576310][ T5836] ? preempt_schedule_thunk+0x16/0x30 [ 266.581713][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.587372][ T5836] ? l2cap_connect_cfm+0x87d/0x13e0 [ 266.592616][ T5836] check_panic_on_warn+0x89/0xb0 [ 266.597645][ T5836] ? l2cap_connect_cfm+0x87d/0x13e0 [ 266.602867][ T5836] end_report+0x6f/0x140 [ 266.607135][ T5836] kasan_report+0x128/0x150 [ 266.611664][ T5836] ? l2cap_connect_cfm+0x87d/0x13e0 [ 266.616890][ T5836] l2cap_connect_cfm+0x87d/0x13e0 [ 266.621939][ T5836] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 266.627412][ T5836] ? __pfx_bt_err+0x10/0x10 [ 266.631937][ T5836] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 266.637418][ T5836] hci_connect_cfm+0x95/0x140 [ 266.642184][ T5836] le_conn_complete_evt+0xf65/0x1430 [ 266.647465][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.653187][ T5836] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 266.658898][ T5836] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 266.664526][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.670157][ T5836] ? __pfx___mutex_lock+0x10/0x10 [ 266.675177][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.680805][ T5836] ? skb_pull_data+0xfb/0x200 [ 266.685489][ T5836] hci_le_conn_complete_evt+0x187/0x470 [ 266.691048][ T5836] hci_event_packet+0x7af/0x12c0 [ 266.695995][ T5836] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 266.701292][ T5836] ? __pfx_hci_event_packet+0x10/0x10 [ 266.706674][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.712318][ T5836] ? kcov_remote_start+0x49a/0x7a0 [ 266.717437][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.723075][ T5836] ? hci_send_to_monitor+0xe2/0x590 [ 266.728277][ T5836] hci_rx_work+0x3ee/0x1030 [ 266.732785][ T5836] ? process_scheduled_works+0xa0f/0x17a0 [ 266.738511][ T5836] process_scheduled_works+0xaec/0x17a0 [ 266.744078][ T5836] ? __pfx_process_scheduled_works+0x10/0x10 [ 266.750068][ T5836] ? do_raw_spin_lock+0x12b/0x2f0 [ 266.755089][ T5836] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 266.760454][ T5836] ? schedule+0x90/0x360 [ 266.764691][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.770582][ T5836] worker_thread+0xda6/0x1360 [ 266.775286][ T5836] kthread+0x726/0x8b0 [ 266.779351][ T5836] ? __pfx_worker_thread+0x10/0x10 [ 266.784463][ T5836] ? __pfx_kthread+0x10/0x10 [ 266.789044][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.794674][ T5836] ? _raw_spin_unlock_irq+0x23/0x50 [ 266.799865][ T5836] ? __pfx_kthread+0x10/0x10 [ 266.804449][ T5836] ret_from_fork+0x51b/0xa40 [ 266.809031][ T5836] ? __pfx_ret_from_fork+0x10/0x10 [ 266.814132][ T5836] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.819767][ T5836] ? __switch_to+0xc82/0x1410 [ 266.824451][ T5836] ? __pfx_kthread+0x10/0x10 [ 266.829038][ T5836] ret_from_fork_asm+0x1a/0x30 [ 266.833810][ T5836] [ 266.837098][ T5836] Kernel Offset: disabled [ 266.841414][ T5836] Rebooting in 86400 seconds..