last executing test programs: 16.632062176s ago: executing program 1 (id=274): syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file0\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x28f, &(0x7f0000002940)="$eJzs3U1rE0Ecx/HfbJImtqVuH0QQT9WCJ+nDRbwUJO/AiydRmwjFUEErqCf1LL4A730LvgCPnsSz4K0nX0BukZmdNZtkN5uGppuk3w8kbLrzn4fsbGf+KSUCcGk9qP852Tu1DyOVVJJ0Xwok1aSypGu6XntzdHx43Go2hlVUchH2YRRFmoEyB0fNtFAb5yK80L4qazn5M0xG7bc+FN0HFM/d/SkCqervTne+duE9m4zLPulNW2291UrR/QAAFMuv/4Ff55f9/j0IpC2/7Peu/zO+gLaL7sCEfc85n1j/XZbVMfb6XnWnuvmeS+HKqvigk73TtLoWc9paUDSzejaYJi+rdH0Jrjw/bDXvHrxsNQJ90r5X6RbbcM+NaOrG4pzWHn8crHrT56Yj5pfJ2s5myY2hYsewm+x/osj6ObboM+7ht6b5YX6axybUVzX+7//KHWMvk7tSYd+Vivq/nV2jG+WCXKmMUa66Rm74FkYZZUkZGYniGbXadwHDvH66qLW+qGh0OzlR66lRuzlRG/1R3dmcHTlp5ot5ZDb1V99UT+z/A/tub2mUO9OWcSX9zBg6nrIrGbrZGc/Pm6klg3FHhDF81jPd08rrd+9fPG21mq/m9sDeiYOn7AoyLT28+IN4EkxLf+b2wL7JhbQerzvj15P9q4OP5edH96KfMZBJMC/svstE+V8iX9l2mzX7FPbu06vJ2E5e5YkadzJygzX3vJidwfUwLr9ZSvnr4mCLQ3OuW3ek26O0GAl9P6fP/jhBpq5fesLn/wAAAAAAAAAAAAAAAAAAALPm/P7loKasU0WPEQAAAAAAAAAAAAAAAAAAAACAWZfy/b/VQr//96GiV3z/LzBx/wIAAP//nY5x9w==") munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYRES64=0x0, @ANYRES64=0x0, @ANYRES8, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x3) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x8000000000002) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'macvtap0\x00', {0x1}, 0x26}) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = syz_io_uring_setup(0xb, &(0x7f00000002c0)={0x0, 0x200002f, 0x800, 0x1, 0x100020b}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x12}) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000000)={0x0, 0xb8, 0x2, &(0x7f00000004c0)={0xfa, "f4e1a230be8f46463fb1a5f1b46f44eaa25e485b747a07678118bc00"}}) io_uring_enter(r7, 0x847ba, 0x0, 0xe, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, 0x0) syz_emit_ethernet(0x4f, &(0x7f0000000640)=ANY=[@ANYBLOB="ffffffffff86dd6012000800193afffe800000000187009078000000000000000000000000000000004cec9c0000000000000000000000000000000000000000000000000000000000000001000000"], 0x0) r10 = syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r10, 0xc0d05640, &(0x7f0000000440)={0x1, @pix_mp={0x5, 0x8000000, 0x55595659, 0x6, 0x8, [{0x2, 0x1f}, {0x8, 0x7fff}, {0x7, 0x6}, {0x42, 0x2}, {0x3}, {0x3ff, 0x4}, {0x81, 0x3ff}, {0x8, 0xe37}], 0x1, 0x0, 0x0, 0x0, 0x5}}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) 15.551974743s ago: executing program 1 (id=279): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) (async, rerun: 64) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) (async, rerun: 64) pipe2$watch_queue(&(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) mq_timedreceive(r1, 0x0, 0x0, 0x0, 0x0) (async) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000140)={0xb, 0x4, 0x4, 0xffff, 0x0, "4ae23ae17df2e98c69ba36c4095c911abad88f", 0x2, 0x1000}) (async, rerun: 64) r3 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010600"/20, @ANYRES32=0x0, @ANYBLOB="3f00000000000000300012800b00010062726964676500002000028005000700080000000c002e000300000003"], 0x50}}, 0x0) (async) r4 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) readv(r4, &(0x7f0000000240)=[{&(0x7f0000000040)=""/84, 0x9000}], 0x1) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100)=0x6) (async, rerun: 64) ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f00000000c0)={0xffffffd1, 0x2, 0x2, 0x80831b, 0xfd, "b679a9420a231fea26012ee7ff00", 0x3, 0x201}) (async, rerun: 64) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0xff) syz_emit_ethernet(0x42, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08005602907800000000e0000352000459310307907800030c58451c00000065000e4e24000c00000000ac141444"], 0x0) 14.060217662s ago: executing program 1 (id=282): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)=0xffffffffffffffff) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101) socket(0x80000000000000a, 0x2, 0x0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x44b0d7c5}, 0x8) syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xab4, &(0x7f0000000340)="$eJzs3U2MW0cBAOCxd73JNilxSkKXNLQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOJRAYhR7xvs8sfNsZ9dex98nzY7nzTzPPO/z8/ubNwGYWtXm3+XlhUoIF9545cg/Hvr7/I0pB9sl6s2/s4VULYRQienZ7P3em2nF195/8US3uBKWmn9TOjx5pT3vphDC2bArXAz1sOPCpZffWnri2Lmj53e//eqBy2uz9AAAMF2+fvHA8va//vm+rVdfu/9Q2NCenvbP6zG9Oe73H4o7/mn/vxo605VCKJrLys3GUJ3vLDfTpVyxnlpWbrZH/XNZ/bUe5TaEW9c/U5jWbblhkqX1uB4q1cWOdLW6uNg6Jg/N4/q5yuKZU6effX5MDQVW3b8fCCHsKoTD5zvT6y0cXAdtGDI01kEbJjIcGl1dVxstY1/mEYXGlnFvgQBa8uuFNzmbn1m4Pe13m+2v/iuPV7vPD6tg1Ov/QPXPjbn+oP7fnLPFYfXcqWtTWq70Pdoc0/l1hPz+pd7fv/xKR+fU/HpErc929rqOMCnXF3q1c2bE7RhWr/bn68Wd6ssxTp/DVzpyH+j4/uT/00n5HwPdfZCf/xcEYX2H0JGu3c57Nca8/QHWr/y+uUa6Phrl9/Xl+RtK8jeW5M+X5N9Vkr+pJB+m2e++/9PwUmXlfFd+TD/o+fB0nu3uGH9owPbk5yMHrT+/73dQt1t/fj8xrGd/OP7UyS888/Sl1v3/lfb6fz2u7+lwox6/WxdjgXS+MD+v3r73v95ZT7VHuXuy9tzdpXzz9bbOcpVtK+8TCtuZm9qx0Dnfll7ldnaWq2fl5mPYmLU33z+5K5sv7X+k7Wr6vGaz5a1lyzGXtSNtV7bGOG8HDCOtj73u/0/r50KoVZ49dfrkYzGd1tM/zdQ23Ji+d8TtBm5fv/1/FkJn/5/N7em1anG7sGVleqW1XXg9vl/n9KV2PYXphR+19Dv3rZn5ZvnFE989/cwqLztMu+d/9MK3j58+ffJ7Xgz94qvroxmDvEiHLeulPV4M+mLXWlcx5g0TsOb2/Li1E/Doqe8cf+7kcyfP7Nu/f9/S0v4v7lve09yv31Pcuy86O4bWAqtp5Ud/3C0BAAAAAAAAAAAA+vWDo0cuvfPm599t9f9f6f+X+v+nO39T//+fZP3/837yqR986ge4tUt+s0z2gNW5rFwthg9n7d2W1bM9m+8jMW6P4xf7/6fq8ue6pvbcm02v9UhmjxO46Xkpc9kzSPLxAj8e4/Mx/nWAMarMd58c41s837ryQWFdT8+nKHThbXg+8ORI/7fm2lB4pFHq/931uU5d+mszWUbRY3Hcywh098+pev73v1YWfOxtEXqH2dHW9/PpXScaPffS+x3BBmB1jHv8z3TeM8Vn/vi1jTdCKnbl8c7tZf78UhjEX97pTK/38SfXuv583L5R1z/u5R/1+J/t8e/63v5lI+bVh6v3P7+4/G6h2rCj3/rz5U/Pgd42WP1XY/1paR4O/dXf+FVWf35BqE//zeq/q8/6b1r+ncPV/79Yf/rYHnmw3/pbLa5UO9sxny1Huv6XnzdOrmXLn57teYv6v/FCt+UfcqDG67F+mGaTMs7soLL9iPZO+/Dj/0ZnV3f833Zjs81afh/G52I6bYjTfQ75eCeDtj/dX5F+B7Zn718p+X0z/u9k+1KMy74PafzftD7W409+Id38LFO61uWzvVO3NTCp3puq63+jCpdbh0HDzb9x/O0XBgiNmSHma48TN+b2NxqNtT2hVWKslTP2z3/cxwnjrn/cn3+ZfPzffB8+H/83z8/H/83z8/F/8/z5+B/qlZ+P/5t/nvn4v3n+vdn75uMDL5Tkf7Qkf0f3/PZh+30l8+8syf9YSf7udv7BjhIp//5bzr9Srtf731OS/2BJ/idK8j9Zkv9QSf4jhfziGNAp/1Ml89/pUn+UaV1+mGZ5/zzff5ge6fpPr+//tpJ8YHL97LW9h5/+7Tfrrf7/c+3zIek63qGYrsXjpx/GdH7dOxTSN/LejOm/Zfnr/XwHTJP8+Rn57/vDJfnA5Er3efl+wxSqbOw+OcZlz63qtZ/PZPl0jD8T48/G+NEYL8Z4T4z3xnhpRO1jbRx+/fcHXqqsHO9vyfL7vZ887w/U8ZyoEMK+PtuTnx8Y9H72/Dl+g7rd+ofsDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA21ebf5eWFSggX3njlyFPHTu25MeVgu0S9+Xe2kKq15wvhsRjPxPiX8cW19188UYyvx7gSlkIlVNrTw5NX2jVtCiGcDbvCxVAPOy5cevmtpSeOnTt6fvfbrx64vHafAAAAANz5/h8AAP//JI4RIA==") mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0) close(0x3) syz_mount_image$hfs(&(0x7f0000001600), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2000000, &(0x7f0000000000), 0x1, 0x312, &(0x7f0000000600)="$eJzs3T1vE0kcx/HfrO3EuUS5vSSnk665U+4iQRMRoEA0lpBbeioExI4UYQWRBAloMBEl4gVQ0fAWeBE0IN4AoqGio0mF0czOrtf2eh0rdjYJ34+UaD07D//xPszMIrIC8Mu6Uf/89spX+2OkkkqSrkuBpKpUlvSn/qo+2tnf3m81G3kVlVwJ+2MUlTQDeTZ3mllFbTlXwgvtp7IW0mmYjh+dSNFxoFju6s8QSLP+OnT7qycc16T0d64t/VNQKIVJfwfmUId6rMUCwwEAnAJ+/A/8MLHgkoyCQFrzw/5pHv8H1xojHE4njqJcbQ0k5U/pU+O/m911jD2+v7td3fWe+1rt/iBeJR4lmErf5xlFZ1bPHMxkryq/JOsRF0swt7Vd1vrmczUCHajmpQqsuN+N6NSNjYh2dbzzZXhtFd38LeqNnVHO9e+OQ9rabjVn7UZG/MvjtXh85r35aG6bUK/VSOZ/5Y6xh8kdqbDvSAUVG/+l4TXOu1I2l/ylWKvVgp4sf7hG/vYteCN6Wc1ekaTrjB8QtJMIMuI8iDdc20vqfawQ9W4jqwHTrXw5q1SYfBos69pa6SlV8mfC+uaDVu6jlOmIu2hemVtmVd/0TvXU/D+w8a0pdWXm3eqNy+nPjKg/M9k5yy5nODBytJOtf5MIvNmx+wZpzKdlL3VP17S49+Tp/VKr1dy1G3czNh4u7BqfUnkhZeaZ/kZJOXnU7qa4weNZp3PUmju9KW++S8cJ1Q593ZSLE/0S7P0jSbGXT1Zme5UlKcG0j0484k2qwlAnf2rlb5SVtav+QXkn5FQ34qnLRCq0E60huyZ+f8IptGfig+4TBiaxOOfsvMtE6z83k/ezOnefsb/CnHn6yH83StW4kazgeqeCS1lzlxFrg/nhK7hUi5eHrBndmuu/C9L/qUSj3BZDF+e5Yer6pDs8/wcAAAAAAAAAAAAAAAAAADhrTuJ/LBTdRwAAAAAAAAAAAAAAAAAAAAAAzrqjv/93rvumpqy/Ee/e/xuOfP9vzwuA/YuieP8vUIyfAQAA///kInsw") syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2b1245d, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) syz_usb_connect$uac1(0x1, 0xa4, &(0x7f0000000180)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="8261fc15874c95a0dc9fe64405", @ANYRES16=r2], 0x0) 10.847612352s ago: executing program 1 (id=285): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483"], 0x0}, 0x0) r3 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) r4 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) r5 = syz_open_procfs$namespace(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000000400"/20, @ANYRES32=0x0, @ANYBLOB="0000000002de000000140012800a00010076786361ba78d1c00885cbb054906caa", @ANYRES32=r5, @ANYBLOB], 0x3c}}, 0x0) ioctl$HIDIOCSREPORT(r4, 0x81044804, &(0x7f0000000400)={0x1}) ioctl$HIDIOCGUSAGES(r3, 0xd01c4813, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdir(&(0x7f00000000c0)='./file0\x00', 0x16) chdir(0x0) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x189140, 0x0) syz_io_uring_setup(0x3ca2, &(0x7f00000001c0)={0x0, 0x62d1, 0x2, 0x0, 0x2ca, 0x0, r6}, &(0x7f0000000140), &(0x7f0000000280)) open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000001540)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000152,iocharset=iso8859-1,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646973636172642c00214b3cf244ea5fb7437f2c69f67a093e240a6e978fa4cd2d"], 0x1, 0x14fe, &(0x7f0000002a80)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSEhL2/9J78L5v7/f1ff/e/993fbN+17Wv2WvuZ61n3bPmmue+n+ua57ueo+q1qF+7GRGJPwT+/CVFCBEjhBgmhLhOCBEIISrFV4q/fLyAgpQ/9iTs3+vh9KvdAbuaeP55G88/b+P55208/7yN55+38fzzNp5/3sbzZywv2z6n2PW88u7i9//zMn79/18kt/zkrzaWv7HXfyOF55+38fzzNp5/3sbzz9t4/nkbz/9/v1r/yTGef97G82csL9sOWoj/Ae9D87o662r//jHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYyxvO+Su0EOKv+6vdF2OMMcYYY4wxxv59fP6r3QFjjDHGGGOMMcb+3wMhhRJaBCKfyC9iRAERK64RceJaUVBcJyLiehEvbhCFxI2isCgiiopiIkEUFyWEESisIBGKkqKUiIqbRGlxs0gUZURZUU44UV4kiVtEBXGrqChuE5XE7aKyuENUEVVFNVFd3ClqiLtETVFL1BZ3izqirqgn6ot7RANxr2go7hONxP2isXhANBEPiqbiIdFMPCyai0dEC/GoaCkeE61Ea9FGtBXt/q/yXxJ9xcuin+gvUsQAMVC8IgaJwWKIGCqGiVfFcPGaGCFeF6lipBgl3hCjxZtijHhLjBXjxHjxtpggJopJYrKYIqaKNPGOmCbeFdPFe2KGmClmidkiXcwRc8X7Yp6YLxaID8RC8aFYJBaLJWKpyBAfiUyxTGSJj8Vy8YnIFivESrFKrBZrxFqxTqwXG8RGsUlsFlvEVrFNbBefih1ip9gldos9Yq/YJz4T+8Xn4oD4QuSIL/+b+Wf/Kb8XCBAgQYIGDfkgH8RADMRCLMRBHBSEghCBCMRDPBSCQlAYCkNRKAoJkAAloAQgIBAQlISSEIUolIbSkAiJUBbKggMHSZAEFeBWqAgVoRJUgspQGapAVagK1aE61IAaUBNqQm2oDXWgDtSDenAP3AP3QkNoCI2gETSGxtAEmkBTaArNoBk0h+bQAlpAS2gJraAVtIE20A7aQXtoDx2gA3SCTtAZOkMX6ALJkAxdoSt0g27QHbpDD+gBPaEn9ILe0BtegpfgZXgZ+kMdOQAGwkAYBINgCAyFofAqDIfX4DV4HVJhJIyCN+ANeBPGwBkYC+NgPIyHGnIiTILJQHIqpEEaTINpMB2mwwyYCTNhNqTDHJgLc2EezIf58AEshA/hQ1gMi2EpZEAGZMIyyIIsWA5nIRtWwEpYBathDayGdbAe1sFG2AQbYQtsgW2wDT6FT2En7ITdsBv2wl74DD6Dz+FzSIUcyIGDcBAOwSE4DIchF3LhCByBo3AUjsExOA7H4QSchFNwEk7DaTgDZ+EcnIPzcB4uwAsJ3zTfW2ZDqpCXaallPplPxsgYGStjZZyMkwVlQRmRERkv42UhWUgWloVlUVlUJsgEWUKWkChRkgxlSVlSRmVUlpalZaJMlGVlWemkk0kySVaQFWRFWVFWkrfLyvIOWUVWlR1ddVld1pCdXE1ZS9aWtWUdWVfWk/VlfdlANpANZUPZSDaSjWVj2UQ+KJvKATAEHpaXJ9NCjoSWchS0kq1lG9lWvgmPy/ZyDHSQHWUn+aQcB2Ohi2zvkuUzsqucBN3kc3IyPC97yKnQU74oe8neso98SfaVHVw/2V/OgAFyoJwNg+RgOUQOlfOgrrw8sXrydZkqR8pR8g25FN6UY+RbcqwcJ8fLt+UEOVFOkpPlFDlVpsl35DT5rpwu35Mz5Ew5S86W6XKOnCvfl/PkfLlAfiAXyg/lIrlYLpFLZYb8SGbKZTJLfiyXy09ktlwhV8pVcrVcI9fKdXK93CA3yk1ys9wit8ptcrv8VO6QO+UuuVvukXvlPvmZ3C8/lwfkFzJHfikPyj/JQ/IreVh+LXPlN/KI/FYeld/JY/J7eVz+IE/Ik/KU/FGelj/JM/KsPCd/luflL/KCvCgvSS+FAiWVUloFKp/Kr2JUARWrrlFx6lpVUF2nIup6Fa9uUIXUjaqwKqKKqmIqQRVXJZRRqKwiFaqSqpSKqptUaXWzSlRlVFlVTjlVXiWpW1QFdauqqG5TldTtqrK6Q1VRVVU1VV3dqWqou1RNVUvVVnerOqquqqfqq3tUA3WvaqjuU43U/aqxekA1UQ+qpuoh1Uw9rJqrR1QL9ahqqR5TrVRr1Ua1Ve3U46q9ekJ1UB1VJ/Wk6qyeUl3U0ypZPaO6qmdVN/Wc6q6eVz3UC6qnelH1Ur1VH3VRXVJe9VP9VYoaoAaqV9QgNVgNUUPVMPWqGq5eUyPU6ypVjVSj1BtqtHpTjVFvqbFqnBqv3lYT1EQ1SU1WU9RUlabeUdPUu2q6ek/NUDPVLDVbpas5ashfKi34L+S/+y/yR/z67NvUdvWp2qF2ql1qt9qj9qp9ap/ar/arA+qAylE56qA6qA6pQ+qwOqxyVa46oo6oo+qoOqaOqePquDqhTqqf1Y/qtPpJnVFn1Vn1szqvzqsLf/kZCA1aaqW1DnQ+nV/H6AI6Vl+j4/S1uqC+Tkf09Tpe36AL6Rt1YV1EF9XFdIIurktoo1FbTTrUJXUpHdU36dL6Zp2oy+iyupx2urxO0rf84fzf66+dbqfb6/a6g+6gO+lOurPurLvoLjpZJ+uuuqvuprvp7rq77qF76J66p+6le+k+uo/uq/vqfrqfTtEpeqB+RQ/Sg/UQPVQP06/q4Xq4HqFH6FSdqkfpUXq0Hq3H6DF6rB6rx+vxeoKeoCfpSXqKnqLTdJqepqfp6Xq6nqFn6Fl6lk7X6Xqunqvn6Xl6gV6gF+qFepFepJfoJTpDZ+hMnamzdJZerpfrbL1Cr9Cr9Cq9Rq/R6/Q6vUFv0Jv0Jr1Fb9HZervernfoHXqX3qX36D16n96n9+v9+oA+oHN0jj6oD+pD+pA+rA/rXJ2rj+gj+qg+qo/pY/q4Pq5P6BP6lD6lT+vT+ow+o8/pc/q8Pq8v6Av6kr50+bIvkIEMdKCDfEG+ICaICWKD2CAuiAsKBgWDSBAJ4oP4oFBwY1A4KBIUDYoFCUHxoERgAgxsQEEYlAxKBdHgpqB0cHOQGJQJygblAheUD5KCW4IKwa1BxeC2oFJwe1A5uCOoUkAE1YLqwZ1BjeCuoGZQK6gd3B3UCeoG9YL6wT1Bg+DeoGFwX9AouD9oHDwQNAkeDJoGDwXNgoeD5sEjQYvg0aBl8FjQKmgdtAnaBu3+uX5Q9Q/U9/5MkSdcP9PfpJgBZqB5xQwyg80QM9QMM6+a4eY1M8K8blLNSDPKvGFGmzfNGPOWGWvGmfHmbTPBTDSTzGQzxUw1aeYdM828a6ab98wMM9PMMrNNuplj5pr3zTwz3ywwH5iF5kOzyCw2S8xSk2E+MplmmckyH5vl5hOTbVaYlWaVWW3WmLVmnVlvNpiNZpPZbLaYrWab2W4+NTvMTrPL7DZ7zF6zz3xm9pvPzQHzhckxX5qD5k/mkPnKHDZfm1zzjTlivjVHzXfmmPneHDc/mBPmpDllfjSnzU/mjDlrzpmfzXnzi7lgLppLxl++uL/88o4aNebDfBiDMRiLsRiHcVgQC2IEIxiP8VgIC2FhLIxFsSgmYAKWwBJ4GSFhSSyJUYxiaSyNiZiIZbEsOnSYhElYAStgRayIlbASVsbKWAWrYDWshnfinXgX3oW1sBbejXdjXayL9bE+NsAG2BAbYiNshI2xMTbBJtgUm2IzbIbNsTm2wBbYEltiK2yFbbANtsN22B7bYwfsgJ2wE3bGztgFu2AyJmNX7IrdsBt2x+7YA3tgT+yJvbAX9sE+2Bf7Yj/shymYggNxIA7CQTgEh+AwHIbDcTiOwBGYiqk4CkfhaByNY3AMjsVxOB7fxgk4ESfhZJyCUzEN03AaTsPpOB1n4AychbMwHdNxLs7FeTgPF+ACXIgLcREuwiW4BDMwAzMxE7MwC5fjcszGbFyJK3E1rsa1uBbX43rciBtxM27GrbgVt+N23IE7cBfuwj24B/fhPtyP+/EAHsAczMGDeBAP4SE8jIcxF3PxCB7Bo3gUj+ExPI7H8QSewFN4Ck/jaTyDZ/AcnsPz+AtewIt4CT3GWCli7TU2zl5rC9rrbIwtYP8+LmqL2QRb3Jawxha2Rf4hRmttoi1jy9py1tnyNsne8pu4iq1qq9nq9k5bw95la/4mbmDvtQ3tfbaRvd/Wt/f8Q9zYPmCb2EdtU/uYbWZb2+a2rW1hH7Ut7WO2lW1t29i2trN9ynaxT9tk+4ztap/9TZxpl9n1doPdaDfZ/fZze87+bI/a7+x5+4vtZ/vbYfZVO9y+ZkfY122qHfmbeLx9206wE+0kO9lOsVN/E8+ys226nWPn2vftPDv/N3GG/cgutFl2kV1sl9ilv8aXe8qyH9vl9hObbVfYlXaVXW3X2LV23d96XWW32K12m91nP7M77E67y+62e+zeX+PL53HAfmFz7Jf2iP3WHrJf2cP2mM213/waXz6/Y/Z7e9z+YE/Yk/aU/dGetj/ZM/bsr+d/+dx/tBftJeutICBJijQFlI/yUwwVoFi6huLoWipI11GErqd4uoEK0Y1UmIpQUSpGCVScSpAhJEtEIZWkUhSlm6g03UyJVIbKUjlyVJ6S6BaqQLdSRbqNKtHtVJnuoCpUlapRdbqTatBdVJNqUW26m+pQXapH9ekeakD3UkO6jxrR/dSYHqAm9CA1pYeoGT1MzekRakGPUkt6jFpRa2pDbakdPU7t6QnqQB2pEz1Jnekp6kJPUzI9Q13pWepGz1F3ep560AvUk16kXtSb+tBL1Jdepn7Un1JoAA2kV2gQDaYhNJSG0as0nF6jEfQ6pdJIGkVv0Gh6k8bQWzSWxtF4epsm0ESaRJNpCk2lNHqHptG7NJ3eoxk0k2bRbEqnOTSX3qd5NJ8W0Ae0kD6kRbSYltBSyqCPKJOWURZ9TMvpE8qmFbSSVtFqWkNraR2tpw20kTbRZtpCW2kbbadPaQftpF20m/bQXtpHn9F++pwO0BeUQ1/SQfoTHaKv6DB9Tbn0DR2hb+kofUfH6Hs6Tj/QCTpJp+hHOk0/0Rk6S+foZzpPv9AFukiXyJMIIZShCnUYhPnC/GFMWCCMDa8J48Jrw4LhdWEkvD6MD28IC4U3hoXDImHRsFiYEBYPS4QmxNCGFIZhybBUGA1vCkuHN4eJYZmwbFgudGH5MCm8JawQ3hpWDG8LK4W3h5XDO8IqYdXw0furh3eGNcK7wpphrbB2eHdYJ6wb1gvrh/eEDcJ7w4bhfWGj8P6wYvhA2CR8MGwaPhQ2Cx8Om4ePhC3CR8OW4WNhq7B12CZsG7YLHw/bh0+EHcKOYafwybBz+FTYJXw6TA6fCbuGz/7u8ZRwQDgwfCV8JfT+PrUkujSaEf0omhldFs2KfhxdHv0kmh1dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a3Rb1vn5+4cBJp5x2gcvn8rsYV8DFumtcnLvWFXTXuYi73sW7G1whd6Mr7Iq4oq6YS3DFXQlnHDrryIWupCvlou4mV9rd7BJdGVfWlXPOlXdJrq1r59q59u4J18F1dJ3ck+5J95R7yj3tnnbPuK7uWdfNPee6u+ddD/eCe8G96Hq53q6Pe8n1dS+7fq6/S3EpbqAb6Aa5QW6IG+KGuWFuuBvuRrgRLtWlulFulBvtRrsxbowb68a68W68m+AmuElukpviprg0l+amuWluupvuZrgZbpab5dJdupvr5rp5bp5b4Ba4hYkL3SK3yC1xS1yGy3CZLtNluSy33C132S7brXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9wut8vtcXvcPrfP7Xf73QF3wOW4HHfQHXSH3CF32H3tct037oj71h1137lj7nt33P3gTriT7pT70Z12P7kz7qw75352590v7oK76C4579Ii70SmRd6NTI+8F5kRmRmZFZkdSY/MicyNvB+ZF5kfWRD5ILIw8mFkUWRxZElkaSQj8lEkM7IskhX5OLI88kkkO7IisjKyKrI6sibiffEdoS/pS/mov8mX9jf7RF/Gl/XlvPPlfZK/xVfwt/qK/jZfyd/uK/s7fBVf1Vfzj/lWvrVv49v6dv5x394/4Tv4jr6Tf9J39k/5Lv5pn+yf8V39s76bf85398/7Hv4F39O/6Hv53r6Pf8n39S/7fr6/T/ED/ED/ih/kB/shfqgf5l/1w/1rfoR/3af6kX6Uf8OP9m/6Mf4tP9aP8+P9236Cn+gn+cl+ip/q0/w7fpp/10/37/kZfqaf5Wf7dD/Hz/Xv+3l+vl/gP/AL/Yd+kV/sl/ilPsN/5DP9Mp/lP/bL/Sc+26/wK/0qv9qv8Wv9Or/eb/Ab/Sa/2W/xW/02v91/6nf4nX6X3+33+L1+n//M7/ef+wP+C5/jv/QH/Z/8If+VP+y/9rn+G3/Ef+uP+u/8Mf+9P+5/8Cf8SX/K/+hP+5/8GX/Wn/M/+/P+F3/BX/SX+H/WGGOMMcb+S9TvHB/wL74n/7IuGyiEuHZnsdx/rrm58J/3g2VC54gQ4pn+PR/+66pTJyUl5S+PzVYiKLVYCBG5kp9PXIlXiE7iKZEsOooK/7K/wbL3efqd+tHbhYj9W+dCxIi/xn9f/9b/oP7jT47PrByei/9P6i8WIrHUlZwC4kp8pX7F/6B+kfa/03+Br9KE6PB3OXHiSnylfpJ4Qjwrkv/hkYwxxhhjjDHG2J8NltW6/9798+X78wR9JSe/uBL/3v05Y4wxxhhjjDHGrr7ne/d5+vHk5I7decMb3vDmb5ur/ZeJMcYYY4wx9u925aL/anfCGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4zlXf8/Pk7sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//JhA6YA==") open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 10.838125952s ago: executing program 3 (id=286): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rthdr_2292={{0x28, 0x29, 0x5, {0x0, 0x2, 0x2, 0x1, 0x0, [@remote]}}}], 0x28}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x5}]}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f0000000000)=0x6, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000002dc0)=@userptr={0x2, 0x1, 0x4, 0x0, 0x1, {}, {0x1, 0xc, 0x9, 0xc, 0x6, 0x8, "bf240fef"}, 0x3, 0x2, {&(0x7f00000002c0)}, 0x96000}) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) getpid() write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000b80)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0x2d7) close_range(r1, 0xffffffffffffffff, 0x0) 8.459103187s ago: executing program 3 (id=293): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x81c0, 0x1) lsetxattr$security_capability(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080), 0x0, 0x0, 0x1) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x80800, &(0x7f0000000680)={[{@metacopy_on}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) lsetxattr$system_posix_acl(&(0x7f0000000880)='./file0/file1\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="020000000100030000000000040004000000000010000300000000002000020000000000092ced2f70c496140bef0f7adef492cc8a49660a9216d27d803d7d2e6b724805219a3683c0e46fc6225ccfad5f0652ed7c572c8aa2ad3dc4649d92a703642e617ad0d25ca7387e6b5b0c16b534d99462c9bd899375911169b9ccf41690a960b247fd469abde6d1c44ccf84f0d98b4956ea929fa2030cd6fc9cd56a7e65d49cbe214457367a1be0fa23748e5df612fb2e0983801b598aa250a693a7495f4b868efacdba96081b07b8224de63c2adfea23d7887d2882379bd4fe1b97627080c39d100f397098067829848d245e240a8cc7851bac52f82b1a9ea43387393f78bb7551abb6b33cff95b1fab92d17cc46fa015a7d9300"/292], 0x24, 0x2) 8.216060448s ago: executing program 3 (id=294): syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x801, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) mq_timedsend(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x800c, 0x4, 0x4, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001400add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000800ffffffffffffffffffffffe7ee00000000000000000200", 0x57}], 0x1) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22903, 0x0) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xc) ioctl$KVM_CAP_X86_DISABLE_EXITS(r3, 0x4068aea3, 0x0) mmap(&(0x7f00000ab000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x80927000) mmap(&(0x7f00000ab000/0x1000)=nil, 0x1000, 0x6, 0x11012, r2, 0xffffe000) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x80, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x4360}, 0x8, 0x10000007, 0x80, 0x0, 0x1, 0x101, 0x0}) getpeername$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8850) syz_open_dev$loop(&(0x7f0000000000), 0x47ffffd, 0x122c42) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) symlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./file0\x00') mkdirat(0xffffffffffffff9c, 0x0, 0x0) 7.888903631s ago: executing program 0 (id=295): syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ap_ssid, 0x6, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x801, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) mq_timedsend(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x800c, 0x4, 0x4, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001400add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000800ffffffffffffffffffffffe7ee00000000000000000200", 0x57}], 0x1) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22903, 0x0) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xc) ioctl$KVM_CAP_X86_DISABLE_EXITS(r3, 0x4068aea3, 0x0) mmap(&(0x7f00000ab000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x80927000) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6, 0x20010, r3, 0xffffe000) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x80, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x4360}, 0x8, 0x10000007, 0x80, 0x0, 0x1, 0x101, 0x0}) getpeername$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8850) syz_open_dev$loop(&(0x7f0000000000), 0x47ffffd, 0x322c42) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x0, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xdd}, 0x94) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x397983, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2000000000000008) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="08000000000000006b02"]) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) 6.946994646s ago: executing program 1 (id=297): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x7, 0xd, 0x0, 0xffdffffc, 0x6, "00001000"}) write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000580)={0x0, 0x0, 0x3, 0x0, 0x1b, "00000000000000000000ffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc018aec0, &(0x7f00000000c0)={0x1}) getpid() syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r2, &(0x7f0000002600)={0x2020}, 0x2020) (fail_nth: 3) 4.76101471s ago: executing program 2 (id=299): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) sendto$inet6(r0, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000040)=0x4, 0x4) r1 = gettid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x10000000001, r1, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000180)=0x110000001) r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x300) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="28000008000100000000000800010001050000000000000000000000000000000000000000000000e967cbb8595b2beff374f4242094140103eb0b8074c4f6132782dec2a6e8121a857944b13409949510ee753477d41876652cc6aaa1e97c12a856e0ccff932831ed8a77dd763d557c055560326f66ab917597a62d1d3c9db417696f4bf9f2243d604ad05e501897aae65d0b13859da159d0264961c215bf00e5c00141825c719ebee526deb5718d0a0ce574b8e6cd33019316294d627603fb1c3d2e4c50d428ee48c8bb816c57cfb3957f720455980644a555acd2381bfbe566268402dcd0ed5ca28b30429e34e8a161"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, 0x0, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0xfff3, 0xffe0}, {}, {0x5, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x0, 0xffff}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8848}, 0x4000010) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x1000003, 0x10, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write(0xffffffffffffffff, 0x0, 0x0) recvmsg(r4, 0x0, 0x40010121) write$cgroup_subtree(r4, &(0x7f0000000240)=ANY=[@ANYRESHEX=r3, @ANYRES8=r3, @ANYBLOB="8c51db33c6d607032df6e8be19613a9837c49cafe0367379d80c4fb357e275846997a9abf4d3fa6c11cfb5ee15e099667c21abfd66018bf3c4a7987cc15a6d9e461615e1e2a30df8eab53da7b7e81491df", @ANYRESHEX=0x0, @ANYRES8=r2], 0xfffffffffffffdbe) 4.667975191s ago: executing program 3 (id=300): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f00000010c0)=""/102400, 0x19000) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 4.667209501s ago: executing program 1 (id=301): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000002100)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f0000002040)={0x20, 0x0, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_SEQ={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008045}, 0x4) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x8c, 0x0, 0x800, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x53cdce62}, @NL80211_ATTR_TX_RATES={0x64, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x60, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x8, 0x1, [0x6c, 0x30, 0x0, 0x1]}, @NL80211_TXRATE_HT={0x23, 0x2, [{0x3, 0x9}, {0x7, 0x7}, {0x1, 0x1}, {0x5, 0x8}, {0x1, 0xa}, {0x6, 0x7}, {0x7, 0x8}, {0x6, 0x8}, {0x5, 0x1}, {0x5, 0x6}, {0x4, 0x1}, {0x4, 0x9}, {0x7, 0x4}, {0x1, 0x3}, {0x6, 0xa}, {0x7, 0x9}, {0x3, 0x2}, {0x1, 0x6}, {0x7}, {0x4, 0x5}, {0x2}, {0x7, 0x7}, {0x2}, {0x0, 0x6}, {0x6, 0xa}, {0x6}, {0x0, 0x5}, {0x0, 0x9}, {0x7, 0x9}, {0x5, 0x3}, {0x3, 0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xfff8, 0x9, 0x6, 0xfffe, 0x5, 0x3ff, 0xfff]}}, @NL80211_TXRATE_HT={0x9, 0x2, [{0x0, 0x8}, {0x4, 0x8}, {}, {0x7, 0x3}, {0x3, 0x6}]}]}]}, @NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4004000}, 0x24000810) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x6f6) prlimit64(0x0, 0x6, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) getpgid(0xffffffffffffffff) r5 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000280)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000200)=0xffffffff, 0x4) connect$inet6(r5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000cb7ba9b873c37e57007bb91618d3b034840200010000006274dadb092e0385a0efeee5f7ad7134f3fd7ef50e6d82642ab65cdb25faa6158ef14e8ed57a5c5d29f1863a644dfc4e8f62e575845a567873eb7f629b5b618d26ce2b47fec021e484c99d5f831dbf2eaf03db297c38b5"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8) 4.232179273s ago: executing program 0 (id=302): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4dc1}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r3}, @IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_PROTOCOL={0x5}, @IFLA_HSR_VERSION={0x5, 0x6, 0x9}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000002080)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@private=0xa010100, 0x4e21, 0x3, 0x4e21, 0x0, 0x2, 0x40, 0xa0, 0xc, r2, r4}, {0x0, 0x8, 0x0, 0x5, 0x7, 0x4, 0x9, 0x569}, {0x200, 0x3, 0x4, 0x9}, 0x400, 0x6e6bb6, 0x2, 0x1, 0x2}, {{@in=@local, 0x4d2, 0x3c}, 0x2, @in=@broadcast, 0x0, 0x4, 0x3, 0x2, 0xe73, 0xfffffffa, 0x5}}, 0xe8) 3.917424935s ago: executing program 0 (id=303): mkdir(&(0x7f0000000380)='./file1\x00', 0xa) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x84) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) 3.640250207s ago: executing program 0 (id=304): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x4c}}, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x101080, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x12, r3, 0x76333000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000005c0)='mnt\x00', 0x4800c, &(0x7f0000000540), 0x10, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r7, 0x800c6613, &(0x7f00000006c0)=@v1={0x0, @aes256, 0x8, @desc3}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r8 = syz_open_procfs(0xffffffffffffffff, 0x0) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f0000000700)=ANY=[@ANYBLOB="08000000000000000a004e2400000027fe80000000000000000000000000003974000000000000000000009aa04f770000000000000000000000000000000000000000000000000000000f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a05f92371fba80ed3c72459f2f9a9a84794e74c8916ef9bfd97", @ANYRES32=r4, @ANYRESDEC=r1], 0x90) writev(r8, 0x0, 0x0) r10 = fsopen(&(0x7f00000001c0)='binder\x00', 0x1) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1, 0x100004, 0x1ffff, 0xb, 0x1, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, r11, 0x60000}, 0x38) fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r12 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r12, 0x90009427, &(0x7f0000000180)) 3.564170848s ago: executing program 2 (id=305): mkdir(&(0x7f0000000380)='./file1\x00', 0xa) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x84) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) (fail_nth: 3) 3.1816014s ago: executing program 2 (id=306): dup(0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) (fail_nth: 3) 2.777401223s ago: executing program 2 (id=307): r0 = dup(0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaa061c85d147aaaaccffffffffffff08004500001c0000618c2f5b164c000039fd73d2a440bebf1f310338f53151efe7a2ea7ed55cf3a0c7b62164ad7f904d6631b50d0c7397716378e6e749908773a39a5bcaccc3f65e4a8902e587b1bc56e3f5acaee73037825afc3a1191c67a254eac4093611559530fae50be140ad92f304f830fe5e60c9002ab3f444c53c6e8b538224ef035b92c9885dc93769d75d5e59826a37f108daa25f3c957a49bdd16eafe8e8e315b7daba4e8b3eb5f8aa144f9bdabe1097bbb6177630daa54a0cbe40296fac786c4f2a1be73e74a08340a4d16c1fc9346d25722f55589021e8ea04c17975bd539f0f23843fbcbb2adae7ad8ed11c8b372db81f6"], 0x0) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f00000003c0)) setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 2.616172873s ago: executing program 0 (id=308): socket$inet6_sctp(0xa, 0x1, 0x84) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000580)='./file0\x00', 0x1, &(0x7f0000000140)=ANY=[], 0xfe, 0x6241, &(0x7f000000ea80)="$eJzs3c1vHGcdB/DfvvolNLVyqEqEkJuWl1KaxEkJgQJtD3Dg0gOKuKFErltFpICSgNLKIq4sJA6c+AtASBwR4og48Af0wJUbJ05EspFAPTFo7OeJZze7Xbu2d9aez0dyZn7zzK6f8XdnXzIz+wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEN/9zvdWWhFx82dpwVLEp6IT0Y5YKOvliFhYXsrrdyPi2dhpjmciojcXUd5+55+nI16JiA/PRmxtr6+Wi6/ssx/f/uPff/eDM2/+7Q+9S//90/3Oq+PWe/DgV//588PDbTMAAAA0TVEURSt9zD+fPt+36+4UADAV+fW/SPLyU1//+p9v/mWW+qNWq9Vq9RTqqmK0h9UiIjaqtynfMzgcDwAnzEZ8VHcXqJH8G60bEWfq7gQw01p1d4BjsbW9vtpK+baqrwfLu+35XJCB/Ddaj6/vGDedZPgck2k9vjajE+fG9GdhSn2YJTn/9nD+N3fb+2m9485/Wsbl39+99Klxcv6d4fyHnJ782yPzb6qcf/dA+XfkDwAAAAAAMyz///9Szcd/5w6/Kfvyccd/l6fUBwAAAAAAAAA4aocd/+8x4/8BAADAzCo/q5d+c3Zv2bjvYiuX32hFPDW0PtAw6WKZxbr7AQAAAAAAAAAAAABN0t09h/dGK6IXEU8tLhZFUf5UDdcHddjbn3RN335osrqf5AEAYNeHZ/O1/L3dBa2I+Yi4kb7rr7e4uFgU8wuLxWKxMJffz/bn5ouFyufaPC2XzfX38Ya42y/KO5uv3K5q0uflSe3D91f+rn7R2UfHjkj6Y8aY5hoDB4D0AhWx5RXplCmKp8e9+YAB9v9TaCmW6n5cMfvqfpgCAAAAx68oiqKVvs77fDrm3667UwDAVOTX/+HjAoeq22PaI47m/tVqtVqtVn+iuqoY7WG1iIiN6m3K9wyG4weAE2YjPqq7C9RI/o3WjYhn6+4EMNNadXeAY7G1vb7aSvm2qq8HaXz3fC7IQP4brZ3b5duPmk4yfI7JtB5fm9GJc2P688yU+jBLcv7t4fxv7rb303rHnf+0jMu/v3PJXPPk/DvD+Q85Pfm3R+bfVDn/7oHy78gfAAAAAABmWP7//yXHf/MmAwAAAAAAAMCJs7W9vpqve83H/z8zYj3Xf55OOf/WQfNfSPPyP9Fy/u2h/L84tF6nMv/ojb39/9/b66u/v/+vT+fpfvOfyzOt9MhqpUdEK/2mVjdND7N1T9rsdfrlb+q12p1uOuen6L0dt+NOrMXlgXXb6e+x174y0F72tDfQfmWgvftE+9WB9l763oFiIbdfjNX4cdyJt3bay7a5Cds/P6G9mNCe8+94/m+knH/38c+575f5L6b21tC09OiD9hP7fXU66ve8fvuzv7x8/Jsz0WZ0Hm9bVbl9F2roz87f5Ew/fnpv7e7FB7fu37+7EmkysPRKpMkRy/n3dn7m9p7/n99tz8/71f310Qf9A+c/KzajOzb/5yvz5fa+OOW+1SHn308/Of+3Uvvo/f8k5z9+/3+phv4AAAAAAAAAAAAAAADAxymKYucS0dcj4lq6/qeuazMBgOnKr/9Fkper1Wq1Wq0+fXVVMdpr1SIi/lq9Tfme4eej7gwAmGX/i4h/1N0JaiP/Bsvf91dOX6i7M8BU3Xvv/R/eunNn7e69unsCAAAAAAAAAHxSefzP5cr4zy9ExNLQegPjv74Ry4cd/7ObZx4PMHrEA32Psdnud9qV4cafi53xuS+OG//7Qjw5/nceE7dT3Y4xehPa+xPa5ya0z49cupfWyAs9KnL+z1XGOy/zPz80/HoTxn8dHvO+CXL+FyqP5zL/LwytV82/+O3M5b+x3xU3oz2Q/6X77/7k0r333n/59ru33ll7Z+1HV1dWLl+9du369euX3r59Z+3y7r/H0+sZkPPPY187D7RZcv45c/k3S87/c6mWf7Pk/D+favk3S84/v9+Tf7Pk/PNnH/k3S87/xVTLv1ly/l9KtfybZWt7fa7M/6VUy79Z8v7/5VTLv1ly/i+nWv7NkvO/mGr5N0vO/1Kq95G/r4c/RXL++QiX/b9Zcv4rqZZ/s+T8r6Ra/s2S87+aavk3S87/lVTLv1ly/l9JtfybJed/LdXyb5ac/1dTLf9myflfT7X8myXn/7VUy79Zcv5fT7X8myXn/2qq5d8sOf9vpFr+zZLz/2aq5d8sOf9vpVr+zZLzfy3V8m+Wve//N2NmFmZ+cbR32IkZ2a6TNlP3MxMAAAAAAAAAAAAAMGwapxPXvY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2LvXGLnO+n7gZ/bmtUOIgRCc/A1sEmOMs2TXl/jCHxcTrg1QbgmFXrBd79os+IbXLoEi2TRQImFUVIGavmgLCLWRqgqr4gWtKM2LqpdXpX1B31RUlZAaVSEKqEhtRbPVzHmexzOzszO73vF69jyfj2T/dmfOzDlz5szsftf+7gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGh295tmP18riqL+p/HX5qJ4Qf3jjRObG5e97mZvIQAAALBa/9v4+7nb0gWHl3GjpmX+9hX/8K2FhYWF4oPDXxn98sJCumKiKEY3FEXjuujqv32o1rxM8FgxXhtq+nyox+qHe1w/0uP60R7Xj/W4fkOP68d7XL9oByyysfx5TOPOtjU+3Fzu0uL2YrRx3bYOt3qstmFoKP4sp6HWuM3C6IlirjhVzBbTLcuXy9Yay3/n7vq63l7EdQ01rWtr/Qj58aePx22ohX28rWVd1+4z+tEbi4mf/PjTx//owjN3dpo9d0PL/ZXbueOe+nZ+NlxSbmut2JD2SdzOoabt3NrhORlu2c5a43b1j9u387llbufwtc1cU+3P+Xgx1Pj4e439NNL8Y720n7aGy/7r3qIoLl/b7PZlFq2rGCo2tVwydO35GS+PyPp91A+lFxcjKzpO717GcVqfM9taj9P210R8/u8OtxtZYhuan6YffWZs0fO+0uM0qj/qpV4r7cdgv18rg3IMxuPie40H/XjHY3BbePyf3r70Mdjx2OlwDKbH3XQM3tPrGBwaG25sc3oSao3bXDsGd7UsP9xYU60xn97e/RicunD63NT8Jz/12rnTx07Onpw9s2fXruk9+/YdOHBg6sTcqdnp8u/r3NuDb1MxlF4D94R9F18Dr25btvlQXfha/16H411eh5vblu3363Ck/cHV1uYFufiYLl8bD9d3+viVoWKJ11jj+dm5+tdhetxNr8ORptdhx68pHV6HI8t4HdaXObdzed+zjDT96bQNN+prweamY7D9+5H2Y7Df348MyjE4Ho6Lf9m59NeCrWF7H59c6fcjw4uOwfRww3tP/ZL0/f74gcbodFzeVb/ilrHi4vzs+fsfPXbhwvldRRhr4iVNx0r78bqp6TEVi47XoRUfr4fnXvH4XR0u3xz21fhr63+NL/lc1ZfZe3/356rx1a3z/my5dHcRRp+t9f7s9NW8vj9TluyyP+vLfHZq9d+Lp1za9P47usT7b8z9z5frS3f12PDoSPn6HU57Z7Tl/bj1qRppvHfVGut+bmp578ej4c9avx/f3uX9eEvbsv1+Px5tf3Dx/bjW66cdq9P+fI6H4+TUdPf34/oyW3av9Jgc6fp+fG+YtbD/XxOSQspFTcfOUsdtWtfIyGh4XCNxDa3H6Z6W5UdDNquv68nd13ec7ri3vK/h9OiuWavjdKJt2X4fp+n9aqnjtNbrp2/Xp/35HA/Hxe17uh+n9WWe2rv6986N8cOm986xXsfg6PBYfZtH00FYvt8vbIzH4P3F8eJscaqYaVw71jieao11TT6wvGNwLPxZ6/fKLV2OwR1ty/b7GExfx5Y69mojix98H7Q/n+PhuHjige7HYH2ZN+/v7/euO8IlaZmm713bf7621M+87mrbTTfyZ1717fzr/d1/Nltf5tSBlebM7vvpvnDJLR32U/vrd6nX1EyxNvtpS9jOZw4svZ/q21Nf5ssHl3k8HS6K4tLHH2z8vDf8+8qfXfz+t1r+3aXTv+lc+viDz9564m9Wsv0ArH/Pl2NT+bWu6V+mlvPv/wAAAMC6EHP/UJiJ/A8AAACVEXN//F/hifwPAAAAlRFz/0iYSSb5f8ubn5l7/lKRmvkLQbw+7YaHyuVix3U6fD6xcE398ge/MfvTv7i0vHUPFUXxs4d+o+PyWx6K21WaCNt59S2tly++4aVlrf/oI9eWa+6vfzXcf3w8yz0MOlVwp4ui+M5tX2ysZ+JDVxrzqYeONub7Lj/+WH2Z5w6Wn8fbP/2ScvnfD+XfwyeOtdz+6bAffhjm9Ds67494u29eec3W/R+4tr54u9o9L2w87Cc+XN5v/D05X3qsXD7u56W2/y+/8OQ368s/+qrO239pqPP2Pxnu9xth/vfLy+Wbn4P65/F2nwvbH9cXb3f/17/bcfuvfr5c/txby+WOhhnXvyN8vu2tz8w1769Ha8daHlfxtnK5uP7p7/924/p4f/H+27d//MiVlv3Rfnw89U/l/Uy1LR8vj+uJ/rxt/fX7aT4+4/qf/K2jLfu51/qvvu/pl9fvt33997UtN9x2+/bf2PQHn/tix/XF7Tn8p+daHs/h94bXcVj/Ex8Ox2O4/n+ufrFlvdHR97a+/8Tlv7r5Usvjid7+k3L9V99wsjH/feKnv3fLC2594eVX1vddUXzv/eX99Vr/yT8827L9X7tjZ+P5iNfHjn77+pcS13/+E5Nnzs5fnJtp2quN353zznJ7Noxv3FTf3tvCe2v750fOXvjI7PmJ6Ynpopio7q/Qu25fD/PZclxe6e13PhKez7t+9zubtv/jF+Ll//xwefmVd5Rft14dlvtSuHxz+fwt1Fa5/ifuvqPx+q49VX7e0mPvg63b/uPAshYMj7/9+4J4vJ976Uca+6F+XePrRnxdr3L7fzBT3s+3w35dCL+Z+Z47rq2vefn4uxGuvL98va96/4W3ufi8/nF4vt/1w/L+43bFx/uD8H3Md7e0vt/F4+Pbl4ba77/xWzwuh/eT4nJ5fVwq7u8rz93RcfPi7yEpLt/Z+Px30v3cuaKHuZT5T85PnZo7c/HRqQuz8xem5j/5qSOnz148c+FI43d5Hvlor9tfe3/a1Hh/mpndt7eY3lgUxdlieg3esG7M9tc/Wt72n3vk+Mz+6e0zsyeOXTxx4ZFzs+dPHp+fPz47M7/92IkTs5/odfu5mUO7dh/cs3/35Mm5mUMHDh7cc3By7szZ+maUG9XDvumPTZ45f6Rxk/lDew/ueuCBvdOTp8/OzB7aPz09ebHX7Rtfmybrt/71yfOzp45dmDs9Ozk/96nZQ7sO7tu3u+dvAzx97sT8xNT5i2emLs7Pnp8qH8vEhcbF9a99vW5PNc3/a/n9bLta+Yv4inffty/9fta6b3xmybsqF2n7BaLPhN9F8/cvOndgOZ/H3D8aZpJJ/gcAAIAcxNw/FmYi/wMAAEBlxNy/IcxE/gcAAIDKiLl/PMwkk/yv/6//v7z+f3m9/n9e/f9zHy97peu9/x/78/r/ebjJ/f9Vr1//X/+/ev3/5ffn1/v26//r/7PYoPX/Y+7fWBRZ5n8AAADIQcz9m8JM5H8AAACojJj7bwkzkf8BAACgMmLuf0GYSSb5P4f+/3s6LLbC/v/uXoWr6vf/1835/zcW+v/6/839//jk6P9nY8X9+w883PKp/n+g/6//r/+v/6//z6qNLnnNzer/x9x/a5hJJvkfAAAAchBz/wvDTOR/AAAAqIyY+28LM5H/AQAAoDJi7t8cZpJJ/s+h/9+J8/9Xtv/v/P/6//09/3/Txuj/rw/O/99d5/7/2C2LLtL/X2H/f1z/fz32/0f7u/2D3f/vufn6/9wQg3b+/5j7XxRmkkn+BwAAgBzE3P/iMBP5HwAAACoj5v6XhJnI/wAAAFAZMfffHmaSSf7X/9f/1//X/9f/77z+3uf/Lz/S/x8s+v/dOf9/D87/n1f/v8/bP9j9/36f/3/0Le231/+nk0Hr/8fc/9Iwk0zyPwAAAOQg5v47wkzkfwAAAKiMmPtfFmYi/wMAAEBlxNy/Jcwkk/yv/6//r/+v/6//33n9vfv/Jf3/waL/353+fw/6//r/+v/L6/93+OZX/59OevX/H3x9+T69Vv3/mPvvDDPJJP8DAABADmLuvyvMRP4HAACAyoi5//+Fmcj/AAAAUBkx928NM8kk/+v/6//r/+fV/79vTP9f/7/a9P+70//vQf9f/1//f5nn/19sJf3/Db3ujMro1f9/9337Gm+B7f3/DvmqL/3/mPtfHmaSSf4HAACAHMTc/4owE/kfAAAAKiPm/leGmcj/AAAAUBkx90+EmWSS//X/q9X//5O/euKVhf6//n+P9Ve0/x8PA/3/zOn/d6f/34P+v/6//v+a9P/Jx/X2/zvoS/8/5v67w0wyyf8AAACQg5j77wkzkf8BAACgMmLuvzfMRP4HAACAyoi5f1uYSSb5X/+/Wv3/SP9f/7/b+iva/0/0//Om/99B04tU/78H/X/9/+z7//G7X/1/+mPQ+v8x978qzCST/A8AAAA5iLl/e5iJ/A8AAACVEXP/q8NM5H8AAACojJj7d4SZZJL/9f/1//X/9f/1/zuvX/9/fdL/726l/f8x/X/9f/3/zPr/zv9Pfw1a/z/m/teEmWSS/wEAACAHMffvDDOR/wEAAKAy4v/fLP/fq/wPAAAAVRRz/2SYSSb5X/9f/z+n/n9N/1//X/+/8vT/u3P+/x70//X/9f/1/+mrQev/x9z/2jCTTPI/AAAA5CDm/vvDTOR/AAAAqIyY+6fCTOR/AAAAqIyY+6fDTDLJ//r/+v859f+d/1//X/+/+vT/u9P/70H/X/+/av3/otD/56YatP5/zP27wkwyyf8AAACQg5j7d4eZyP8AAABQGTH37wkzkf8BAACgMmLu3xtmkkn+1//X/9f/1//X/++8fv3/9alb//4ry7i9/n+g/6//r/9fjf6/8/9zkw1a/z/m/gfCTDLJ/wAAAJCDmPv3hZnI/wAAAFAZMffvDzMJ+b/T/+sGAAAA1peY+w+EmWTy7//6/xXp///m37WsW/9f/7/b+vvT/9+o/x+m/v9gqej5/9tfFtdtffb/n0+PX/9f/3+Qt1//X/+fxQat/x9z/8Ewk0zyPwAAAOQg5v7XhZnI/wAAAFAZMff//zAT+R8AAAAqI+b+14eZZJL/9f8r0v9vo/+v/99t/c7/r/9fZRXt//fN+uz/L3H+/yH9f/3/1W//WB+3X/9/Of3/Db3uhoq58f3/+NHy+v8x9x8KM8kk/wMAAEAOYu7/uTAT+R8AAAAqI+b+N4SZyP8AAABQGTH3Hw4zyST/6//r/+v/6//fmP7/G4p2g9j/rx88+v/Vov/fXaX6/87/r/8/YNuv/+/8/yw2aOf/j7n/jWEmmeR/AAAAyEHM/Q+Gmcj/AAAAUBkx978pzET+BwAAgMqIuf/NYSaZ5H/9f/1//X/9f+f/77x+/f/1Sf+/O/3/HvT/9f/1//X/6aub1//f0PH6mPvfEmaSSf4HAACAHMTc/9YwE/kfAAAAKiPm/reFmcj/AAAAUBkx9789zCST/K//r/+v/1/N/v+GLuvX/9f/rzL9/+70/3vQ/9f/1//X/6evBu38/zH3/3yYSSb5HwAAAHIQc/9DYSbyPwAAAFRGzP3vCDOR/wEAAKAyYu5/Z5hJJvlf/1//X/+/mv3/buvX/9f/rzL9/+70/3vQ/9f/1//X/6evBq3/H3P/u8JMMsn/AAAAkIOY+38hzET+BwAAgMqIuf/dYSbyPwAAAFRGzP3vCTPJJP/3p/9fK8pWq/5/M/3/6+n/L1xqvp3+v/5/0a/+f/1G+v9Z0P/vTv+/hw79/w36//r/+v/6/1y3Qev/x9z/3jCTTPI/AAAA5CDm/veFmcj/AAAAUBkx978/zET+BwAAgMqIuf/hMJNM8r/z/2fZ/08PefD6/87/r//v/P/6/6uj/9+d/n8Pzv+v/78u+/+jYX5sMn5t0v9nUAxa/z/m/kfCTDLJ/wAAAJCDmPs/EGYi/wMAAEBlxNz/i2Em8j8AAABURsz9HwwzyST/6/9n2f8f4PP/V63/P9JyfOTU/x9vej7Tcan/r/+/BvT/u9P/70H/X/9/kPv/4WjeuMTtnf+fQTRo/f+Y+z8UZpJJ/gcAAIAcxNz/S2Em8j8AAABURsz9vxxmIv8DAABAZcTc/ythJpnk/yz6/0OLF9P/1/9v3l/O/+/8/53Wr/+/Pun/d6f/34P+fz79/5H+b//NO/9/Sf+fQTRo/f+Y+381zGTJ4Pfsfy7jYQIAAAADJOb+D4eZZPLv/wAAAJCDmPuPhJnI/wAAAFAZMfcfDTPJJP9n0f/vYOn+fzyjqv6//r/+v/6//v961L/+/8tuLQr9f/1//f/K9v9vwPbr/+v/s9ig9f9j7j8WZpJJ/gcAAIAcxNz/a2Em8j8AAABURsz9x8NM5H8AAACojJj7Z8JMMsn/a93/b+r1jg5m/9/5/6+3//8z/X/9/0D/vzP9/7Xh/P/d6f/3oP+v/6//r/9PXw1a/z/m/tkwk0zyPwAAAFRY+nFwzP0nwkzkfwAAAKiMmPtPhpnI/wAAAFAZMfd/JMwkk/zv/P/6/87/fzP6/yMty+v/l/T/9f/7Qf+/O/3/HvT/9f/1//X/6atB6//H3D8XZpJJ/gcAAIAcxNz/0TAT+R8AAAAqI+b+j4WZyP8AAABQGTH3nwozyST/6//r/+fe/68VxWXn/9f/77R+/f/1Sf+/u/9j7z6a5DqrP463baVZwUtgzYqlWdkLXgBbdlSxNtHkYJmcwUSTwYDJOWeTc87Z5BxNMIaqoTw+50ij7rk90lx13/s8n8/m/KW/xbTwYOqH6luP/n8N/b/+X/+v/2dUU+v/c/dfFbd0sv8BAACgB7n77xu32P8AAADQjNz994tb7H8AAABoRu7++8ctnex//b/+v/f+f7GV9//3//Xt9/93/B3S/+v/N2Gpvz+2+q87KAo/sP+/2+VX31v/r//X/w/S/+v/9f+ca2r9f+7+B8Qtnex/AAAA6EHu/gfGLfY/AAAANCN3/4PiFvsfAAAAmpG7/+q4pZP9r//X/+v/9f/7+v+bvP+v/5837/8Pm0f/f/nu7q7+fxX9/7Q/v/5f/8+yqfX/ufsfHLd0sv8BAACgB7n7HxK32P8AAADQjNz9D41b7H8AAABoRu7+h8Utnex//b/+X/8/l/7/xIzf/4/vB/2//n8D9P/D5tH/e/9f/z/Pz6//1/+z7Pz7/wP/sT1K/5+7/+FxSyf7HwAAAHqQu/8RcYv9DwAAAM3I3f/IuMX+BwAAgGbk7n9U3NLJ/tf/6//1/3Pp/zf0/r/+X/8/czcszvwzQf+/TP+/xpr+f7HQ/w85dD+/+rc3n89/AP2//p9l59//H/gvNUr/n7v/0XHLlYvFiQv9TQIAAACTkrv/MXFLJ3/+DwAAAD3I3X9N3GL/AwAAQDNy95+OWzrZ//p//b/+X/+v/1/99fX/8+T9/2FH7//veuer7tNv/+/9/2He/x+7/7/9O6PJ/l9m3ZGp9f+5+6+NWzrZ/wAAANCD3P2PjVvsfwAAAGhG7v7HxS32PwAAADQjd//j45ZO9r/+f1r9f+YuF97/X7bv153V/+/VLvr/uff/99D/6//1/2vo/4d5/3+NvX/M7dQP9f/6f+//e/+fo5la/5+7/wlxSyf7HwAAAHqQu/+JcYv9DwAAAM3I3f+kuMX+BwAAgGbk7n9y3NLJ/tf/T6v/9/6//t/7//p//f/R6P+H6f/XaOX9/wv8rtl2P39U2/78+n/9P8um1v/n7n9K3NLJ/gcAAIAe5O5/atxi/wMAAEAzcvc/LW6x/wEAAKAZufufHrd0sv/1//r/efT/+RX0//r/i9//J/3/POn/h+n/12il/79A2+7n5/759f/6f5ZNrf/P3f+MuKWT/Q8AAAA9yN3/zLjF/gcAAIBm5O5/Vtxi/wMAAEAzcvc/O27pZP/r//X/8+j/vf+v//f+v/7/cPT/w/T/a+j/9f/6f/0/o5pa/5+7/7q4pZP9DwAAAD3I3f+cuMX+BwAAgGbk7n9u3GL/AwAAQDNy9z8vbulk/+v/V/X/t+j/9f/6f/2//n+m9P/D9P9r6P/1//p//T+jmlD/f9avOrV4ftzSyf4HAACAHuTuf0HcYv8DAABAM3L3vzBusf8BAACgGbn7r49bOtn/+v/JvP+/l/O11f/vLBYL/f+i0/5/56y/n/V9qf/X/2+A/n+Y/n8N/b/+X/+v/2dUE+r/936cu/9FcUsn+x8AAAB6kLv/xXGL/Q8AAADNyN3/krjF/gcAAIBm5O5/adzSyf7X/0+m/9/TVv/v/f9zvz966v+9/79M/78Z+v9h+v819P/6f/2//p9RTa3/z93/srjpxPEL/i0CAAAAE5O7/+VxSyd//g8AAAA9yN3/irjF/gcAAICZum7pZ3L3vzJu6WT/6//H7f9PnPVz+n/9/7nfH/p//b/+/+LT/w/T/6+h/9f/6//1/4xqav1/7v5XxS2d7H8AAADoQe7+G+IW+x8AAACakbv/1XGL/Q8AAADNyN3/mrilk/2v//f+v/5f/6//X/319f/zpP8fpv9fQ/9/YD9/mKex9f9H7v9Pnvk/9f+04Tz6/93d3Wsuev+fu/+1cUsn+x8AAAB6kLv/xrjF/gcAAIBm5O5/Xdxi/wMAAEAzcve/Pm7pZP/r/zvt//NbfV79/+nFYpL9/6X6//30/6vp/zdD/z9M/7+G/t/7/97/1/8zqqm9/5+7/w1xSyf7HwAAAHqQu/+NcYv9DwAAAM3I3f+muMX+BwAAgGbk7n9z3NLJ/tf/d9r/e//f+//6/033/7ct9P8bMYv+f+fgrz/1/v9a/b/+f0B3/f89777vh/p//T/Lptb/5+5/S9zSyf4HAACAHuTuf2vcYv8DAABAM3L3vy1usf8BAACgGbn73x43Hetk/+v/9f/6f/2//n/119/w+/8nFouF/n8Es+j/B0y9/x/n/f9z/1N+hv5f/z/nz6//1/+zbGr9f+7+d8Qtnex/AAAA6EHu/nfGLfY/AAAANCN3/7viFvsfAAAAmpG7/91xSyf7X/+v/9f/6/+b7/+vnUX/7/3/kej/h02j/z+Y/l//P+fPr//X/3N42+r/c/e/J27pZP8DAABAD3L3vzdusf8BAACgGbn73xe32P8AAADQjNz9749bOtn/+n/9//n0//k59f9t9f8nJ9f/n9r3r9fJ+//6/5Ho/4fp/9fQ/+v/9f/X6f8Z09Te/8/d/4G4pZP9DwAAAD3I3f/BuPU/3dr/AAAA0Izc/R+KW+x/AAAAaEbu/g/HLZ3sf/2//t/7//r/5t//1/93Rf8/TP+/hv5f/6//9/4/o5pa/5+7/yNxSyf7HwAAAHqQu/+jcYv9DwAAAM3I3f+xuMX+BwAAgGbk7r8pbulk/+v/9f/6f/2//v+Ov4f6/zbo/4dtpv/f0f/r/6ufvyT+U6D/1/+v+/W0aWr9f+7+j8ctnex/AAAAaM3xFT+Xu/8TcYv9DwAAAM3I3f/JuMX+BwAAgFk6tuLncvd/Km6Z5f5fVaEP0//r//X/+n/9/+qvr/+fp630//lNof/3/n/op/+/y74fze39/3P/++uyhf5f/8/Yptb/5+7/dNwyy/0PAAAArJK7/zNxi/0PAAAAzcjd/9m4xf4HAACAZuTu/1zc0sn+1//r//X/+n/9/+qvr/+fp9H6/5ML7//r//X/G34/f+6fX/+v/2fZ1Pr/3P2fj1s62f8AAADQg9z9X4hb7H8AAABoRu7+L8Yt9j8AAAA0Y2/3Z1zW4f7X/+v/9f/6f/3/6q+v/5+nrbz/r//X/+v/9+j/9f/6f841tf7/S3u/6tTiy3FLJ/sfAAAAepC7/ytxi/0PAAAAzcjd/9W4xf4HAACAZuTu/1rc0sn+1//va89P6/+n2v/v7u5eo/+/ZHGV/n9l/3/zjPv/6/X/I9P/D+u4/z92qA+g/9f/T77/P/e/Jc/Q/zNFU+v/c/d/PW7pZP8DAABAD3L3fyNusf8BAACgGbn7vxm32P8AAADQjNz934pbOtn/+v8JvP9/Sv/v/X/v/y+8/6//H4n+f1jH/f/htNj/nzr8b3/b/fxRbfvze/9f/8+yqfX/ufu/Hbd0sv8BAACgB7n7vxO32P8AAADQjNz9341b7H8AAABoRu7+78Utnex//f/m+v/b/73r5f3/ncXqz6//1//r//X/F5v+f5j+f40W+//zsO1+fu6fX/+v/2fZ1Pr/3P3fj1v2D7/j5/e7BAAAAKYkd/8P4pZO/vwfAAAAepC7/4dxi/0PAAAAzcjd/6O4pZP9r/+fwPv/Dfb/3v9f/f2h/590/3+p/r8N+v9h+v819P/6f/3/SP1/fjfr/3s3tf4/d/+P45ZO9j8AAAD0IHf/T+KWK3e29ZEAAACAkeXu/2nc4s//AQAAoBm5+2+OW87a/6va7lbo//X/+n/9v/5/9dfX/8+T/n/YYfv/k4uj9f9J/6//1//32v97/587bLj/P72u/8/d/7O4xZ//AwAAwOwcP+Dnc/f/PG6x/wEAAKAZuft/EbfY/wAAANCM3P2/jFtuuXRbH2mj9P/6f/3/mv7/1vgG1//r//X/s6D/H+b9/zX0/2P081fo/9vo/xcL/T9Ht+H+f+2Pc/f/Km7x5/8AAADQjNz9v45b7H8AAABoRu7+38Qt9j8AAAA0I3f/b+OWTva//l//f8T+fy/NbLr/9/6//j/o/+dB/z9s+/3/jYNfVv/fRP/v/f9G+n/v/zOGbfT/OwP//9z9v4tbOtn/AAAA0IPc/b+PW+x/AAAAaEbu/j/ELfY/AAAANCN3/x/jlk72/9b6//i3Wv8/+/6//ff/B/v/3YX+X/+v/58W/f+w7ff/w/T/+v85f379v/6fZdvo/wd/vPerTi3+FLd0sv8BAACgB7n7/xy32P8AAADQjNz9f4lb7H8AAABoRu7+v8Ytnex/7//r//X/3v/X/6/++vr/edL/D9P/r1Z/o/T/+n/9v/6fUU2t/8/d/7e4pZP9DwAAAD3I3f/3uMX+BwAAgGbk7r8lbrH/AQAAoBm5+/8RtzSx/4+t/Sv0/7Ps/yuP1v/r//X/+n/20/8P22b/f687rf+y3v/fev+fH0H/r//X/zOKqfX/ufv/Gbc0sf8BAACA2+Xu/1fcYv8DAABAM3L3/ztusf8BAACgGbn7b41bOtn/a/r/k/UX6v8Hef9//+fX/6/+/tD/6//1/xef/n+Y9//X0P97/1//r/9nVFPr/3P3/ydu6WT/AwAAQA9y998Wt9j/AAAA0Izc/f+NW+x/AAAAaEbu/v/FLZ3sf+//z6n/v0L/r//X/+v/9f9r6P+H6f/X0P/r//X/+n9GNbX+P3f//wMAAP//qbtNJQ==") ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0xc0185879, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]}) syz_open_dev$char_usb(0xc, 0xb4, 0x2) set_tid_address(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0xffa1, 0x2007bb}) 2.525133275s ago: executing program 2 (id=309): dup(0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 2.135012837s ago: executing program 2 (id=310): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f00000010c0)=""/102400, 0x19000) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) (fail_nth: 3) 2.123841067s ago: executing program 3 (id=311): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x4c}}, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x101080, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00') writev(r7, &(0x7f0000000000)=[{&(0x7f00000002c0)='\n', 0x1}, {&(0x7f0000000140)="9f", 0x1}], 0x2) r8 = fsopen(0x0, 0x1) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1, 0x1}, 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, r9, 0x60000}, 0x38) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) r11 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r11, 0x90009427, 0x0) sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 805.148635ms ago: executing program 3 (id=312): mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x20) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) 0s ago: executing program 0 (id=313): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@random="3a9aeda12998", @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fa0008", 0x18, 0x3a, 0x0, @remote, @loopback, {[], @mld={0x83, 0x0, 0x0, 0x9, 0xc034, @mcast1}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) shutdown(r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a0c0)=""/102394, 0x18ffa) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) kernel console output (not intermixed with test programs): Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 93.077528][ T5800] Bluetooth: hci0: command tx timeout [ 93.083196][ T5804] Bluetooth: hci1: command tx timeout [ 93.119891][ T5907] loop0: detected capacity change from 0 to 32768 [ 93.136344][ T5907] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.1 (5907) [ 93.157649][ T5804] Bluetooth: hci3: command tx timeout [ 93.162915][ T5802] Bluetooth: hci2: command tx timeout [ 93.176598][ T5907] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 93.187274][ T5907] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 93.196177][ T5907] BTRFS info (device loop0): using free space tree [ 93.298702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 93.309443][ T5910] binder: 5896:5910 ioctl 0 200000000040 returned -22 [ 93.368954][ T1138] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x45c4daa94c2fee9c24887d4bee8f983cd8ca9d8901c4a5aa51fab9bc8d8bf5d6 found 0x27c884ea303fe078df9016f468270348d1bc14bee51fb61e895d5a87d27b2dbc level 0 [ 93.657774][ T5907] BTRFS warning (device loop0): couldn't read tree root [ 93.987487][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.011083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 94.060771][ T5907] BTRFS error (device loop0): open_ctree failed: -5 [ 94.244618][ T5907] Cannot find del_set index 4 as target [ 94.335743][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.965669][ T5931] netlink: 'syz.3.9': attribute type 29 has an invalid length. [ 94.976226][ T5931] netlink: 'syz.3.9': attribute type 29 has an invalid length. [ 95.000892][ T5931] netlink: 'syz.3.9': attribute type 29 has an invalid length. [ 95.078169][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.157740][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.268066][ T5802] Bluetooth: hci4: command 0x1003 tx timeout [ 95.274685][ T5800] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 95.318303][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.392040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.405960][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.701191][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.071504][ T5806] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by udevd (5806) [ 97.397392][ T5943] netlink: 56 bytes leftover after parsing attributes in process `syz.3.12'. [ 98.241059][ T5945] tun0: tun_chr_ioctl cmd 1074025675 [ 98.260857][ T5945] tun0: persist enabled [ 98.263070][ T5945] tun0: tun_chr_ioctl cmd 1074025675 [ 98.263092][ T5945] tun0: persist enabled [ 98.346510][ T5950] x_tables: duplicate underflow at hook 3 [ 99.581963][ T5956] loop1: detected capacity change from 0 to 1024 [ 99.726461][ T5807] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 99.781761][ T5956] capability: warning: `syz.1.16' uses deprecated v2 capabilities in a way that may be insecure [ 102.066872][ T5972] loop2: detected capacity change from 0 to 8 [ 103.107680][ T5977] netlink: 'syz.0.23': attribute type 29 has an invalid length. [ 103.116844][ T5977] netlink: 'syz.0.23': attribute type 29 has an invalid length. [ 103.141473][ T5977] netlink: 'syz.0.23': attribute type 29 has an invalid length. [ 103.183821][ T5978] loop2: detected capacity change from 0 to 64 [ 103.294423][ T5961] loop3: detected capacity change from 0 to 32768 [ 103.453153][ T5966] loop1: detected capacity change from 0 to 32768 [ 104.046748][ T5966] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 104.318054][ T5966] XFS (loop1): Ending clean mount [ 104.339312][ T5807] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by udevd (5807) [ 105.435024][ T5792] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 106.183170][ T6001] loop2: detected capacity change from 0 to 64 [ 106.233497][ T5999] loop0: detected capacity change from 0 to 2048 [ 106.248683][ T6003] netlink: 28 bytes leftover after parsing attributes in process `syz.1.27'. [ 106.283312][ T5999] EXT4-fs: Ignoring removed bh option [ 106.360597][ T5798] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 106.450545][ T5999] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.564132][ T6004] i2c i2c-0: Invalid block read size 255 [ 106.616349][ T5798] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.658474][ T5999] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 106.686211][ T5999] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 106.688065][ T5798] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.720983][ T5999] EXT4-fs (loop0): This should not happen!! Data will be lost [ 106.720983][ T5999] [ 106.727395][ T5798] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 106.764478][ T5798] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 106.767637][ T5999] EXT4-fs (loop0): Total free blocks count 0 [ 106.779697][ T5798] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.819314][ T5798] usb 4-1: config 0 descriptor?? [ 106.824639][ T5999] EXT4-fs (loop0): Free/Dirty block details [ 106.880419][ T5999] EXT4-fs (loop0): free_blocks=2415919104 [ 106.890791][ T6003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.905233][ T5999] EXT4-fs (loop0): dirty_blocks=32 [ 106.927999][ T5999] EXT4-fs (loop0): Block reservation details [ 106.951398][ T5999] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 106.959635][ T6009] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 106.959644][ T6003] bond0: (slave rose0): Enslaving as an active interface with an up link [ 107.255441][ T6016] loop2: detected capacity change from 0 to 64 [ 107.284518][ T5798] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 107.358422][ T5798] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 108.724246][ T5175] usb 4-1: USB disconnect, device number 2 [ 108.724932][ T5996] usb 4-1: string descriptor 0 read error: -71 [ 108.755802][ T6033] loop0: detected capacity change from 0 to 256 [ 108.775275][ T6033] FAT-fs (loop0): Unrecognized mount option "norodir" or missing value [ 108.789179][ T6031] plantronics 0003:047F:FFFF.0001: usb_submit_urb(ctrl) failed: -19 [ 108.986370][ T5996] loop3: detected capacity change from 0 to 256 [ 109.223313][ T5996] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 109.517373][ T28] audit: type=1800 audit(1762713249.009:3): pid=5996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.29" name="file1" dev="loop3" ino=1048592 res=0 errno=0 [ 110.585801][ T6059] loop1: detected capacity change from 0 to 64 [ 111.178893][ T6040] loop0: detected capacity change from 0 to 32768 [ 111.214723][ T6040] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.34 (6040) [ 111.240479][ T6069] netlink: 48 bytes leftover after parsing attributes in process `syz.3.39'. [ 111.280264][ T6040] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 111.292610][ T6046] loop2: detected capacity change from 0 to 32768 [ 111.529503][ T6040] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 111.544415][ T6040] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 111.705534][ T6072] netlink: 56 bytes leftover after parsing attributes in process `syz.1.40'. [ 111.921906][ T6040] BTRFS info (device loop0): use zstd compression, level 3 [ 112.044482][ T6040] BTRFS info (device loop0): force clearing of disk cache [ 112.055154][ T6040] BTRFS info (device loop0): max_inline at 0 [ 112.061548][ T6040] BTRFS info (device loop0): force zlib compression, level 3 [ 112.071809][ T6040] BTRFS info (device loop0): turning on sync discard [ 112.078897][ T6040] BTRFS info (device loop0): using free space tree [ 112.088651][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 112.089822][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 112.095871][ T6046] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 112.134735][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 112.137705][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 112.197349][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 112.207626][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 112.250872][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 112.263087][ T6046] XFS (loop2): Ending clean mount [ 112.327701][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 112.328299][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 112.360274][ T6094] loop3: detected capacity change from 0 to 2048 [ 112.389827][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 112.390458][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 112.430810][ T6094] EXT4-fs: Ignoring removed bh option [ 112.456143][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 112.456802][ T6040] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 112.504937][ T6040] BTRFS error (device loop0): open_ctree failed: -12 [ 112.638203][ T6094] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.779568][ T6094] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 112.857321][ T6094] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 112.887790][ T6094] EXT4-fs (loop3): This should not happen!! Data will be lost [ 112.887790][ T6094] [ 112.942161][ T5791] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 112.942403][ T6094] EXT4-fs (loop3): Total free blocks count 0 [ 112.962735][ T6094] EXT4-fs (loop3): Free/Dirty block details [ 112.969032][ T6094] EXT4-fs (loop3): free_blocks=2415919104 [ 112.974830][ T6094] EXT4-fs (loop3): dirty_blocks=32 [ 112.984490][ T6094] EXT4-fs (loop3): Block reservation details [ 112.991636][ T6094] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 113.481781][ T6108] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 113.914945][ T6112] netlink: 36 bytes leftover after parsing attributes in process `syz.0.43'. [ 114.317805][ T5798] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 114.688473][ T5798] usb 1-1: device descriptor read/64, error -71 [ 115.347119][ T5798] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 115.517285][ T5798] usb 1-1: device descriptor read/64, error -71 [ 115.659718][ T5798] usb usb1-port1: attempt power cycle [ 116.137534][ T5798] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.203177][ T5798] usb 1-1: device descriptor read/8, error -71 [ 116.461622][ T6137] netlink: 56 bytes leftover after parsing attributes in process `syz.2.51'. [ 116.484942][ T6138] loop0: detected capacity change from 0 to 512 [ 116.497410][ T5882] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 116.500622][ T6140] binder: 6139:6140 ioctl c0306201 200000000180 returned -14 [ 116.518607][ T6138] EXT4-fs: Ignoring removed mblk_io_submit option [ 116.626546][ T6138] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.50: Invalid inode bitmap blk 4 in block_group 0 [ 116.668480][ T6138] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.737476][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.920798][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.000515][ T6154] warning: `syz.0.50' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 117.336746][ T5882] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 117.555296][ T5882] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 117.723503][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.758262][ T5882] usb 2-1: config 0 descriptor?? [ 118.206762][ T5882] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 118.262512][ T5882] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 118.509943][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.230938][ T6167] loop3: detected capacity change from 0 to 2048 [ 119.326665][ T6167] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.340573][ T6133] usb 2-1: string descriptor 0 read error: -71 [ 119.346663][ T5933] usb 2-1: USB disconnect, device number 2 [ 119.355932][ T6169] plantronics 0003:047F:FFFF.0002: usb_submit_urb(ctrl) failed: -19 [ 119.388897][ T6174] loop0: detected capacity change from 0 to 512 [ 119.402279][ T6174] EXT4-fs: Ignoring removed nobh option [ 119.481411][ T6167] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.491042][ T6174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.491189][ T6174] ext4 filesystem being mounted at /13/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 119.594715][ T6178] loop2: detected capacity change from 0 to 2048 [ 119.604882][ T6167] fs-verity: sha512 using implementation "sha512-avx2" [ 119.639158][ T6178] loop2: p1 < > p3 p4 < > [ 119.639228][ T6178] loop2: partition table partially beyond EOD, truncated [ 119.639479][ T6178] loop2: p1 start 8388352 is beyond EOD, truncated [ 119.639502][ T6178] loop2: p3 start 196608 is beyond EOD, truncated [ 119.644120][ T6174] EXT4-fs error (device loop0): ext4_find_dest_de:2115: inode #2: block 3: comm syz.0.58: bad entry in directory: inode out of bounds - offset=92, inode=117440528, rec_len=16, size=2048 fake=0 [ 119.674329][ T6133] loop1: detected capacity change from 0 to 256 [ 119.776505][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.795489][ T6133] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 119.809919][ T5807] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 119.933403][ T5806] udevd[5806]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 119.940396][ T28] audit: type=1800 audit(1762713259.489:4): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.48" name="file1" dev="loop1" ino=1048593 res=0 errno=0 [ 120.175259][ T6185] netlink: 56 bytes leftover after parsing attributes in process `syz.3.61'. [ 120.356905][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.604986][ T6192] Bluetooth: MGMT ver 1.22 [ 121.607599][ T5933] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 121.840594][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 121.863786][ T5933] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 121.881436][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 121.900346][ T5933] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 121.923496][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.968371][ T5933] usb 4-1: config 0 descriptor?? [ 122.009021][ T5933] hdpvr 4-1:0.0: Could not find bulk-in endpoint [ 122.034549][ T5933] hdpvr: probe of 4-1:0.0 failed with error -12 [ 122.127174][ T5836] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 122.432457][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 122.779838][ T5836] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 122.790797][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 122.827372][ T5836] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 122.840610][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.863363][ T5836] usb 3-1: config 0 descriptor?? [ 122.891611][ T5836] hdpvr 3-1:0.0: Could not find bulk-in endpoint [ 122.922508][ T5836] hdpvr: probe of 3-1:0.0 failed with error -12 [ 123.050524][ T6211] loop0: detected capacity change from 0 to 128 [ 123.110385][ T6211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 123.149974][ T6211] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 123.184250][ T6211] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 123.333486][ T6211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 123.510483][ T6211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 123.722498][ T6211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 123.894532][ T6211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 124.074330][ T6211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 124.126523][ T6211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 124.154443][ T6211] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 124.444380][ T6218] netlink: 56 bytes leftover after parsing attributes in process `syz.1.70'. [ 124.795762][ T5836] usb 4-1: USB disconnect, device number 3 [ 125.024780][ T6226] loop0: detected capacity change from 0 to 512 [ 125.124649][ T6226] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 125.151343][ T6226] EXT4-fs (loop0): mount failed [ 125.332105][ T6230] loop3: detected capacity change from 0 to 128 [ 125.388666][ T6230] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 125.428753][ T6230] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 125.759454][ T5790] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 125.825255][ T5175] usb 3-1: USB disconnect, device number 2 [ 128.740108][ T6252] netlink: 48 bytes leftover after parsing attributes in process `syz.2.78'. [ 128.749630][ T6252] Zero length message leads to an empty skb [ 129.446237][ T6256] sp0: Synchronizing with TNC [ 129.577596][ T6259] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 129.577596][ T6259] The task syz.2.81 (6259) triggered the difference, watch for misbehavior. [ 129.905373][ T6262] netlink: 300 bytes leftover after parsing attributes in process `syz.3.82'. [ 130.704122][ T6284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.84'. [ 130.713182][ T6284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.84'. [ 131.794731][ T6290] netlink: 3 bytes leftover after parsing attributes in process `syz.1.85'. [ 131.893260][ T6290] batadv1: entered allmulticast mode [ 133.709926][ T6291] loop3: detected capacity change from 0 to 32768 [ 134.167401][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.182611][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.547890][ T6291] JBD2: journal reset failed [ 135.617146][ T6291] (syz.3.87,6291,0):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 135.659297][ T6291] (syz.3.87,6291,0):ocfs2_check_volume:2432 ERROR: ocfs2 journal load failed! -4 [ 136.037266][ T5806] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 136.990844][ T6315] vivid-001: ================= START STATUS ================= [ 137.012719][ T6315] vivid-001: Radio HW Seek Mode: Bounded [ 137.026424][ T6315] vivid-001: Radio Programmable HW Seek: false [ 137.043790][ T6315] vivid-001: RDS Rx I/O Mode: Block I/O [ 137.055570][ T6315] vivid-001: Generate RBDS Instead of RDS: false [ 137.069420][ T6315] vivid-001: RDS Reception: true [ 137.081995][ T6315] vivid-001: RDS Program Type: 0 inactive [ 137.088934][ T6315] vivid-001: RDS PS Name: inactive [ 137.094368][ T6315] vivid-001: RDS Radio Text: inactive [ 137.100189][ T6315] vivid-001: RDS Traffic Announcement: false inactive [ 137.107419][ T6315] vivid-001: RDS Traffic Program: false inactive [ 137.116615][ T6315] vivid-001: RDS Music: false inactive [ 137.122615][ T6315] vivid-001: ================== END STATUS ================== [ 137.131079][ T6315] FAULT_INJECTION: forcing a failure. [ 137.131079][ T6315] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 137.144814][ T6315] CPU: 0 PID: 6315 Comm: syz.0.95 Not tainted syzkaller #0 [ 137.152044][ T6315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 137.162121][ T6315] Call Trace: [ 137.165407][ T6315] [ 137.168359][ T6315] dump_stack_lvl+0x16c/0x230 [ 137.173073][ T6315] ? asm_sysvec_call_function_single+0x1a/0x20 [ 137.179255][ T6315] ? show_regs_print_info+0x20/0x20 [ 137.184466][ T6315] ? asm_sysvec_call_function_single+0x1a/0x20 [ 137.190636][ T6315] should_fail_ex+0x39d/0x4d0 [ 137.195331][ T6315] _copy_to_user+0x2f/0xa0 [ 137.199772][ T6315] simple_read_from_buffer+0xe7/0x150 [ 137.205170][ T6315] proc_fail_nth_read+0x1e3/0x250 [ 137.210216][ T6315] ? proc_fault_inject_write+0x340/0x340 [ 137.215876][ T6315] ? fsnotify_perm+0x271/0x5e0 [ 137.220689][ T6315] ? proc_fault_inject_write+0x340/0x340 [ 137.226341][ T6315] vfs_read+0x27e/0x920 [ 137.230618][ T6315] ? kernel_read+0x1e0/0x1e0 [ 137.235226][ T6315] ? __fget_files+0x28/0x4d0 [ 137.239844][ T6315] ? __fget_files+0x44a/0x4d0 [ 137.244551][ T6315] ? __fdget_pos+0x2a3/0x330 [ 137.249159][ T6315] ? ksys_read+0x75/0x250 [ 137.253531][ T6315] ksys_read+0x147/0x250 [ 137.257823][ T6315] ? vfs_write+0x940/0x940 [ 137.262260][ T6315] ? lockdep_hardirqs_on+0x98/0x150 [ 137.267475][ T6315] do_syscall_64+0x55/0xb0 [ 137.271922][ T6315] ? clear_bhb_loop+0x40/0x90 [ 137.276633][ T6315] ? clear_bhb_loop+0x40/0x90 [ 137.281338][ T6315] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.287248][ T6315] RIP: 0033:0x7f1848d8e0dc [ 137.291775][ T6315] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 137.311753][ T6315] RSP: 002b:00007f1849bb7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 137.320180][ T6315] RAX: ffffffffffffffda RBX: 00007f1848fe6090 RCX: 00007f1848d8e0dc [ 137.328166][ T6315] RDX: 000000000000000f RSI: 00007f1849bb70a0 RDI: 0000000000000005 [ 137.336148][ T6315] RBP: 00007f1849bb7090 R08: 0000000000000000 R09: 0000000000000000 [ 137.344130][ T6315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.352114][ T6315] R13: 00007f1848fe6128 R14: 00007f1848fe6090 R15: 00007ffc8667d248 [ 137.360116][ T6315] [ 138.343897][ T6327] hfsplus: unable to find HFS+ superblock [ 139.125354][ T6326] loop0: detected capacity change from 0 to 40427 [ 140.837009][ C0] sched: RT throttling activated [ 142.846799][ T6326] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 142.855058][ T6326] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 144.872723][ T6326] F2FS-fs (loop0): Found nat_bits in checkpoint [ 146.151793][ T6343] loop2: detected capacity change from 0 to 512 [ 146.181484][ T6343] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 146.210324][ T6343] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 146.240455][ T6345] FAULT_INJECTION: forcing a failure. [ 146.240455][ T6345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.327628][ T6345] CPU: 0 PID: 6345 Comm: syz.0.103 Not tainted syzkaller #0 [ 146.335028][ T6345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 146.345121][ T6345] Call Trace: [ 146.348417][ T6345] [ 146.351362][ T6345] dump_stack_lvl+0x16c/0x230 [ 146.356068][ T6345] ? show_regs_print_info+0x20/0x20 [ 146.361295][ T6345] ? load_image+0x3b0/0x3b0 [ 146.365819][ T6345] ? __might_fault+0xaa/0x120 [ 146.370517][ T6345] should_fail_ex+0x39d/0x4d0 [ 146.375214][ T6345] copyout+0x1a/0x90 [ 146.379130][ T6345] _copy_to_iter+0x432/0x10d0 [ 146.383932][ T6345] ? iov_iter_init+0x1e0/0x1e0 [ 146.388722][ T6345] ? __virt_addr_valid+0x18c/0x540 [ 146.393971][ T6345] ? __virt_addr_valid+0x18c/0x540 [ 146.399108][ T6345] ? __virt_addr_valid+0x469/0x540 [ 146.404236][ T6345] ? __check_object_size+0x506/0xa30 [ 146.409543][ T6345] seq_read_iter+0x2d8/0xd50 [ 146.414166][ T6345] seq_read+0x15d/0x1f0 [ 146.418341][ T6345] ? seq_open+0x140/0x140 [ 146.422808][ T6345] ? common_file_perm+0x198/0x1f0 [ 146.427891][ T6345] ? fsnotify_perm+0x271/0x5e0 [ 146.432707][ T6345] ? seq_open+0x140/0x140 [ 146.437058][ T6345] vfs_read+0x27e/0x920 [ 146.441244][ T6345] ? kernel_read+0x1e0/0x1e0 [ 146.445859][ T6345] ? __fget_files+0x28/0x4d0 [ 146.450476][ T6345] ? __fget_files+0x44a/0x4d0 [ 146.455178][ T6345] ? __fdget+0x180/0x210 [ 146.459457][ T6345] ? __x64_sys_pread64+0xf0/0x220 [ 146.464968][ T6345] __x64_sys_pread64+0x195/0x220 [ 146.469950][ T6345] ? ksys_pread64+0x1c0/0x1c0 [ 146.474693][ T6345] ? lockdep_hardirqs_on+0x98/0x150 [ 146.479922][ T6345] do_syscall_64+0x55/0xb0 [ 146.484360][ T6345] ? clear_bhb_loop+0x40/0x90 [ 146.489061][ T6345] ? clear_bhb_loop+0x40/0x90 [ 146.493860][ T6345] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 146.499810][ T6345] RIP: 0033:0x7f1848d8f6c9 [ 146.504261][ T6345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.523912][ T6345] RSP: 002b:00007f1849bd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 146.532442][ T6345] RAX: ffffffffffffffda RBX: 00007f1848fe5fa0 RCX: 00007f1848d8f6c9 [ 146.540518][ T6345] RDX: 00000000000000ed RSI: 0000200000000080 RDI: 0000000000000004 [ 146.548506][ T6345] RBP: 00007f1849bd8090 R08: 0000000000000000 R09: 0000000000000000 [ 146.556485][ T6345] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 146.564468][ T6345] R13: 00007f1848fe6038 R14: 00007f1848fe5fa0 R15: 00007ffc8667d248 [ 146.572474][ T6345] [ 146.624171][ T6343] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 147.139312][ T6343] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 147.187294][ T6343] System zones: 0-2, 18-18, 34-34 [ 147.354935][ T6353] loop0: detected capacity change from 0 to 4096 [ 147.374318][ T6343] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.102: iget: bad i_size value: 360287970189639680 [ 147.400077][ T6343] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.102: couldn't read orphan inode 15 (err -117) [ 147.421626][ T6343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.651374][ T5836] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 147.694560][ T6361] loop1: detected capacity change from 0 to 8192 [ 147.717642][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.734809][ T6361] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 147.816906][ T6361] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 147.835507][ T6363] loop0: detected capacity change from 0 to 8192 [ 147.862391][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.870220][ T6363] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 147.889143][ T6361] REISERFS (device loop1): using ordered data mode [ 147.896063][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.908629][ T6361] reiserfs: using flush barriers [ 147.910956][ T6363] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 147.917913][ T5836] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 147.936268][ T6361] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 147.956822][ T6363] REISERFS (device loop0): using ordered data mode [ 147.968684][ T6363] reiserfs: using flush barriers [ 147.982755][ T6361] REISERFS (device loop1): checking transaction log (loop1) [ 147.995911][ T6363] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 148.012354][ T5836] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 148.018372][ T6361] REISERFS (device loop1): Using r5 hash to sort names [ 148.040192][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.052852][ T6363] REISERFS (device loop0): checking transaction log (loop0) [ 148.069122][ T6361] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 148.097960][ T5836] usb 4-1: config 0 descriptor?? [ 148.098046][ T6363] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 148.205603][ T6361] afs: Unknown parameter 'seclabel' [ 148.224080][ T6361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.107'. [ 148.387691][ T6371] FAULT_INJECTION: forcing a failure. [ 148.387691][ T6371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.413378][ T6371] CPU: 0 PID: 6371 Comm: syz.2.110 Not tainted syzkaller #0 [ 148.420739][ T6371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 148.430827][ T6371] Call Trace: [ 148.434138][ T6371] [ 148.437116][ T6371] dump_stack_lvl+0x16c/0x230 [ 148.441840][ T6371] ? show_regs_print_info+0x20/0x20 [ 148.447074][ T6371] ? load_image+0x3b0/0x3b0 [ 148.451614][ T6371] ? __might_fault+0xaa/0x120 [ 148.456321][ T6371] ? __lock_acquire+0x7c80/0x7c80 [ 148.461383][ T6371] should_fail_ex+0x39d/0x4d0 [ 148.466112][ T6371] _copy_from_user+0x2f/0xe0 [ 148.470835][ T6371] io_msg_copy_hdr+0x4f/0x310 [ 148.475552][ T6371] io_sendmsg_copy_hdr+0x175/0x320 [ 148.480700][ T6371] ? io_sendmsg_prep_async+0x2b0/0x2b0 [ 148.486197][ T6371] ? io_alloc_async_data+0xb7/0x1c0 [ 148.491438][ T6371] ? rcu_is_watching+0x15/0xb0 [ 148.496229][ T6371] ? io_alloc_async_data+0xb7/0x1c0 [ 148.501539][ T6371] ? __kmalloc+0xe2/0x240 [ 148.505915][ T6371] ? io_alloc_async_data+0xe4/0x1c0 [ 148.511257][ T6371] io_sendmsg_prep_async+0x185/0x2b0 [ 148.516593][ T6371] ? io_send_prep_async+0x370/0x370 [ 148.522074][ T6371] io_req_prep_async+0x2fa/0x670 [ 148.527047][ T6371] io_queue_sqe_fallback+0x55/0x1b0 [ 148.532366][ T6371] io_submit_sqes+0x10e9/0x1d00 [ 148.537260][ T6371] __se_sys_io_uring_enter+0x2de/0x22e0 [ 148.542825][ T6371] ? ksys_write+0x1c1/0x250 [ 148.547345][ T6371] ? __lock_acquire+0x7c80/0x7c80 [ 148.552388][ T6371] ? file_end_write+0x159/0x250 [ 148.557286][ T6371] ? vfs_write+0x586/0x940 [ 148.561751][ T6371] ? __x64_sys_io_uring_enter+0xf0/0xf0 [ 148.567357][ T6371] ? mutex_unlock+0x10/0x10 [ 148.571907][ T6371] ? __fget_files+0x44a/0x4d0 [ 148.576635][ T6371] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 148.582654][ T6371] ? lock_chain_count+0x20/0x20 [ 148.587642][ T6371] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 148.593235][ T6371] do_syscall_64+0x55/0xb0 [ 148.597864][ T6371] ? clear_bhb_loop+0x40/0x90 [ 148.602578][ T6371] ? clear_bhb_loop+0x40/0x90 [ 148.607288][ T6371] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 148.613214][ T6371] RIP: 0033:0x7f76feb8f6c9 [ 148.617658][ T6371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.637313][ T6371] RSP: 002b:00007f76ffa91038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 148.645782][ T6371] RAX: ffffffffffffffda RBX: 00007f76fede6090 RCX: 00007f76feb8f6c9 [ 148.653764][ T6371] RDX: 0000000000000002 RSI: 0000000000003516 RDI: 0000000000000005 [ 148.661746][ T6371] RBP: 00007f76ffa91090 R08: 0000000000000000 R09: 0000000000000000 [ 148.669812][ T6371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.677810][ T6371] R13: 00007f76fede6128 R14: 00007f76fede6090 R15: 00007ffeb648a3f8 [ 148.685805][ T6371] [ 148.881283][ T5836] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 148.903121][ T5836] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 149.638491][ T6376] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 149.659021][ T5175] usb 4-1: USB disconnect, device number 4 [ 149.665312][ T6359] usb 4-1: string descriptor 0 read error: -71 [ 149.905603][ T6378] fido_id[6378]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 151.857436][ T788] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 151.903258][ T6387] loop1: detected capacity change from 0 to 8192 [ 152.051751][ T6387] loop1: AHDI p1 p2 p3 p4 [ 152.058184][ T6387] loop1: p1 size 2078210061 extends beyond EOD, truncated [ 152.067310][ T788] usb 3-1: Using ep0 maxpacket: 32 [ 152.084014][ T6387] loop1: p2 start 100663298 is beyond EOD, truncated [ 152.089219][ T6393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.129900][ T6387] loop1: p4 size 393216 extends beyond EOD, truncated [ 152.145831][ T6393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.230891][ T788] usb 3-1: unable to get BOS descriptor or descriptor too short [ 152.260821][ T788] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 152.307156][ T788] usb 3-1: can't read configurations, error -71 [ 152.765920][ T5806] udevd[5806]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 152.770310][ T5997] udevd[5997]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 152.788884][ T5807] udevd[5807]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 153.138535][ T6406] loop1: detected capacity change from 0 to 8192 [ 153.349770][ T6406] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 153.366619][ T6406] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 153.376780][ T6406] REISERFS (device loop1): using ordered data mode [ 153.383722][ T6406] reiserfs: using flush barriers [ 153.392735][ T6406] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 153.424116][ T6406] REISERFS (device loop1): checking transaction log (loop1) [ 153.484923][ T6406] REISERFS warning (device loop1): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 153.631549][ T788] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 153.850220][ T788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.941900][ T788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.951846][ T788] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 153.966055][ T788] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 154.057075][ T788] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.099857][ T788] usb 3-1: config 0 descriptor?? [ 154.266193][ T6417] FAULT_INJECTION: forcing a failure. [ 154.266193][ T6417] name failslab, interval 1, probability 0, space 0, times 0 [ 154.279315][ T6417] CPU: 0 PID: 6417 Comm: syz.3.123 Not tainted syzkaller #0 [ 154.286609][ T6417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 154.296762][ T6417] Call Trace: [ 154.300051][ T6417] [ 154.302988][ T6417] dump_stack_lvl+0x16c/0x230 [ 154.307767][ T6417] ? show_regs_print_info+0x20/0x20 [ 154.312980][ T6417] ? load_image+0x3b0/0x3b0 [ 154.317496][ T6417] ? __lock_acquire+0x7c80/0x7c80 [ 154.322535][ T6417] ? __lock_acquire+0x7c80/0x7c80 [ 154.327569][ T6417] should_fail_ex+0x39d/0x4d0 [ 154.332263][ T6417] should_failslab+0x9/0x20 [ 154.336773][ T6417] slab_pre_alloc_hook+0x59/0x310 [ 154.341806][ T6417] ? __virt_addr_valid+0x469/0x540 [ 154.346931][ T6417] ? getname_flags+0x2b3/0x500 [ 154.351709][ T6417] __kmem_cache_alloc_node+0x53/0x260 [ 154.357096][ T6417] ? getname_flags+0x2b3/0x500 [ 154.361867][ T6417] kmalloc_trace+0x2a/0xe0 [ 154.366311][ T6417] getname_flags+0x2b3/0x500 [ 154.370916][ T6417] __x64_sys_symlinkat+0x7c/0xb0 [ 154.375857][ T6417] do_syscall_64+0x55/0xb0 [ 154.380289][ T6417] ? clear_bhb_loop+0x40/0x90 [ 154.384968][ T6417] ? clear_bhb_loop+0x40/0x90 [ 154.389656][ T6417] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 154.395641][ T6417] RIP: 0033:0x7fe50b98f6c9 [ 154.400061][ T6417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.419768][ T6417] RSP: 002b:00007fe50c912038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a [ 154.428202][ T6417] RAX: ffffffffffffffda RBX: 00007fe50bbe5fa0 RCX: 00007fe50b98f6c9 [ 154.436185][ T6417] RDX: 0000200000000000 RSI: ffffffffffffff9c RDI: 0000200000002040 [ 154.444159][ T6417] RBP: 00007fe50c912090 R08: 0000000000000000 R09: 0000000000000000 [ 154.452134][ T6417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.460110][ T6417] R13: 00007fe50bbe6038 R14: 00007fe50bbe5fa0 R15: 00007ffc2b41c318 [ 154.468096][ T6417] [ 154.924350][ T788] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 155.026239][ T788] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 155.140530][ T6427] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 155.260013][ T6410] usb 3-1: string descriptor 0 read error: -71 [ 155.266573][ T23] usb 3-1: USB disconnect, device number 4 [ 155.274115][ T6429] plantronics 0003:047F:FFFF.0004: usb_submit_urb(ctrl) failed: -19 [ 155.389426][ T6410] loop2: detected capacity change from 0 to 256 [ 155.462276][ T6410] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 155.517311][ T28] audit: type=1800 audit(1762713295.059:5): pid=6410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.122" name="file1" dev="loop2" ino=1048594 res=0 errno=0 [ 156.735104][ T6440] loop1: detected capacity change from 0 to 4096 [ 156.771854][ T6441] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 156.873589][ T6440] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 156.909039][ T6423] loop3: detected capacity change from 0 to 32768 [ 156.956365][ T6423] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 156.987060][ T5798] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 157.033217][ T6423] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 157.197585][ T5798] usb 3-1: device descriptor read/64, error -71 [ 157.291002][ T6423] overlayfs: upper fs does not support tmpfile. [ 157.309473][ T6423] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 157.316985][ T6423] overlayfs: failed to set xattr on upper [ 157.330727][ T6423] overlayfs: ...falling back to redirect_dir=nofollow. [ 157.347701][ T6423] overlayfs: ...falling back to index=off. [ 157.354625][ T6423] overlayfs: ...falling back to uuid=null. [ 157.365994][ T6423] overlayfs: upper fs missing required features. [ 157.375169][ T6447] loop0: detected capacity change from 0 to 8192 [ 157.381971][ T788] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 157.409188][ T6447] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 157.422680][ T6447] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 157.432117][ T6447] REISERFS (device loop0): using ordered data mode [ 157.439062][ T6447] reiserfs: using flush barriers [ 157.451285][ T6447] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 157.482799][ T6447] REISERFS (device loop0): checking transaction log (loop0) [ 157.497282][ T5798] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 157.577202][ T788] usb 2-1: Using ep0 maxpacket: 8 [ 157.589151][ T788] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 157.606932][ T5790] ocfs2: Unmounting device (7,3) on (node local) [ 157.609354][ T788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.630942][ T788] usb 2-1: Product: syz [ 157.642989][ T788] usb 2-1: Manufacturer: syz [ 157.648416][ T788] usb 2-1: SerialNumber: syz [ 157.668289][ T788] usb 2-1: config 0 descriptor?? [ 157.677275][ T5798] usb 3-1: device descriptor read/64, error -71 [ 157.711238][ T6447] REISERFS (device loop0): Using tea hash to sort names [ 157.724747][ T6447] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 157.741170][ T6447] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 157.809418][ T5798] usb usb3-port1: attempt power cycle [ 157.893074][ T788] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 158.349198][ T5798] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 158.387736][ T5798] usb 3-1: device descriptor read/8, error -71 [ 158.478910][ T6454] loop3: detected capacity change from 0 to 256 [ 158.527373][ T6454] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 158.571693][ T6454] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 158.634149][ T6454] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 158.667171][ T5798] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 158.732261][ T5798] usb 3-1: device descriptor read/8, error -71 [ 158.868083][ T5798] usb usb3-port1: unable to enumerate USB device [ 160.117386][ T5798] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 160.298474][ T5882] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 160.301534][ T5798] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.324414][ T5798] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.355668][ T5798] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 160.385346][ T5798] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 160.404684][ T5798] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.430823][ T5798] usb 4-1: config 0 descriptor?? [ 160.441199][ T788] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -32 [ 160.527710][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 160.539474][ T5882] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 160.567192][ T5882] usb 3-1: config 0 has no interface number 0 [ 160.574778][ T5882] usb 3-1: config 0 interface 128 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 160.585006][ T5882] usb 3-1: config 0 interface 128 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 0 [ 160.595352][ T5882] usb 3-1: config 0 interface 128 has no altsetting 0 [ 160.615148][ T5882] usb 3-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice=8b.56 [ 160.631936][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.651543][ T5882] usb 3-1: Product: syz [ 160.655798][ T5882] usb 3-1: Manufacturer: syz [ 160.663026][ T6467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.670959][ T5882] usb 3-1: SerialNumber: syz [ 160.686288][ T5882] usb 3-1: config 0 descriptor?? [ 160.705623][ T5882] ti_usb_3410_5052 3-1:0.128: TI USB 3410 1 port adapter converter detected [ 160.723692][ T6467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.748431][ T5882] usb 3-1: TI USB 3410 1 port adapter converter now attached to ttyUSB0 [ 160.830794][ T5882] usb 2-1: USB disconnect, device number 3 [ 160.870577][ T5798] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 160.917576][ T5798] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 160.926293][ T5175] usb 3-1: USB disconnect, device number 9 [ 161.027582][ T6471] syz.0.138: attempt to access beyond end of device [ 161.027582][ T6471] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 161.069962][ T5175] ti_usb_3410_5052_1 ttyUSB0: TI USB 3410 1 port adapter converter now disconnected from ttyUSB0 [ 161.075293][ T6471] SQUASHFS error: Failed to read block 0x0: -5 [ 161.128915][ T6471] unable to read squashfs_super_block [ 161.152836][ T5175] ti_usb_3410_5052 3-1:0.128: device disconnected [ 161.162943][ T6472] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org. [ 161.351136][ T5882] usb 4-1: USB disconnect, device number 5 [ 161.383211][ T6463] usb 4-1: string descriptor 0 read error: -19 [ 162.027221][ T5175] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 162.256583][ T6490] FAULT_INJECTION: forcing a failure. [ 162.256583][ T6490] name failslab, interval 1, probability 0, space 0, times 0 [ 162.268300][ T6485] loop0: detected capacity change from 0 to 4096 [ 162.276178][ T6490] CPU: 0 PID: 6490 Comm: syz.1.144 Not tainted syzkaller #0 [ 162.283525][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 162.293623][ T6490] Call Trace: [ 162.296938][ T6490] [ 162.299901][ T6490] dump_stack_lvl+0x16c/0x230 [ 162.304626][ T6490] ? show_regs_print_info+0x20/0x20 [ 162.309867][ T6490] ? load_image+0x3b0/0x3b0 [ 162.314435][ T6490] should_fail_ex+0x39d/0x4d0 [ 162.320696][ T6490] should_failslab+0x9/0x20 [ 162.320748][ T6490] slab_pre_alloc_hook+0x59/0x310 [ 162.320773][ T6490] ? lockdep_hardirqs_on+0x98/0x150 [ 162.320791][ T6490] ? percpu_ref_init+0xc3/0x360 [ 162.320809][ T6490] __kmem_cache_alloc_node+0x53/0x260 [ 162.320833][ T6490] ? percpu_ref_put+0x230/0x230 [ 162.320852][ T6490] ? percpu_ref_init+0xc3/0x360 [ 162.320868][ T6490] ? percpu_ref_put+0x230/0x230 [ 162.320883][ T6490] kmalloc_trace+0x2a/0xe0 [ 162.320907][ T6490] percpu_ref_init+0xc3/0x360 [ 162.320928][ T6490] ioctx_alloc+0x212/0x790 [ 162.320952][ T6490] __se_sys_io_setup+0x7b/0x1a0 [ 162.320970][ T6490] do_syscall_64+0x55/0xb0 [ 162.320990][ T6490] ? clear_bhb_loop+0x40/0x90 [ 162.321008][ T6490] ? clear_bhb_loop+0x40/0x90 [ 162.321028][ T6490] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 162.321045][ T6490] RIP: 0033:0x7fb37e58f6c9 [ 162.321062][ T6490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.321076][ T6490] RSP: 002b:00007fb37f465038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 162.321094][ T6490] RAX: ffffffffffffffda RBX: 00007fb37e7e6090 RCX: 00007fb37e58f6c9 [ 162.321107][ T6490] RDX: 0000000000000000 RSI: 00002000000014c0 RDI: 0000000000000004 [ 162.321117][ T6490] RBP: 00007fb37f465090 R08: 0000000000000000 R09: 0000000000000000 [ 162.321128][ T6490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.321137][ T6490] R13: 00007fb37e7e6128 R14: 00007fb37e7e6090 R15: 00007ffd3056e438 [ 162.321163][ T6490] [ 162.357340][ T5175] usb 3-1: Using ep0 maxpacket: 8 [ 162.369077][ T5175] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 162.369204][ T5175] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 162.369307][ T5175] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.595853][ T5175] usb 3-1: config 0 descriptor?? [ 164.558143][ T5175] corsair 0003:1B1C:1B09.0006: unknown main item tag 0x7 [ 164.558211][ T5175] corsair 0003:1B1C:1B09.0006: unknown main item tag 0x0 [ 164.558236][ T5175] corsair 0003:1B1C:1B09.0006: unknown main item tag 0x0 [ 164.581441][ T5175] corsair 0003:1B1C:1B09.0006: hidraw0: USB HID v0.00 Device [HID 1b1c:1b09] on usb-dummy_hcd.2-1/input0 [ 164.627341][ T6497] loop3: detected capacity change from 0 to 1024 [ 164.719993][ T6497] hfsplus: inconsistency in B*Tree (-1,0,1,1,0) [ 164.726957][ T6497] hfsplus: failed to load root directory [ 164.734121][ T23] usb 3-1: USB disconnect, device number 10 [ 164.746666][ T6499] fido_id[6499]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 164.858995][ T6498] loop0: detected capacity change from 0 to 4096 [ 165.068736][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.0.146'. [ 165.082324][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.0.146'. [ 165.527220][ T23] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 165.717222][ T23] usb 1-1: device descriptor read/64, error -71 [ 165.917511][ T5800] Bluetooth: hci2: unexpected Set CIG Parameters response data [ 166.047646][ T23] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 166.208195][ T23] usb 1-1: device descriptor read/64, error -71 [ 166.331620][ T23] usb usb1-port1: attempt power cycle [ 166.332941][ T6519] FAULT_INJECTION: forcing a failure. [ 166.332941][ T6519] name failslab, interval 1, probability 0, space 0, times 0 [ 166.350963][ T6519] CPU: 0 PID: 6519 Comm: syz.3.151 Not tainted syzkaller #0 [ 166.358300][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 166.368399][ T6519] Call Trace: [ 166.371806][ T6519] [ 166.374777][ T6519] dump_stack_lvl+0x16c/0x230 [ 166.379526][ T6519] ? show_regs_print_info+0x20/0x20 [ 166.384786][ T6519] ? load_image+0x3b0/0x3b0 [ 166.389343][ T6519] ? __might_sleep+0xe0/0xe0 [ 166.394008][ T6519] ? __lock_acquire+0x7c80/0x7c80 [ 166.399178][ T6519] should_fail_ex+0x39d/0x4d0 [ 166.403918][ T6519] should_failslab+0x9/0x20 [ 166.408472][ T6519] slab_pre_alloc_hook+0x59/0x310 [ 166.413567][ T6519] kmem_cache_alloc+0x5a/0x2e0 [ 166.418407][ T6519] ? sk_prot_alloc+0x57/0x210 [ 166.423137][ T6519] sk_prot_alloc+0x57/0x210 [ 166.427682][ T6519] ? sk_alloc+0x24/0x360 [ 166.431966][ T6519] sk_alloc+0x3a/0x360 [ 166.436079][ T6519] inet_create+0x7a0/0xfe0 [ 166.440540][ T6519] ? inet_create+0x9c/0xfe0 [ 166.445067][ T6519] __sock_create+0x4a6/0x940 [ 166.449687][ T6519] __sys_socket+0xd7/0x1a0 [ 166.454130][ T6519] __x64_sys_socket+0x7a/0x90 [ 166.458832][ T6519] do_syscall_64+0x55/0xb0 [ 166.463268][ T6519] ? clear_bhb_loop+0x40/0x90 [ 166.467959][ T6519] ? clear_bhb_loop+0x40/0x90 [ 166.472656][ T6519] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 166.478566][ T6519] RIP: 0033:0x7fe50b98f6c9 [ 166.482995][ T6519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.502702][ T6519] RSP: 002b:00007fe50c8f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 166.511143][ T6519] RAX: ffffffffffffffda RBX: 00007fe50bbe6090 RCX: 00007fe50b98f6c9 [ 166.519133][ T6519] RDX: 0000000000000106 RSI: 0000000000000001 RDI: 0000000000000002 [ 166.527134][ T6519] RBP: 00007fe50c8f1090 R08: 0000000000000000 R09: 0000000000000000 [ 166.535205][ T6519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.543246][ T6519] R13: 00007fe50bbe6128 R14: 00007fe50bbe6090 R15: 00007ffc2b41c318 [ 166.551246][ T6519] [ 166.587786][ T5175] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 166.828325][ T5175] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.839877][ T5175] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.854142][ T5175] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 166.955989][ T23] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 167.042869][ T23] usb 1-1: device descriptor read/8, error -71 [ 167.060391][ T5175] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 167.237351][ T5175] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.265772][ T5175] usb 3-1: config 0 descriptor?? [ 167.512567][ T23] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 168.346162][ T23] usb 1-1: device descriptor read/8, error -71 [ 168.352733][ T6510] loop2: detected capacity change from 0 to 256 [ 168.370177][ T5175] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 168.383033][ T5175] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 168.398772][ T5175] usb 3-1: USB disconnect, device number 11 [ 168.466835][ T6510] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 168.518695][ T23] usb usb1-port1: unable to enumerate USB device [ 168.716873][ T6535] fido_id[6535]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 169.092524][ T6537] FAULT_INJECTION: forcing a failure. [ 169.092524][ T6537] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.106128][ T6537] CPU: 1 PID: 6537 Comm: syz.0.155 Not tainted syzkaller #0 [ 169.113463][ T6537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.123562][ T6537] Call Trace: [ 169.126874][ T6537] [ 169.129840][ T6537] dump_stack_lvl+0x16c/0x230 [ 169.134653][ T6537] ? show_regs_print_info+0x20/0x20 [ 169.139993][ T6537] ? load_image+0x3b0/0x3b0 [ 169.144535][ T6537] ? __lock_acquire+0x7c80/0x7c80 [ 169.149611][ T6537] ? snprintf+0xdb/0x120 [ 169.153890][ T6537] should_fail_ex+0x39d/0x4d0 [ 169.158621][ T6537] _copy_to_user+0x2f/0xa0 [ 169.163079][ T6537] simple_read_from_buffer+0xe7/0x150 [ 169.168502][ T6537] proc_fail_nth_read+0x1e3/0x250 [ 169.173571][ T6537] ? proc_fault_inject_write+0x340/0x340 [ 169.179249][ T6537] ? fsnotify_perm+0x271/0x5e0 [ 169.184064][ T6537] ? proc_fault_inject_write+0x340/0x340 [ 169.189738][ T6537] vfs_read+0x27e/0x920 [ 169.194115][ T6537] ? kernel_read+0x1e0/0x1e0 [ 169.198742][ T6537] ? __fget_files+0x28/0x4d0 [ 169.203453][ T6537] ? __fget_files+0x44a/0x4d0 [ 169.208439][ T6537] ? __fdget_pos+0x2a3/0x330 [ 169.213074][ T6537] ? ksys_read+0x75/0x250 [ 169.217453][ T6537] ksys_read+0x147/0x250 [ 169.221747][ T6537] ? vfs_write+0x940/0x940 [ 169.226212][ T6537] ? lockdep_hardirqs_on+0x98/0x150 [ 169.231455][ T6537] do_syscall_64+0x55/0xb0 [ 169.235920][ T6537] ? clear_bhb_loop+0x40/0x90 [ 169.240648][ T6537] ? clear_bhb_loop+0x40/0x90 [ 169.245366][ T6537] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 169.251303][ T6537] RIP: 0033:0x7f1848d8e0dc [ 169.255752][ T6537] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 169.275400][ T6537] RSP: 002b:00007f1849bd8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 169.283858][ T6537] RAX: ffffffffffffffda RBX: 00007f1848fe5fa0 RCX: 00007f1848d8e0dc [ 169.291873][ T6537] RDX: 000000000000000f RSI: 00007f1849bd80a0 RDI: 0000000000000008 [ 169.299899][ T6537] RBP: 00007f1849bd8090 R08: 0000000000000000 R09: 0000000000000000 [ 169.307916][ T6537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.315924][ T6537] R13: 00007f1848fe6038 R14: 00007f1848fe5fa0 R15: 00007ffc8667d248 [ 169.323953][ T6537] [ 169.338616][ T6539] FAULT_INJECTION: forcing a failure. [ 169.338616][ T6539] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.351981][ T6539] CPU: 0 PID: 6539 Comm: syz.1.156 Not tainted syzkaller #0 [ 169.359300][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.369393][ T6539] Call Trace: [ 169.372730][ T6539] [ 169.375742][ T6539] dump_stack_lvl+0x16c/0x230 [ 169.380458][ T6539] ? show_regs_print_info+0x20/0x20 [ 169.385693][ T6539] ? load_image+0x3b0/0x3b0 [ 169.390218][ T6539] ? __lock_acquire+0x7c80/0x7c80 [ 169.395256][ T6539] ? snprintf+0xdb/0x120 [ 169.399517][ T6539] should_fail_ex+0x39d/0x4d0 [ 169.404219][ T6539] _copy_to_user+0x2f/0xa0 [ 169.408655][ T6539] simple_read_from_buffer+0xe7/0x150 [ 169.414050][ T6539] proc_fail_nth_read+0x1e3/0x250 [ 169.419096][ T6539] ? proc_fault_inject_write+0x340/0x340 [ 169.424754][ T6539] ? fsnotify_perm+0x271/0x5e0 [ 169.429552][ T6539] ? proc_fault_inject_write+0x340/0x340 [ 169.435202][ T6539] vfs_read+0x27e/0x920 [ 169.439404][ T6539] ? kernel_read+0x1e0/0x1e0 [ 169.444036][ T6539] ? __fget_files+0x28/0x4d0 [ 169.448657][ T6539] ? __fget_files+0x44a/0x4d0 [ 169.453386][ T6539] ? __fdget_pos+0x2a3/0x330 [ 169.458023][ T6539] ? ksys_read+0x75/0x250 [ 169.462387][ T6539] ksys_read+0x147/0x250 [ 169.466673][ T6539] ? vfs_write+0x940/0x940 [ 169.471116][ T6539] ? lockdep_hardirqs_on+0x98/0x150 [ 169.476329][ T6539] do_syscall_64+0x55/0xb0 [ 169.480766][ T6539] ? clear_bhb_loop+0x40/0x90 [ 169.485464][ T6539] ? clear_bhb_loop+0x40/0x90 [ 169.490174][ T6539] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 169.496096][ T6539] RIP: 0033:0x7fb37e58e0dc [ 169.500546][ T6539] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 169.520187][ T6539] RSP: 002b:00007fb37f486030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 169.528631][ T6539] RAX: ffffffffffffffda RBX: 00007fb37e7e5fa0 RCX: 00007fb37e58e0dc [ 169.536722][ T6539] RDX: 000000000000000f RSI: 00007fb37f4860a0 RDI: 0000000000000004 [ 169.544710][ T6539] RBP: 00007fb37f486090 R08: 0000000000000000 R09: 0000000000000000 [ 169.552704][ T6539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.560690][ T6539] R13: 00007fb37e7e6038 R14: 00007fb37e7e5fa0 R15: 00007ffd3056e438 [ 169.568702][ T6539] [ 169.859560][ T6544] netlink: 4 bytes leftover after parsing attributes in process `syz.1.157'. [ 169.959229][ T5800] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 169.968713][ T5800] Bluetooth: hci2: Injecting HCI hardware error event [ 169.977881][ T5800] Bluetooth: hci2: hardware error 0x00 [ 170.175474][ T6548] loop0: detected capacity change from 0 to 4096 [ 170.334509][ T6548] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 170.575352][ T6548] ntfs3: loop0: Failed to load $Extend (-22). [ 170.691031][ T6548] ntfs3: loop0: Failed to initialize $Extend. [ 172.207301][ T5836] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 172.397424][ T5836] usb 3-1: device descriptor read/64, error -71 [ 172.533716][ T5800] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 172.808036][ T5836] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 172.855996][ T6570] loop1: detected capacity change from 0 to 1764 [ 172.913658][ T5806] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 173.128698][ T5836] usb 3-1: device descriptor read/64, error -71 [ 173.250871][ T5836] usb usb3-port1: attempt power cycle [ 173.266915][ T6573] netlink: 20 bytes leftover after parsing attributes in process `syz.0.164'. [ 173.282016][ T6573] bridge_slave_1: left allmulticast mode [ 173.292594][ T6573] bridge_slave_1: left promiscuous mode [ 173.328135][ T6573] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.392796][ T6573] bridge_slave_0: left allmulticast mode [ 173.401951][ T6573] bridge_slave_0: left promiscuous mode [ 173.414967][ T6573] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.707144][ T5836] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 173.761038][ T5836] usb 3-1: device descriptor read/8, error -71 [ 174.077174][ T5836] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 174.131831][ T5836] usb 3-1: device descriptor read/8, error -71 [ 174.277518][ T5836] usb usb3-port1: unable to enumerate USB device [ 174.292758][ T6575] loop3: detected capacity change from 0 to 32768 [ 174.447426][ T5175] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 174.671942][ T5175] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.707365][ T5175] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.737525][ T5175] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 174.777132][ T23] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 174.777711][ T5175] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 174.814736][ T5175] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.826830][ T5175] usb 2-1: config 0 descriptor?? [ 174.864675][ T6587] FAULT_INJECTION: forcing a failure. [ 174.864675][ T6587] name failslab, interval 1, probability 0, space 0, times 0 [ 174.884013][ T6587] CPU: 1 PID: 6587 Comm: syz.0.170 Not tainted syzkaller #0 [ 174.891381][ T6587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 174.901481][ T6587] Call Trace: [ 174.904802][ T6587] [ 174.907771][ T6587] dump_stack_lvl+0x16c/0x230 [ 174.912514][ T6587] ? show_regs_print_info+0x20/0x20 [ 174.917762][ T6587] ? load_image+0x3b0/0x3b0 [ 174.922318][ T6587] ? __might_sleep+0xe0/0xe0 [ 174.926952][ T6587] ? __lock_acquire+0x7c80/0x7c80 [ 174.932298][ T6587] should_fail_ex+0x39d/0x4d0 [ 174.937030][ T6587] should_failslab+0x9/0x20 [ 174.941598][ T6587] slab_pre_alloc_hook+0x59/0x310 [ 174.946675][ T6587] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 174.952540][ T6587] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 174.958312][ T6587] __kmem_cache_alloc_node+0x53/0x260 [ 174.963895][ T6587] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 174.969647][ T6587] __kmalloc+0xa4/0x240 [ 174.973827][ T6587] tomoyo_realpath_from_path+0xe3/0x5d0 [ 174.979423][ T6587] tomoyo_path_number_perm+0x1ea/0x590 [ 174.984913][ T6587] ? tomoyo_path_number_perm+0x1ba/0x590 [ 174.990569][ T6587] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 174.996051][ T6587] ? ksys_write+0x1c1/0x250 [ 175.000609][ T6587] ? __fget_files+0x28/0x4d0 [ 175.005234][ T6587] security_file_ioctl+0x70/0xa0 [ 175.010211][ T6587] __se_sys_ioctl+0x48/0x170 [ 175.014827][ T6587] do_syscall_64+0x55/0xb0 [ 175.019262][ T6587] ? clear_bhb_loop+0x40/0x90 [ 175.023952][ T6587] ? clear_bhb_loop+0x40/0x90 [ 175.028648][ T6587] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 175.034565][ T6587] RIP: 0033:0x7f1848d8f6c9 [ 175.039099][ T6587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.058810][ T6587] RSP: 002b:00007f1849bb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 175.067247][ T6587] RAX: ffffffffffffffda RBX: 00007f1848fe6090 RCX: 00007f1848d8f6c9 [ 175.075259][ T6587] RDX: 0000000000000000 RSI: 0000000000005760 RDI: 0000000000000003 [ 175.083254][ T6587] RBP: 00007f1849bb7090 R08: 0000000000000000 R09: 0000000000000000 [ 175.091246][ T6587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.099231][ T6587] R13: 00007f1848fe6128 R14: 00007f1848fe6090 R15: 00007ffc8667d248 [ 175.107237][ T6587] [ 175.116332][ T6587] ERROR: Out of memory at tomoyo_realpath_from_path. [ 175.167078][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 175.213351][ T23] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 175.233448][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.248176][ T23] usb 3-1: Product: syz [ 175.252418][ T23] usb 3-1: Manufacturer: syz [ 175.301210][ T23] usb 3-1: SerialNumber: syz [ 175.397447][ T23] usb 3-1: config 0 descriptor?? [ 175.607017][ T5175] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 175.918274][ T5175] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 176.143154][ T5175] usb 2-1: USB disconnect, device number 4 [ 176.641782][ T23] peak_usb 3-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 176.715534][ T23] peak_usb 3-1:0.0 can0: sending command failure: -22 [ 176.992670][ T23] peak_usb 3-1:0.0 can0: sending command failure: -22 [ 177.045045][ T6607] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 177.157837][ T6605] fido_id[6605]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 177.228509][ T23] peak_usb: probe of 3-1:0.0 failed with error -22 [ 178.116059][ T6617] netlink: 'syz.0.177': attribute type 1 has an invalid length. [ 178.137672][ T6617] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.177'. [ 178.230220][ T6619] loop1: detected capacity change from 0 to 4096 [ 178.243541][ T6619] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 178.373967][ T6621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.179'. [ 178.406215][ T6619] ntfs3: loop1: failed to convert "c46c" to macgreek [ 178.842586][ T6609] loop3: detected capacity change from 0 to 32768 [ 178.858794][ T6609] XFS: ikeep mount option is deprecated. [ 178.876385][ T6609] XFS: ikeep mount option is deprecated. [ 178.902128][ T6609] XFS: noikeep mount option is deprecated. [ 178.977496][ T6609] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 178.977694][ T5175] usb 3-1: USB disconnect, device number 16 [ 179.225413][ T6635] FAULT_INJECTION: forcing a failure. [ 179.225413][ T6635] name failslab, interval 1, probability 0, space 0, times 0 [ 179.277332][ T6635] CPU: 1 PID: 6635 Comm: syz.2.181 Not tainted syzkaller #0 [ 179.284671][ T6635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 179.294766][ T6635] Call Trace: [ 179.298057][ T6635] [ 179.300999][ T6635] dump_stack_lvl+0x16c/0x230 [ 179.305818][ T6635] ? show_regs_print_info+0x20/0x20 [ 179.311053][ T6635] ? load_image+0x3b0/0x3b0 [ 179.315591][ T6635] ? mark_lock+0x94/0x320 [ 179.319944][ T6635] ? __might_fault+0xc6/0x120 [ 179.324638][ T6635] should_fail_ex+0x39d/0x4d0 [ 179.329347][ T6635] should_failslab+0x9/0x20 [ 179.333904][ T6635] slab_pre_alloc_hook+0x59/0x310 [ 179.339069][ T6635] kmem_cache_alloc+0x5a/0x2e0 [ 179.343880][ T6635] ? build_skb+0x29/0x260 [ 179.348232][ T6635] build_skb+0x29/0x260 [ 179.352422][ T6635] __tun_build_skb+0x36/0x320 [ 179.357125][ T6635] tun_get_user+0x1bb4/0x3bf0 [ 179.361866][ T6635] ? tun_get_user+0x637/0x3bf0 [ 179.366664][ T6635] ? aa_file_perm+0x3e8/0xec0 [ 179.371391][ T6635] ? rcu_read_unlock+0xa0/0xa0 [ 179.376213][ T6635] ? tun_get+0x1c/0x2e0 [ 179.380401][ T6635] ? __lock_acquire+0x7c80/0x7c80 [ 179.385460][ T6635] ? tun_get+0x1c/0x2e0 [ 179.389645][ T6635] tun_chr_write_iter+0x119/0x200 [ 179.394711][ T6635] vfs_write+0x43b/0x940 [ 179.399025][ T6635] ? file_end_write+0x250/0x250 [ 179.404264][ T6635] ? __fget_files+0x44a/0x4d0 [ 179.408999][ T6635] ? __fdget_pos+0x1d8/0x330 [ 179.413622][ T6635] ? ksys_write+0x75/0x250 [ 179.418063][ T6635] ksys_write+0x147/0x250 [ 179.422419][ T6635] ? __ia32_sys_read+0x90/0x90 [ 179.427209][ T6635] ? lockdep_hardirqs_on+0x98/0x150 [ 179.432515][ T6635] do_syscall_64+0x55/0xb0 [ 179.436953][ T6635] ? clear_bhb_loop+0x40/0x90 [ 179.441660][ T6635] ? clear_bhb_loop+0x40/0x90 [ 179.446355][ T6635] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 179.452267][ T6635] RIP: 0033:0x7f76feb8e17f [ 179.456697][ T6635] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 179.476425][ T6635] RSP: 002b:00007f76ffab2000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 179.484860][ T6635] RAX: ffffffffffffffda RBX: 00007f76fede5fa0 RCX: 00007f76feb8e17f [ 179.492850][ T6635] RDX: 000000000000003e RSI: 00002000000002c0 RDI: 00000000000000c8 [ 179.500920][ T6635] RBP: 00007f76ffab2090 R08: 0000000000000000 R09: 0000000000000000 [ 179.508910][ T6635] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001 [ 179.516897][ T6635] R13: 00007f76fede6038 R14: 00007f76fede5fa0 R15: 00007ffeb648a3f8 [ 179.524923][ T6635] [ 179.659098][ T6625] loop1: detected capacity change from 0 to 32768 [ 179.676272][ T6625] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz.1.180 (6625) [ 179.741304][ T6609] XFS (loop3): Ending clean mount [ 179.764047][ T6625] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 179.797467][ T6625] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 179.806409][ T6625] BTRFS info (device loop1): enabling disk space caching [ 179.815037][ T6625] BTRFS info (device loop1): force clearing of disk cache [ 179.822735][ T6625] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 179.832687][ T6625] BTRFS info (device loop1): use zstd compression, level 3 [ 179.840535][ T6625] BTRFS info (device loop1): disk space caching is enabled [ 179.981147][ T6625] BTRFS info (device loop1): enabling ssd optimizations [ 179.993476][ T6625] BTRFS info (device loop1): auto enabling async discard [ 180.142149][ T5800] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 180.151144][ T5800] Bluetooth: hci1: Injecting HCI hardware error event [ 180.159669][ T5800] Bluetooth: hci1: hardware error 0x00 [ 180.226339][ T28] audit: type=1326 audit(1762713319.769:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.495317][ T28] audit: type=1326 audit(1762713319.999:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.518645][ T28] audit: type=1326 audit(1762713320.039:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.647063][ T28] audit: type=1326 audit(1762713320.039:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.716546][ T6625] BTRFS info (device loop1): rebuilding free space tree [ 180.772941][ T6622] loop0: detected capacity change from 0 to 32768 [ 180.782084][ T28] audit: type=1326 audit(1762713320.139:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.805568][ T6622] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.179 (6622) [ 180.843218][ T28] audit: type=1326 audit(1762713320.179:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.869667][ T28] audit: type=1326 audit(1762713320.179:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.917123][ T6622] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 180.959455][ T28] audit: type=1326 audit(1762713320.189:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 180.981720][ T6622] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 181.163462][ T6622] BTRFS info (device loop0): using free space tree [ 181.215477][ T28] audit: type=1326 audit(1762713320.189:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 181.250016][ T6625] BTRFS info (device loop1): disabling free space tree [ 181.267166][ T28] audit: type=1326 audit(1762713320.189:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6608 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x7ffc0000 [ 181.345797][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 181.350984][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 181.997239][ T6625] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 182.017192][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 182.017864][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 182.047354][ T6625] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 182.070540][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 182.071218][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 182.088436][ T5790] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 182.183545][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 182.227272][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 182.288035][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 182.347867][ T6622] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 182.368993][ T5792] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 182.451447][ T6622] BTRFS error (device loop0): open_ctree failed: -12 [ 182.517460][ T5800] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 182.543993][ T5806] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by udevd (5806) [ 182.795423][ T6686] FAULT_INJECTION: forcing a failure. [ 182.795423][ T6686] name failslab, interval 1, probability 0, space 0, times 0 [ 182.841530][ T6686] CPU: 1 PID: 6686 Comm: syz.0.188 Not tainted syzkaller #0 [ 182.848902][ T6686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 182.859087][ T6686] Call Trace: [ 182.862419][ T6686] [ 182.865393][ T6686] dump_stack_lvl+0x16c/0x230 [ 182.870136][ T6686] ? show_regs_print_info+0x20/0x20 [ 182.875387][ T6686] ? load_image+0x3b0/0x3b0 [ 182.880213][ T6686] ? __might_sleep+0xe0/0xe0 [ 182.884855][ T6686] ? __lock_acquire+0x7c80/0x7c80 [ 182.889919][ T6686] ? mark_lock+0x94/0x320 [ 182.894298][ T6686] should_fail_ex+0x39d/0x4d0 [ 182.899036][ T6686] should_failslab+0x9/0x20 [ 182.903593][ T6686] slab_pre_alloc_hook+0x59/0x310 [ 182.908693][ T6686] kmem_cache_alloc+0x5a/0x2e0 [ 182.913509][ T6686] ? mas_alloc_nodes+0x2f8/0x8c0 [ 182.918517][ T6686] mas_alloc_nodes+0x2f8/0x8c0 [ 182.923359][ T6686] mas_preallocate+0xa44/0x1190 [ 182.928313][ T6686] ? lockdep_softirqs_off+0x430/0x430 [ 182.933694][ T6686] ? mas_destroy+0x1fc0/0x1fc0 [ 182.938476][ T6686] ? vma_iter_config+0xe6/0x270 [ 182.943358][ T6686] __split_vma+0x2dc/0xc00 [ 182.947885][ T6686] ? mmap_write_unlock+0x160/0x160 [ 182.953097][ T6686] ? split_vma+0x8f/0x110 [ 182.957440][ T6686] mprotect_fixup+0xaad/0xc90 [ 182.962155][ T6686] ? change_protection+0x3220/0x3220 [ 182.967461][ T6686] ? apparmor_file_mprotect+0xfe/0x120 [ 182.972937][ T6686] ? bpf_lsm_file_mprotect+0x9/0x10 [ 182.978144][ T6686] do_mprotect_pkey+0x76e/0xc30 [ 182.983016][ T6686] ? prot_none_test+0x10/0x10 [ 182.987716][ T6686] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 182.993711][ T6686] __x64_sys_mprotect+0x80/0x90 [ 182.998660][ T6686] do_syscall_64+0x55/0xb0 [ 183.003087][ T6686] ? clear_bhb_loop+0x40/0x90 [ 183.007774][ T6686] ? clear_bhb_loop+0x40/0x90 [ 183.012458][ T6686] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 183.018359][ T6686] RIP: 0033:0x7f1848d8f6c9 [ 183.022779][ T6686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.042388][ T6686] RSP: 002b:00007f1849bd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 183.050811][ T6686] RAX: ffffffffffffffda RBX: 00007f1848fe5fa0 RCX: 00007f1848d8f6c9 [ 183.058800][ T6686] RDX: 0000000000000006 RSI: 0000000000800000 RDI: 0000200000000000 [ 183.066784][ T6686] RBP: 00007f1849bd8090 R08: 0000000000000000 R09: 0000000000000000 [ 183.074763][ T6686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.082736][ T6686] R13: 00007f1848fe6038 R14: 00007f1848fe5fa0 R15: 00007ffc8667d248 [ 183.090729][ T6686] [ 183.281575][ T6689] loop2: detected capacity change from 0 to 256 [ 183.290715][ T6684] loop3: detected capacity change from 0 to 8192 [ 183.431074][ T6684] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 183.832865][ T6684] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 183.973758][ T6684] REISERFS (device loop3): using ordered data mode [ 183.998131][ T6684] reiserfs: using flush barriers [ 184.021276][ T6684] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 184.044053][ T6684] REISERFS (device loop3): checking transaction log (loop3) [ 184.384171][ T6684] REISERFS (device loop3): Using tea hash to sort names [ 184.404685][ T6684] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 184.427670][ T6684] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 184.868854][ T6703] FAULT_INJECTION: forcing a failure. [ 184.868854][ T6703] name failslab, interval 1, probability 0, space 0, times 0 [ 184.937183][ T6703] CPU: 1 PID: 6703 Comm: syz.2.191 Not tainted syzkaller #0 [ 184.944523][ T6703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 184.954587][ T6703] Call Trace: [ 184.957876][ T6703] [ 184.960822][ T6703] dump_stack_lvl+0x16c/0x230 [ 184.965591][ T6703] ? show_regs_print_info+0x20/0x20 [ 184.970811][ T6703] ? load_image+0x3b0/0x3b0 [ 184.975372][ T6703] ? __might_sleep+0xe0/0xe0 [ 184.979984][ T6703] ? __lock_acquire+0x7c80/0x7c80 [ 184.985020][ T6703] ? prepend_path+0x4b/0x960 [ 184.989630][ T6703] should_fail_ex+0x39d/0x4d0 [ 184.994437][ T6703] should_failslab+0x9/0x20 [ 184.998962][ T6703] slab_pre_alloc_hook+0x59/0x310 [ 185.004010][ T6703] ? __asan_memcpy+0x40/0x70 [ 185.008639][ T6703] ? tomoyo_encode+0x28b/0x540 [ 185.013429][ T6703] ? tomoyo_encode+0x28b/0x540 [ 185.018214][ T6703] __kmem_cache_alloc_node+0x53/0x260 [ 185.023604][ T6703] ? prepend_path+0x4b/0x960 [ 185.028209][ T6703] ? tomoyo_encode+0x28b/0x540 [ 185.032991][ T6703] __kmalloc+0xa4/0x240 [ 185.037168][ T6703] tomoyo_encode+0x28b/0x540 [ 185.041784][ T6703] tomoyo_realpath_from_path+0x592/0x5d0 [ 185.047450][ T6703] tomoyo_path_number_perm+0x1ea/0x590 [ 185.052927][ T6703] ? tomoyo_path_number_perm+0x1ba/0x590 [ 185.058596][ T6703] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 185.064097][ T6703] ? ksys_write+0x1c1/0x250 [ 185.068663][ T6703] ? __fget_files+0x28/0x4d0 [ 185.073285][ T6703] security_file_ioctl+0x70/0xa0 [ 185.078254][ T6703] __se_sys_ioctl+0x48/0x170 [ 185.082864][ T6703] do_syscall_64+0x55/0xb0 [ 185.087299][ T6703] ? clear_bhb_loop+0x40/0x90 [ 185.092003][ T6703] ? clear_bhb_loop+0x40/0x90 [ 185.096713][ T6703] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.102631][ T6703] RIP: 0033:0x7f76feb8f6c9 [ 185.107068][ T6703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.126683][ T6703] RSP: 002b:00007f76ffab2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 185.135109][ T6703] RAX: ffffffffffffffda RBX: 00007f76fede5fa0 RCX: 00007f76feb8f6c9 [ 185.143096][ T6703] RDX: 0000200000000580 RSI: 00000000c0e85667 RDI: 0000000000000003 [ 185.151081][ T6703] RBP: 00007f76ffab2090 R08: 0000000000000000 R09: 0000000000000000 [ 185.159066][ T6703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.167055][ T6703] R13: 00007f76fede6038 R14: 00007f76fede5fa0 R15: 00007ffeb648a3f8 [ 185.175057][ T6703] [ 185.187772][ T6703] ERROR: Out of memory at tomoyo_realpath_from_path. [ 186.615789][ T6714] netlink: 20 bytes leftover after parsing attributes in process `syz.2.195'. [ 187.345451][ T6723] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 187.368214][ T6723] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 188.566730][ T6727] loop0: detected capacity change from 0 to 1024 [ 188.577545][ T6728] tipc: Started in network mode [ 188.582931][ T6728] tipc: Node identity 3a4ddabcd71d, cluster identity 4711 [ 188.654325][ T6728] tipc: Enabled bearer , priority 0 [ 188.688163][ T6728] syzkaller0: entered promiscuous mode [ 188.699176][ T6728] syzkaller0: entered allmulticast mode [ 188.856222][ T6728] tipc: Resetting bearer [ 188.878809][ T6725] tipc: Resetting bearer [ 188.915604][ T6725] tipc: Disabling bearer [ 189.051748][ T5892] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 190.689213][ T5892] usb 1-1: device descriptor read/64, error -71 [ 190.967445][ T5892] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 191.357197][ T5892] usb 1-1: device descriptor read/64, error -71 [ 191.616061][ T6751] loop1: detected capacity change from 0 to 1024 [ 191.670864][ T5892] usb usb1-port1: attempt power cycle [ 192.084033][ T6750] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 192.159341][ T5892] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 192.403445][ T5892] usb 1-1: device not accepting address 12, error -71 [ 192.743508][ T788] IPVS: starting estimator thread 0... [ 192.847209][ T6767] IPVS: using max 26 ests per chain, 62400 per kthread [ 194.681227][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.690786][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.793628][ T6781] affs: No valid root block on device nbd1 [ 194.869493][ T6759] loop0: detected capacity change from 0 to 32768 [ 195.074479][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 195.074495][ T28] audit: type=1800 audit(1762713334.619:26): pid=6759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.209" name="file0" dev="loop0" ino=7 res=0 errno=0 [ 195.593480][ T6793] FAULT_INJECTION: forcing a failure. [ 195.593480][ T6793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 195.611487][ T6793] CPU: 0 PID: 6793 Comm: syz.2.218 Not tainted syzkaller #0 [ 195.618821][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 195.628886][ T6793] Call Trace: [ 195.632430][ T6793] [ 195.635364][ T6793] dump_stack_lvl+0x16c/0x230 [ 195.640068][ T6793] ? show_regs_print_info+0x20/0x20 [ 195.645299][ T6793] ? load_image+0x3b0/0x3b0 [ 195.649815][ T6793] ? __might_fault+0xaa/0x120 [ 195.654500][ T6793] ? __lock_acquire+0x7c80/0x7c80 [ 195.659535][ T6793] should_fail_ex+0x39d/0x4d0 [ 195.664329][ T6793] _copy_from_user+0x2f/0xe0 [ 195.668959][ T6793] do_sys_poll+0x24b/0x1150 [ 195.673528][ T6793] ? syscall_exit_to_user_mode+0x1a/0x50 [ 195.679185][ T6793] ? do_syscall_64+0x61/0xb0 [ 195.683808][ T6793] ? poll_select_finish+0x5e0/0x5e0 [ 195.689027][ T6793] ? verify_lock_unused+0x140/0x140 [ 195.694364][ T6793] ? _raw_spin_unlock_irq+0x23/0x50 [ 195.699599][ T6793] ? lockdep_hardirqs_on+0x98/0x150 [ 195.704803][ T6793] ? _raw_spin_unlock_irq+0x2e/0x50 [ 195.710009][ T6793] ? get_signal+0x11a0/0x1400 [ 195.714719][ T6793] ? set_user_sigmask+0xc8/0x1b0 [ 195.719676][ T6793] ? sigprocmask+0x190/0x190 [ 195.724290][ T6793] __se_sys_ppoll+0x200/0x260 [ 195.729000][ T6793] ? __x64_sys_ppoll+0xc0/0xc0 [ 195.733846][ T6793] ? lockdep_hardirqs_on+0x98/0x150 [ 195.739078][ T6793] ? __x64_sys_ppoll+0x20/0xc0 [ 195.743870][ T6793] do_syscall_64+0x55/0xb0 [ 195.748330][ T6793] ? clear_bhb_loop+0x40/0x90 [ 195.753038][ T6793] ? clear_bhb_loop+0x40/0x90 [ 195.758016][ T6793] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 195.763922][ T6793] RIP: 0033:0x7f76feb8f6c9 [ 195.768347][ T6793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.788059][ T6793] RSP: 002b:00007f76ffa91038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 195.796569][ T6793] RAX: ffffffffffffffda RBX: 00007f76fede6090 RCX: 00007f76feb8f6c9 [ 195.804552][ T6793] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000100 [ 195.812544][ T6793] RBP: 00007f76ffa91090 R08: 0000000000000000 R09: 0000000000000000 [ 195.820622][ T6793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.828609][ T6793] R13: 00007f76fede6128 R14: 00007f76fede6090 R15: 00007ffeb648a3f8 [ 195.836607][ T6793] [ 196.467320][ T6798] FAULT_INJECTION: forcing a failure. [ 196.467320][ T6798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.497187][ T6798] CPU: 0 PID: 6798 Comm: syz.2.221 Not tainted syzkaller #0 [ 196.504555][ T6798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 196.514647][ T6798] Call Trace: [ 196.517946][ T6798] [ 196.520891][ T6798] dump_stack_lvl+0x16c/0x230 [ 196.525593][ T6798] ? show_regs_print_info+0x20/0x20 [ 196.530814][ T6798] ? load_image+0x3b0/0x3b0 [ 196.535347][ T6798] ? __might_fault+0xaa/0x120 [ 196.540044][ T6798] ? __lock_acquire+0x7c80/0x7c80 [ 196.545092][ T6798] should_fail_ex+0x39d/0x4d0 [ 196.549809][ T6798] _copy_from_user+0x2f/0xe0 [ 196.554522][ T6798] media_device_ioctl+0x1d9/0x420 [ 196.559586][ T6798] ? __media_device_usb_init+0x3d0/0x3d0 [ 196.565283][ T6798] ? media_ioctl+0xfc/0x120 [ 196.569856][ T6798] ? media_poll+0x110/0x110 [ 196.574384][ T6798] __se_sys_ioctl+0xfd/0x170 [ 196.579000][ T6798] do_syscall_64+0x55/0xb0 [ 196.583435][ T6798] ? clear_bhb_loop+0x40/0x90 [ 196.588134][ T6798] ? clear_bhb_loop+0x40/0x90 [ 196.592836][ T6798] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 196.598750][ T6798] RIP: 0033:0x7f76feb8f6c9 [ 196.603189][ T6798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.622913][ T6798] RSP: 002b:00007f76ffab2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.631372][ T6798] RAX: ffffffffffffffda RBX: 00007f76fede5fa0 RCX: 00007f76feb8f6c9 [ 196.639369][ T6798] RDX: 00002000000000c0 RSI: 00000000c0287c02 RDI: 0000000000000005 [ 196.647363][ T6798] RBP: 00007f76ffab2090 R08: 0000000000000000 R09: 0000000000000000 [ 196.655435][ T6798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.663431][ T6798] R13: 00007f76fede6038 R14: 00007f76fede5fa0 R15: 00007ffeb648a3f8 [ 196.671442][ T6798] [ 198.210411][ T6815] xt_TCPMSS: Only works on TCP SYN packets [ 198.733501][ T6823] loop3: detected capacity change from 0 to 256 [ 199.597074][ T23] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 199.790434][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.811514][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.822493][ T23] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 199.836545][ T23] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 199.848311][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.877223][ T23] usb 3-1: config 0 descriptor?? [ 200.751537][ T23] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 200.901303][ T6835] input: syz1 as /devices/virtual/input/input13 [ 203.168059][ T23] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 203.327330][ T23] usb 3-1: USB disconnect, device number 17 [ 203.580518][ T6836] fido_id[6836]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 203.594086][ T6841] FAULT_INJECTION: forcing a failure. [ 203.594086][ T6841] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 203.614761][ T6841] CPU: 0 PID: 6841 Comm: syz.1.232 Not tainted syzkaller #0 [ 203.622103][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 203.632194][ T6841] Call Trace: [ 203.635514][ T6841] [ 203.638482][ T6841] dump_stack_lvl+0x16c/0x230 [ 203.643218][ T6841] ? show_regs_print_info+0x20/0x20 [ 203.648464][ T6841] ? load_image+0x3b0/0x3b0 [ 203.652985][ T6841] ? __might_fault+0xaa/0x120 [ 203.657723][ T6841] ? __lock_acquire+0x7c80/0x7c80 [ 203.662824][ T6841] should_fail_ex+0x39d/0x4d0 [ 203.667539][ T6841] _copy_from_user+0x2f/0xe0 [ 203.672293][ T6841] video_usercopy+0x34c/0x1330 [ 203.677112][ T6841] ? video_ioctl2+0x30/0x30 [ 203.681736][ T6841] ? v4l_printk_ioctl+0x160/0x160 [ 203.686798][ T6841] v4l2_ioctl+0x18a/0x1e0 [ 203.691249][ T6841] ? v4l2_poll+0x2b0/0x2b0 [ 203.695679][ T6841] __se_sys_ioctl+0xfd/0x170 [ 203.700292][ T6841] do_syscall_64+0x55/0xb0 [ 203.704722][ T6841] ? clear_bhb_loop+0x40/0x90 [ 203.709417][ T6841] ? clear_bhb_loop+0x40/0x90 [ 203.714108][ T6841] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 203.720024][ T6841] RIP: 0033:0x7fb37e58f6c9 [ 203.724458][ T6841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.744174][ T6841] RSP: 002b:00007fb37f465038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.752699][ T6841] RAX: ffffffffffffffda RBX: 00007fb37e7e6090 RCX: 00007fb37e58f6c9 [ 203.760694][ T6841] RDX: 0000200000000140 RSI: 00000000c0145608 RDI: 0000000000000006 [ 203.768856][ T6841] RBP: 00007fb37f465090 R08: 0000000000000000 R09: 0000000000000000 [ 203.776843][ T6841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.784837][ T6841] R13: 00007fb37e7e6128 R14: 00007fb37e7e6090 R15: 00007ffd3056e438 [ 203.792872][ T6841] [ 205.325143][ T6852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.236'. [ 205.350417][ T6852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.236'. [ 206.936715][ T6863] process 'syz.0.239' launched './file0' with NULL argv: empty string added [ 207.000722][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 207.755795][ T6867] loop2: detected capacity change from 0 to 32768 [ 207.788627][ T6867] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.241 (6867) [ 208.958298][ T6867] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 208.995230][ T6867] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 209.052031][ T6867] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 209.128807][ T6867] BTRFS info (device loop2): use zstd compression, level 3 [ 209.180866][ T6867] BTRFS info (device loop2): using free space tree [ 209.180892][ T6877] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 209.292828][ T6883] loop1: detected capacity change from 0 to 4096 [ 209.374473][ T6883] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 209.447699][ T6883] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 209.456647][ T6883] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 209.666806][ T6883] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 209.753013][ T6867] BTRFS info (device loop2): enabling ssd optimizations [ 209.998039][ T6907] loop0: detected capacity change from 0 to 1024 [ 210.159195][ T6867] BTRFS info (device loop2): auto enabling async discard [ 210.529064][ T6904] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 210.616106][ T6883] ntfs: volume version 3.1. [ 210.779014][ T6867] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 210.814182][ T6883] ntfs: (device loop1): load_and_init_quota(): Failed to find inode number for $Quota. [ 210.859556][ T6883] ntfs: (device loop1): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 214.377392][ T6921] macvlan0: entered promiscuous mode [ 214.383087][ T6919] loop1: detected capacity change from 0 to 4096 [ 214.391273][ T6919] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 214.480082][ T6921] netlink: 'syz.2.252': attribute type 1 has an invalid length. [ 214.497869][ T6921] netlink: 'syz.2.252': attribute type 2 has an invalid length. [ 214.570564][ T6919] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 214.586410][ T6925] FAULT_INJECTION: forcing a failure. [ 214.586410][ T6925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 214.599788][ T6925] CPU: 0 PID: 6925 Comm: syz.3.255 Not tainted syzkaller #0 [ 214.607125][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 214.617315][ T6925] Call Trace: [ 214.620636][ T6925] [ 214.623601][ T6925] dump_stack_lvl+0x16c/0x230 [ 214.628330][ T6925] ? show_regs_print_info+0x20/0x20 [ 214.633657][ T6925] ? load_image+0x3b0/0x3b0 [ 214.638207][ T6925] ? __might_fault+0xaa/0x120 [ 214.642931][ T6925] ? __lock_acquire+0x7c80/0x7c80 [ 214.648002][ T6925] should_fail_ex+0x39d/0x4d0 [ 214.652740][ T6925] _copy_from_user+0x2f/0xe0 [ 214.657374][ T6925] video_usercopy+0x34c/0x1330 [ 214.662192][ T6925] ? video_ioctl2+0x30/0x30 [ 214.666820][ T6925] ? v4l_printk_ioctl+0x160/0x160 [ 214.671927][ T6925] v4l2_ioctl+0x18a/0x1e0 [ 214.676308][ T6925] ? v4l2_poll+0x2b0/0x2b0 [ 214.680783][ T6925] __se_sys_ioctl+0xfd/0x170 [ 214.685427][ T6925] do_syscall_64+0x55/0xb0 [ 214.689901][ T6925] ? clear_bhb_loop+0x40/0x90 [ 214.694707][ T6925] ? clear_bhb_loop+0x40/0x90 [ 214.699433][ T6925] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.705377][ T6925] RIP: 0033:0x7fe50b98f6c9 [ 214.709874][ T6925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.729526][ T6925] RSP: 002b:00007fe50c8f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 214.737999][ T6925] RAX: ffffffffffffffda RBX: 00007fe50bbe6090 RCX: 00007fe50b98f6c9 [ 214.746102][ T6925] RDX: 00002000000003c0 RSI: 00000000c040565e RDI: 0000000000000007 [ 214.754107][ T6925] RBP: 00007fe50c8f1090 R08: 0000000000000000 R09: 0000000000000000 [ 214.762112][ T6925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.770121][ T6925] R13: 00007fe50bbe6128 R14: 00007fe50bbe6090 R15: 00007ffc2b41c318 [ 214.778145][ T6925] [ 217.087998][ T5792] ntfs3: loop1: ino=1a, ntfs_sync_fs failed, -22. [ 217.178521][ T788] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 217.685280][ T788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.845077][ T788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.994890][ T788] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 218.153687][ T788] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 218.244904][ T788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.345876][ T6936] netlink: 28 bytes leftover after parsing attributes in process `syz.1.259'. [ 218.348484][ T788] usb 1-1: config 0 descriptor?? [ 218.555765][ T6938] FAULT_INJECTION: forcing a failure. [ 218.555765][ T6938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.569731][ T6938] CPU: 0 PID: 6938 Comm: syz.2.261 Not tainted syzkaller #0 [ 218.577085][ T6938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 218.587198][ T6938] Call Trace: [ 218.590518][ T6938] [ 218.593487][ T6938] dump_stack_lvl+0x16c/0x230 [ 218.598222][ T6938] ? show_regs_print_info+0x20/0x20 [ 218.603486][ T6938] ? load_image+0x3b0/0x3b0 [ 218.608041][ T6938] ? __might_fault+0xaa/0x120 [ 218.612785][ T6938] ? __lock_acquire+0x7c80/0x7c80 [ 218.617951][ T6938] should_fail_ex+0x39d/0x4d0 [ 218.622686][ T6938] _copy_from_user+0x2f/0xe0 [ 218.627331][ T6938] get_user_ifreq+0x6b/0x180 [ 218.631937][ T6938] sock_ioctl+0x6ea/0x7a0 [ 218.636282][ T6938] ? sock_poll+0x3d0/0x3d0 [ 218.640747][ T6938] ? bpf_lsm_file_ioctl+0x9/0x10 [ 218.645726][ T6938] ? security_file_ioctl+0x80/0xa0 [ 218.650883][ T6938] ? sock_poll+0x3d0/0x3d0 [ 218.655322][ T6938] __se_sys_ioctl+0xfd/0x170 [ 218.659942][ T6938] do_syscall_64+0x55/0xb0 [ 218.664384][ T6938] ? clear_bhb_loop+0x40/0x90 [ 218.669077][ T6938] ? clear_bhb_loop+0x40/0x90 [ 218.673775][ T6938] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 218.679709][ T6938] RIP: 0033:0x7f76feb8f6c9 [ 218.684167][ T6938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.703803][ T6938] RSP: 002b:00007f76ffab2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.712249][ T6938] RAX: ffffffffffffffda RBX: 00007f76fede5fa0 RCX: 00007f76feb8f6c9 [ 218.720236][ T6938] RDX: 0000200000000440 RSI: 00000000000089f1 RDI: 0000000000000003 [ 218.728224][ T6938] RBP: 00007f76ffab2090 R08: 0000000000000000 R09: 0000000000000000 [ 218.736210][ T6938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.744197][ T6938] R13: 00007f76fede6038 R14: 00007f76fede5fa0 R15: 00007ffeb648a3f8 [ 218.752227][ T6938] [ 218.757664][ T6743] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 218.960025][ T6743] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 218.969684][ T6743] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 218.979035][ T6743] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 218.980592][ T788] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 218.990931][ T6743] usb 2-1: config 220 has no interface number 2 [ 219.043228][ T6743] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 219.068062][ T788] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 219.121582][ T6743] usb 2-1: config 220 interface 0 has no altsetting 0 [ 219.132243][ T6743] usb 2-1: config 220 interface 76 has no altsetting 0 [ 219.142425][ T6743] usb 2-1: config 220 interface 1 has no altsetting 0 [ 219.179557][ T6743] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 219.198401][ T6743] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.242226][ T6743] usb 2-1: Product: syz [ 219.264296][ T6743] usb 2-1: Manufacturer: syz [ 219.281297][ T6743] usb 2-1: SerialNumber: syz [ 219.477325][ T788] usb 1-1: USB disconnect, device number 14 [ 219.487352][ T6932] usb 1-1: string descriptor 0 read error: -19 [ 219.559551][ T6743] usb 2-1: selecting invalid altsetting 0 [ 219.575660][ T6932] loop0: detected capacity change from 0 to 256 [ 219.598065][ T6743] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 219.624562][ T6743] usb 2-1: No valid video chain found. [ 219.677083][ T6932] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 219.706486][ T6743] usb 2-1: selecting invalid altsetting 0 [ 219.716650][ T6743] usbtest: probe of 2-1:220.1 failed with error -22 [ 219.752972][ T28] audit: type=1800 audit(1762713359.299:27): pid=6932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.257" name="file1" dev="loop0" ino=1048598 res=0 errno=0 [ 219.774703][ T6743] usb 2-1: USB disconnect, device number 5 [ 221.037223][ T5836] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 221.638756][ T5836] usb 2-1: unable to get BOS descriptor or descriptor too short [ 221.720681][ T5836] usb 2-1: config 8 has an invalid interface number: 92 but max is 0 [ 222.011725][ T5836] usb 2-1: config 8 has no interface number 0 [ 222.168224][ T5836] usb 2-1: config 8 interface 92 has no altsetting 0 [ 222.333521][ T5836] usb 2-1: New USB device found, idVendor=102c, idProduct=6251, bcdDevice=41.17 [ 222.513117][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.618278][ T5836] usb 2-1: Product: syz [ 222.702884][ T5836] usb 2-1: Manufacturer: syz [ 222.760927][ T5836] usb 2-1: SerialNumber: syz [ 225.197091][ T5882] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 225.449145][ T5836] gspca_main: etoms-2.14.0 probing 102c:6251 [ 225.482148][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.514247][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 225.547246][ T5882] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 225.699475][ T5882] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 225.819319][ T5836] usb 2-1: USB disconnect, device number 6 [ 225.885361][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.194402][ T5882] usb 4-1: config 0 descriptor?? [ 227.018118][ T6988] netlink: 'syz.0.271': attribute type 6 has an invalid length. [ 227.026499][ T6988] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.271'. [ 227.397106][ T6987] loop1: detected capacity change from 0 to 1024 [ 227.746268][ T5882] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 227.759310][ T5882] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 227.831998][ T5882] usb 4-1: USB disconnect, device number 6 [ 227.984001][ T6967] loop3: detected capacity change from 0 to 256 [ 228.566842][ T6996] loop0: detected capacity change from 0 to 2048 [ 228.638168][ T6967] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 228.660016][ T6992] fido_id[6992]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 228.761913][ T6996] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.792804][ T7002] loop1: detected capacity change from 0 to 64 [ 228.805788][ T6996] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.815815][ T28] audit: type=1800 audit(1762713368.349:28): pid=6967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.266" name="file1" dev="loop3" ino=1048599 res=0 errno=0 [ 229.028531][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.434841][ T7007] loop0: detected capacity change from 0 to 8192 [ 229.461679][ T7007] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 229.541232][ T7007] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 229.562274][ T7007] REISERFS (device loop0): using ordered data mode [ 229.573326][ T7007] reiserfs: using flush barriers [ 229.607449][ T7007] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 229.709756][ T7007] REISERFS (device loop0): checking transaction log (loop0) [ 230.161860][ T7015] loop2: detected capacity change from 0 to 1024 [ 230.704042][ T7017] lo: entered allmulticast mode [ 230.913741][ T7021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.280'. [ 230.945185][ T7007] REISERFS (device loop0): Using tea hash to sort names [ 231.038065][ T7007] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 231.208075][ T7019] lo: left allmulticast mode [ 231.450470][ T7024] loop1: detected capacity change from 0 to 2048 [ 232.873491][ T7028] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 233.008589][ T7031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.281'. [ 233.398429][ T8] usb 2-1: new low-speed USB device number 7 using dummy_hcd [ 233.407224][ T27] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 233.567266][ T27] usb 3-1: device descriptor read/64, error -71 [ 233.591498][ T8] usb 2-1: Invalid ep0 maxpacket: 64 [ 233.767193][ T8] usb 2-1: new low-speed USB device number 8 using dummy_hcd [ 233.790532][ T7039] loop3: detected capacity change from 0 to 2048 [ 233.867399][ T27] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 234.021774][ T8] usb 2-1: Invalid ep0 maxpacket: 64 [ 234.037282][ T27] usb 3-1: device descriptor read/64, error -71 [ 234.075195][ T8] usb usb2-port1: attempt power cycle [ 234.149507][ T7039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.184093][ T27] usb usb3-port1: attempt power cycle [ 234.194691][ T7039] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.492089][ T7028] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 234.518846][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.535144][ T7028] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 234.608202][ T7028] Remounting filesystem read-only [ 234.630057][ T2953] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 234.665744][ T2953] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 234.687757][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.711432][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.734067][ T28] audit: type=1326 audit(1762713374.279:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7050 comm="syz.3.286" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe50b98f6c9 code=0x0 [ 234.760784][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.778646][ T2953] NILFS (loop1): discard dirty page: offset=0, ino=2 [ 234.790668][ T2953] NILFS (loop1): discard dirty block: blocknr=18, size=1024 [ 234.798824][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.818662][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.834615][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.854854][ T2953] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 234.862797][ T27] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 234.870548][ T2953] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 234.885132][ T2953] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 234.897887][ T27] usb 3-1: device descriptor read/8, error -71 [ 234.927197][ T2953] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 234.947151][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.976507][ T2953] NILFS (loop1): discard dirty page: offset=98304, ino=3 [ 234.985521][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 234.996369][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.015442][ T2953] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 235.024941][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.038752][ T2953] NILFS (loop1): discard dirty page: offset=196608, ino=3 [ 235.084189][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.103223][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.114575][ T2953] NILFS (loop1): discard dirty block: blocknr=49, size=1024 [ 235.126060][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.142896][ T2953] NILFS (loop1): discard dirty page: offset=0, ino=19 [ 235.152202][ T2953] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 235.167404][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.177711][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.196913][ T2953] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.212463][ T5792] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 235.227081][ T27] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 235.239183][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 235.253456][ T5792] NILFS (loop1): discard dirty block: blocknr=35, size=1024 [ 235.260998][ T5792] NILFS (loop1): discard dirty block: blocknr=36, size=1024 [ 235.270536][ T5792] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 235.278434][ T5792] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 235.286482][ T27] usb 3-1: device descriptor read/8, error -71 [ 235.310711][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 235.317885][ T5792] NILFS (loop1): discard dirty block: blocknr=41, size=1024 [ 235.325372][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.334716][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.345682][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.361361][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=4 [ 235.368255][ T5792] NILFS (loop1): discard dirty block: blocknr=40, size=1024 [ 235.378160][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.387513][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.396661][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 235.418371][ T27] usb usb3-port1: unable to enumerate USB device [ 235.622703][ T7056] loop0: detected capacity change from 0 to 128 [ 235.658148][ T7056] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 235.688077][ T7056] ext4 filesystem being mounted at /77/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 235.887140][ T27] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 236.015597][ T5789] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 236.109593][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.147687][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 236.161381][ T27] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 236.198373][ T27] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 236.231924][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.270617][ T27] usb 2-1: config 0 descriptor?? [ 236.403970][ T7065] loop0: detected capacity change from 0 to 4096 [ 236.442689][ T7065] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 236.581505][ T7065] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 236.699394][ T27] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 236.768873][ T27] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 237.075020][ T7063] loop2: detected capacity change from 0 to 32768 [ 237.198323][ T7063] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 237.238620][ T7060] usb 2-1: string descriptor 0 read error: -71 [ 237.246646][ T8] usb 2-1: USB disconnect, device number 10 [ 237.339201][ T7060] loop1: detected capacity change from 0 to 256 [ 237.427817][ T5789] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22. [ 237.447138][ T7060] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 237.524778][ T7063] XFS (loop2): Ending clean mount [ 237.639198][ T28] audit: type=1800 audit(1762713377.189:30): pid=7060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.285" name="file1" dev="loop1" ino=1048600 res=0 errno=0 [ 237.721188][ T5800] Bluetooth: hci3: command 0x0406 tx timeout [ 237.827639][ T5791] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 239.398571][ T7101] loop2: detected capacity change from 0 to 1024 [ 240.045757][ T7102] FAULT_INJECTION: forcing a failure. [ 240.045757][ T7102] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.080316][ T7102] CPU: 1 PID: 7102 Comm: syz.1.297 Not tainted syzkaller #0 [ 240.088051][ T7102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 240.098190][ T7102] Call Trace: [ 240.101505][ T7102] [ 240.104470][ T7102] dump_stack_lvl+0x16c/0x230 [ 240.109374][ T7102] ? show_regs_print_info+0x20/0x20 [ 240.114616][ T7102] ? load_image+0x3b0/0x3b0 [ 240.119150][ T7102] ? __might_fault+0xaa/0x120 [ 240.123841][ T7102] ? __lock_acquire+0x7c80/0x7c80 [ 240.128893][ T7102] should_fail_ex+0x39d/0x4d0 [ 240.133627][ T7102] _copy_to_iter+0x1c8/0x10d0 [ 240.138347][ T7102] ? iov_iter_init+0x1e0/0x1e0 [ 240.143134][ T7102] ? wait_woken+0x180/0x180 [ 240.147729][ T7102] ? __check_object_size+0x8d/0xa30 [ 240.152998][ T7102] tty_read+0x2c1/0x630 [ 240.157184][ T7102] ? tty_lookup_driver+0x470/0x470 [ 240.162336][ T7102] ? lock_release+0x57c/0x8b0 [ 240.167040][ T7102] ? common_file_perm+0x198/0x1f0 [ 240.172100][ T7102] vfs_read+0x431/0x920 [ 240.176285][ T7102] ? kernel_read+0x1e0/0x1e0 [ 240.180903][ T7102] ? __fget_files+0x44a/0x4d0 [ 240.185616][ T7102] ? __fdget_pos+0x1d8/0x330 [ 240.190237][ T7102] ? ksys_read+0x75/0x250 [ 240.194610][ T7102] ksys_read+0x147/0x250 [ 240.198974][ T7102] ? vfs_write+0x940/0x940 [ 240.203417][ T7102] ? lockdep_hardirqs_on+0x98/0x150 [ 240.208638][ T7102] do_syscall_64+0x55/0xb0 [ 240.213083][ T7102] ? clear_bhb_loop+0x40/0x90 [ 240.217867][ T7102] ? clear_bhb_loop+0x40/0x90 [ 240.222560][ T7102] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 240.228470][ T7102] RIP: 0033:0x7fb37e58f6c9 [ 240.232901][ T7102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.252531][ T7102] RSP: 002b:00007fb37f444038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 240.260974][ T7102] RAX: ffffffffffffffda RBX: 00007fb37e7e6180 RCX: 00007fb37e58f6c9 [ 240.268971][ T7102] RDX: 0000000000002020 RSI: 0000200000002600 RDI: 0000000000000003 [ 240.277048][ T7102] RBP: 00007fb37f444090 R08: 0000000000000000 R09: 0000000000000000 [ 240.285072][ T7102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.293081][ T7102] R13: 00007fb37e7e6218 R14: 00007fb37e7e6180 R15: 00007ffd3056e438 [ 240.301099][ T7102] [ 241.829519][ T7120] loop0: detected capacity change from 0 to 128 [ 241.842918][ T7122] FAULT_INJECTION: forcing a failure. [ 241.842918][ T7122] name failslab, interval 1, probability 0, space 0, times 0 [ 241.858767][ T7122] CPU: 1 PID: 7122 Comm: syz.2.305 Not tainted syzkaller #0 [ 241.866119][ T7122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 241.876238][ T7122] Call Trace: [ 241.879560][ T7122] [ 241.882530][ T7122] dump_stack_lvl+0x16c/0x230 [ 241.887261][ T7122] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 241.892943][ T7122] ? show_regs_print_info+0x20/0x20 [ 241.898197][ T7122] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 241.903898][ T7122] should_fail_ex+0x39d/0x4d0 [ 241.908812][ T7122] should_failslab+0x9/0x20 [ 241.913369][ T7122] slab_pre_alloc_hook+0x59/0x310 [ 241.918455][ T7122] kmem_cache_alloc_lru+0x4d/0x2e0 [ 241.923606][ T7122] ? __d_alloc+0x31/0x730 [ 241.927974][ T7122] __d_alloc+0x31/0x730 [ 241.932347][ T7122] d_alloc+0x4e/0x250 [ 241.936357][ T7122] lookup_one_qstr_excl+0xca/0x250 [ 241.941498][ T7122] filename_create+0x222/0x460 [ 241.946296][ T7122] ? kern_path_create+0x50/0x50 [ 241.951172][ T7122] ? __virt_addr_valid+0x18c/0x540 [ 241.956398][ T7122] ? __virt_addr_valid+0x469/0x540 [ 241.961543][ T7122] do_mkdirat+0xa1/0x440 [ 241.965818][ T7122] ? vfs_mkdir+0x440/0x440 [ 241.970268][ T7122] __x64_sys_mkdirat+0x89/0xa0 [ 241.975065][ T7122] do_syscall_64+0x55/0xb0 [ 241.979509][ T7122] ? clear_bhb_loop+0x40/0x90 [ 241.984207][ T7122] ? clear_bhb_loop+0x40/0x90 [ 241.988901][ T7122] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 241.994813][ T7122] RIP: 0033:0x7f76feb8f6c9 [ 241.999245][ T7122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.018871][ T7122] RSP: 002b:00007f76ffab2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 242.027338][ T7122] RAX: ffffffffffffffda RBX: 00007f76fede5fa0 RCX: 00007f76feb8f6c9 [ 242.035414][ T7122] RDX: 00000000000001c0 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 242.043403][ T7122] RBP: 00007f76ffab2090 R08: 0000000000000000 R09: 0000000000000000 [ 242.051412][ T7122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.059405][ T7122] R13: 00007f76fede6038 R14: 00007f76fede5fa0 R15: 00007ffeb648a3f8 [ 242.067412][ T7122] [ 242.093834][ T5806] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 242.372030][ T7128] syz_tun: entered allmulticast mode [ 242.438403][ T7128] dvmrp8: entered allmulticast mode [ 242.485446][ T7127] syz_tun: left allmulticast mode [ 242.627335][ T7131] syz_tun: entered allmulticast mode [ 242.660890][ T7130] syz_tun: left allmulticast mode [ 242.961817][ T7135] syz_tun: entered allmulticast mode [ 243.066782][ T7134] syz_tun: left allmulticast mode [ 243.591046][ T7140] FAULT_INJECTION: forcing a failure. [ 243.591046][ T7140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.293412][ T7140] CPU: 1 PID: 7140 Comm: syz.2.310 Not tainted syzkaller #0 [ 244.300787][ T7140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 244.310882][ T7140] Call Trace: [ 244.314178][ T7140] [ 244.317127][ T7140] dump_stack_lvl+0x16c/0x230 [ 244.321838][ T7140] ? show_regs_print_info+0x20/0x20 [ 244.327057][ T7140] ? load_image+0x3b0/0x3b0 [ 244.331581][ T7140] ? __might_fault+0xaa/0x120 [ 244.336277][ T7140] ? __lock_acquire+0x7c80/0x7c80 [ 244.341336][ T7140] should_fail_ex+0x39d/0x4d0 [ 244.346037][ T7140] _copy_from_user+0x2f/0xe0 [ 244.350646][ T7140] ___sys_recvmsg+0x12f/0x510 [ 244.355361][ T7140] ? __sys_recvmsg+0x270/0x270 [ 244.360169][ T7140] ? __lock_acquire+0x7c80/0x7c80 [ 244.365220][ T7140] ? __might_fault+0xc6/0x120 [ 244.369914][ T7140] ? __might_fault+0xaa/0x120 [ 244.374609][ T7140] do_recvmmsg+0x360/0x7d0 [ 244.379074][ T7140] ? __sys_recvmmsg+0x280/0x280 [ 244.384011][ T7140] __x64_sys_recvmmsg+0x191/0x240 [ 244.389089][ T7140] ? do_recvmmsg+0x7d0/0x7d0 [ 244.393810][ T7140] ? lockdep_hardirqs_on+0x98/0x150 [ 244.399051][ T7140] do_syscall_64+0x55/0xb0 [ 244.403502][ T7140] ? clear_bhb_loop+0x40/0x90 [ 244.408202][ T7140] ? clear_bhb_loop+0x40/0x90 [ 244.412904][ T7140] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 244.418882][ T7140] RIP: 0033:0x7f76feb8f6c9 [ 244.423337][ T7140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.442984][ T7140] RSP: 002b:00007f76ffa91038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 244.451417][ T7140] RAX: ffffffffffffffda RBX: 00007f76fede6090 RCX: 00007f76feb8f6c9 [ 244.459411][ T7140] RDX: 000000000000072a RSI: 0000200000000080 RDI: 0000000000000004 [ 244.467416][ T7140] RBP: 00007f76ffa91090 R08: 0000000000000000 R09: 0000000000000000 [ 244.475405][ T7140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.483390][ T7140] R13: 00007f76fede6128 R14: 00007f76fede6090 R15: 00007ffeb648a3f8 [ 244.491400][ T7140] [ 244.620982][ T7133] loop0: detected capacity change from 0 to 32768 [ 244.666672][ T28] audit: type=1326 audit(1762713384.209:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 244.721200][ T7133] JFS: block map error in dbBackSplit [ 244.745465][ T7133] ERROR: (device loop0): dbDiscardAG: -EIO [ 244.745465][ T7133] [ 244.847027][ T28] audit: type=1326 audit(1762713384.239:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.033136][ T7133] syz.0.308: attempt to access beyond end of device [ 245.033136][ T7133] loop0: rw=2051, sector=2629632, nr_sectors = 8192 limit=32768 [ 245.125438][ T7133] JFS: sb_issue_discard(ffff88802de98000, 328704, 1024, GFP_NOFS, 0) = -5 => failed! [ 245.144617][ T7133] blkno = 50400, nblocks = 400 [ 245.151646][ T28] audit: type=1326 audit(1762713384.249:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1848d8df10 code=0x7ffc0000 [ 245.174307][ T7133] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 245.174307][ T7133] [ 245.212549][ T28] audit: type=1326 audit(1762713384.249:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.277607][ T5789] BUG: Bad page state in process syz-executor pfn:250ec [ 245.286679][ T5789] page:ffffea0000943b00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x250ec [ 245.299427][ T5789] flags: 0xfff1800000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff) [ 245.313963][ T5789] page_type: 0xffffffff() [ 245.320780][ T5789] raw: 00fff1800000820c ffffea0001824ec8 ffffc9000444f900 0000000000000000 [ 245.330490][ T5789] raw: 0000000000000004 ffff888069cb5d90 00000000ffffffff 0000000000000000 [ 245.339420][ T5789] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 245.346921][ T5789] page_owner tracks the page as allocated [ 245.355760][ T5789] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 7133, tgid 7132 (syz.0.308), ts 244699000453, free_ts 241014420827 [ 245.374382][ T28] audit: type=1326 audit(1762713384.249:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.421033][ T5789] post_alloc_hook+0x1cd/0x210 [ 245.421153][ T28] audit: type=1326 audit(1762713384.249:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.450349][ T5789] get_page_from_freelist+0x195c/0x19f0 [ 245.470106][ T5789] __alloc_pages+0x1e3/0x460 [ 245.495389][ T28] audit: type=1326 audit(1762713384.249:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.507157][ T5789] folio_alloc+0x1e/0x30 [ 245.546115][ T5789] filemap_alloc_folio+0xdf/0x470 [ 245.555159][ T5789] do_read_cache_folio+0x36c/0x7e0 [ 245.565034][ T5789] do_read_cache_page+0x32/0x250 [ 245.590605][ T5789] __get_metapage+0x31a/0xfa0 [ 245.591530][ T28] audit: type=1326 audit(1762713384.249:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.596081][ T5789] dbAllocCtl+0xd4/0x9b0 [ 245.637019][ T28] audit: type=1326 audit(1762713384.249:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.644121][ T5789] dbAllocAG+0x1e7/0xfe0 [ 245.675756][ T5789] dbDiscardAG+0x2ce/0x8f0 [ 245.683555][ T5789] jfs_ioc_trim+0x42f/0x660 [ 245.690978][ T5789] jfs_ioctl+0x2b9/0x3d0 [ 245.691131][ T28] audit: type=1326 audit(1762713384.249:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.0.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1848d8f6c9 code=0x7ffc0000 [ 245.695478][ T5789] __se_sys_ioctl+0xfd/0x170 [ 245.747195][ T5789] do_syscall_64+0x55/0xb0 [ 245.771191][ T5789] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 245.837432][ T5789] page last free stack trace: [ 245.842716][ T5789] free_unref_page_prepare+0x7ce/0x8e0 [ 245.851928][ T5789] free_unref_page_list+0xbe/0x860 [ 245.860388][ T5789] release_pages+0x1fa0/0x2220 [ 245.865247][ T5789] tlb_flush_mmu+0x368/0x4f0 [ 245.874456][ T5789] tlb_finish_mmu+0xc3/0x1d0 [ 245.886375][ T5789] exit_mmap+0x3f0/0xb50 [ 245.893982][ T5789] __mmput+0x118/0x3c0 [ 245.898469][ T5789] exit_mm+0x1da/0x2c0 [ 245.903060][ T5789] do_exit+0x88e/0x23c0 [ 245.937057][ T5789] do_group_exit+0x21b/0x2d0 [ 245.947826][ T5789] __x64_sys_exit_group+0x3f/0x40 [ 245.954731][ T5789] do_syscall_64+0x55/0xb0 [ 245.967257][ T5789] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 245.990760][ T5789] Modules linked in: [ 245.999758][ T5789] CPU: 0 PID: 5789 Comm: syz-executor Not tainted syzkaller #0 [ 246.007389][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 246.017484][ T5789] Call Trace: [ 246.020797][ T5789] [ 246.023754][ T5789] dump_stack_lvl+0x16c/0x230 [ 246.028469][ T5789] ? show_regs_print_info+0x20/0x20 [ 246.033678][ T5789] ? swiotlb_print_info+0x70/0x70 [ 246.038709][ T5789] ? dump_page+0xba7/0x14d0 [ 246.043364][ T5789] bad_page+0x14b/0x170 [ 246.047540][ T5789] free_unref_page_prepare+0x887/0x8e0 [ 246.053019][ T5789] free_unref_page_list+0xbe/0x860 [ 246.058208][ T5789] ? __folio_memcg+0x63/0x160 [ 246.062893][ T5789] ? folio_memcg+0x127/0x480 [ 246.067582][ T5789] release_pages+0x1fa0/0x2220 [ 246.072361][ T5789] ? lru_cache_disable+0x30/0x30 [ 246.077312][ T5789] ? mlock_drain_local+0x79/0x490 [ 246.082354][ T5789] ? mlock_drain_local+0x79/0x490 [ 246.087425][ T5789] ? mlock_drain_local+0x28d/0x490 [ 246.092585][ T5789] __folio_batch_release+0x71/0xe0 [ 246.097725][ T5789] truncate_inode_pages_range+0x358/0xf00 [ 246.103481][ T5789] ? mapping_evict_folio+0x510/0x510 [ 246.108888][ T5789] ? proc_nr_inodes+0x230/0x230 [ 246.113771][ T5789] ? do_raw_spin_unlock+0x121/0x230 [ 246.119002][ T5789] ? _raw_spin_unlock+0x28/0x40 [ 246.123873][ T5789] dbUnmount+0x109/0x180 [ 246.128147][ T5789] jfs_umount+0x258/0x3c0 [ 246.132499][ T5789] jfs_put_super+0x8c/0x190 [ 246.137030][ T5789] ? jfs_free_inode+0x30/0x30 [ 246.141722][ T5789] generic_shutdown_super+0x134/0x2b0 [ 246.147126][ T5789] kill_block_super+0x44/0x90 [ 246.151828][ T5789] deactivate_locked_super+0x97/0x100 [ 246.157218][ T5789] cleanup_mnt+0x429/0x4c0 [ 246.161645][ T5789] task_work_run+0x1ce/0x250 [ 246.166251][ T5789] ? task_work_cancel+0x240/0x240 [ 246.171288][ T5789] ? exit_to_user_mode_loop+0x3b/0x110 [ 246.176764][ T5789] exit_to_user_mode_loop+0xe6/0x110 [ 246.182061][ T5789] exit_to_user_mode_prepare+0xf6/0x180 [ 246.187623][ T5789] syscall_exit_to_user_mode+0x1a/0x50 [ 246.193085][ T5789] do_syscall_64+0x61/0xb0 [ 246.197550][ T5789] ? clear_bhb_loop+0x40/0x90 [ 246.202256][ T5789] ? clear_bhb_loop+0x40/0x90 [ 246.206942][ T5789] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 246.212856][ T5789] RIP: 0033:0x7f1848d909f7 [ 246.217373][ T5789] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 246.237019][ T5789] RSP: 002b:00007ffc8667c4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 246.245555][ T5789] RAX: 0000000000000000 RBX: 00007f1848e11d7d RCX: 00007f1848d909f7 [ 246.253558][ T5789] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc8667c590 [ 246.261600][ T5789] RBP: 00007ffc8667c590 R08: 0000000000000000 R09: 0000000000000000 [ 246.269584][ T5789] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc8667d620 [ 246.277683][ T5789] R13: 00007f1848e11d7d R14: 000000000003bd69 R15: 00007ffc8667d660 [ 246.285769][ T5789] [ 246.339448][ T5789] Disabling lock debugging due to kernel taint