last executing test programs: 39.281100345s ago: executing program 0 (id=2463): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000) syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="c3", 0x1, 0x20008044, &(0x7f00000001c0)={0xa, 0x2, 0x7, @loopback, 0xfc47}, 0x1c) socket$inet6(0xa, 0x3, 0x8000000003c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 36.170485098s ago: executing program 0 (id=2465): sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf2501000000080001"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x448}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 35.846132685s ago: executing program 0 (id=2466): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x3, &(0x7f0000000280)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x8, 0xfffff00c}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4ea4, 0x20000, @local, 0x9}, 0x1c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 35.495980713s ago: executing program 0 (id=2467): bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000) syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) symlinkat(0x0, 0xffffffffffffff9c, 0x0) memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) 32.863628462s ago: executing program 0 (id=2471): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ptrace$ARCH_GET_FS(0x1e, r0, &(0x7f0000000000), 0x1003) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x40) fcntl$setsig(r3, 0xa, 0x13) fcntl$setlease(r3, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = getpid() fcntl$setownex(r4, 0xf, &(0x7f0000000100)={0x2, r5}) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r3, 0x8, r6) write$uinput_user_dev(r3, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, 0x0) 29.227748303s ago: executing program 0 (id=2477): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5ce000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r2, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) 6.165886805s ago: executing program 2 (id=2517): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x22000044}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x50}}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x22000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x8, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x10000491, 0x8d3, 0x200006, 0x800008, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e58, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x5, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0xff, 0xf45, 0x3, 0x7fff, 0x8, 0x77, 0x6, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x9, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x81, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{}], 0x1, 0x0, 0x0, 0x11000000}, 0x0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r0, 0xc008aec1, &(0x7f0000000680)={0x4, 0x0, [{0xb, 0x8, 0x6, 0x8, 0x7, 0x9, 0x7}, {0x80000008, 0x10000, 0x5, 0x8, 0x5a, 0x6, 0x840}, {0x80000000, 0x4, 0x5, 0x8, 0x8, 0x1, 0x10000}, {0x80000008, 0x1, 0x3, 0x6, 0x7, 0x3, 0xfffffc01}]}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='net/ip6_mr_cache\x00') preadv(r4, &(0x7f0000000400)=[{&(0x7f0000000340)=""/152, 0x98}], 0x1, 0x1, 0xe3d0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000280)={0x1, 0x0, [{0xb, 0x5, 0x1, 0x400, 0x1, 0x2, 0x3}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 5.919267508s ago: executing program 1 (id=2518): syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x2008802, &(0x7f0000000600)={[{@errors_continue}, {}, {@uid={'uid', 0x3d, 0xee00}}, {@sys_tz}, {@iocharset={'iocharset', 0x3d, 'cp855'}}, {@keep_last_dots}, {@gid}, {@utf8}, {@fmask={'fmask', 0x3d, 0x2}}, {@gid}, {@errors_continue}, {@utf8}]}, 0x7, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000140)=""/33, 0x21) 5.404828685s ago: executing program 1 (id=2520): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(0x0, r1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040), 0x0, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa1", @ANYRES32=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r5}, 0xc) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x20000023896) 4.466301925s ago: executing program 2 (id=2521): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) listxattr(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) 4.427394487s ago: executing program 3 (id=2522): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x4b, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df793"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 3.615065159s ago: executing program 1 (id=2523): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffc}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a40)={{r2, 0xffffffffffffffff}, &(0x7f00000009c0), &(0x7f0000000a00)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.473523157s ago: executing program 2 (id=2524): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000000780)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00001e9000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89c, 0xc000, 0x2, 0x6}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xfff0}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.357558163s ago: executing program 2 (id=2525): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ptrace$ARCH_GET_FS(0x1e, r0, &(0x7f0000000000), 0x1003) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x40) fcntl$setsig(r3, 0xa, 0x13) fcntl$setlease(r3, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = getpid() fcntl$setownex(r4, 0xf, &(0x7f0000000100)={0x2, r5}) fcntl$setown(r3, 0x8, 0x0) fcntl$setlease(r3, 0x400, 0x2) write$uinput_user_dev(r3, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, 0x0) 3.356679073s ago: executing program 3 (id=2526): r0 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x41, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 2.980012883s ago: executing program 1 (id=2527): capset(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x800804, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d312c747a3d5554432c726f6469722c6e6f6e756d7461696c3d302c726f6469722c696f636861727365743d63703836392c757466383d302c696f636861727365743d6b6f69382d722c73686f72746e616d653d77696e39352c696f636861727365743d6575632d6a702c747a3d5554432c6e6f6e756d7461696c3d302c726f6469722c756e695f786c6174653d302c73686f72746e616d653d77696e39352c008196394b3a91cf70819038b928f995fd653f1f3eee3ecdc9d3f4fee0b2b07f80606b7ca0e0aa78236f2ed2658ffe0bcca9b9bbe1973ad0a3c2bf90639aff705d5da1b9e2a4705e2b52ee37b485c061d656bfd99d40415e4497db4c6be25f68c0930bef65ce96d965a9b1584941c07ba962f2770fa27962a998c5dc78e166d45ca4955268f515ee6871cf47b8cfe6"], 0x1, 0x275, &(0x7f00000003c0)="$eJzs3U9qG1ccB/DfWJIttQtp0VUpeKBddGXsnsCmuFBqKLRo0XbRmNiGYAmDDYL8IYpXOUFOkPNkE3KBHCAhu3hhMkGekayEkY0S2TLJ57PR4733nfd7M4O0mtGtH7r7OwdHe8cPXka9nsTCeqzHSRKtWIihR1HqxevyfgDghjvJsniT5ZZKZ9QmJKsLV1oYAHBlxn//510LAHA9/v7n3z82trY2/0rTekT3ca+dRP6Zj2/sxZ3oxG6sRjNOI7KRvP3b71ubUU0HWvFTt99rD5Ld/58Vx994FXGWX4tmtMrza2luLN/vtWvxzXD9JOLPp9GM78rzv5Tko70YP/84Vv9KNOP57TiITuwUtQ3zD9fS9Nfsydv7/w16B/mk32svjeYVsyvXemEAAAAAAAAAAAAAAAAAAAAAAPiiraQjrQ/fv1M5PRtfmTSe5ye9H6g/9n6e1TRNsySff56vxvfVqM5z7wAAAAAAAAAAAAAAAAAAAHBTHN29t7/d6ewezrQxfKy/ZCjezXKt5WlTUSlK6yQR061VK5KXT65MuYvGoJ7dw6Qas7sEyainMT60HPlag55G3hjr+ezV63HWGN5d+9tJXJKql90kM2hkJbdfZWJq8eOeRrGDksmNC1Zf/PaTas6aE4aSiKiNTubFx6nN9hxe1zcQAAAAAAAAAAAAAAAAAAAwdP7Qb8ng8RwKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA5OP///yka/SI8aU5WGTSqUfTMeYsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8Bd4HAAD//4qtaNI=") openat(0xffffffffffffff9c, 0x0, 0x100, 0x0) capget(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) 2.134572507s ago: executing program 2 (id=2528): syz_open_dev$dri(0x0, 0x1ff, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) write$P9_RSTATu(r0, &(0x7f0000000580)={0x237, 0x7d, 0x2, {{0x500, 0xf6, 0x0, 0x5000000, {0x0, 0x0, 0x8}, 0x41400000, 0x0, 0xe5e0, 0x5, 0x1b, '\x04nodev{evoo~\x05E\xc6\x00\x05\b\x007\xd9:\x8b\x92\x00\x00\x00', 0x33, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x37, '\xcf\xc3m\a\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e^\x98\x9c\xd5\xefMQ\xf6\r\xa7X,J\x05\xc8\xf8(\xf6\x8d\xc1wM]\xe2\xe8 \x86#\x81\xf6hm\xd1\xbb\x8f\xd7\x00\x00\x00', 0x3e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c<;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0w\xdct\x00\x00\x00\x00\x00\x00\x00\x00\a\xec!\xca\xbf\xf2\x0f\x9c\x00\x89\xf9\x06\x00\x00\x00\x00\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x13r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x237) connect$unix(0xffffffffffffffff, 0x0, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000140)=@ceph_nfs_fh={0x8, 0xfe, {0x7}}, 0x2241c2) 2.064139951s ago: executing program 1 (id=2529): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x22000044}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x50}}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x22000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x8, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x10000491, 0x8d3, 0x200006, 0x800008, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e58, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x5, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0xff, 0xf45, 0x3, 0x7fff, 0x8, 0x77, 0x6, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x9, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x81, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{}], 0x1, 0x0, 0x0, 0x11000000}, 0x0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r0, 0xc008aec1, &(0x7f0000000680)={0x4, 0x0, [{0xb, 0x8, 0x6, 0x8, 0x7, 0x9, 0x7}, {0x80000008, 0x10000, 0x5, 0x8, 0x5a, 0x6, 0x840}, {0x80000000, 0x4, 0x5, 0x8, 0x8, 0x1, 0x10000}, {0x80000008, 0x1, 0x3, 0x6, 0x7, 0x3, 0xfffffc01}]}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='net/ip6_mr_cache\x00') preadv(r4, &(0x7f0000000400)=[{&(0x7f0000000340)=""/152, 0x98}], 0x1, 0x1, 0xe3d0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000280)={0x1, 0x0, [{0xb, 0x5, 0x1, 0x400, 0x1, 0x2, 0x3}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 1.70786003s ago: executing program 3 (id=2530): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(0x0, r1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040), 0x0, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa1", @ANYRES32=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r5}, 0xc) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x20000023896) 924.026371ms ago: executing program 2 (id=2531): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) bind$alg(r3, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="0000d63f9a8eecdeb60ddb0700000000", 0x20) 460.039135ms ago: executing program 3 (id=2532): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000000780)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00001e9000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89c, 0xc000, 0x2, 0x6}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xfff0}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 278.331715ms ago: executing program 3 (id=2533): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x4b, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df793"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 122.920473ms ago: executing program 3 (id=2534): timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000)) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='nodiscard,alloc_mode=default,acl,alloc_mode=reuse,mode=fragment:block,disable_roll_forward,background_gc=on,nouser_xattr,checkpoint=disable,fsync_mode=strict,nobarrier,jqfmt=vfsold,mode=fragment:block,\x00'], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x18b341, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000180)=0xfffffff9) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000003}) 0s ago: executing program 1 (id=2535): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x101}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x4000087, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0103000000000000000001000000080001002d00000008000300", @ANYBLOB="01009900"], 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x0) kernel console output (not intermixed with test programs): r: syz [ 374.539985][ T5833] usb 2-1: SerialNumber: syz [ 375.929292][ T5833] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 376.120467][T10502] loop2: detected capacity change from 0 to 256 [ 376.147712][T10502] exfat: Deprecated parameter 'utf8' [ 376.185953][T10502] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 376.282041][ T28] audit: type=1800 audit(1777019745.292:137): pid=10502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1670" name="file1" dev="loop2" ino=1048605 res=0 errno=0 [ 377.572310][T10513] sg_write: data in/out 455644/242 bytes for SCSI command 0x0-- guessing data in; [ 377.572310][T10513] program syz.3.1673 not setting count and/or reply_len properly [ 377.863983][ T5833] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000118. ret = -71 [ 378.625639][ T5833] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 378.638301][ T5833] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 380.212136][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.218657][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.287828][ T5833] lan78xx: probe of 2-1:1.0 failed with error -71 [ 380.328268][ T5833] usb 2-1: USB disconnect, device number 29 [ 382.937527][T10538] sg_write: data in/out 457692/250 bytes for SCSI command 0x0-- guessing data in; [ 382.937527][T10538] program syz.2.1684 not setting count and/or reply_len properly [ 385.626591][T10557] loop2: detected capacity change from 0 to 256 [ 385.707097][T10557] FAT-fs (loop2): bogus number of FAT sectors [ 385.713552][T10557] FAT-fs (loop2): Can't find a valid FAT filesystem [ 386.092492][ T5767] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 388.442336][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 389.362506][T10585] delete_channel: no stack [ 389.500059][T10586] input: syz1 as /devices/virtual/input/input18 [ 396.595984][T10615] sg_write: data in/out 457692/250 bytes for SCSI command 0x0-- guessing data in; [ 396.595984][T10615] program syz.1.1705 not setting count and/or reply_len properly [ 396.702222][T10620] fuse: Bad value for 'fd' [ 396.717360][ T5781] Bluetooth: hci3: unexpected event for opcode 0x040d [ 396.818273][T10625] loop0: detected capacity change from 0 to 8 [ 397.955622][T10627] loop1: detected capacity change from 0 to 32768 [ 400.698660][T10653] sg_write: data in/out 400349/282 bytes for SCSI command 0x0-- guessing data in; [ 400.698660][T10653] program syz.3.1718 not setting count and/or reply_len properly [ 400.965371][T10655] loop2: detected capacity change from 0 to 128 [ 401.048926][T10655] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 401.113462][T10655] ext4 filesystem being mounted at /427/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 401.238118][ T5776] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 401.331913][T10475] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 401.638188][ T5781] Bluetooth: hci2: unexpected cc 0x2005 length: 8 > 1 [ 401.645542][ T5781] Bluetooth: hci2: unexpected event for opcode 0x2005 [ 401.861894][T10475] usb 2-1: Using ep0 maxpacket: 32 [ 402.724306][T10475] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 402.737630][T10475] usb 2-1: config 0 has no interface number 0 [ 402.750198][T10475] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.775787][T10681] binder: BINDER_SET_CONTEXT_MGR already set [ 402.788739][T10475] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.790951][T10683] sg_write: data in/out 400349/282 bytes for SCSI command 0x0-- guessing data in; [ 402.790951][T10683] program syz.0.1729 not setting count and/or reply_len properly [ 402.799164][T10475] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 402.816250][T10681] binder: 10680:10681 ioctl 4018620d 200000004a80 returned -16 [ 402.833348][T10475] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.845658][T10475] usb 2-1: config 0 descriptor?? [ 403.213974][T10688] loop0: detected capacity change from 0 to 128 [ 403.976845][T10688] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 404.030653][T10475] uclogic 0003:28BD:0094.000B: pen parameters not found [ 404.322655][T10475] uclogic 0003:28BD:0094.000B: interface is invalid, ignoring [ 405.212467][T10688] ext4 filesystem being mounted at /427/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 405.363529][T10475] usb 2-1: USB disconnect, device number 30 [ 406.995058][ T5774] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 407.005317][ T5781] Bluetooth: hci1: unexpected cc 0x2005 length: 8 > 1 [ 407.012317][ T5781] Bluetooth: hci1: unexpected event for opcode 0x2005 [ 408.092363][T10720] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 411.385425][T10745] loop3: detected capacity change from 0 to 128 [ 411.446203][T10745] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 411.521919][T10745] ext4 filesystem being mounted at /472/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 411.892035][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 412.606034][ T5777] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 412.798499][T10755] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 416.356982][T10776] loop3: detected capacity change from 0 to 128 [ 416.388130][T10776] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 416.420244][T10776] ext4 filesystem being mounted at /475/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 416.678545][T10785] loop1: detected capacity change from 0 to 256 [ 416.686261][T10785] exfat: Deprecated parameter 'utf8' [ 416.691771][T10785] exfat: Deprecated parameter 'namecase' [ 416.697664][T10785] exfat: Deprecated parameter 'namecase' [ 416.703652][T10785] exfat: Deprecated parameter 'namecase' [ 417.011722][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 417.301859][ T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 417.462233][ T5777] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 417.471629][T10785] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 417.870331][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 417.903060][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 417.918570][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 417.974885][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 418.001970][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.010065][ T9] usb 1-1: Product: syz [ 418.027990][ T9] usb 1-1: Manufacturer: syz [ 418.037907][ T9] usb 1-1: SerialNumber: syz [ 418.295861][ T9] usb 1-1: 0:2 : does not exist [ 418.316349][ T9] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 418.440231][ T9] usb 1-1: USB disconnect, device number 22 [ 418.494113][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 421.023398][T10810] binder: BINDER_SET_CONTEXT_MGR already set [ 421.029488][T10810] binder: 10807:10810 ioctl 4018620d 200000004a80 returned -16 [ 421.137196][T10816] loop3: detected capacity change from 0 to 128 [ 422.713453][T10818] input: syz1 as /devices/virtual/input/input19 [ 423.013342][T10816] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 423.232103][T10816] ext4 filesystem being mounted at /478/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 423.488188][T10825] loop0: detected capacity change from 0 to 256 [ 423.495855][T10825] exfat: Deprecated parameter 'utf8' [ 423.501234][T10825] exfat: Deprecated parameter 'namecase' [ 423.507478][T10825] exfat: Deprecated parameter 'namecase' [ 423.513331][T10825] exfat: Deprecated parameter 'namecase' [ 424.204666][T10825] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 424.343880][ T5777] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 425.029369][ T1005] Bluetooth: hci4: Frame reassembly failed (-84) [ 425.039265][ T1005] Bluetooth: hci4: Frame reassembly failed (-84) [ 425.118731][T10851] program syz.2.1777 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 425.211978][T10476] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 425.442453][T10476] usb 4-1: Using ep0 maxpacket: 16 [ 425.467622][T10476] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 425.621568][T10476] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 425.664316][T10476] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 425.684325][T10476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.711520][T10476] usb 4-1: Product: syz [ 425.728989][T10476] usb 4-1: Manufacturer: syz [ 425.996546][T10476] usb 4-1: SerialNumber: syz [ 426.147830][T10857] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock [ 426.167916][T10857] ptrace attach of "./syz-executor exec"[5774] was attempted by "./syz-executor exec"[10857] [ 427.077316][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 427.084403][ T5781] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 427.399362][T10864] loop1: detected capacity change from 0 to 128 [ 427.450597][T10476] usb 4-1: 0:2 : does not exist [ 427.463939][T10476] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 427.481390][T10864] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 427.512046][T10864] ext4 filesystem being mounted at /417/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 427.539587][T10476] usb 4-1: USB disconnect, device number 16 [ 428.081410][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 429.029713][ T5775] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 429.251545][ T28] audit: type=1326 audit(1777019798.262:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa7459cdd9 code=0x7ffc0000 [ 429.402229][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 432.034457][ T28] audit: type=1326 audit(1777019798.262:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa7459cdd9 code=0x7ffc0000 [ 432.057134][ T28] audit: type=1326 audit(1777019799.732:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7faa7459cdd9 code=0x7ffc0000 [ 432.084986][ T28] audit: type=1326 audit(1777019799.732:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa7459cdd9 code=0x7ffc0000 [ 432.110331][ T28] audit: type=1326 audit(1777019799.732:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10881 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa7459cdd9 code=0x7ffc0000 [ 434.945124][T10907] loop3: detected capacity change from 0 to 128 [ 435.308576][T10907] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 435.474120][T10907] ext4 filesystem being mounted at /483/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 436.644076][ T5777] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 436.718950][ T5781] Bluetooth: hci3: unexpected event for opcode 0x040d [ 440.409071][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.415963][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.719647][T10966] loop2: detected capacity change from 0 to 256 [ 442.727213][T10966] exfat: Deprecated parameter 'utf8' [ 442.732721][T10966] exfat: Deprecated parameter 'namecase' [ 442.738487][T10966] exfat: Deprecated parameter 'namecase' [ 442.744380][T10966] exfat: Deprecated parameter 'namecase' [ 442.789365][T10966] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 448.442125][ T27] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 448.641950][ T27] usb 1-1: Using ep0 maxpacket: 16 [ 448.662311][ T27] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 448.685362][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 448.722692][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 448.748991][ T27] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 448.771082][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 448.808230][ T27] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 448.817725][ T27] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 448.838009][ T27] usb 1-1: Manufacturer: syz [ 448.849303][ T27] usb 1-1: config 0 descriptor?? [ 449.207184][T11005] loop1: detected capacity change from 0 to 64 [ 449.255262][ T27] rc_core: IR keymap rc-hauppauge not found [ 449.262128][ T27] Registered IR keymap rc-empty [ 449.274046][T10997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.298159][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 449.310099][T10997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.352446][T10997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.362827][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 449.383617][T10997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.394326][T10997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.406828][ T27] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 449.432237][T10997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.457279][ T27] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input20 [ 449.476259][T10997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.508823][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 449.542363][T10997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.562446][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 449.620153][T11012] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 449.652156][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 449.834846][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 449.934906][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 450.059538][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 450.195347][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 450.305212][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 450.460375][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 450.591877][ T27] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 450.646916][ T27] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 451.358270][T11022] input: syz1 as /devices/virtual/input/input21 [ 452.172094][ T27] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 452.189527][ T27] usb 1-1: USB disconnect, device number 23 [ 454.367433][ T5781] Bluetooth: hci2: unknown advertising packet type: 0x70 [ 460.122197][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 463.091855][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c0!!! [ 465.651844][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 466.066012][T11098] loop3: detected capacity change from 0 to 128 [ 466.287705][T11103] futex_wake_op: syz.3.1851 tries to shift op by -1; fix this program [ 466.775281][T11105] sg_write: data in/out 404445/298 bytes for SCSI command 0x0-- guessing data in; [ 466.775281][T11105] program syz.0.1844 not setting count and/or reply_len properly [ 470.701857][ T5764] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 470.911781][ T5764] usb 4-1: Using ep0 maxpacket: 16 [ 472.408957][ T5764] usb 4-1: unable to get BOS descriptor or descriptor too short [ 472.421574][ T5764] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 472.454876][ T5764] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 472.497613][ T5764] usb 4-1: config 1 has no interface number 0 [ 472.531881][ T5764] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 472.566881][ T5764] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 472.581794][ T5764] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.604048][ T5764] usb 4-1: Product: syz [ 472.618645][ T5764] usb 4-1: Manufacturer: syz [ 472.638818][ T5764] usb 4-1: SerialNumber: syz [ 473.097920][ T5764] usb 4-1: 2:1 : can't get High Capability descriptor [ 473.404806][ T5764] usb 4-1: USB disconnect, device number 17 [ 473.856477][T11136] sg_write: data in/out 404445/298 bytes for SCSI command 0x0-- guessing data in; [ 473.856477][T11136] program syz.0.1863 not setting count and/or reply_len properly [ 476.271232][T11134] loop1: detected capacity change from 0 to 40427 [ 476.342024][T11155] input: syz1 as /devices/virtual/input/input22 [ 476.542542][T11134] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 476.550990][T11134] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 477.116549][T11134] F2FS-fs (loop1): invalid crc value [ 477.329369][T11134] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-4) [ 479.158055][T11168] overlayfs: missing 'workdir' [ 479.177973][T11171] sg_write: data in/out 404445/298 bytes for SCSI command 0x0-- guessing data in; [ 479.177973][T11171] program syz.2.1872 not setting count and/or reply_len properly [ 482.330390][T11185] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 482.588530][T11187] fuse: Bad value for 'fd' [ 483.277127][T11195] input: syz1 as /devices/virtual/input/input23 [ 487.452590][T11214] loop3: detected capacity change from 0 to 128 [ 487.915165][T11217] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 488.768648][T11222] fuse: Bad value for 'fd' [ 491.002379][T10475] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 491.265284][T10475] usb 2-1: unable to get BOS descriptor or descriptor too short [ 491.380363][T10475] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 491.583198][T10475] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 491.815272][T10475] usb 2-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 491.922601][T10475] usb 2-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 492.002430][T10475] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 492.052379][T10475] usb 2-1: config 1 interface 1 has no altsetting 0 [ 492.107972][T10475] usb 2-1: string descriptor 0 read error: -22 [ 492.117681][T10475] usb 2-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 492.141019][T10475] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.502982][T11252] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 493.677730][T10475] usb 2-1: 2:0: failed to get current value for ch 1 (-32) [ 494.402845][T10475] usb 2-1: USB disconnect, device number 31 [ 496.471991][ T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 496.692570][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 496.734409][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 496.792325][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 496.808484][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 496.820092][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 496.839103][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 496.879515][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 496.902138][ T9] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 496.910218][ T9] usb 2-1: Manufacturer: syz [ 496.950442][ T9] usb 2-1: config 0 descriptor?? [ 497.400770][T11260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.416246][T11260] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.545022][T11260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.575224][T11260] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.633235][T11260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.637322][ T5833] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 497.669260][ T9] rc_core: IR keymap rc-hauppauge not found [ 497.678074][ T9] Registered IR keymap rc-empty [ 497.731094][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 497.732665][T11260] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.821843][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 498.048673][ T5833] usb 1-1: Using ep0 maxpacket: 32 [ 498.196568][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 498.215588][ T5833] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 498.344987][T11260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.354047][ T5833] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 498.366027][T11271] fuse: Bad value for 'fd' [ 498.373012][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input24 [ 498.401426][ T5833] usb 1-1: config 0 has no interface number 0 [ 498.411115][T11260] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.430501][ T5833] usb 1-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10 [ 498.461825][ T5833] usb 1-1: config 0 interface 8 has no altsetting 0 [ 498.485822][ T5833] usb 1-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb [ 498.505779][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.542063][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 498.549601][ T5833] usb 1-1: Product: syz [ 498.570033][ T5833] usb 1-1: Manufacturer: syz [ 498.620229][ T5833] usb 1-1: SerialNumber: syz [ 498.626165][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 498.658663][ T5833] usb 1-1: config 0 descriptor?? [ 498.669703][T11277] loop2: detected capacity change from 0 to 1024 [ 498.683432][T11277] EXT4-fs: Ignoring removed orlov option [ 498.774033][T11279] loop3: detected capacity change from 0 to 256 [ 498.990070][T11277] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 499.566671][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 499.602196][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 499.602381][ T5833] ath6kl: Failed to submit usb control message: -71 [ 499.615140][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.632721][ T5833] ath6kl: unable to send the bmi data to the device: -71 [ 499.642753][ T5833] ath6kl: Unable to send get target info: -71 [ 499.665038][ T5833] ath6kl: Failed to init ath6kl core: -71 [ 499.672721][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 499.686443][ T5833] ath6kl_usb: probe of 1-1:0.8 failed with error -71 [ 499.714181][ T5833] usb 1-1: USB disconnect, device number 24 [ 499.759632][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 499.809571][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 499.839311][T11288] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 499.977363][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 500.171318][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 500.340930][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 500.428808][ T5833] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 500.527512][ T9] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 500.610064][ T9] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 502.098487][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.105326][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.132363][ T9] usb 2-1: USB disconnect, device number 32 [ 502.222265][ T5833] usb 4-1: Using ep0 maxpacket: 16 [ 502.254028][ T5833] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 502.286152][ T5833] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 502.332941][ T5833] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 502.348093][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.488084][ T5833] usb 4-1: Product: syz [ 502.492737][ T5833] usb 4-1: Manufacturer: syz [ 502.497441][ T5833] usb 4-1: SerialNumber: syz [ 502.841323][ T5833] usb 4-1: 0:2 : does not exist [ 502.865608][ T5833] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 503.807060][ T5833] usb 4-1: USB disconnect, device number 18 [ 503.864188][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 504.221803][ T5833] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 504.462717][T11318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 504.927811][T11312] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 505.021785][ T5833] usb 4-1: Using ep0 maxpacket: 16 [ 505.059070][T11324] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 505.854933][ T5833] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 505.865496][ T5833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 505.876790][ T5833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 505.886840][ T5833] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 505.897543][ T5833] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 505.961878][ T5833] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 505.971540][ T5833] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 505.980777][ T5833] usb 4-1: Manufacturer: syz [ 505.988338][ T5833] usb 4-1: config 0 descriptor?? [ 506.361769][ T5833] rc_core: IR keymap rc-hauppauge not found [ 506.367933][ T5833] Registered IR keymap rc-empty [ 506.382542][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 506.407559][T11311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.427561][T11311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.451913][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 506.498342][ T5833] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 506.517003][T11311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.572322][ T5833] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input25 [ 506.588820][T11311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.663362][T11311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.699947][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 506.728502][T11311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.783150][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 506.826215][T11311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.872000][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 506.893164][T11311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.952700][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 507.001471][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 507.043128][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 507.132015][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 507.182013][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 507.303889][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 507.351973][ T5833] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 507.393833][ T5833] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 507.411806][ T5833] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 507.436507][ T5833] usb 4-1: USB disconnect, device number 19 [ 507.601834][ T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 507.669089][T11345] loop3: detected capacity change from 0 to 64 [ 507.782952][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 507.801636][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 507.831863][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 507.865749][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 507.882500][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.911551][ T9] usb 1-1: Product: syz [ 507.931515][ T9] usb 1-1: Manufacturer: syz [ 507.946315][ T9] usb 1-1: SerialNumber: syz [ 509.014814][ T9] usb 1-1: 0:2 : does not exist [ 509.026407][ T9] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 509.269413][ T9] usb 1-1: USB disconnect, device number 25 [ 509.374340][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 510.439254][T11356] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 513.241285][ T5781] Bluetooth: hci1: unknown advertising packet type: 0x70 [ 515.590495][ T8] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 515.821988][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 515.845183][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 515.971912][T11395] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 516.191382][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 516.773521][ T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 516.801744][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.809827][ T8] usb 4-1: Product: syz [ 516.867115][ T8] usb 4-1: Manufacturer: syz [ 516.888314][ T8] usb 4-1: SerialNumber: syz [ 517.365700][ T8] usb 4-1: 0:2 : does not exist [ 517.385509][ T8] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 517.430963][ T8] usb 4-1: USB disconnect, device number 20 [ 518.391457][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 518.487950][ T5781] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 518.758253][T11403] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1942'. [ 520.097167][T11430] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 521.225476][T11439] loop1: detected capacity change from 0 to 128 [ 521.243259][T11443] binder: 11441:11443 ioctl c0306201 0 returned -14 [ 521.836707][T11442] futex_wake_op: syz.1.1955 tries to shift op by -1; fix this program [ 522.637875][T11451] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 524.526807][T11469] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 524.751723][T11468] binder: 11466:11468 ioctl c0306201 0 returned -14 [ 524.782168][T11470] loop3: detected capacity change from 0 to 128 [ 525.285914][T11472] futex_wake_op: syz.3.1966 tries to shift op by -1; fix this program [ 526.008477][T11476] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 528.352675][T11501] binder: 11500:11501 ioctl c0306201 0 returned -14 [ 528.675939][T11503] loop0: detected capacity change from 0 to 128 [ 529.351883][T11506] futex_wake_op: syz.0.1979 tries to shift op by -1; fix this program [ 529.918643][T11509] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 530.160034][T11508] loop3: detected capacity change from 0 to 8 [ 533.171803][ T5833] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 533.371899][ T5833] usb 1-1: Using ep0 maxpacket: 32 [ 533.386529][ T5833] usb 1-1: config index 0 descriptor too short (expected 60452, got 36) [ 533.397472][ T5833] usb 1-1: config 240 has too many interfaces: 129, using maximum allowed: 32 [ 533.416165][ T5833] usb 1-1: config 240 has an invalid interface number: 188 but max is 128 [ 533.434092][ T5833] usb 1-1: config 240 has an invalid descriptor of length 0, skipping remainder of the config [ 533.455740][ T5833] usb 1-1: config 240 has 1 interface, different from the descriptor's value: 129 [ 533.477580][ T5833] usb 1-1: config 240 has no interface number 0 [ 533.484502][ T5833] usb 1-1: config 240 interface 188 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 533.511799][ T5833] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 533.537809][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.552886][ T5833] usb 1-1: Product: syz [ 533.559484][ T5833] usb 1-1: Manufacturer: syz [ 533.568702][ T5833] usb 1-1: SerialNumber: syz [ 533.592712][ T5833] asix: probe of 1-1:240.188 failed with error -22 [ 533.803883][T10476] usb 1-1: USB disconnect, device number 26 [ 533.865658][T11537] loop1: detected capacity change from 0 to 64 [ 535.813145][T11544] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 539.961737][ T8] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 539.962090][T10475] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 540.083232][T11579] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 540.412334][T10475] usb 2-1: Using ep0 maxpacket: 8 [ 540.420531][T10475] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 540.432399][T10475] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 540.497733][T10475] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 540.568978][T10475] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 540.622761][T10475] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 540.642817][T10475] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 540.671782][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 540.673985][T10475] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 540.684061][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 540.709435][T10475] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.711479][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 540.731973][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 540.749471][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 540.769611][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 540.823821][ T8] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 540.842706][ T8] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 540.861125][ T8] usb 1-1: Manufacturer: syz [ 540.884156][ T8] usb 1-1: config 0 descriptor?? [ 541.177700][T10475] usb 2-1: usb_control_msg returned -32 [ 541.183996][T10475] usbtmc 2-1:16.0: can't read capabilities [ 541.252125][ T8] rc_core: IR keymap rc-hauppauge not found [ 541.258135][ T8] Registered IR keymap rc-empty [ 541.305788][T11569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 541.387671][T11597] loop3: detected capacity change from 0 to 256 [ 541.403496][T11597] exfat: Deprecated parameter 'utf8' [ 541.408979][T11597] exfat: Deprecated parameter 'namecase' [ 541.415668][T11597] exfat: Deprecated parameter 'namecase' [ 541.421606][T11597] exfat: Deprecated parameter 'namecase' [ 541.473621][T11569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 541.650313][T11597] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 541.988433][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 542.006019][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 542.023113][T11569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 542.037329][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 542.073295][T11598] usbtmc 2-1:16.0: Unable to send data, error -71 [ 542.098043][T11569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 542.123008][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 542.153455][T11569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 542.203317][T11569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 542.224528][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input26 [ 542.362731][T11569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 542.386061][T11569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 542.479474][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.318708][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.372246][ T5764] usb 2-1: USB disconnect, device number 33 [ 543.380145][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.433113][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.473015][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.558111][T11610] loop1: detected capacity change from 0 to 64 [ 543.580107][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.642747][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.711867][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 543.901860][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 544.093617][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 544.393748][ T8] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 544.406340][T11616] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 544.658780][ T8] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 544.684654][ T8] usb 1-1: USB disconnect, device number 27 [ 546.667646][T10475] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 546.852529][T10475] usb 1-1: Using ep0 maxpacket: 16 [ 546.897700][T10475] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 546.985345][T10475] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 547.169080][T10475] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 547.282189][T10475] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 547.302260][T10475] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 547.334999][T10475] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 547.523315][T10475] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 547.532292][T10475] usb 1-1: Manufacturer: syz [ 547.553366][T10475] usb 1-1: config 0 descriptor?? [ 548.398541][T11652] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 548.643765][T11640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 548.662674][T10475] rc_core: IR keymap rc-hauppauge not found [ 548.668651][T10475] Registered IR keymap rc-empty [ 548.693019][T11640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 548.712681][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 548.734362][T11640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 548.782233][T11640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 548.803060][T11640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 548.839248][T11640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 548.896528][T11640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 548.962276][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 548.997448][T11640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 549.017465][T10475] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 549.050679][T10475] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input27 [ 549.897208][T11664] rtc_cmos 00:00: Alarms can be up to one day in the future [ 549.983953][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 550.283643][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 550.359575][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 550.936031][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 551.052313][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 551.098642][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 551.442346][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 552.292208][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 552.336511][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 552.392305][T10475] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 552.456814][T10475] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 552.501171][T10475] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 552.547551][T10475] usb 1-1: USB disconnect, device number 28 [ 563.968332][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.975330][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.711836][ T8] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 572.331010][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 572.369080][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 572.418939][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 572.479790][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 572.501705][ T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 572.526914][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 572.567448][ T8] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 572.588700][ T8] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 572.610253][ T8] usb 3-1: Manufacturer: syz [ 572.635075][ T8] usb 3-1: config 0 descriptor?? [ 573.022288][ T8] rc_core: IR keymap rc-hauppauge not found [ 573.038486][ T8] Registered IR keymap rc-empty [ 573.049654][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.067923][T11827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.093406][T11827] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.112020][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.130768][T11827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.155991][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 573.162551][T11827] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.196298][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input29 [ 573.226897][T11827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.261962][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.262548][T11827] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.325945][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.344799][T11827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.374946][T11827] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.392202][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.431926][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.476645][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.521823][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.563733][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 573.623524][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 574.531859][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 574.600130][ T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 576.515698][ T8] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 576.581047][ T8] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 576.626128][ T8] usb 3-1: USB disconnect, device number 21 [ 580.092182][ T5814] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 580.284253][ T5814] usb 1-1: Using ep0 maxpacket: 16 [ 580.294028][ T5814] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 580.332177][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 580.361425][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 580.399673][ T5814] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 580.439965][ T5814] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 580.513173][ T5814] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 580.523205][ T5814] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 580.531378][ T5814] usb 1-1: Manufacturer: syz [ 581.076059][ T5814] usb 1-1: config 0 descriptor?? [ 581.452233][ T5814] rc_core: IR keymap rc-hauppauge not found [ 581.474473][ T5814] Registered IR keymap rc-empty [ 581.479462][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 581.522658][T11883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 581.541458][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 581.549253][T11883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.572140][T11904] loop2: detected capacity change from 0 to 256 [ 581.597219][T11904] exfat: Deprecated parameter 'utf8' [ 581.602003][ T5814] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 581.623759][T11883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 581.649547][T11904] exfat: Deprecated parameter 'namecase' [ 581.653419][ T5814] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input30 [ 581.676060][T11904] exfat: Deprecated parameter 'namecase' [ 581.692778][T11883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.700133][T11904] exfat: Deprecated parameter 'namecase' [ 581.734596][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 581.740483][T11904] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 581.764831][T11883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 581.775869][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 581.807701][T11883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.832575][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 581.859312][T11883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 581.870970][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 581.897042][T11883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.923016][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 581.972521][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 582.010664][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 582.072695][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 582.102113][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 582.142285][ T5814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 582.179200][ T5814] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 582.211595][ T5814] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 582.311306][ T5814] usb 1-1: USB disconnect, device number 29 [ 587.705896][T11983] loop1: detected capacity change from 0 to 16 [ 587.737109][T11983] erofs: (device loop1): mounted with root inode @ nid 36. [ 587.810949][T11983] syz.1.2124: attempt to access beyond end of device [ 587.810949][T11983] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 587.885560][T11987] loop0: detected capacity change from 0 to 512 [ 587.904621][T11983] syz.1.2124: attempt to access beyond end of device [ 587.904621][T11983] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 587.939113][T11983] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 587.962980][ T28] audit: type=1800 audit(1777019956.972:143): pid=11983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2124" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 587.983884][T11983] syz.1.2124 (11983) used greatest stack depth: 20208 bytes left [ 588.081901][T11987] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 588.112803][T11987] ext4 filesystem being mounted at /524/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 588.254445][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.688511][T12034] loop3: detected capacity change from 0 to 128 [ 591.889372][T12038] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 593.323217][T12051] binder: 12050:12051 ioctl c0306201 200000000080 returned -14 [ 593.336340][T12051] binder: 12050:12051 ioctl c0306201 2000000003c0 returned -14 [ 600.951202][ T5781] Bluetooth: hci2: unknown advertising packet type: 0x70 [ 602.201244][T12138] loop2: detected capacity change from 0 to 256 [ 602.210959][T12136] loop0: detected capacity change from 0 to 512 [ 602.255161][T12136] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 602.286348][T12138] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 602.310953][T12141] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 602.387046][T12136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 602.401944][T12136] ext4 filesystem being mounted at /531/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 602.450841][T12147] loop1: detected capacity change from 0 to 256 [ 602.515907][ T5767] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 602.624698][T12136] EXT4-fs error (device loop0): ext4_get_first_dir_block:3592: inode #12: block 32: comm syz.0.2174: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0 [ 602.700435][T12136] EXT4-fs error (device loop0): ext4_get_first_dir_block:3595: inode #12: comm syz.0.2174: directory missing '.' [ 602.800192][T12149] loop1: detected capacity change from 0 to 128 [ 602.851937][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 602.959321][T12153] fuse: Bad value for 'group_id' [ 603.270572][ T5781] Bluetooth: hci2: unknown advertising packet type: 0x70 [ 605.682364][T12179] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 606.102732][T12188] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1574906631 (3149813262 ns) > initial count (1841593562 ns). Using initial count to start timer. [ 607.834025][T12195] fuse: Bad value for 'group_id' [ 608.066561][T12198] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 609.554679][T12212] loop1: detected capacity change from 0 to 256 [ 609.891784][ T5833] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 610.114349][ T5833] usb 4-1: unable to get BOS descriptor or descriptor too short [ 610.153148][ T5833] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 610.190799][ T5833] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 610.225186][ T5833] usb 4-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40 [ 610.241996][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.245635][T12218] fuse: Bad value for 'group_id' [ 610.250042][ T5833] usb 4-1: Product: syz [ 610.250062][ T5833] usb 4-1: Manufacturer: syz [ 610.250076][ T5833] usb 4-1: SerialNumber: syz [ 610.620537][ T5833] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 610.648434][ T5833] snd-usb-audio: probe of 4-1:1.1 failed with error -22 [ 610.783858][ T5833] snd-usb-audio: probe of 4-1:1.2 failed with error -22 [ 610.821406][ T5833] usb 4-1: USB disconnect, device number 21 [ 610.937199][ T5769] udevd[5769]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 613.330802][T12238] loop3: detected capacity change from 0 to 128 [ 613.441897][T12239] futex_wake_op: syz.3.2204 tries to shift op by -1; fix this program [ 614.286522][T12243] loop2: detected capacity change from 0 to 256 [ 614.328785][T12243] FAT-fs (loop2): Unrecognized mount option "fmask=0000000080000´Àó006675" or missing value [ 614.415083][ T6133] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 614.425455][T12243] xt_hashlimit: size too large, truncated to 1048576 [ 616.080914][T12268] loop1: detected capacity change from 0 to 128 [ 616.215582][T12269] futex_wake_op: syz.1.2215 tries to shift op by -1; fix this program [ 619.263479][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 619.292481][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 619.301339][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 619.317204][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 619.337158][ T51] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 619.345100][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 620.917380][T12278] chnl_net:caif_netlink_parms(): no params data found [ 621.431936][ T51] Bluetooth: hci4: command tx timeout [ 621.441591][T12278] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.492339][T12278] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.499747][T12278] bridge_slave_0: entered allmulticast mode [ 621.592676][T12278] bridge_slave_0: entered promiscuous mode [ 621.602066][T12278] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.609984][T12278] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.617595][T12278] bridge_slave_1: entered allmulticast mode [ 621.625556][T12278] bridge_slave_1: entered promiscuous mode [ 621.690710][T12278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 621.737001][T12278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 622.026210][ T51] Bluetooth: hci3: unknown advertising packet type: 0x70 [ 622.123943][T12278] team0: Port device team_slave_0 added [ 622.232886][T12278] team0: Port device team_slave_1 added [ 624.011720][ T51] Bluetooth: hci4: command tx timeout [ 624.711902][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 624.748814][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.764239][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.972634][T12278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 625.114656][T12278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 625.432423][T12278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 625.446483][T12278] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 625.453996][T12278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 625.491457][T12278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 625.593860][T10467] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.944510][T10467] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.983385][T12278] hsr_slave_0: entered promiscuous mode [ 625.990512][T12278] hsr_slave_1: entered promiscuous mode [ 626.224103][ T51] Bluetooth: hci4: command tx timeout [ 626.324631][T12278] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 626.341839][T12278] Cannot create hsr debugfs directory [ 626.530567][T10467] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.795716][T10467] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 628.234509][ T51] Bluetooth: hci4: command tx timeout [ 629.008166][ T51] Bluetooth: hci1: unknown advertising packet type: 0x70 [ 630.383085][T12358] 9pnet_fd: Insufficient options for proto=fd [ 630.401884][ T5815] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 630.592178][ T5815] usb 3-1: Using ep0 maxpacket: 16 [ 630.615065][ T5815] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 630.626755][ T5815] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 630.670633][ T5815] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 632.311731][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.338779][ T5815] usb 3-1: Product: syz [ 632.343889][ T5815] usb 3-1: Manufacturer: syz [ 632.348540][ T5815] usb 3-1: SerialNumber: syz [ 632.471395][ T5815] usb 3-1: can't set config #1, error -71 [ 632.504818][ T5815] usb 3-1: USB disconnect, device number 22 [ 632.855993][T12278] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 633.232497][T12382] binder: 12381:12382 ioctl c0306201 0 returned -14 [ 633.285436][T12278] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 633.338205][T12278] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 633.458978][T12278] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 634.243084][ T51] Bluetooth: hci3: unknown advertising packet type: 0x70 [ 634.439018][T12278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 634.470624][T12278] 8021q: adding VLAN 0 to HW filter on device team0 [ 634.569675][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.576910][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.609353][T12408] loop1: detected capacity change from 0 to 512 [ 634.650885][T10467] hsr_slave_0: left promiscuous mode [ 634.678417][T12408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 634.693028][T10467] hsr_slave_1: left promiscuous mode [ 634.711547][T10467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 634.734895][T12408] ext4 filesystem being mounted at /542/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 634.754596][T10467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 634.797171][T10467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 634.832393][T10467] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 634.878624][T10467] bridge_slave_1: left allmulticast mode [ 634.897753][T10467] bridge_slave_1: left promiscuous mode [ 634.922975][ T5775] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 634.934524][T10467] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.980533][T10467] bridge_slave_0: left allmulticast mode [ 634.997207][T10467] bridge_slave_0: left promiscuous mode [ 635.007505][T10467] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.166398][T10467] veth1_macvtap: left promiscuous mode [ 635.238941][T10467] veth0_macvtap: left promiscuous mode [ 635.270743][T10467] veth1_vlan: left promiscuous mode [ 635.291508][T10467] veth0_vlan: left promiscuous mode [ 635.541765][ T8] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 635.756226][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 635.767439][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 635.908404][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 636.013876][T12422] 9pnet_fd: Insufficient options for proto=fd [ 636.345569][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 636.382145][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.410593][ T8] usb 2-1: Product: syz [ 636.435656][ T8] usb 2-1: Manufacturer: syz [ 636.440517][ T8] usb 2-1: SerialNumber: syz [ 636.688708][ T8] usb 2-1: 0:2 : does not exist [ 636.728424][ T8] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 636.935458][ T8] usb 2-1: USB disconnect, device number 34 [ 637.020299][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 637.061108][T12429] loop0: detected capacity change from 0 to 256 [ 637.225519][T12429] FAT-fs (loop0): Directory bread(block 64) failed [ 637.251817][T12429] FAT-fs (loop0): Directory bread(block 65) failed [ 637.258644][T12429] FAT-fs (loop0): Directory bread(block 66) failed [ 637.312637][T12429] FAT-fs (loop0): Directory bread(block 67) failed [ 637.314490][T12431] binder: BINDER_SET_CONTEXT_MGR already set [ 637.319350][T12429] FAT-fs (loop0): Directory bread(block 68) failed [ 637.325703][T12431] binder: 12430:12431 ioctl 4018620d 200000004a80 returned -16 [ 637.362973][T12429] FAT-fs (loop0): Directory bread(block 69) failed [ 637.370264][T12431] binder: 12430:12431 ioctl c0306201 0 returned -14 [ 637.372557][T12429] FAT-fs (loop0): Directory bread(block 70) failed [ 637.384315][T12429] FAT-fs (loop0): Directory bread(block 71) failed [ 637.391019][T12429] FAT-fs (loop0): Directory bread(block 72) failed [ 637.408773][T12429] FAT-fs (loop0): Directory bread(block 73) failed [ 637.938459][T10467] team0 (unregistering): Port device team_slave_1 removed [ 638.022921][T10467] team0 (unregistering): Port device team_slave_0 removed [ 638.086092][T10467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 638.150433][T10467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 641.142418][T12455] xt_hashlimit: size too large, truncated to 1048576 [ 641.220850][T12457] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 641.348449][T12458] loop2: detected capacity change from 0 to 256 [ 641.408656][T12458] exfat: Deprecated parameter 'utf8' [ 641.477710][T12458] exfat: Deprecated parameter 'namecase' [ 641.532694][T12458] exfat: Deprecated parameter 'namecase' [ 641.538435][T12458] exfat: Deprecated parameter 'utf8' [ 641.589121][T12458] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 641.931453][T12461] loop1: detected capacity change from 0 to 128 [ 641.978098][T12461] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 642.027591][T12461] ext4 filesystem being mounted at /547/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 642.733310][ T5775] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 643.610786][T10467] bond0 (unregistering): Released all slaves [ 644.215790][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.223129][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 644.661282][T12482] loop0: detected capacity change from 0 to 1024 [ 644.673724][T12482] EXT4-fs: Ignoring removed bh option [ 644.739662][T12482] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 644.764889][T12482] JBD2: no valid journal superblock found [ 644.774520][T12482] EXT4-fs (loop0): Could not load journal inode [ 646.887511][T12485] loop1: detected capacity change from 0 to 512 [ 647.019772][T12485] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 647.082041][T12485] ext4 filesystem being mounted at /550/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 647.644885][T12492] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 647.664705][T12278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 647.815035][T12492] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 647.866172][T12278] veth0_vlan: entered promiscuous mode [ 647.940236][T12278] veth1_vlan: entered promiscuous mode [ 648.022137][T12492] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 648.113196][T12492] EXT4-fs: Cannot change quota options when quota turned on [ 648.601902][T12278] veth0_macvtap: entered promiscuous mode [ 648.689586][T12278] veth1_macvtap: entered promiscuous mode [ 648.756397][T12278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 648.773935][T12278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.788154][T12278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 648.804697][T12278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.823617][T12278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 648.860263][T12278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 648.907781][T12278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.948896][T12278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 648.986017][T12278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 648.998202][T12278] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 649.025046][T12278] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.034150][T12278] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.043102][T12278] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.085216][T12278] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.462874][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 649.518282][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 649.643763][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 649.657945][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 649.800890][T12504] loop0: detected capacity change from 0 to 128 [ 649.906427][T12504] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 650.003534][T12504] ext4 filesystem being mounted at /554/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 650.758019][ T5774] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 650.989666][T12516] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 651.286703][T12522] loop0: detected capacity change from 0 to 256 [ 651.374014][T12522] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x5955b8de, utbl_chksum : 0xe619d30d) [ 651.374395][ T5775] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 651.766526][T12533] loop2: detected capacity change from 0 to 128 [ 651.831362][T12533] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 651.850548][T12533] ext4 filesystem being mounted at /559/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 651.881898][ T5833] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 651.983968][T12537] netlink: 83 bytes leftover after parsing attributes in process `syz.0.2274'. [ 652.751721][ T5833] usb 2-1: Using ep0 maxpacket: 16 [ 652.830774][ T5833] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 652.848219][ T5833] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 653.528369][ T5833] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 653.587166][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.670949][ T5833] usb 2-1: Product: syz [ 653.711869][ T5833] usb 2-1: Manufacturer: syz [ 653.724543][ T5833] usb 2-1: SerialNumber: syz [ 653.733242][ T5776] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 655.462001][ T5833] usb 2-1: 0:2 : does not exist [ 655.497965][ T5833] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 655.538731][T12545] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 655.558579][ T5833] usb 2-1: USB disconnect, device number 35 [ 655.735047][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 655.742102][T12554] loop2: detected capacity change from 0 to 256 [ 655.948427][T12554] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011bf5, chksum : 0x5eaa6302, utbl_chksum : 0xe619d30d) [ 656.146042][T12554] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 658.482733][T12574] loop1: detected capacity change from 0 to 128 [ 658.554348][T12574] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 658.594443][T12574] ext4 filesystem being mounted at /555/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 660.127404][T12583] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 660.137222][T12583] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 660.146972][T12583] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 660.676723][ T5764] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 660.724823][ T28] audit: type=1800 audit(1777020029.142:144): pid=12583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2288" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 661.050649][ T5764] usb 1-1: Using ep0 maxpacket: 16 [ 661.096368][ T5764] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 661.279804][ T5764] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 661.306976][ T5764] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 661.367287][ T5775] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 661.376491][ T5764] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.390847][ T5764] usb 1-1: Product: syz [ 661.396573][ T5764] usb 1-1: Manufacturer: syz [ 661.401351][ T5764] usb 1-1: SerialNumber: syz [ 661.413674][T12591] loop3: detected capacity change from 0 to 256 [ 662.342988][ T5764] usb 1-1: 0:2 : does not exist [ 662.413707][ T5764] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 663.383543][ T5764] usb 1-1: USB disconnect, device number 30 [ 663.612786][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 664.588328][T12618] loop3: detected capacity change from 0 to 128 [ 666.358168][T12618] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 666.396269][T12618] ext4 filesystem being mounted at /10/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 667.405613][T12637] loop1: detected capacity change from 0 to 256 [ 667.412925][T12637] exfat: Deprecated parameter 'utf8' [ 667.452794][T12637] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 667.483923][T12278] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 667.678971][ T5833] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 667.872151][ T5833] usb 3-1: Using ep0 maxpacket: 16 [ 667.959598][ T5833] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 668.775752][ T5833] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 668.788019][ T5833] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 668.797616][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.805834][ T5833] usb 3-1: Product: syz [ 668.810199][ T5833] usb 3-1: Manufacturer: syz [ 668.815661][ T5833] usb 3-1: SerialNumber: syz [ 669.455009][ T5833] usb 3-1: 0:2 : does not exist [ 669.685863][ T5833] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 669.778523][ T5833] usb 3-1: USB disconnect, device number 23 [ 670.524517][T12661] syz.1.2310 (12661) used greatest stack depth: 17896 bytes left [ 670.559703][T12658] loop0: detected capacity change from 0 to 4096 [ 670.595626][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 670.623669][T12658] EXT4-fs: inline encryption not supported [ 670.709543][T12658] EXT4-fs (loop0): Test dummy encryption mode enabled [ 670.778470][T12658] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c019, mo2=0003] [ 670.799909][T12663] loop3: detected capacity change from 0 to 128 [ 670.837972][T12658] System zones: 0-5 [ 670.890563][T12658] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 670.913528][T12663] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 671.044047][T12663] ext4 filesystem being mounted at /14/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 672.159070][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 672.320651][T12278] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 674.279888][T12697] loop3: detected capacity change from 0 to 256 [ 674.287691][T12697] exfat: Deprecated parameter 'utf8' [ 674.293670][T12697] exfat: Deprecated parameter 'utf8' [ 674.442856][T12697] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 674.835834][T12713] loop2: detected capacity change from 0 to 16 [ 674.860837][T12713] erofs: (device loop2): mounted with root inode @ nid 36. [ 674.895815][T12713] syz.2.2327: attempt to access beyond end of device [ 674.895815][T12713] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 674.930352][T12713] syz.2.2327: attempt to access beyond end of device [ 674.930352][T12713] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 674.964695][T12713] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 675.004505][T12713] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 675.017063][T12713] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 675.034086][ T28] audit: type=1800 audit(1777020043.992:145): pid=12713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2327" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 676.360934][T12729] loop0: detected capacity change from 0 to 512 [ 676.373561][T12729] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e018, mo2=0002] [ 676.382071][T12729] System zones: 1-12 [ 676.396926][T12729] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #12: comm syz.0.2333: missing EA_INODE flag [ 676.412448][T12729] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.2333: error while reading EA inode 12 err=-117 [ 676.425847][T12729] EXT4-fs (loop0): 1 orphan inode deleted [ 676.434158][T12729] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 678.425433][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 678.474893][T12742] loop1: detected capacity change from 0 to 256 [ 678.572683][T12742] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe65d9f0a, utbl_chksum : 0x7319d30d) [ 678.601818][T12747] loop2: detected capacity change from 0 to 128 [ 678.867962][T12751] futex_wake_op: syz.2.2338 tries to shift op by -1; fix this program [ 681.973944][T12783] fuse: Bad value for 'user_id' [ 685.100113][T12817] fuse: Bad value for 'user_id' [ 685.139287][T12818] binder: BINDER_SET_CONTEXT_MGR already set [ 685.151936][T12818] binder: 12815:12818 ioctl 4018620d 200000004a80 returned -16 [ 686.169812][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.185913][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.151738][ T5834] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 687.353814][ T5834] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 687.378901][ T5834] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 687.392302][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.527834][ T5834] usb 2-1: Product: syz [ 687.532865][ T5834] usb 2-1: Manufacturer: syz [ 687.537621][ T5834] usb 2-1: SerialNumber: syz [ 689.346186][ T5834] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 689.363434][ T5834] cdc_ncm 2-1:1.0: dwNtbInMaxSize=15 is too small. Using 2048 [ 689.372298][ T5834] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 689.610600][ T5834] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 689.712627][ T5834] usb 2-1: USB disconnect, device number 36 [ 689.719805][ T5834] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 690.631168][T12854] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 691.836239][T12870] loop2: detected capacity change from 0 to 512 [ 691.869217][T12870] EXT4-fs: Ignoring removed nomblk_io_submit option [ 691.998077][T12870] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 692.060703][T12870] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8800c01d, mo2=0102] [ 692.071289][T12870] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80) [ 692.081116][T12870] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features [ 692.091268][T12870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 692.119615][T12870] EXT4-fs warning (device loop2): dx_probe:893: inode #2: comm syz.2.2374: dx entry: limit 65535 != root limit 120 [ 692.132765][T12870] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.2374: Corrupt directory, running e2fsck is recommended [ 692.146620][T12870] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.2374: path /590/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 693.123046][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 694.371361][ T51] Bluetooth: hci1: unknown advertising packet type: 0x70 [ 698.453894][T12912] loop0: detected capacity change from 0 to 8192 [ 698.468849][T12911] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 698.667825][T12919] loop1: detected capacity change from 0 to 512 [ 698.804076][T12919] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 698.850663][T12919] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 698.866682][T12919] EXT4-fs (loop1): orphan cleanup on readonly fs [ 698.967807][T12919] Quota error (device loop1): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6). [ 699.053713][T12919] EXT4-fs warning (device loop1): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 699.137321][T12919] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 699.313524][T12919] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.2387: bg 0: block 15: invalid block bitmap [ 699.906518][T12919] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 700.085586][T12919] EXT4-fs (loop1): 1 truncate cleaned up [ 700.111801][T12919] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 702.232844][T12937] overlayfs: overlapping lowerdir path [ 703.283250][T12919] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 704.407028][ T5775] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 704.764206][T12957] binder: BINDER_SET_CONTEXT_MGR already set [ 704.822853][T12957] binder: 12955:12957 ioctl 4018620d 200000004a80 returned -16 [ 705.157427][T12965] loop3: detected capacity change from 0 to 1024 [ 705.220954][T12965] EXT4-fs (loop3): bad geometry: bigalloc file system with non-zero first_data_block [ 705.220954][T12965] [ 705.316153][T12969] ieee802154 phy0 wpan0: encryption failed: -22 [ 705.655814][T12973] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2404'. [ 707.013265][T12982] netlink: 260 bytes leftover after parsing attributes in process `syz.3.2406'. [ 707.323486][T12988] loop1: detected capacity change from 0 to 256 [ 707.462123][T12988] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 707.539738][T12988] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 707.603416][T12988] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 711.665123][ T5764] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 711.851822][T13015] netlink: 'syz.0.2418': attribute type 3 has an invalid length. [ 711.861746][ T5764] usb 2-1: Using ep0 maxpacket: 16 [ 711.882480][ T5764] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 711.904510][ T5764] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 711.925459][ T5764] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 711.941673][ T5764] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.960044][ T5764] usb 2-1: Product: syz [ 711.996596][ T5764] usb 2-1: Manufacturer: syz [ 712.001461][ T5764] usb 2-1: SerialNumber: syz [ 712.054185][T13019] loop0: detected capacity change from 0 to 16 [ 712.072074][T13019] erofs: (device loop0): mounted with root inode @ nid 36. [ 712.092731][T13019] overlayfs: missing 'lowerdir' [ 712.237826][ T5764] usb 2-1: 0:2 : does not exist [ 712.283887][ T5764] usb 2-1: USB disconnect, device number 37 [ 712.347370][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 714.198471][T13033] loop3: detected capacity change from 0 to 16 [ 714.338219][T13033] erofs: (device loop3): mounted with root inode @ nid 36. [ 714.528074][T13035] loop1: detected capacity change from 0 to 2048 [ 714.553401][T13035] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 714.871956][T13038] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 715.006780][ T141] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 78 with error 28 [ 715.049429][ T141] EXT4-fs (loop1): This should not happen!! Data will be lost [ 715.049429][ T141] [ 715.069658][ T141] EXT4-fs (loop1): Total free blocks count 0 [ 715.077452][ T141] EXT4-fs (loop1): Free/Dirty block details [ 715.087435][ T141] EXT4-fs (loop1): free_blocks=2415919504 [ 715.094152][ T141] EXT4-fs (loop1): dirty_blocks=80 [ 715.100044][ T141] EXT4-fs (loop1): Block reservation details [ 715.106509][ T141] EXT4-fs (loop1): i_reserved_data_blocks=5 [ 715.140596][ T5775] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 716.096946][ T5781] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 716.130932][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 716.146514][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 716.183206][ T5781] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 716.217114][ T5781] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 716.230445][ T5781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 716.465154][T13060] loop1: detected capacity change from 0 to 4096 [ 716.503626][T13060] EXT4-fs: Ignoring removed orlov option [ 716.598441][T13060] EXT4-fs (loop1): Test dummy encryption mode enabled [ 716.695722][T13060] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 716.996513][ T5775] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 717.280795][ T141] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.340819][T13056] chnl_net:caif_netlink_parms(): no params data found [ 717.440712][ T141] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.549189][ T141] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.683777][ T141] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.709003][T13056] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.721559][T13056] bridge0: port 1(bridge_slave_0) entered disabled state [ 717.731212][T13056] bridge_slave_0: entered allmulticast mode [ 717.749186][T13056] bridge_slave_0: entered promiscuous mode [ 717.820447][T13056] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.863702][T13056] bridge0: port 2(bridge_slave_1) entered disabled state [ 717.899750][T13056] bridge_slave_1: entered allmulticast mode [ 717.934174][T13056] bridge_slave_1: entered promiscuous mode [ 718.221130][T13056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 718.308268][T13075] loop1: detected capacity change from 0 to 256 [ 718.348428][T12280] Bluetooth: hci2: command tx timeout [ 718.475236][T13056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 718.583907][T13056] team0: Port device team_slave_0 added [ 718.593134][T13056] team0: Port device team_slave_1 added [ 718.700060][T13056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 718.707472][T13056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.734652][T13056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 718.809412][T13056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 718.861904][T13056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.920021][T13056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 719.199700][T13056] hsr_slave_0: entered promiscuous mode [ 719.567493][T13056] hsr_slave_1: entered promiscuous mode [ 720.391839][T12280] Bluetooth: hci2: command tx timeout [ 720.599507][T13098] loop0: detected capacity change from 0 to 256 [ 720.607137][T13098] exfat: Deprecated parameter 'utf8' [ 720.612715][T13098] exfat: Deprecated parameter 'namecase' [ 720.618488][T13098] exfat: Deprecated parameter 'namecase' [ 720.624820][T13098] exfat: Deprecated parameter 'namecase' [ 721.657281][T13098] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 722.326847][T13104] loop0: detected capacity change from 0 to 256 [ 722.472429][T12280] Bluetooth: hci2: command tx timeout [ 724.552150][T12280] Bluetooth: hci2: command tx timeout [ 724.981961][ T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 725.014744][T13140] loop0: detected capacity change from 0 to 256 [ 725.107119][ T141] hsr_slave_0: left promiscuous mode [ 725.162851][ T141] hsr_slave_1: left promiscuous mode [ 725.197181][ T141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 725.201760][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 725.218299][ T141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 725.233337][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 725.262576][ T141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 725.276850][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 725.373741][ T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 725.433689][ T141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 725.535259][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.662987][ T141] bridge_slave_1: left allmulticast mode [ 725.684413][ T9] usb 4-1: Product: syz [ 725.737572][ T9] usb 4-1: Manufacturer: syz [ 725.746636][ T141] bridge_slave_1: left promiscuous mode [ 725.798135][ T9] usb 4-1: SerialNumber: syz [ 725.830531][ T141] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.045284][ T141] bridge_slave_0: left allmulticast mode [ 726.113248][ T141] bridge_slave_0: left promiscuous mode [ 726.119247][ T141] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.173173][ T9] usb 4-1: 0:2 : does not exist [ 726.244992][ T141] veth1_macvtap: left promiscuous mode [ 726.254979][ T141] veth0_macvtap: left promiscuous mode [ 726.261654][ T141] veth1_vlan: left promiscuous mode [ 726.267594][ T141] veth0_vlan: left promiscuous mode [ 726.301890][ T9] usb 4-1: USB disconnect, device number 22 [ 726.388424][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 727.207736][T13152] loop0: detected capacity change from 0 to 40427 [ 727.240201][T13152] F2FS-fs (loop0): Found nat_bits in checkpoint [ 727.804617][T13152] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 727.985073][T13166] f2fs_ckpt-7:0: attempt to access beyond end of device [ 727.985073][T13166] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 728.036780][T13166] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 728.141702][ T5834] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 728.371787][ T5834] usb 4-1: Using ep0 maxpacket: 32 [ 728.381315][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 728.412156][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 728.429365][ T5834] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 728.440781][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.457708][ T5834] usb 4-1: config 0 descriptor?? [ 728.508737][ T5834] hub 4-1:0.0: USB hub found [ 728.692743][ T5834] hub 4-1:0.0: 1 port detected [ 728.961376][ T141] team0 (unregistering): Port device team_slave_1 removed [ 729.119754][ T141] team0 (unregistering): Port device team_slave_0 removed [ 729.268433][ T141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 729.298930][ T5834] hub 4-1:0.0: activate --> -90 [ 729.490799][ T141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 729.710071][ T5834] usb 4-1-port1: cannot disable (err = -71) [ 729.782416][ T9] usb 4-1: USB disconnect, device number 23 [ 729.783983][ T5834] usb 4-1: Failed to suspend device, error -71 [ 730.617289][T13187] loop3: detected capacity change from 0 to 256 [ 731.471952][ T5814] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 731.711870][ T5814] usb 2-1: Using ep0 maxpacket: 16 [ 731.776808][ T5814] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 731.880958][ T5814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 732.048299][ T5814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 732.194916][ T5814] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 732.248735][ T5814] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 732.318441][ T5814] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 732.328517][ T5814] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 732.355541][ T5814] usb 2-1: Manufacturer: syz [ 732.502935][ T5814] usb 2-1: config 0 descriptor?? [ 734.264907][T13189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.291356][T13189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.304968][T13189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.321772][ T5814] rc_core: IR keymap rc-hauppauge not found [ 734.327956][ T5814] Registered IR keymap rc-empty [ 734.332046][T13189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.349407][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.363385][T13189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.372282][T13189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.403225][T13189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.424150][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.433873][T13189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.472913][ T5814] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 734.537962][ T5814] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input36 [ 734.604729][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.651791][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.713175][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.791774][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.842151][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.877822][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.931779][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 734.981940][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 735.031871][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 735.115301][ T5814] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 735.131004][ T141] bond0 (unregistering): Released all slaves [ 735.183953][ T5814] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 735.211634][ T5814] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 735.240580][ T5814] usb 2-1: USB disconnect, device number 38 [ 737.123846][T13056] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 737.273950][T13056] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 737.342059][T13056] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 737.407321][T13056] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 737.797103][T12280] Bluetooth: hci4: unknown advertising packet type: 0x70 [ 738.043081][T13224] loop1: detected capacity change from 0 to 256 [ 738.382625][T13056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.662037][T13056] 8021q: adding VLAN 0 to HW filter on device team0 [ 738.805687][T10467] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.813122][T10467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.874558][T10467] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.881829][T10467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.322911][T13239] loop3: detected capacity change from 0 to 128 [ 739.728832][T13056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.879806][T13056] veth0_vlan: entered promiscuous mode [ 739.891758][ T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 739.934294][T13056] veth1_vlan: entered promiscuous mode [ 740.024610][T13056] veth0_macvtap: entered promiscuous mode [ 740.064026][T13056] veth1_macvtap: entered promiscuous mode [ 740.101702][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 740.108473][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 740.125691][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 740.140003][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 740.152216][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 740.282682][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 740.299887][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 741.021881][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.133415][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 741.144299][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.154416][ T9] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 741.165601][ T9] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 741.183737][T13056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 741.191884][ T9] usb 4-1: Manufacturer: syz [ 741.205916][ T9] usb 4-1: config 0 descriptor?? [ 741.226739][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.267926][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.475440][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.513058][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.534982][T13056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 741.569806][T13056] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.611671][ T9] rc_core: IR keymap rc-hauppauge not found [ 741.611798][T13056] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.641205][ T9] Registered IR keymap rc-empty [ 741.656954][T13056] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.663795][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 741.671630][T13056] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.674700][T13243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 741.738751][T13243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 741.758228][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 741.805632][T13243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 741.815395][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 741.956649][T13243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 741.983759][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input37 [ 741.998952][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.012673][T13243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 742.033317][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 742.054225][T13243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 742.087263][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.121313][ T141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.155267][T13243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 742.170493][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.178129][ T141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 742.253176][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.263317][T13243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 742.311883][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.341952][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.378445][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.422442][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.481893][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.521795][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.563740][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 742.608206][ T9] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 742.618803][ T9] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 742.666331][ T9] usb 4-1: USB disconnect, device number 24 [ 742.987992][T13264] loop2: detected capacity change from 0 to 256 [ 743.362839][ T51] Bluetooth: hci4: unknown advertising packet type: 0x70 [ 744.561756][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 746.286199][ T5815] usb 4-1: new low-speed USB device number 25 using dummy_hcd [ 746.484659][ T5815] usb 4-1: unable to get BOS descriptor or descriptor too short [ 746.494318][ T5815] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 746.521711][ T5815] usb 4-1: too many endpoints for config 1 interface 0 altsetting 128: 253, using maximum allowed: 30 [ 746.546482][ T5815] usb 4-1: config 1 interface 0 altsetting 128 endpoint 0x81 has invalid maxpacket 1544, setting to 8 [ 746.589381][ T5815] usb 4-1: config 1 interface 0 altsetting 128 endpoint 0x82 is Bulk; changing to Interrupt [ 746.630515][ T5815] usb 4-1: config 1 interface 0 altsetting 128 has 2 endpoint descriptors, different from the interface descriptor's value: 253 [ 746.671681][ T5815] usb 4-1: config 1 interface 0 has no altsetting 0 [ 746.705587][ T5815] usb 4-1: string descriptor 0 read error: -22 [ 746.721759][ T5815] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 746.742579][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 746.785058][T13275] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 746.801901][T13275] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 746.824641][ T5815] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 746.912497][T13280] sock: sock_set_timeout: `syz.1.2485' (pid 13280) tries to set negative timeout [ 747.015587][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 747.035059][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 747.043953][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 747.054287][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 747.068124][T10476] usb 4-1: USB disconnect, device number 25 [ 747.080862][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 747.092128][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 747.253634][T13284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2486'. [ 747.467605][ T3002] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.597347][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.604916][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.619713][T13278] loop2: detected capacity change from 0 to 40427 [ 747.667810][T13278] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff [ 747.680494][ T3002] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.690994][T13278] F2FS-fs (loop2): Image doesn't support compression [ 747.718696][T13278] F2FS-fs (loop2): heap/no_heap options were deprecated [ 747.762576][T13278] F2FS-fs (loop2): invalid crc value [ 747.790646][T13278] F2FS-fs (loop2): Found nat_bits in checkpoint [ 747.992056][T13278] F2FS-fs (loop2): Start checkpoint disabled! [ 748.036787][ T3002] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 748.059376][T13292] loop3: detected capacity change from 0 to 512 [ 748.069739][T13278] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 748.200837][T13292] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 748.238261][T13278] F2FS-fs (loop2): inject no more block in inc_valid_node_count of f2fs_new_node_page+0x187/0x910 [ 748.291779][T13292] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 748.332581][ T28] audit: type=1800 audit(1777020117.352:146): pid=13291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2488" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 748.345710][ T3002] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 748.571268][T12278] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 748.636691][ T12] kworker/u4:1: attempt to access beyond end of device [ 748.636691][ T12] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 748.653686][ T5815] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 748.678082][ T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 748.894762][T13281] chnl_net:caif_netlink_parms(): no params data found [ 749.031132][ T5815] usb 2-1: Using ep0 maxpacket: 16 [ 749.043511][ T5815] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 749.059161][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 749.070365][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 749.080202][ T5815] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 749.099755][ T3002] tipc: Left network mode [ 749.123872][ T5815] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 749.169017][ T5815] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 749.199635][T12280] Bluetooth: hci0: command tx timeout [ 749.200673][ T5815] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 749.243757][ T5815] usb 2-1: Manufacturer: syz [ 749.261513][ T5815] usb 2-1: config 0 descriptor?? [ 749.699019][T13299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 749.735048][T13299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 749.756983][ T5815] rc_core: IR keymap rc-hauppauge not found [ 749.765822][ T5815] Registered IR keymap rc-empty [ 749.777187][T13281] bridge0: port 1(bridge_slave_0) entered blocking state [ 749.786655][T13299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 749.818887][T13281] bridge0: port 1(bridge_slave_0) entered disabled state [ 749.821803][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 749.839649][T13299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 749.853405][T13281] bridge_slave_0: entered allmulticast mode [ 749.863051][T13299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 749.878959][T13299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 749.883969][T13281] bridge_slave_0: entered promiscuous mode [ 749.887408][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 749.905349][T13318] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 749.929156][T13299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 749.948730][T13299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 749.964956][ T5815] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 749.993622][ T5815] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input38 [ 750.072238][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.117902][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.161795][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.196173][T13324] loop2: detected capacity change from 0 to 1024 [ 750.203897][T13324] EXT4-fs: Ignoring removed oldalloc option [ 750.209854][T13324] EXT4-fs: Ignoring removed oldalloc option [ 750.226789][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.263797][T13324] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 750.281801][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.312418][T13324] EXT4-fs (loop2): stripe (4) is not aligned with cluster size (16), stripe is disabled [ 750.319833][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.322997][T13281] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.361738][T13281] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.369034][T13281] bridge_slave_1: entered allmulticast mode [ 750.381730][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.395900][T13324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 750.410263][T13281] bridge_slave_1: entered promiscuous mode [ 750.431700][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.468045][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.501842][ T5815] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 750.550613][ T5815] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 750.571742][ T5815] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 751.884201][T12280] Bluetooth: hci0: command tx timeout [ 752.551730][T13334] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 752.880869][ T5815] usb 2-1: USB disconnect, device number 39 [ 753.458587][T13281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 753.588705][T13281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 753.942537][T12280] Bluetooth: hci0: command tx timeout [ 754.047604][T13281] team0: Port device team_slave_0 added [ 754.080123][T13281] team0: Port device team_slave_1 added [ 754.222494][T13341] loop3: detected capacity change from 0 to 2048 [ 754.328296][T13056] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 754.393152][T13341] loop3: p1 < > p3 [ 754.418040][T13341] loop3: p3 size 134217728 extends beyond EOD, truncated [ 755.739832][T13281] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 755.792535][T13281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 755.871699][T13281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 755.898200][ T6133] udevd[6133]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 755.898761][ T5767] udevd[5767]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 755.932817][T13281] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 755.969111][T13281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 756.006883][T12280] Bluetooth: hci0: command tx timeout [ 756.024194][T13281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 756.517813][T13281] hsr_slave_0: entered promiscuous mode [ 756.549462][T13281] hsr_slave_1: entered promiscuous mode [ 756.581668][T13281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 756.589397][T13281] Cannot create hsr debugfs directory [ 756.703891][ T9] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 756.797829][ T3002] hsr_slave_0: left promiscuous mode [ 756.812548][ T3002] hsr_slave_1: left promiscuous mode [ 756.823957][ T3002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 756.841906][ T3002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 756.862801][ T3002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 756.870376][ T3002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 756.889205][ T3002] bridge_slave_1: left allmulticast mode [ 756.898419][ T3002] bridge_slave_1: left promiscuous mode [ 756.908805][ T3002] bridge0: port 2(bridge_slave_1) entered disabled state [ 756.911852][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 756.929944][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 756.941971][ T3002] bridge_slave_0: left allmulticast mode [ 756.947677][ T3002] bridge_slave_0: left promiscuous mode [ 756.951716][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 756.964101][ T3002] bridge0: port 1(bridge_slave_0) entered disabled state [ 756.984425][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 757.001661][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.009731][ T9] usb 2-1: Product: syz [ 757.031727][ T9] usb 2-1: Manufacturer: syz [ 757.036418][ T9] usb 2-1: SerialNumber: syz [ 757.064614][ T3002] veth1_macvtap: left promiscuous mode [ 757.080982][ T3002] veth0_macvtap: left promiscuous mode [ 757.111189][ T3002] veth1_vlan: left promiscuous mode [ 757.117166][ T3002] veth0_vlan: left promiscuous mode [ 757.275721][ T9] usb 2-1: 0:2 : does not exist [ 757.321132][ T9] usb 2-1: USB disconnect, device number 40 [ 757.332946][T13367] loop3: detected capacity change from 0 to 40427 [ 757.381122][ T5767] udevd[5767]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 757.451539][T13367] F2FS-fs (loop3): Found nat_bits in checkpoint [ 757.626967][T13367] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 757.698090][T13367] syz.3.2499: attempt to access beyond end of device [ 757.698090][T13367] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 757.729062][T13367] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 760.013258][T13378] loop1: detected capacity change from 0 to 40427 [ 760.060378][T13378] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 760.101803][T13378] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 760.150399][T13378] F2FS-fs (loop1): invalid crc value [ 760.211928][T13378] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 3 [ 760.260965][T13378] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-117) [ 760.868715][T12280] Bluetooth: hci1: unknown advertising packet type: 0x70 [ 761.695602][T10475] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 761.721389][T13402] loop2: detected capacity change from 0 to 128 [ 761.761299][T13402] FAT-fs (loop2): Directory bread(block 32) failed [ 761.781679][T13402] FAT-fs (loop2): Directory bread(block 33) failed [ 761.788379][T13402] FAT-fs (loop2): Directory bread(block 34) failed [ 761.802355][T13402] FAT-fs (loop2): Directory bread(block 35) failed [ 761.826970][T13402] FAT-fs (loop2): Directory bread(block 36) failed [ 761.834927][T13402] FAT-fs (loop2): Directory bread(block 37) failed [ 761.845965][T13402] FAT-fs (loop2): Directory bread(block 38) failed [ 761.860625][T13402] FAT-fs (loop2): Directory bread(block 39) failed [ 761.874710][T13402] FAT-fs (loop2): Directory bread(block 40) failed [ 761.881308][T13402] FAT-fs (loop2): Directory bread(block 41) failed [ 761.886049][ T3002] team0 (unregistering): Port device team_slave_1 removed [ 761.915331][T10475] usb 2-1: unable to get BOS descriptor or descriptor too short [ 761.944329][T10475] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 761.971075][T10475] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 761.980638][T10475] usb 2-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 761.993944][T10475] usb 2-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 762.030495][T10475] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 762.075189][T10475] usb 2-1: config 1 interface 1 has no altsetting 0 [ 762.095567][T10475] usb 2-1: string descriptor 0 read error: -22 [ 762.101729][ T3002] team0 (unregistering): Port device team_slave_0 removed [ 762.137668][T10475] usb 2-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 762.159185][T10475] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.257039][ T3002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 762.418718][ T3002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 762.448907][T13412] loop2: detected capacity change from 0 to 256 [ 762.630129][T13400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 762.653391][T13400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 762.881476][ T3002] wg1 (unregistering): left allmulticast mode [ 763.097990][T10475] usb 2-1: 2:0: failed to get current value for ch 1 (-71) [ 763.206882][T10475] usb 2-1: USB disconnect, device number 41 [ 763.254575][T13420] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 763.931098][ T3002] bond0 (unregistering): Released all slaves [ 764.040877][T13432] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 764.068803][T13433] fuse: Invalid rootmode [ 764.170036][T13432] syz_tun: entered promiscuous mode [ 764.188338][T13432] vlan2: entered promiscuous mode [ 764.576723][T13444] loop1: detected capacity change from 0 to 256 [ 764.596034][T13444] exfat: Deprecated parameter 'utf8' [ 764.606737][T13444] exfat: Deprecated parameter 'utf8' [ 764.794930][T13444] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 765.141913][ T3002] IPVS: stop unused estimator thread 0... [ 766.062685][T13458] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 766.931697][T13467] fuse: Invalid rootmode [ 767.858678][T13479] loop1: detected capacity change from 0 to 256 [ 768.286937][T13281] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 768.363137][T13281] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 768.386057][T13281] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 769.020038][T13281] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 769.172443][T13491] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 770.080379][T13499] fuse: Invalid rootmode [ 770.116605][T13281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 770.205144][T13281] 8021q: adding VLAN 0 to HW filter on device team0 [ 770.254436][ T141] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.261687][ T141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 770.323384][ T3491] bridge0: port 2(bridge_slave_1) entered blocking state [ 770.330589][ T3491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 770.937129][T13517] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2535'. [ 771.286711][T13281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 771.460186][T13281] veth0_vlan: entered promiscuous mode [ 771.512618][T13281] veth1_vlan: entered promiscuous mode [ 771.625902][T13281] veth0_macvtap: entered promiscuous mode [ 771.659409][T13281] veth1_macvtap: entered promiscuous mode [ 771.710234][T13509] loop3: detected capacity change from 0 to 40427 [ 771.713893][T13281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 771.755298][T13509] F2FS-fs (loop3): invalid crc value [ 771.779699][T13281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 771.803000][T13509] F2FS-fs (loop3): Found nat_bits in checkpoint [ 771.810105][T13281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 771.841123][T13281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 771.883579][T13281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 771.906427][T13281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 771.961623][T13281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 771.991868][T13281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 771.999329][T13509] F2FS-fs (loop3): Start checkpoint disabled! [ 772.021687][T13281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.040466][T13509] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 772.062332][T13281] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 772.100984][T13281] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.136045][T13281] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.171710][T13281] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.189010][T13509] ------------[ cut here ]------------ [ 772.195123][T13509] kernel BUG at fs/f2fs/segment.c:3481! [ 772.201630][T13281] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.221727][T13509] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 772.228060][T13509] CPU: 1 PID: 13509 Comm: syz.3.2534 Not tainted syzkaller #0 [ 772.235675][T13509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 772.245750][T13509] RIP: 0010:f2fs_allocate_data_block+0x3f6f/0x3fb0 [ 772.252368][T13509] Code: 19 fe 48 8b 54 24 30 e9 88 eb ff ff e8 1a 79 c1 fd 48 c7 c7 90 f6 6f 8d 4c 89 f6 e8 9b a4 97 00 e9 a4 eb ff ff e8 01 79 c1 fd <0f> 0b e8 fa 78 c1 fd 0f 0b e8 f3 78 c1 fd 0f 0b e8 ec 78 c1 fd 0f [ 772.272161][T13509] RSP: 0018:ffffc90003357410 EFLAGS: 00010283 [ 772.278238][T13509] RAX: ffffffff83c5a8ff RBX: 0000000000000200 RCX: 0000000000080000 [ 772.286306][T13509] RDX: ffffc9001de01000 RSI: 0000000000028c5a RDI: 0000000000028c5b [ 772.294373][T13509] RBP: 0000000000000200 R08: ffff8880423bfc5f R09: 1ffff11008477f8b [ 772.302446][T13509] R10: dffffc0000000000 R11: ffffed1008477f8c R12: 1ffff9200066aef8 [ 772.310431][T13509] R13: 0000000000000000 R14: 0000000000002200 R15: dffffc0000000000 [ 772.318410][T13509] FS: 00007fd056bf36c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 772.327357][T13509] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 772.333949][T13509] CR2: 000056320fe95048 CR3: 0000000057285000 CR4: 00000000003506e0 [ 772.342009][T13509] Call Trace: [ 772.345329][T13509] [ 772.348276][T13509] ? f2fs_mark_inode_dirty_sync+0x120/0x1f0 [ 772.354223][T13509] f2fs_map_blocks+0x1338/0x3e60 [ 772.359367][T13509] ? f2fs_get_block_locked+0xe0/0xe0 [ 772.364680][T13509] ? __up_read+0x2b6/0x6b0 [ 772.369135][T13509] ? up_read+0x20/0x20 [ 772.373245][T13509] ? f2fs_allocate_pinning_section+0x1af/0x590 [ 772.379443][T13509] f2fs_expand_inode_data+0x67a/0xa10 [ 772.384846][T13509] ? f2fs_insert_range+0x470/0x470 [ 772.389983][T13509] ? __mnt_drop_write_file+0xc3/0x100 [ 772.395377][T13509] ? file_modified_flags+0x267/0x2a0 [ 772.400678][T13509] f2fs_fallocate+0x416/0x890 [ 772.405806][T13509] vfs_fallocate+0x58e/0x700 [ 772.410502][T13509] do_vfs_ioctl+0x19f6/0x1cc0 [ 772.415198][T13509] ? __ia32_compat_sys_ioctl+0x8a0/0x8a0 [ 772.420932][T13509] ? tomoyo_path_number_perm+0x217/0x620 [ 772.426683][T13509] ? __lock_acquire+0x7d40/0x7d40 [ 772.431812][T13509] ? slab_free_freelist_hook+0x130/0x1a0 [ 772.437458][T13509] ? tomoyo_path_number_perm+0x5b4/0x620 [ 772.443281][T13509] ? tomoyo_path_number_perm+0x217/0x620 [ 772.448941][T13509] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 772.454530][T13509] ? __fget_files+0x28/0x4b0 [ 772.459225][T13509] ? __fget_files+0x28/0x4b0 [ 772.463920][T13509] ? bpf_lsm_file_ioctl+0x9/0x10 [ 772.468865][T13509] ? security_file_ioctl+0x80/0xa0 [ 772.474078][T13509] __se_sys_ioctl+0x83/0x170 [ 772.479123][T13509] do_syscall_64+0x55/0xa0 [ 772.483555][T13509] ? clear_bhb_loop+0x40/0x90 [ 772.488418][T13509] ? clear_bhb_loop+0x40/0x90 [ 772.493115][T13509] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 772.499029][T13509] RIP: 0033:0x7fd055d9cdd9 [ 772.503460][T13509] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 772.523165][T13509] RSP: 002b:00007fd056bf3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 772.531589][T13509] RAX: ffffffffffffffda RBX: 00007fd056015fa0 RCX: 00007fd055d9cdd9 [ 772.539572][T13509] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000004 [ 772.547566][T13509] RBP: 00007fd055e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 772.555637][T13509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.563637][T13509] R13: 00007fd056016038 R14: 00007fd056015fa0 R15: 00007fff9412d638 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 772.571637][T13509] [ 772.574668][T13509] Modules linked in: [ 772.589637][T13509] ---[ end trace 0000000000000000 ]--- [ 772.601977][T13509] RIP: 0010:f2fs_allocate_data_block+0x3f6f/0x3fb0 [ 772.618910][T13509] Code: 19 fe 48 8b 54 24 30 e9 88 eb ff ff e8 1a 79 c1 fd 48 c7 c7 90 f6 6f 8d 4c 89 f6 e8 9b a4 97 00 e9 a4 eb ff ff e8 01 79 c1 fd <0f> 0b e8 fa 78 c1 fd 0f 0b e8 f3 78 c1 fd 0f 0b e8 ec 78 c1 fd 0f [ 772.733567][T13281] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 772.816287][T13509] RSP: 0018:ffffc90003357410 EFLAGS: 00010283 [ 772.872047][T13509] RAX: ffffffff83c5a8ff RBX: 0000000000000200 RCX: 0000000000080000 [ 772.910811][T13509] RDX: ffffc9001de01000 RSI: 0000000000028c5a RDI: 0000000000028c5b [ 772.948500][T13509] RBP: 0000000000000200 R08: ffff8880423bfc5f R09: 1ffff11008477f8b [ 772.979478][T13509] R10: dffffc0000000000 R11: ffffed1008477f8c R12: 1ffff9200066aef8 [ 773.005836][T13509] R13: 0000000000000000 R14: 0000000000002200 R15: dffffc0000000000 [ 773.043059][T13509] FS: 00007fd056bf36c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 773.071624][T13509] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 773.078389][T13509] CR2: 000055fe721a2000 CR3: 0000000057285000 CR4: 00000000003506e0 [ 773.130838][T13509] Kernel panic - not syncing: Fatal exception [ 773.137463][T13509] Kernel Offset: disabled [ 773.141799][T13509] Rebooting in 86400 seconds..