last executing test programs: 4m32.254594503s ago: executing program 3 (id=190): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs$pagemap(0x0, &(0x7f0000000100)) openat$vcs(0xffffffffffffff9c, &(0x7f0000000180), 0x840, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r2, @ANYRES16=r0], 0x0) 4m29.311855725s ago: executing program 3 (id=204): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x10, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@delchain={0x2c, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xe}, {0xffff, 0x3}, {0xffff, 0x1}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 4m28.791994106s ago: executing program 3 (id=206): socketpair$unix(0x1, 0x5, 0x0, 0x0) pipe(&(0x7f0000000000)) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x15, @remote, 'gre0\x00'}}, 0x1e) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r2, 0x40047435, &(0x7f0000000200)=0x1) close(r1) 4m28.395792191s ago: executing program 3 (id=211): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x9a) r1 = fanotify_init(0x8, 0x80000) fanotify_mark(r1, 0x105, 0x4800003a, r0, 0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000040)={{r2}, 0x401, 0x2, 0x7}) 4m27.487121184s ago: executing program 3 (id=216): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, 0x0, 0x40010022) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000100)=0x1000) 4m25.852153473s ago: executing program 3 (id=223): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="07000000000000000800006a97d22c"], 0x50) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd"], 0xffbf) 4m10.359886333s ago: executing program 32 (id=223): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="07000000000000000800006a97d22c"], 0x50) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd"], 0xffbf) 3m43.268675375s ago: executing program 0 (id=330): socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x280449c, &(0x7f0000000340)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) creat(0x0, 0x16c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) rt_sigprocmask(0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200"/15], 0x0}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000280)={0x1, 0x0, 0x27f}) 3m41.227627776s ago: executing program 0 (id=333): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0300090000000000840000000a000000000000000c2ac27f884e5c3066ec0212305e95ea558f8685d5d97f4817dc2195046e9eb9079aaa29f7121859ea6afd19832815f6487c50ee06c95f34fd3dff8533bb8499ac9dafa6d4fbde16cd35f5b20ca2cdc4360dd99630044c3a9111cc435767feab6d568ed66bf2120beed88408010f67c8ee27321a8a03f623fa510e64e1b87dc9ae1ed017076fab8d04f319d51b619c8eb349bb475f96f483e9a5ff957cfaaf", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='\x00'/28], 0x50) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000000c0), 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc)=0x1, 0x8, 0x1, 0x0, 0x0, 0x0) 3m39.953539249s ago: executing program 0 (id=336): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000008c0)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f}, 0x94) 3m39.659745765s ago: executing program 0 (id=341): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) preadv(r2, &(0x7f0000000740)=[{&(0x7f0000000500)=""/97, 0x61}], 0x1, 0x7fff, 0x1f00) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x40) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000400)={0x0, @bt={0x800, 0x7, 0x0, 0x0, 0x1, 0xc51, 0x98b3, 0xfffffffe, 0x8000, 0x7, 0x4, 0x6, 0x2, 0x3ff, 0x1, 0x4, {0x1, 0x68000000}, 0x83, 0x1}}) 3m39.421054763s ago: executing program 0 (id=342): creat(&(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) unshare(0x2c020400) r1 = msgget$private(0x0, 0x101) msgsnd(r1, &(0x7f0000000000)={0x2}, 0x4, 0x0) msgrcv(r1, 0x0, 0x0, 0x2, 0x1000) msgrcv(r1, 0x0, 0x0, 0x1, 0x5800) quotactl$Q_GETQUOTA(0xffffffff80000701, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0xee00, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x800, 0x20, &(0x7f0000000640)) 3m38.713106033s ago: executing program 0 (id=343): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002) mkdir(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_clone(0x43001000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x1) 3m23.422016658s ago: executing program 33 (id=343): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002) mkdir(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_clone(0x43001000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x1) 2m3.855330963s ago: executing program 5 (id=491): gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000100)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(0x0, r2) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) gettid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) eventfd(0x375) io_setup(0x6, &(0x7f0000000300)=0x0) io_submit(r4, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x80000000}]) io_getevents(r4, 0x2, 0x2, &(0x7f0000001340)=[{}, {}], 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) 1m58.454057617s ago: executing program 5 (id=500): syz_io_uring_setup(0x54d5, &(0x7f0000000340)={0x0, 0x1ed0, 0x20202, 0x3, 0x178}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r1) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r2, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x8000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = openat$drirender128(0xffffffffffffff9c, 0x0, 0x240e80, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f00000003c0)={&(0x7f00000002c0)}) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, 0x0) r5 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'wlan1\x00', 0x0}) 1m55.515971286s ago: executing program 5 (id=504): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000"], 0x7c}}, 0x0) connect$inet6(r1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r5, 0x0, 0x0, 0x4001c00) setsockopt$packet_fanout(r4, 0x107, 0x12, 0x0, 0x0) connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000f00)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2404c081}, 0x14) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) recvmmsg(r4, &(0x7f0000000d40), 0x0, 0x40000121, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0x0) close(0x3) 1m54.366929862s ago: executing program 5 (id=507): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000000)) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000380)={0xffffffffffffffff, r0, 0x1}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES64], 0x24}}, 0x0) ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000340)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r3, r4, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r1, 0x3b8c, &(0x7f0000000100)={0x30, r5, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000280)) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000002a82, 0x0) 1m51.068295748s ago: executing program 5 (id=511): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$pppl2tp(0x18, 0x1, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00'}, 0x10) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x39}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 1m49.228106214s ago: executing program 5 (id=513): r0 = socket(0x2c, 0x80000, 0x3c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f0000000300)={0x1, 'batadv0\x00', {}, 0x8}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)='`', 0x1) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0) socket(0x10, 0x3, 0x0) r6 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='auto_da_alloc', 0x0) 1m32.834912398s ago: executing program 34 (id=513): r0 = socket(0x2c, 0x80000, 0x3c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f0000000300)={0x1, 'batadv0\x00', {}, 0x8}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)='`', 0x1) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0) socket(0x10, 0x3, 0x0) r6 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='auto_da_alloc', 0x0) 14.708885671s ago: executing program 4 (id=615): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) getrlimit(0x5, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder1\x00', 0x803, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000100)="648678210790aef789014d2950e053689eccf789ca22d52f003429a35ee198865ddbc79fdf08b2803880dca70ebfbb08514bb5107c999f3c3ec9cdd8bfa6d977863f4278649f9b9433d8879fd6c523b4817ff160"}) setreuid(0xee01, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x7, 0x8, 0x40, 0x42, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r7}, 0x38) 11.100714186s ago: executing program 1 (id=620): syz_io_uring_setup(0x54d5, &(0x7f0000000340)={0x0, 0x1ed0, 0x20202, 0x3, 0x178}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r1) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r2, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x8000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = openat$drirender128(0xffffffffffffff9c, 0x0, 0x240e80, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f00000003c0)={&(0x7f00000002c0)}) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, 0x0) r5 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'wlan1\x00', 0x0}) 6.704656163s ago: executing program 1 (id=622): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@enum={0x2, 0x0, 0x0, 0xf}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x28}, 0x20) 5.291470114s ago: executing program 1 (id=624): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x2, 0x3, 0x0, 'queue1\x00'}) 5.287394395s ago: executing program 4 (id=625): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4, 0x1}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x0, 0xbbb, 0x7}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000100}, 0xc000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) time(0xfffffffffffffffc) add_key(&(0x7f0000000380)='.dead\x00', &(0x7f00000003c0)={'syz', 0x1}, &(0x7f00000006c0)="79eac2a3b8c8e1377e48458d800531c06eb232a1d50afbd840dbae86ac9c333caeee0628343cbf3a6fce2b4489c388363c0e78abefe67289e06459ae51d3f2e65e30834e715a136ce8b77ae30c9b8a3a16bf1e0f339c20621fc49036878aeea676f01c3376b36913d896bd7488a46e58554426238155af736b0c43e6c4277ef9202eafe80c284c037e74b8f480beebc1ff1f572cc46e87de098fc6a261331aed628349f75267677597edacf1531ea680055d8e6c3d3a5bb0965f1e9709eeecce55a9d596cb7fae9b04c4fb89ff18fab506f7f92b130a31c1efb18c76", 0xdc, 0xfffffffffffffff8) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, 0x7, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r7 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) read$fb(r7, &(0x7f00000001c0)=""/70, 0x46) write$uinput_user_dev(r7, &(0x7f0000000880)={'syz0\x00', {0x4, 0x0, 0xf, 0x6}, 0x4, [0x8001, 0x7, 0x5, 0x80000000, 0x6, 0x9, 0x8, 0x9, 0x6, 0xfffffff8, 0xc, 0x7, 0x3, 0x7, 0x6, 0xb, 0x7, 0x0, 0x6, 0x6, 0x1, 0xf, 0x8, 0x5, 0x47f, 0x2, 0x6, 0x1, 0x1db, 0xffffffff, 0x0, 0x1, 0x7, 0x96d7, 0x3, 0x2, 0xb, 0x80000000, 0x8b8c, 0x3, 0x3, 0x8, 0x5d800000, 0x20000009, 0x14, 0x7, 0x0, 0x7fffffff, 0xe, 0xffffff7f, 0x0, 0x101, 0x10, 0x2, 0x1, 0x9, 0x1, 0x819, 0x9, 0x0, 0x7, 0x3ff, 0xd84, 0x6], [0x7fff, 0x1ff, 0x4, 0x5, 0x9, 0x666b, 0x3, 0x5, 0x2ce, 0xa75, 0xc, 0xfffffc01, 0x6, 0x1, 0x7fffffff, 0x0, 0x8, 0x0, 0x2a7af4fa, 0x7, 0x7, 0x2, 0x3, 0x1000, 0x7ff, 0x8ab, 0x3, 0x54f, 0xb, 0x8, 0x8, 0x80000000, 0x8, 0xff, 0x6, 0x5, 0xfffffd41, 0x8, 0x3, 0xfee, 0x5, 0x7, 0x0, 0x75, 0x4, 0x4, 0x3, 0x3, 0x7, 0x80002, 0x1, 0xd, 0x1, 0x4, 0xffffffff, 0x0, 0x8, 0x10001, 0x0, 0xff, 0x9, 0x1, 0x2], [0x3ff, 0x80000000, 0x4, 0x0, 0x3, 0x401, 0x2, 0xc000, 0x2, 0x4, 0x6, 0x4, 0x7fffffff, 0x1, 0xf, 0x5, 0x6, 0x7, 0x2, 0x738d5311, 0x4, 0x8, 0x400, 0xd, 0x1, 0x4, 0x1dacdc60, 0x7, 0x7, 0x6, 0x5, 0xd, 0x6, 0x10001, 0x200000, 0x0, 0x2, 0x7fffffff, 0x2, 0xffffffff, 0x1, 0x9e8, 0x0, 0x100003, 0xa, 0x14, 0xed5a, 0x2, 0x5, 0xfff, 0x9, 0x7, 0xc82e, 0x9, 0x6, 0x4, 0x1ff, 0x8, 0x9, 0xd7, 0x101, 0x7, 0x5, 0xfffffffa], [0x5, 0x6b30, 0x4, 0xffffffff, 0x9a3, 0x100, 0x9, 0x6, 0x12, 0x5, 0x10001, 0x9, 0x1ff, 0x5, 0x7, 0x3, 0xa291, 0x2, 0x2, 0x7ff, 0x6, 0x9e9c, 0x1004, 0x100, 0x5, 0x81, 0xc9, 0x0, 0x0, 0x5, 0xff, 0x4, 0xfffffffe, 0x5, 0xeadf, 0x1, 0x0, 0x7, 0x8000, 0x7fff, 0x4, 0x9, 0x7, 0x1ee0000, 0x80000001, 0x9, 0x6, 0x0, 0x62d, 0x8, 0x6, 0x1d, 0x3, 0x4, 0x401, 0x8, 0xffffffb8, 0x6, 0x24, 0x4, 0xd, 0x8, 0x0, 0x9]}, 0x45c) socket$inet_udplite(0x2, 0x2, 0x88) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f0000000000)=0x1) 5.232558286s ago: executing program 2 (id=626): syz_emit_ethernet(0x46, &(0x7f0000000640)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x89, 0x1, @private, @local}, "0000000000001700"}}}}}, 0x0) 5.003553947s ago: executing program 1 (id=627): r0 = getpid() r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) read(r1, &(0x7f0000000080)=""/1, 0x1) write$cgroup_pid(r1, &(0x7f00000000c0)=r0, 0x12) close(r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0) openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x141a43, 0x0) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r2, 0x3b8b, &(0x7f0000000240)={0x10, 0x1000000}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f00003cd000/0x1000)=nil, 0x1000, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f000070f000/0x1000)=nil, 0x1000, 0x3, 0x5172, 0xffffffffffffffff, 0x0) 4.308274645s ago: executing program 2 (id=628): syz_read_part_table(0x5eb, &(0x7f0000000f00)="$eJzs2zFo1FccB/DfxRwHSnFxclIHKcVFcfQoKnenohBOsxQpBhQRbzpBOOlBig56FMUbxG4uVrhF7ZTLDZkSEsjUIYQMKYEMWVqSJZClV+7yCm1KSq8kBeHz4eDHe//f/33fO976Dz5pQ/Frt9vNRET3p4gDA7492ioULx8bOV++EZGJmxHx9fef/9B7kkkd3dx2PZHGy2n89s3BzrONS9nW0vXNk7emG0N/LDne/8Whd+3RPTge++x9fubw4yfV0vNa/t5iqb76dGH+2of1Qrl9tdH8eCV78Xbqm011ONUHUYtHcT/GYji+jTtR3WX97wbMf91aOZ09WmpN3D23Vey8mDrT7xr0Xv97vfz+hY2IXv7D4y+/atYvnPrxyKuztcm58lqKruR2vjm2b3sCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/y8bM4cdPqqXntfy9xVJ99enC/LUP64Vy+2qj+fFK9uLt1Deb6nCqD6IWj+J+jEUlKnEnqrsmfPbnQW7n0/f5v+a/bq2c/u1oqTVx99xWsfNi6kzqG9mj8/5DfreX//D4yy+b9Qunckdena1NzpXXDmz3Vf628+j/ewAAAAAAAAAAAAAAAAAAALAXCsXLx0bOl29EZOJmRHzxyzdDvflu+t49k/pOpLqc5t++Odh5tnEp21q6vnny1nTj5zQ/HpkYj4hD79qj//thGNjvAQAA//8Pi5HU") 4.228036253s ago: executing program 4 (id=629): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0300090000000000840000000a000000000000000c2ac27f884e5c3066ec0212305e95ea558f8685d5d97f4817dc2195046e9eb9079aaa29f7121859ea6afd19832815f6487c50ee06c95f34fd3dff8533bb8499ac9dafa6d4fbde16cd35f5b20ca2cdc4360dd99630044c3a9111cc435767feab6d568ed66bf2120beed88408010f67c8ee27321a8a03f623fa510e64e1b87dc9ae1ed017076fab8d04f319d51b619c8eb349bb475f96f483e9a5ff957cfaaf", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='\x00'/28], 0x50) creat(&(0x7f0000000000)='./file0\x00', 0x50) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$loop(0x0, 0xd78, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc)=0x1, 0x8, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000ae8000/0x4000)=nil, 0x4000, 0x1000002, 0x40010, r5, 0xe66ee000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000017c0)=ANY=[@ANYRESHEX], 0x38}, 0x1, 0x0, 0x0, 0x20854}, 0x8081) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) madvise(&(0x7f0000477000/0x3000)=nil, 0x3000, 0x15) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001440)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000600ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae640b1086cda40e00aec58754734be31d750351dc076eb43d9828149d6cb0c729c193838da5d02621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be820400e900e61d81503d3b557f0ec28da23c"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x64, 0x6, 0x6f8, 0x508, 0x508, 0x438, 0x0, 0x438, 0x650, 0x650, 0x650, 0x650, 0x650, 0x6, 0x0, {[{{@ipv6={@private2, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xff000000, 0xffffff00, 0x0, 0xffffff00], 'vlan1\x00', 'veth1\x00', {0xff}, {0xff}, 0x6, 0x3, 0x3, 0x14}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0x1, 0x5}}}, {{@ipv6={@remote, @local, [0x0, 0xffffffff], [0x0, 0xff000000], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11, 0x0, 0x0, 0x4}, 0x0, 0x198, 0x1d8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@remote, [], @ipv6=@private1, [0x0, 0xff000000, 0xffffffff], @ipv4=@multicast2, [0x0, 0xffffffff, 0xffffffff, 0xffffffff], @ipv4=@empty, [0x0, 0x0, 0xff000000, 0xff], 0x0, 0x0, 0x42, 0x4e22, 0x4e24, 0x4e20, 0x4e24, 0x0, 0x23ccf3e9fd2b5143}, 0x0, 0x80, 0x0, 0x4e20, 0x4e24, 0x4e23}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@private2, 0x2c, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xc}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@frag={{0x30}, {[0x3, 0x8], 0xa, 0x0, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@dev, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x758) 2.943685769s ago: executing program 4 (id=630): bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0xffffffff}, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040), 0x6) socket$unix(0x1, 0x1, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast1, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x16}, 0x2c) r5 = bpf$PROG_LOAD(0x5, 0x0, 0xfffffec0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=ANY=[], 0x36) bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x7, 0x0, 0x0) fcntl$dupfd(r5, 0x406, r4) 1.977851157s ago: executing program 1 (id=631): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00'}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ipv6_route\x00') prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@userxattr}]}) chdir(&(0x7f00000003c0)='./bus\x00') symlink(&(0x7f000000a900)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) kexec_load(0x7, 0x0, 0x0, 0x140000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000740)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0xc0185879, &(0x7f0000000000)={@id={0x2, 0x0, @auto="d25aa16472a25a7cbeeb3956fcd307cf"}}) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) write$cgroup_freezer_state(r2, &(0x7f0000000040)='FROZEN\x00', 0x7) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) unshare(0x22020400) r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) connect$bt_rfcomm(r5, 0x0, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001c40), 0x2, 0x0) preadv(r2, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x96, 0x0) 893.778177ms ago: executing program 1 (id=632): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f0000000180)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6865617274626561743d6e6f6e652c67727071756f74612c696e6f646536342c61636c2c6c6f63616c666c6f636b732c005ea7501d3984f30800000034dd9b5f52523eb71133652077aca5d26b513822020aa04ceba373f5ce95c0d1d4d8d88b077307143bab05b944c8717fae9043000a828674b0cdb1a82528e59e857c2049a73f8389f4eb91af6e2f93e4894cc0e776da52222dc59219"], 0x0, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") newfstatat(0xffffffffffffff9c, &(0x7f0000002b80)='./file0\x00', &(0x7f0000002bc0), 0x4000) 848.976329ms ago: executing program 2 (id=633): syz_mount_image$iso9660(&(0x7f0000000cc0), &(0x7f0000000180)='./file1\x00', 0x1004081, &(0x7f0000000040)=ANY=[], 0x2, 0x7f4, &(0x7f0000000d80)="$eJzs3U9oHOfZAPBnFMl2FD5/Id9HPmMcZ2znA5s6ymqVKBU5pJvVSJ5ktSt2V8WmlMTEcjCWk5AQ0pjS1JekLS2lpx7TXEMuubUUWuih7anQHHrpoRDIpSUtLZSWUnDZ2V1r9Wcl/5HlNP39RPadfeeZd953drLPznpnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACASKqzpdJkErW8vnQ6Ha4622wsbDG/395P1xRbrDci6fwX+/bFgW7Vgf9dnX1/5+FoHOo+OxT7OsW+uHzP/fc+8T+jI/3lt+jQzToyfNbY4JMk4uudTl08u7Ky/Mpt6Mgu+taPexP7rnuRv1/tPM5n9bzVyBcq81matxrpzPR06ZFTc610Lq9lrTOtdraQVptZpd1opserJ9LJmZmpNJs401iqz89Walm/8vGHy6XSdPr0xGJWabYa9UeenmhVT+W1Wl6fL2LKpdejE/N4Z0d8Jm+n7ayykKbnL6wsT23X1U7Q5JqavWt2nEMP3fvxax/95cJyZ4cc1kjS2zHLk5Pl8uT0YzOPPV4qjZZL5bUVpXXiWkSMRHQibstOy511zyZ1o709ZsOMiKv/vTNv3nCLRnr5P2qRRz2W4nSkkcZI8bj6NxbVmI1mNGKh8/w3Y+vmb8j////IH3+11XoH838/yx9YnX0wivx/uPvs8LD8v6EXO/A3OqzV+vvd3gzWvRpvxOW4GGdjJVZiOV65mTXuWd/qbfwb2dn25iOLeuTRikbksRCVoibt1aQxE9MxHaV4Nk7FXLQijbnIoxZZtOJMtKIdWbFHVaMZWVSiHY1oRhrHoxonIo3JmImZmIo0spiIM9GIpajHfMxGpWjlfFwotvvUun7d/7XnfvTCrz9+pzN9LWhyi4EknQ9znaA/bxG0Id3fQP7vRIz09u5dyUnskn03+Kru0Ds33LqrRf4fvdPdAAAAAG6jpPj2PYmIsXigmJrLa9mX7nS3AAAAgB1U/K75UKcY60w9EEnn+L+0SeSHu943AAAAYGckxTl2SUSMx4Pdqf7pUpt9CQAAAAD8Gyr+/f9wpxiPeLOocPwPAAAAnzHfGHaN/Y/29K6x21rcm/zkT9FsjiVXFk8/lFyqdOIql+7qLtcrvnitxfbcwWR/r5GimB69fE8SEaPV7FDSv/rlP/d2y0+Kx4OrFyAcdq3/ZJsOxNYdKJ7Ft+NIN+bIuW55rj+nu5bxubyWTVQbtScmk96XI+3XXrzwlSiG/836wv4kzl9YWZ54/qWVc0VfrnRauXKpd3n4pL9URPeEii36crW3BeKBzUc8VpyI0VvveHe9pcHx964mO7L1+JPBdb4VR7sxR8e75fja8e/rrHNy4onJqFT2j7Sz0+3Xrg6MvteLydWR7+2PNrmBV+GtONaNOXb8WLfYpBflNb14cWMvyoPb//q2xXX34p0jb57+688bSTa1XS+mbrEXAHfK+eKqP6tZ6O4iC/3jalcnoa3Lu3f3l7yRd7nzq58y+ssP5LrR2JDd05vJ7m/F8W7M8e7nidGDm+SV0ibv6C9fePkXvXf0R9/7/g++fPiXH6zL6zfQi/fiRDemV8R9PxuSYztj/s66rPpuZ4l3h663VSsnr++dGku6Nx+Kyw9fuHT2heUXll8sl6emS4+WSo+VY6z4qNArhvRU5gH4z7bdPXY++Oq10GF34Uke3eao+r5rPymYiOfjpViJc3GyONsgIh7cvNXxgZ8hnNzmqHV84A4vJ7c5tlyNLa+P3XssiSGxUwNb7P++VxR/u00vCADsgqPb5OEk7u3Of/2/ekusi7grSU5uc9y9Npef6N44t390HMNz+aDf98rP3/YtAgCffVnzk2S8/XbSbOaLz07OzExW2qeytNmoPpM289n5LM3r7axZPVWpz2fpYrPRblT7Xx3PZq20tbS42Gi207lGM11stPLTxZ3f096t31vZQqXezqutxVpWaWVptVFvV6rtdDZvVdPFpadqeetU1iwWbi1m1Xwur1baeaOethpLzWo2kaatLBsIzGezejufy7OxNK+ni818odK8EhG1pYUsnc1a1Wa+2G50G+yvK6/PNZoLRbMTG4f/h93e3gDwafDqG5cvnl1ZWX7l5iZ+ez3Bd3qMAMBasjQAAAAAAAAAAAAAAHz6bTxdr1N7QycCjsVNnz746t64lbMPP3sTn3u/+7LsRIO30s7da17TPb2d5c5vnxueeO7JJy+u1iSjg5v3qTcPnPpdFv3RbdHO5v+nbHaq69v7I/b88Lvdmi8MCU5Gd3ikH0bETSx+NdkiZvffiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgO/8KAAD//wifUTs=") mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) 372.245272ms ago: executing program 2 (id=634): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 329.230161ms ago: executing program 4 (id=635): unshare(0x20000400) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) 174.437968ms ago: executing program 2 (id=636): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x2, 0x3, 0x0, 'queue1\x00'}) 120.022939ms ago: executing program 4 (id=637): setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x0) ioctl$TCSETSW2(r0, 0x5425, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000000)={0x10000000}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500), 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0x20000014}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) add_key$user(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff) socket$kcm(0x10, 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 2 (id=638): socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='mm_khugepaged_scan_pmd\x00', r1, 0x0, 0x2}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4000}, 0x94) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0xc8100, 0x0) ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMRU1(r4, 0x40047452, &(0x7f00000000c0)) r5 = syz_open_dev$swradio(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_G_FREQUENCY(r5, 0xc02c5638, &(0x7f00000001c0)={0x8, 0x3, 0x10}) r6 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): ch file or directory [ 109.478798][ T5916] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 222ms [ 109.497828][ T6150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.47'. [ 109.515361][ T5837] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 109.537275][ T5916] gfs2: fsid=syz:syz.0: jid=0: Done [ 109.565896][ T6142] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 109.674316][ T6142] gfs2: fsid=syz:syz.0: found 1 quota changes [ 109.785566][ T6155] loop1: detected capacity change from 0 to 256 [ 110.110935][ T55] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 110.281061][ T55] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 110.300968][ T55] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 110.334109][ T55] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 110.369746][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.544653][ T6138] loop5: detected capacity change from 0 to 32768 [ 110.623569][ T6138] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 110.642299][ T55] usb 5-1: GET_CAPABILITIES returned 0 [ 110.650375][ T55] usbtmc 5-1:16.0: can't read capabilities [ 110.715156][ T6138] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 110.834461][ T6138] XFS (loop5): Starting recovery (logdev: internal) [ 110.899204][ T6138] XFS (loop5): Ending recovery (logdev: internal) [ 110.980957][ T5916] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 111.159642][ T5835] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 111.171655][ T5916] usb 4-1: Using ep0 maxpacket: 8 [ 111.209431][ T5916] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 111.238698][ T5916] usb 4-1: config 0 has no interface number 0 [ 111.246063][ T5916] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 111.257790][ T5916] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 111.269946][ T5916] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 111.295332][ T5916] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 111.343194][ T5916] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 111.367148][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.386428][ T5916] usb 4-1: config 0 descriptor?? [ 111.421902][ T5916] ldusb 4-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 111.724733][ T5916] usb 4-1: USB disconnect, device number 2 [ 111.780687][ T5916] ldusb 4-1:0.55: LD USB Device #1 now disconnected [ 111.877377][ T6193] loop5: detected capacity change from 0 to 256 [ 111.888902][ T6193] vfat: Bad value for 'fmask' [ 111.934248][ T5901] usb 5-1: USB disconnect, device number 3 [ 112.391386][ T6190] loop1: detected capacity change from 0 to 32768 [ 112.425295][ T6198] loop0: detected capacity change from 0 to 512 [ 112.495243][ T6190] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 112.504733][ T6198] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.62: corrupted in-inode xattr: invalid ea_ino [ 112.522217][ T6198] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.62: couldn't read orphan inode 15 (err -117) [ 112.561690][ T6198] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.758223][ T6198] EXT4-fs (loop0): shut down requested (1) [ 112.769243][ T6204] loop2: detected capacity change from 0 to 4096 [ 112.898591][ T5827] ocfs2: Unmounting device (7,1) on (node local) [ 113.075216][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.210645][ T6215] ALSA: seq fatal error: cannot create timer (-16) [ 113.245144][ T6218] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.308031][ T6213] process 'syz.3.68' launched './file0' with NULL argv: empty string added [ 113.342669][ T6211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.738773][ T6220] loop0: detected capacity change from 0 to 32768 [ 113.794955][ T6220] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.69 (6220) [ 113.851819][ T6220] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 113.862160][ T6220] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm [ 113.871012][ T6220] BTRFS info (device loop0): disk space caching is enabled [ 113.878342][ T6220] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 114.211944][ T6220] BTRFS info (device loop0): rebuilding free space tree [ 114.229029][ T6220] BTRFS info (device loop0): disabling free space tree [ 114.235999][ T6220] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 114.245861][ T6220] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 114.583917][ T6245] loop3: detected capacity change from 0 to 32768 [ 114.595540][ T6245] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.73 (6245) [ 114.608861][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 114.630621][ T6245] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 114.641520][ T6245] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.650762][ T6245] BTRFS info (device loop3): disk space caching is enabled [ 114.658174][ T6245] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 114.791364][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.802944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.998788][ T6245] BTRFS info (device loop3): rebuilding free space tree [ 115.018231][ T6245] BTRFS info (device loop3): disabling free space tree [ 115.028500][ T6245] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 115.040471][ T6245] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 115.073912][ T5823] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 115.354624][ T6245] BTRFS info (device loop3): balance: start -d -m [ 115.376960][ T6245] BTRFS info (device loop3): relocating block group 6881280 flags data|metadata [ 116.254788][ T6245] BTRFS info (device loop3): relocating block group 5242880 flags data|metadata [ 116.300996][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 116.334473][ C1] vcan0: j1939_tp_rxtimer: 0xffff888032dfcc00: rx timeout, send abort [ 116.418834][ T6245] BTRFS info (device loop3): found 9 extents, stage: move data extents [ 116.461167][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.461243][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.469483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.478508][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.486396][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.843998][ C1] vcan0: j1939_tp_rxtimer: 0xffff888032dfcc00: abort rx timeout. Force session deactivation [ 117.042578][ T6245] BTRFS info (device loop3): found 1 extents, stage: update data pointers [ 117.075383][ T6245] BTRFS info (device loop3): balance: ended with status: 0 [ 117.228653][ T6281] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'. [ 117.449463][ T6287] loop1: detected capacity change from 0 to 512 [ 117.504338][ T6287] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 117.551135][ T5837] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 117.571305][ T6287] EXT4-fs (loop1): invalid journal inode [ 117.591511][ T6287] EXT4-fs (loop1): can't get journal size [ 117.773797][ T6287] EXT4-fs (loop1): 1 truncate cleaned up [ 117.792642][ T6293] syzkaller0: entered promiscuous mode [ 117.826211][ T6287] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.876147][ T6293] syzkaller0: entered allmulticast mode [ 118.199546][ T6303] netlink: 24 bytes leftover after parsing attributes in process `syz.0.85'. [ 118.654744][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.412236][ T6316] syz.2.91: attempt to access beyond end of device [ 119.412236][ T6316] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 119.445303][ T6316] (syz.2.91,6316,1):ocfs2_get_sector:1714 ERROR: status = -5 [ 119.454566][ T6316] (syz.2.91,6316,1):ocfs2_sb_probe:753 ERROR: status = -5 [ 119.468710][ T6316] (syz.2.91,6316,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 119.480441][ T6316] (syz.2.91,6316,1):ocfs2_fill_super:1177 ERROR: status = -5 [ 119.865931][ T6324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.120328][ T6337] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.644891][ T6341] loop2: detected capacity change from 0 to 32768 [ 120.690005][ T6341] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 120.698428][ T6341] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 120.757083][ T6341] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 120.781907][ T55] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 120.790842][ T55] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 121.129189][ T55] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 338ms [ 121.159531][ T55] gfs2: fsid=syz:syz.0: jid=0: Done [ 121.170881][ T6341] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 121.191179][ T933] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 121.389505][ T6341] gfs2: fsid=syz:syz.0: found 1 quota changes [ 121.461873][ T933] usb 6-1: Using ep0 maxpacket: 16 [ 121.526767][ T933] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 121.568751][ T933] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 121.600260][ T933] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.680904][ T933] usb 6-1: Product: syz [ 121.720949][ T933] usb 6-1: Manufacturer: syz [ 121.750861][ T933] usb 6-1: SerialNumber: syz [ 121.773834][ T933] usb 6-1: config 0 descriptor?? [ 121.815641][ T933] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 121.866162][ T933] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 122.187249][ T6364] loop1: detected capacity change from 0 to 256 [ 122.368676][ T6357] loop4: detected capacity change from 0 to 32768 [ 122.443460][ T933] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 122.544363][ T6357] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 122.916905][ T933] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 122.925565][ T6357] XFS (loop4): Ending clean mount [ 122.950935][ T933] em28xx 6-1:0.0: board has no eeprom [ 123.895609][ T6384] loop2: detected capacity change from 0 to 131072 [ 123.990947][ T933] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 124.053508][ T933] em28xx 6-1:0.0: dvb set to bulk mode. [ 124.063862][ T5916] em28xx 6-1:0.0: Binding DVB extension [ 124.136815][ T6384] F2FS-fs (loop2): Mounted with checkpoint version = 1b41e955 [ 124.224134][ T933] usb 6-1: USB disconnect, device number 2 [ 124.312423][ T933] em28xx 6-1:0.0: Disconnecting em28xx [ 124.313427][ T6384] F2FS-fs (loop2): f2fs_convert_inline_folio: corrupted inline inode ino=7, i_addr[0]:0xff0000, run fsck to fix. [ 124.442808][ T6384] F2FS-fs (loop2): f2fs_convert_inline_folio: corrupted inline inode ino=7, i_addr[0]:0xff0000, run fsck to fix. [ 124.545647][ T6375] loop1: detected capacity change from 0 to 32768 [ 124.551881][ T5916] em28xx 6-1:0.0: Registering input extension [ 124.574913][ T933] em28xx 6-1:0.0: Closing input extension [ 124.611550][ T5828] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 124.632210][ T6396] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 124.635018][ T6375] XFS: attr2 mount option is deprecated. [ 124.686261][ T6375] XFS: ikeep mount option is deprecated. [ 124.785663][ T6403] netlink: 'syz.0.114': attribute type 4 has an invalid length. [ 124.797635][ T933] em28xx 6-1:0.0: Freeing device [ 124.833576][ T6375] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 125.093935][ T6412] netlink: 24 bytes leftover after parsing attributes in process `syz.3.116'. [ 125.102680][ T6414] vlan0: entered promiscuous mode [ 125.204063][ T6414] team0: Port device vlan0 added [ 125.226051][ T6375] XFS (loop1): Ending clean mount [ 125.262358][ T933] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 125.306064][ T6375] XFS (loop1): Quotacheck needed: Please wait. [ 125.491675][ T6375] XFS (loop1): Quotacheck: Done. [ 125.499179][ T933] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 125.528588][ T933] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.569363][ T933] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 125.611991][ T933] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 125.648076][ T933] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.684494][ T6419] loop2: detected capacity change from 0 to 4096 [ 125.699267][ T933] usb 6-1: config 0 descriptor?? [ 125.746299][ T5827] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 125.827631][ T6419] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 125.853238][ T6426] input: syz0 as /devices/virtual/input/input6 [ 125.933128][ T55] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 125.983811][ T6419] ntfs3(loop2): Failed to load $Extend (-22). [ 125.990228][ T6419] ntfs3(loop2): Failed to initialize $Extend. [ 126.123811][ T55] usb 1-1: Using ep0 maxpacket: 8 [ 126.135054][ T55] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 126.144350][ T55] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 126.166724][ T55] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 126.191397][ T933] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 126.221017][ T55] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 126.271243][ T55] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 126.281144][ T933] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 126.344300][ T55] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 126.392840][ T55] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.682081][ T55] usb 1-1: GET_CAPABILITIES returned 0 [ 126.701688][ T55] usbtmc 1-1:16.0: can't read capabilities [ 126.822827][ T5916] usb 6-1: USB disconnect, device number 3 [ 126.907167][ T933] usb 1-1: USB disconnect, device number 2 [ 127.183864][ T6445] loop2: detected capacity change from 0 to 256 [ 127.237773][ T6445] exFAT-fs (loop2): failed to load upcase table (idx : 0x000103df, chksum : 0xf3211d0a, utbl_chksum : 0xe619d30d) [ 128.868908][ T6463] evm: overlay not supported [ 129.618350][ T6464] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 129.641766][ T6464] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 130.486700][ T6473] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 130.800523][ T6477] netlink: 68 bytes leftover after parsing attributes in process `syz.3.134'. [ 131.694036][ T6492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.140'. [ 131.759656][ T6492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.140'. [ 132.555577][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.563717][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.380426][ T6507] block nbd0: shutting down sockets [ 134.477740][ T6517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.151'. [ 134.518320][ T6517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.151'. [ 134.671528][ T5816] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 134.799810][ T6530] binder: 6527:6530 ioctl c0306201 2000000003c0 returned -14 [ 135.038582][ T6529] loop0: detected capacity change from 0 to 32768 [ 135.055132][ T6529] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.153 (6529) [ 135.076996][ T6529] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 135.087863][ T6529] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm [ 135.096798][ T6529] BTRFS info (device loop0): disk space caching is enabled [ 135.104080][ T6529] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 135.139489][ T5816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.185567][ T5816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.220639][ T5816] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 135.240556][ T5816] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.267640][ T5816] usb 5-1: config 0 descriptor?? [ 135.318794][ T6529] BTRFS info (device loop0): rebuilding free space tree [ 135.336395][ T6529] BTRFS info (device loop0): disabling free space tree [ 135.343422][ T6529] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 135.355066][ T6529] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 135.486571][ T6519] binder: 6515:6519 ioctl c0306201 200000000640 returned -22 [ 135.515468][ T5816] usbhid 5-1:0.0: can't add hid device: -71 [ 135.532425][ T5901] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 135.546569][ T5816] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 135.605955][ T5816] usb 5-1: USB disconnect, device number 4 [ 135.754848][ T5901] usb 6-1: Using ep0 maxpacket: 16 [ 135.794711][ T5901] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 135.912779][ T5901] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 135.912841][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.912865][ T5901] usb 6-1: Product: syz [ 135.912882][ T5901] usb 6-1: Manufacturer: syz [ 135.912900][ T5901] usb 6-1: SerialNumber: syz [ 136.030675][ T5901] usb 6-1: config 0 descriptor?? [ 136.126838][ T5901] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 136.168099][ T5901] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 136.311093][ T5916] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 136.381316][ T5823] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 136.503880][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 136.516843][ T6573] loop3: detected capacity change from 0 to 256 [ 136.528759][ T5916] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 136.578233][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 136.614963][ T5916] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 136.637872][ T5916] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 136.668913][ T6573] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 136.680856][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.688988][ T5916] usb 3-1: Product: syz [ 136.750274][ T5916] usb 3-1: Manufacturer: syz [ 136.750350][ T5901] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 136.755881][ T6573] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 136.783679][ T5916] usb 3-1: SerialNumber: syz [ 136.829744][ T5916] usb 3-1: config 0 descriptor?? [ 136.893104][ T5916] ums-isd200 3-1:0.0: USB Mass Storage device detected [ 137.117902][ T5916] scsi host1: usb-storage 3-1:0.0 [ 137.359820][ T5916] usb 3-1: USB disconnect, device number 2 [ 137.632494][ T6591] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 137.640546][ T6591] syzkaller0: entered promiscuous mode [ 137.723822][ T6591] syzkaller0: entered allmulticast mode [ 137.817520][ T5901] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 137.837183][ T5901] em28xx 6-1:0.0: board has no eeprom [ 137.931126][ T5901] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 138.050352][ T5901] em28xx 6-1:0.0: dvb set to bulk mode. [ 138.212653][ T5816] em28xx 6-1:0.0: Binding DVB extension [ 138.561984][ T5901] usb 6-1: USB disconnect, device number 4 [ 138.569325][ T5901] em28xx 6-1:0.0: Disconnecting em28xx [ 138.811660][ T6603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.174'. [ 138.842248][ T5816] em28xx 6-1:0.0: Registering input extension [ 138.859932][ T5901] em28xx 6-1:0.0: Closing input extension [ 138.972862][ T5901] em28xx 6-1:0.0: Freeing device [ 139.892412][ T5901] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 140.222112][ T6624] batman_adv: batadv0: Adding interface: dummy0 [ 140.242768][ T30] audit: type=1800 audit(1751469063.620:3): pid=6620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.180" name="bus" dev="overlay" ino=278 res=0 errno=0 [ 140.263140][ C0] vkms_vblank_simulate: vblank timer overrun [ 140.286031][ T5901] usb 6-1: Using ep0 maxpacket: 16 [ 140.299617][ T6622] loop0: detected capacity change from 0 to 2048 [ 140.299947][ T6618] netlink: 'syz.1.179': attribute type 1 has an invalid length. [ 140.311188][ T6624] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.316308][ T6618] netlink: 224 bytes leftover after parsing attributes in process `syz.1.179'. [ 140.354140][ T5901] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 140.362392][ T5901] usb 6-1: config 0 has no interface number 0 [ 140.378709][ T5901] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 140.389795][ T6624] batman_adv: batadv0: Interface activated: dummy0 [ 140.401105][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.429704][ T5901] usb 6-1: Product: syz [ 140.429730][ T5901] usb 6-1: Manufacturer: syz [ 140.429749][ T5901] usb 6-1: SerialNumber: syz [ 140.453731][ T5901] usb 6-1: config 0 descriptor?? [ 140.462338][ T5901] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 140.532375][ T6630] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 140.553996][ T6626] batadv0: mtu less than device minimum [ 140.589663][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.601943][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.613934][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.625834][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.637816][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.649811][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.661832][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.673824][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.685787][ T6626] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 140.745585][ T6630] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 140.793931][ T6630] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 140.866600][ T6630] Remounting filesystem read-only [ 141.025368][ T224] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.223464][ T51] Bluetooth: hci4: Malformed LE Event: 0x1b [ 142.530948][ T55] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 142.692679][ T5901] gspca_spca1528: reg_r err -71 [ 142.709670][ T5901] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71 [ 142.741598][ T55] usb 4-1: Using ep0 maxpacket: 16 [ 142.749022][ T5901] usb 6-1: USB disconnect, device number 5 [ 142.769574][ T55] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.790248][ T6667] netlink: 'syz.0.195': attribute type 1 has an invalid length. [ 142.800205][ T55] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.827924][ T55] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 142.861252][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.876619][ T55] usb 4-1: Product: syz [ 142.883203][ T55] usb 4-1: Manufacturer: syz [ 142.887921][ T55] usb 4-1: SerialNumber: syz [ 143.121184][ T55] usb 4-1: 0:2 : does not exist [ 143.140156][ T6672] Invalid ELF header magic: != ELF [ 143.141611][ T30] audit: type=1804 audit(1751469066.540:4): pid=6672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.198" name="/newroot/33/bus/bus" dev="overlay" ino=212 res=1 errno=0 [ 143.964486][ T55] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 143.998713][ T55] usb 4-1: USB disconnect, device number 3 [ 144.270195][ T6525] udevd[6525]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 144.392981][ T6692] netlink: 40 bytes leftover after parsing attributes in process `syz.3.204'. [ 144.558016][ T6689] tipc: Started in network mode [ 144.570532][ T6689] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 144.581248][ T6689] tipc: Enabled bearer , priority 0 [ 144.596997][ T6695] netlink: 12 bytes leftover after parsing attributes in process `syz.3.204'. [ 145.047164][ T6706] syz_tun: entered allmulticast mode [ 145.155994][ T6705] syz_tun: left allmulticast mode [ 145.884087][ T5931] tipc: Node number set to 11578026 [ 145.947412][ T6714] netlink: 'syz.5.212': attribute type 12 has an invalid length. [ 148.537325][ T6736] syz.2.220 (6736): drop_caches: 2 [ 148.811634][ T6742] loop4: detected capacity change from 0 to 512 [ 148.915762][ T6742] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 149.270334][ T6742] EXT4-fs (loop4): 1 truncate cleaned up [ 149.398645][ T6742] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.743882][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.156398][ T6765] netlink: 20 bytes leftover after parsing attributes in process `syz.4.230'. [ 150.169208][ T30] audit: type=1326 audit(1751469073.560:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 150.303197][ T30] audit: type=1326 audit(1751469073.560:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 150.446313][ T30] audit: type=1326 audit(1751469073.560:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 150.465436][ T6746] loop2: detected capacity change from 0 to 32768 [ 150.521039][ T30] audit: type=1326 audit(1751469073.560:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 150.797940][ T30] audit: type=1326 audit(1751469073.560:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 150.915539][ T6746] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 150.987951][ T6746] XFS (loop2): Ending clean mount [ 151.005127][ T6746] XFS (loop2): Quotacheck needed: Please wait. [ 151.041028][ T30] audit: type=1326 audit(1751469073.560:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 151.046516][ T6746] XFS (loop2): Quotacheck: Done. [ 151.237520][ T30] audit: type=1326 audit(1751469073.560:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 151.334898][ T30] audit: type=1326 audit(1751469073.560:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 151.390221][ T30] audit: type=1326 audit(1751469073.560:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 151.471625][ T30] audit: type=1326 audit(1751469073.560:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fcd29f8e929 code=0x7ffc0000 [ 151.712019][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 151.946100][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 151.981306][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 152.059292][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.084194][ T9] usb 5-1: Product: syz [ 152.101034][ T9] usb 5-1: Manufacturer: syz [ 152.105708][ T9] usb 5-1: SerialNumber: syz [ 152.146721][ T9] usb 5-1: config 0 descriptor?? [ 152.213282][ T5832] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 152.220035][ T9] appledisplay 5-1:0.0: Could not find int-in endpoint [ 152.236382][ T9] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 153.097394][ T933] usb 5-1: USB disconnect, device number 5 [ 154.813428][ T6802] block nbd5: shutting down sockets [ 156.490164][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 156.490188][ T30] audit: type=1800 audit(1751469079.880:74): pid=6820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.247" name="dmabuf" dev="dmabuf" ino=2 res=0 errno=0 [ 156.740998][ T51] Bluetooth: hci5: command tx timeout [ 156.830998][ T6817] loop1: detected capacity change from 0 to 40427 [ 156.853600][ T6817] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 156.861920][ T6817] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 156.871402][ T6817] F2FS-fs (loop1): build fault injection rate: 351 [ 157.096904][ T6817] syz.1.245: attempt to access beyond end of device [ 157.096904][ T6817] loop1: rw=8192, sector=40424, nr_sectors = 8 limit=40427 [ 157.110774][ T6817] syz.1.245: attempt to access beyond end of device [ 157.110774][ T6817] loop1: rw=8192, sector=40432, nr_sectors = 8 limit=40427 [ 157.124605][ T6817] syz.1.245: attempt to access beyond end of device [ 157.124605][ T6817] loop1: rw=8192, sector=40440, nr_sectors = 8 limit=40427 [ 157.138449][ T6817] syz.1.245: attempt to access beyond end of device [ 157.138449][ T6817] loop1: rw=8192, sector=40448, nr_sectors = 8 limit=40427 [ 157.152473][ T6817] syz.1.245: attempt to access beyond end of device [ 157.152473][ T6817] loop1: rw=8192, sector=40456, nr_sectors = 8 limit=40427 [ 157.167629][ T6817] syz.1.245: attempt to access beyond end of device [ 157.167629][ T6817] loop1: rw=8192, sector=40464, nr_sectors = 8 limit=40427 [ 157.181438][ T6817] syz.1.245: attempt to access beyond end of device [ 157.181438][ T6817] loop1: rw=8192, sector=40472, nr_sectors = 8 limit=40427 [ 157.195189][ T6817] syz.1.245: attempt to access beyond end of device [ 157.195189][ T6817] loop1: rw=8192, sector=40480, nr_sectors = 8 limit=40427 [ 157.208998][ T6817] syz.1.245: attempt to access beyond end of device [ 157.208998][ T6817] loop1: rw=8192, sector=40488, nr_sectors = 8 limit=40427 [ 157.222877][ T6817] syz.1.245: attempt to access beyond end of device [ 157.222877][ T6817] loop1: rw=8192, sector=40496, nr_sectors = 8 limit=40427 [ 157.288487][ T6817] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-5) [ 157.396756][ T6826] loop5: detected capacity change from 0 to 128 [ 157.525927][ T6826] EXT4-fs: Ignoring removed nobh option [ 158.002790][ T6826] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 158.092301][ T6826] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff) ½0=Ò k"0c³CÞ;å.ÀºEÈ@ÞÝw÷ÉÔ…Hiò=¼Rv©™[s;ݧõ8[ †µUxR©ª@å¾Þõ]u+¸'¯Þò“,]u²¨”ÖÐ g‡ª‰›(²¤ë£ÒÍ0ÜwèÀeÍ…z$aá¹’ãu§b9›yû˜ç¯YE)&Oþ)Ÿ‹6ø“b;æÁ©¡yg¾Uü4>´rÉ“´Žt€_ÆœàʘÚG‚†Ã0µØ0Hö”ŽÑVpẑEŠ=N© OeÝ¢Ï2ûæ"yÄJ½Iª†èÝz‰F°<@MS0êQ¥¤up¥øQ¯ʃ’´¥ølƒ’~™ñ7¿çMüžÂؤZGõk½›×íφÈÛwðW·§›_F•°‹cã1×`LÞéŠÏ챈*‘]Ðä°kjF‡U)B–6Ñ=xŒ}³í<˜úiä&vÛ 5@½‰3£ûw]+ú‹ÏÎáÇ$Ì6´_§)¦s½\ç( µH˜‘co bxz$!/ Î*ǽû ˆM3…ËG‡¼¦v[Ȁ¥mތ˖VP§CHØ\«üiÎ>€[4OÑñöwùO_ÑÆ;þø¨öÕ½†a,µÃaÓxÏ0 2a0ˆs¹1œ¼=Ï*¤*Š$þ»S8 ŽÆ+èW1E$”ÆmCK-ÁX_É^y—b1²À9õúQsÙîü'ê°CŒ9ÁñÓwBà°x(›„Ñ›‰ö·…"¯ÐuƒÏ›B«ÑI.XÕïOÚW¸­Zétp»0ÚÇ\PÖ‚ŒòXÎl¥fw;hB²? ŸÂe Þ#`!ödܱ Œo7¥ZlÇ‚¾©`¹ :‰“ýÅ[Ì!vHDÒVû€‘â.MŸgŽ“¹` hZ q­ƒØCÎ>Ô–’E8ĵôq©Ê%SËS·å§*vÔiü#yIWg¢ΙrÞ#ƒ…-¨¦Ô>6lÚc~cà‚²×× .k à7‡Áa#ßJ#÷'NÑN¹·&G]BÂVŸ3È^“"ûô7·ïI+ |£Æ¬¡ž±¹ nŸ‡ŠÎášÐî^F/’8£¹ù'U잦"ïh7&¬1x}O¦ Չ܌sQ"‘:oêLÇf…æƒz}öonùŠ˜ø=Lò»±Fl>¶åàÄËÌ=O£I„áêÒÝø¹éœÐ…9gâ6vß8€DïQHwYǺԒ_fÎ’ü·„‰|qÍ™ƒ'0Y^˜}íW_å³é“ÝÏ{S¼q*‰Ñ{ÒéºWUÓJ¸ªŒ+-TZ7c.Ý÷â¨% ,l6PŽXò6Å? |’ñ9eJ5ì<°›)œ \ˆ8÷ûVóò–Y©Í%v59C%ªwYzÕí2˾¨~Àòšúáúi5îgšR÷Œ‚Ð(\?ņ«;ˆ1!†Jq+tôŒ¹+øŒ5¶Ô·°bNþu£ ÓaY=ãñH©Ìö *9 3Zä\—Pˆ‹¦åWªð'À¶œ_n\‚I¶2×OWE„GR^…Y ^—»2æn« I¸Ú¤Ë­üoÖ+Ó…âJ¶˜º¤\ò0©ü{còŒÜT,—‡Ðg bJMÝãÆ%îýðºKÑìÊ{;. uiT-©Á[…ÀÞ+ðÉìx:‚†%y1zsY<$]cp¥qo4ùß@Dñ„\aÊ)#óŸåGÈ­‘@Ó ·'걜Œz!'‹è?C 1ƒñ¦ë³y§Y «(f€1ýGà˜©¡ž™WZ©Ï‘ç¼Ks~èìe÷˜îq°šg…ÀOþï´‚3îmý™Ím„ÐŽåä×zAŠŸóXË­e`]²†ß³Ù[ 159.276412][ T5901] usb 6-1: new high-speed USB device number 6 using dummy_hcd áAxÔvÖÏ+F¼»¶ùñîê¬ë0£—¬Üï?Oø}†.Ì<{„ƒ‚GñÞNJ÷kÒ¿2˜‡šYÃŒ;Tc÷.c&âÍ’&jäzŒRΉc“ȧé¹Ê- îÕzjýz/w$²â(>¼ÒT ”|Ôh‹ÊýÍ3 ÓÀ 7ð`(*ûì¦úéxÃk"ÞºùGzR…òú±AoOäź™:m@dcÜ~້Éî–]°F#§„ø<ÉÐÈHÓKœS¿_ }å ¥&4Ò½¥:– Bƒ@Y»a‹èH{€Iêȃ¢1À/Žt‡683Ù-ªHèÓ‡ÕŸOŽ6dÓÖg;ü„zÕá¿æG·Xê4WÐ6BÛg‘í³\¨"\‹V[1¯C³ç¡ cÀ½[H+í´ó™QçˆK°¾lÍ,NJçèTt0 ôêáO3 «~ÿ7ÄT7æ˜iò†‚ìÃBJ*à©—Mï<OËbù4Ï2Ù¬…x/àÉÏ­Ö:+¨€Þ‰ãß3l"0ËZ¿d®O#ýÃ̵G<'„-ÊP„%¶p»žÀmxB?=Ìž êKÏå;¢¤Âm$8¡™µ¹·ª[ 159.332808][ T6838] netlink: 'syz.4.252': attribute type 1 has an invalid length. I@¿;¥ÍŠrmDD"…÷©ÿÄeÑ€>wÿåj&/oc¹ÿáiˆ!iòP_yQ2¨3@†Sèºv³—yAe]Q3œL.Õùp9^€:êèl‚‘Ÿ~ðXöƒŒ±zÔÂ~MÿÏ& H~‚hó !Ôc·N'á²Ð¾Z8í £a–êµõÏ€LRß%Å(Þ…Ðÿ]åÃZG”ÖÓ…Ô–°ºjçÁŸ®3¿ùD õ“C9à°ü§R8„ M¹2æxZý²bÀŒ%„#Rž»|fÍÅ漮䷓Èl_Ià\G_b‘h§Vi×ô?ÓNfgV¾BpI+¢ëh9ãµ?ªæ ïMvÀsîÀ½¹>Å'Çp›MX¥sQâ.™`ìÌläqëx©ÖIóê¶z4Rg[ƒÒªa_®^íAHzôÎz/fš2=ah×ÂeRW³ô³Î5: &É6„k,c’š›æÀ#‡VIVHF¿¦Ã`à²óù±‚ éWèVo&Wõ’lÚËëIirŠ•‚·³æÚdÿcÿ¦áË Ø2È-¤»Äðeƒd¸ŒDÛ*Žñ.=÷8ó—´¦ùÝ;ø Ó?íw¤ž¡»1)nÊß±[§uyøS W¸Òq…·¦5ï'Zb·ÊŒÀ—0yùm:åå}kk™´ |æ´V“×’;¬%×+îlÀ;·HŠ°ï#°ìoŸFœù€J÷;öÎ !YgŽòe4Ëóð<;ýϹ®ˆØ#~­•¦™OpµLª}qü(Qê¶;‡¤gj<Ìó N%ŽüQÁ=@£~NHNß„0‘4Ùè¿ ‚³›†gÅ«Êø¯GÇ,S0lâ,«åÃwm";öæÚïoÓÑûù涠`ŽHà7íÑvòÐå‘Ãâ½Iüj϶Uß(Á˜³þ³‹cçÞ—ŒY­mO[ïA¾•YÉœ•0Ï€`‘Ø;‰W±©dÀªð×!ÐxX~# µ–Ëÿ; ûàäÌâ`VHëˆdUü„“°+ê“ø*íus‡ãþ^[6;מù9[<µûíÁ¯*I41Á=„ÆE0´A¥²ÏêÆÆPn‚Á]“-„Y¹’¥ÔÃÍŒýï@z=ðïÅò‰Õ8·†àÞÉ[wñÝ+¯»´ØØ¿ÑbMUlì•æÐe*ß4xå ½ƒÓ8³Xüp€|&ÿd_ ÊšÖµÀËùì->…Eè¡k]«Pת” _pvš«S.ÄÊRúû^üfx,^É}m÷VŸ5p/Ó¯ù¾YNÄÇŠS°9i`ØP€!‘(œm[,|"¥ûáF ¸çw]×eü4w¼~ÉÒh¡ÜÜ29 œ¨½bÅÚ¬@ñ™×¯˜?ÐðT­ÄÑæR¯›¶>KÒÛÚyZ+bt«ÚžW Â-bQõÕŠ ~ìf£i†hv‡^€ç|/˜xÅ$,YÕÕí 㣖ƒAœêÉ´ÃVÊGáHLSMKÌ*SuÝÊã—L§ãÝ­ð8*Ì1m&ÞúQìópÏ¿5ƒæµ=ùXŸ¥­ú¤ Œ:==öB>];oFÒÈçå jö+ X„þsëm‘ogI OP瀎Ž›‹p±=w•«ñ“ûú姩!z÷¢÷[È­±×‚G$ë[ûniUJœ\œBÔ°ǯJ¨Ûïz¢䲞G«èYE¿]Apaxeê‰&1][ 159.485424][ T5901] usb 6-1: config index 0 descriptor too short (expected 47378, got 18) Á/hâKDRkZ*°îE°k7ŸÜªcÐ , Ùk*Êu?'[ 159.496062][ T5901] usb 6-1: config 228 has too many interfaces: 187, using maximum allowed: 32 «†rÏ“kV}'r¦eàùSJÖÞ¦kpá„”ý¦³ð¿Ròó œ$šH$[ 159.521692][ T5901] usb 6-1: config 228 has an invalid descriptor of length 199, skipping remainder of the config ëÿ.Ä`ü›{“´“«­Ô^¾ýàç¦DYëÆÝÏ ÿïÛ†Idmy/kQm¶ëÌÏÒ£Ê9¹†tàÄôF˜VÜ|¦A\`K—Gëô‰ÿJÓè˜%ô.í©R Dh)ŽøT"/0ê¤Kâh»BçöÕûô&ýƈ“ÒJ¶+a z9ÝY2®«z—˜…Å ÄÚãdXÑ[E E³¢J¸ižVAoU˜m4T„[Ó-½>`Ѥg-;¨“3e-ú4$¾ë…‹ô’¯º6#<[ 159.884936][ T5901] usb 6-1: string descriptor 0 read error: -71 [ 159.933430][ T5901] usb 6-1: USB disconnect, device number 6 [ 160.408753][ T6851] mmap: syz.0.256 (6851) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 160.657673][ T13] hfsplus: b-tree write err: -5, ino 4 [ 160.995868][ T6859] netlink: 'syz.0.259': attribute type 4 has an invalid length. [ 161.103717][ T6861] netlink: 'syz.0.259': attribute type 4 has an invalid length. [ 161.771522][ T5835] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 162.095551][ T30] audit: type=1800 audit(1751469085.510:75): pid=6868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.261" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 162.151228][ T9] libceph: connect (1)[c::]:6789 error -101 [ 162.170252][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 162.187984][ T9] libceph: connect (1)[c::]:6789 error -101 [ 162.204820][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 162.474080][ T5916] libceph: connect (1)[c::]:6789 error -101 [ 162.480227][ T5916] libceph: mon0 (1)[c::]:6789 connect error [ 162.531381][ T5901] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 162.967327][ T6870] ceph: No mds server is up or the cluster is laggy [ 163.016998][ T9] libceph: connect (1)[c::]:6789 error -101 [ 163.032605][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 163.104793][ T5901] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 163.192190][ T5901] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 163.214315][ T5901] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 163.231452][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.488811][ T5901] usb 2-1: GET_CAPABILITIES returned 0 [ 163.497494][ T5901] usbtmc 2-1:16.0: can't read capabilities [ 163.789171][ T5901] usb 2-1: USB disconnect, device number 3 [ 164.172402][ T5842] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 164.191345][ T5842] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 164.201175][ T5842] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 164.230743][ T5842] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 164.240743][ T5842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 164.307975][ T6892] loop2: detected capacity change from 0 to 1024 [ 164.593679][ T6894] loop1: detected capacity change from 0 to 512 [ 164.696424][ T6894] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 165.306154][ T6894] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.271: iget: bogus i_mode (5) [ 165.404895][ T6894] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.271: couldn't read orphan inode 15 (err -117) [ 165.437468][ T6514] hfsplus: b-tree write err: -5, ino 4 [ 165.513227][ T6894] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.562321][ T6894] ext2 filesystem being mounted at /46/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.237047][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.343139][ T5842] Bluetooth: hci6: command tx timeout [ 166.490541][ T6909] netlink: 5128 bytes leftover after parsing attributes in process `syz.1.273'. [ 166.526086][ T6909] netlink: 5128 bytes leftover after parsing attributes in process `syz.1.273'. [ 166.553444][ T6909] netlink: 584 bytes leftover after parsing attributes in process `syz.1.273'. [ 166.649466][ T6913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.275'. [ 166.677803][ T6838] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 166.831426][ T933] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 167.084332][ T933] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 167.120974][ T933] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 167.150846][ T6925] netlink: 'syz.2.279': attribute type 10 has an invalid length. [ 167.170283][ T933] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 167.192340][ T6925] netlink: 40 bytes leftover after parsing attributes in process `syz.2.279'. [ 167.211459][ T933] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 167.227633][ T6925] dummy0: entered promiscuous mode [ 167.234172][ T933] usb 2-1: SerialNumber: syz [ 167.326185][ T6925] bridge0: port 3(dummy0) entered blocking state [ 167.381085][ T6925] bridge0: port 3(dummy0) entered disabled state [ 167.433440][ T6934] loop5: detected capacity change from 0 to 1024 [ 167.451316][ T6925] dummy0: entered allmulticast mode [ 167.497468][ T933] usb 2-1: 0:2 : does not exist [ 167.509060][ T6925] bridge0: port 3(dummy0) entered blocking state [ 167.516362][ T6925] bridge0: port 3(dummy0) entered forwarding state [ 167.538240][ T933] usb 2-1: unit 255 not found! [ 167.589953][ T933] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5) [ 167.700534][ T933] usb 2-1: USB disconnect, device number 4 [ 167.831450][ T6525] udevd[6525]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 168.409918][ T6948] loop5: detected capacity change from 0 to 64 [ 168.413684][ T5842] Bluetooth: hci6: command tx timeout [ 168.742739][ T6948] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 168.839520][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.914011][ T6888] chnl_net:caif_netlink_parms(): no params data found [ 169.468697][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.551206][ T5842] Bluetooth: hci6: command tx timeout [ 171.140983][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.175714][ T6970] netlink: 'syz.4.293': attribute type 4 has an invalid length. [ 171.230981][ T6970] netlink: 'syz.4.293': attribute type 4 has an invalid length. [ 171.356196][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.630018][ T6888] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.653713][ T6984] loop4: detected capacity change from 0 to 2048 [ 171.668378][ T6888] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.690539][ T6888] bridge_slave_0: entered allmulticast mode [ 171.725662][ T6888] bridge_slave_0: entered promiscuous mode [ 171.774715][ T6888] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.792534][ T6984] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 171.816298][ T6888] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.840639][ T6888] bridge_slave_1: entered allmulticast mode [ 172.106819][ T6888] bridge_slave_1: entered promiscuous mode [ 172.577352][ T5842] Bluetooth: hci6: command tx timeout [ 173.814301][ T7000] loop1: detected capacity change from 0 to 1024 [ 173.815233][ T6888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.517864][ T6888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.542353][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 174.891093][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 175.250964][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.452300][ T9] usb 5-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 175.602666][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.829492][ T9] usb 5-1: config 0 descriptor?? [ 175.905615][ T6888] team0: Port device team_slave_0 added [ 175.984689][ T7016] netlink: 'syz.2.306': attribute type 1 has an invalid length. [ 176.024325][ T6888] team0: Port device team_slave_1 added [ 176.071136][ T7016] netlink: 224 bytes leftover after parsing attributes in process `syz.2.306'. [ 176.086938][ T49] bridge_slave_1: left allmulticast mode [ 176.111200][ T49] bridge_slave_1: left promiscuous mode [ 176.119860][ T7019] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 176.135145][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.211834][ T49] bridge_slave_0: left allmulticast mode [ 176.217550][ T49] bridge_slave_0: left promiscuous mode [ 176.390748][ T9] hid-multitouch 0003:0EEF:72C4.0003: unknown main item tag 0x0 [ 176.475838][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.499246][ T9] hid-multitouch 0003:0EEF:72C4.0003: hidraw0: USB HID v0.03 Device [HID 0eef:72c4] on usb-dummy_hcd.4-1/input0 [ 177.295518][ T9] usb 5-1: USB disconnect, device number 6 [ 177.441842][ T7029] fido_id[7029]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 177.858762][ T7039] loop1: detected capacity change from 0 to 1024 [ 178.266924][ T7039] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 178.341575][ T7039] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 179.263115][ T7039] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 179.272673][ T7039] EXT4-fs (loop1): orphan cleanup on readonly fs [ 179.461916][ T7039] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #3: block 3: comm syz.1.311: lblock 3 mapped to illegal pblock 3 (length 1) [ 179.487278][ T7039] Quota error (device loop1): write_blk: dquota write failed [ 179.494879][ T7039] Quota error (device loop1): find_free_dqentry: Can't write quota data block 3 [ 179.504697][ T7039] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 179.516599][ T7039] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.311: Failed to acquire dquot type 0 [ 179.548814][ T7039] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 3: comm syz.1.311: lblock 3 mapped to illegal pblock 3 (length 1) [ 179.591953][ T7039] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 179.602267][ T7039] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.311: Failed to acquire dquot type 0 [ 179.645683][ T7039] EXT4-fs error (device loop1): ext4_free_blocks:6587: comm syz.1.311: Freeing blocks not in datazone - block = 0, count = 4096 [ 179.676790][ T7039] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 3: comm syz.1.311: lblock 3 mapped to illegal pblock 3 (length 1) [ 179.718278][ T7039] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 179.728549][ T7039] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.311: Failed to acquire dquot type 0 [ 179.747526][ T7039] EXT4-fs (loop1): 1 orphan inode deleted [ 180.985413][ T7039] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 181.818255][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.282155][ T7085] loop5: detected capacity change from 0 to 2048 [ 185.418906][ T7086] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 185.556048][ T7085] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 185.720071][ T7085] Remounting filesystem read-only [ 185.762354][ T7089] loop4: detected capacity change from 0 to 256 [ 185.771765][ T7085] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 185.833696][ T7085] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 185.864815][ T7089] exfat: Unknown parameter 'ÿ0xffffffffffffffff' [ 185.868850][ T7085] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 186.116044][ T7092] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 186.548052][ T7085] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 187.183552][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 187.206274][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 187.276217][ T7105] loop4: detected capacity change from 0 to 512 [ 187.283892][ T7105] EXT4-fs: Ignoring removed bh option [ 187.307248][ T7105] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 187.378618][ T49] bond0 (unregistering): Released all slaves [ 187.445982][ T7105] EXT4-fs (loop4): 1 truncate cleaned up [ 187.462366][ T7105] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.150509][ T5842] Bluetooth: hci1: command tx timeout [ 189.261701][ T7118] Invalid source name [ 189.265808][ T7118] UBIFS error (pid: 7118): cannot open "/dev/sg0", error -22 [ 190.262979][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.283589][ T6888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.300963][ T6888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.346350][ T6888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.741503][ T7130] loop5: detected capacity change from 0 to 2048 [ 191.451822][ T5842] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 191.460621][ T5842] Bluetooth: hci1: Injecting HCI hardware error event [ 191.473570][ T5842] Bluetooth: hci1: hardware error 0x00 [ 191.726055][ T7130] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 192.439010][ T6888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.472345][ T6888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.626965][ T7140] loop1: detected capacity change from 0 to 256 [ 192.773981][ T6888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.709331][ T6888] hsr_slave_0: entered promiscuous mode [ 193.765868][ T6888] hsr_slave_1: entered promiscuous mode [ 193.807251][ T6888] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.876262][ T6888] Cannot create hsr debugfs directory [ 193.946911][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.061150][ T5901] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 194.061170][ T5916] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 194.351384][ T5842] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 194.648090][ T5916] usb 3-1: Using ep0 maxpacket: 32 [ 194.652814][ T5901] usb 6-1: config 135 has an invalid interface number: 230 but max is 0 [ 194.668100][ T5916] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 194.677885][ T5901] usb 6-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 194.688585][ T5916] usb 3-1: config 0 has no interface number 0 [ 194.721944][ T5916] usb 3-1: config 0 interface 184 has no altsetting 0 [ 194.771134][ T5901] usb 6-1: config 135 has no interface number 0 [ 194.789490][ T5916] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 194.799334][ T5901] usb 6-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30 [ 194.827688][ T5901] usb 6-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53 [ 194.855277][ T5901] usb 6-1: config 135 interface 230 has no altsetting 0 [ 194.862339][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.862368][ T5916] usb 3-1: Product: syz [ 194.862386][ T5916] usb 3-1: Manufacturer: syz [ 194.862403][ T5916] usb 3-1: SerialNumber: syz [ 194.889945][ T5901] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 194.911309][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.957966][ T5901] usb 6-1: Product: syz [ 194.969905][ T5916] usb 3-1: config 0 descriptor?? [ 195.025573][ T5916] smsc75xx v1.0.0 [ 195.025667][ T5901] usb 6-1: Manufacturer: syz [ 195.068204][ T5901] usb 6-1: SerialNumber: syz [ 195.128138][ T5901] usb 6-1: Found UVC 0.00 device syz (18ec:3288) [ 195.175680][ T5901] usb 6-1: No valid video chain found. [ 195.496487][ T5901] usb 6-1: USB disconnect, device number 7 [ 195.537757][ T49] hsr_slave_0: left promiscuous mode [ 195.560354][ T49] hsr_slave_1: left promiscuous mode [ 195.575711][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.949115][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.977664][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 196.000105][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 196.015739][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.045574][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.076340][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 196.159312][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 196.196536][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 196.245062][ T49] veth1_macvtap: left promiscuous mode [ 196.267033][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 196.290647][ T5916] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 196.321191][ T49] veth0_macvtap: left promiscuous mode [ 196.341150][ T5916] usb 3-1: USB disconnect, device number 3 [ 196.347706][ T49] veth1_vlan: left promiscuous mode [ 196.385730][ T49] veth0_vlan: left promiscuous mode [ 196.679644][ T7189] capability: warning: `syz.5.346' uses 32-bit capabilities (legacy support in use) [ 196.831717][ T7189] program syz.5.346 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 197.695852][ T7193] binder_alloc: 7192: binder_alloc_buf, no vma [ 201.135682][ T7212] loop1: detected capacity change from 0 to 256 [ 202.139421][ T7212] FAT-fs (loop1): Directory bread(block 64) failed [ 202.146391][ T7212] FAT-fs (loop1): Directory bread(block 65) failed [ 202.188950][ T7212] FAT-fs (loop1): Directory bread(block 66) failed [ 202.197507][ T7212] FAT-fs (loop1): Directory bread(block 67) failed [ 202.210666][ T7212] FAT-fs (loop1): Directory bread(block 68) failed [ 202.219331][ T7212] FAT-fs (loop1): Directory bread(block 69) failed [ 202.226518][ T7212] FAT-fs (loop1): Directory bread(block 70) failed [ 202.234200][ T7212] FAT-fs (loop1): Directory bread(block 71) failed [ 202.244203][ T7212] FAT-fs (loop1): Directory bread(block 72) failed [ 202.250787][ T7212] FAT-fs (loop1): Directory bread(block 73) failed [ 206.120262][ T49] team0 (unregistering): Port device team_slave_1 removed [ 206.224742][ T7245] loop1: detected capacity change from 0 to 128 [ 206.264208][ T7245] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 206.315653][ T49] team0 (unregistering): Port device team_slave_0 removed [ 206.343145][ T7245] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 207.554318][ T7245] EXT4-fs error (device loop1): __ext4_find_entry:1626: inode #2: comm syz.1.361: checksumming directory block 0 [ 207.799262][ T5827] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 207.943738][ T7257] fuse: Bad value for 'fd' [ 208.571776][ T7217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.617144][ T7217] bond0: (slave rose0): Enslaving as an active interface with an up link [ 208.653988][ T7219] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 208.660328][ T7219] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 208.708712][ T7219] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 208.725518][ T7219] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 208.731950][ T7219] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 208.849227][ T7219] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 208.927087][ T7219] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 208.939297][ T7264] loop1: detected capacity change from 0 to 256 [ 208.947853][ T7219] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 208.998535][ T7219] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 209.030419][ T6888] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 209.096830][ T7219] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 209.121821][ T7219] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 209.128446][ T6888] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 209.159814][ T7219] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 209.169147][ T6888] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 209.191449][ T7219] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 209.212907][ T7219] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 209.236434][ T6888] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 209.248876][ T7219] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 209.501476][ T7278] loop4: detected capacity change from 0 to 64 [ 209.553528][ T7281] loop2: detected capacity change from 0 to 64 [ 210.077972][ T6888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.281469][ T6888] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.513921][ T224] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.521168][ T224] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.685806][ T224] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.693070][ T224] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.731038][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 210.731047][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 211.064846][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 211.142719][ T5842] Bluetooth: hci5: command 0x0c1a tx timeout [ 211.214314][ T5842] Bluetooth: hci6: command 0x0c1a tx timeout [ 211.447561][ T6888] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.985854][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 212.995799][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 213.234404][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 213.241261][ T51] Bluetooth: hci5: command 0x0c1a tx timeout [ 213.290972][ T5842] Bluetooth: hci6: command 0x0c1a tx timeout [ 214.575747][ T7329] loop5: detected capacity change from 0 to 256 [ 215.053990][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 215.111690][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 215.123793][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 215.136493][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 215.159140][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 215.173364][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 215.291134][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 215.300133][ T51] Bluetooth: hci5: command 0x0c1a tx timeout [ 215.371393][ T51] Bluetooth: hci6: command 0x0c1a tx timeout [ 216.967084][ T6514] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.502645][ T51] Bluetooth: hci0: command tx timeout [ 218.239181][ T6888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.538119][ T51] Bluetooth: hci0: command tx timeout [ 220.525445][ T6514] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.961383][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 220.979161][ T7396] loop2: detected capacity change from 0 to 2048 [ 221.611200][ T51] Bluetooth: hci0: command tx timeout [ 221.620241][ T7402] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 221.728729][ T6514] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.771417][ T7396] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 221.880882][ T7396] Remounting filesystem read-only [ 221.906594][ T7405] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 222.042656][ T9] usb 2-1: config 0 has no interfaces? [ 222.049597][ T9] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 222.062990][ T7408] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 222.081290][ T9] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 222.099866][ T7396] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 222.110383][ T9] usb 2-1: Manufacturer: syz [ 222.611808][ T9] usb 2-1: config 0 descriptor?? [ 222.824019][ T7396] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 222.916351][ T7405] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 223.046209][ T6514] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.690950][ T51] Bluetooth: hci0: command tx timeout [ 224.025239][ T9] usb 2-1: USB disconnect, device number 5 [ 226.799895][ T7428] loop2: detected capacity change from 0 to 1024 [ 226.941590][ T7428] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.395: bad orphan inode 32767 [ 227.111835][ T7428] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.606429][ T7335] chnl_net:caif_netlink_parms(): no params data found [ 227.753632][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.467699][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 229.478851][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 229.484346][ T7455] netlink: 24 bytes leftover after parsing attributes in process `syz.4.400'. [ 229.488650][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 230.001628][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 230.009481][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 230.439459][ T6514] bridge_slave_1: left allmulticast mode [ 230.445686][ T6514] bridge_slave_1: left promiscuous mode [ 230.451943][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.464349][ T6514] bridge_slave_0: left allmulticast mode [ 230.470024][ T6514] bridge_slave_0: left promiscuous mode [ 230.482549][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.561000][ T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 230.770906][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 231.550557][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.564434][ T9] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 231.574080][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.585458][ T9] usb 6-1: config 0 descriptor?? [ 231.631812][ T7473] loop2: detected capacity change from 0 to 65 [ 231.708542][ T7473] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway [ 231.747539][ T7475] vivid-004: disconnect [ 231.756828][ T7474] vivid-004: reconnect [ 232.034410][ T9] mcp2221 0003:04D8:00DD.0004: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 232.172784][ T51] Bluetooth: hci4: command tx timeout [ 232.481242][ T55] usb 6-1: USB disconnect, device number 8 [ 232.780375][ T6514] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 232.802518][ T6514] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 232.846756][ T6514] bond0 (unregistering): Released all slaves [ 232.888241][ T6514] bond1 (unregistering): Released all slaves [ 233.935400][ T7494] syz.5.412 uses old SIOCAX25GETINFO [ 234.252227][ T51] Bluetooth: hci4: command tx timeout [ 236.330960][ T51] Bluetooth: hci4: command tx timeout [ 238.411099][ T51] Bluetooth: hci4: command tx timeout [ 240.487574][ T7524] loop4: detected capacity change from 0 to 512 [ 240.552640][ T7524] EXT4-fs: Ignoring removed oldalloc option [ 240.560475][ T7524] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 240.797699][ T7335] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.797797][ T7335] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.798004][ T7335] bridge_slave_0: entered allmulticast mode [ 240.805558][ T7335] bridge_slave_0: entered promiscuous mode [ 240.821705][ T7335] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.821825][ T7335] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.822081][ T7335] bridge_slave_1: entered allmulticast mode [ 240.823949][ T7335] bridge_slave_1: entered promiscuous mode [ 241.596730][ T7524] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.416: invalid indirect mapped block 4294967295 (level 0) [ 241.697592][ T7524] EXT4-fs (loop4): Remounting filesystem read-only [ 241.698266][ T7524] EXT4-fs (loop4): 1 orphan inode deleted [ 241.698289][ T7524] EXT4-fs (loop4): 1 truncate cleaned up [ 241.729255][ T7524] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.933361][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.162985][ T5842] Bluetooth: hci4: command 0x0405 tx timeout [ 244.711249][ T7565] loop2: detected capacity change from 0 to 1024 [ 245.592037][ T6514] hsr_slave_0: left promiscuous mode [ 246.121183][ T6514] hsr_slave_1: left promiscuous mode [ 246.137804][ T7565] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.172104][ T6514] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.179592][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.470743][ T6514] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.429745][ T7577] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 247.446964][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.069128][ T7586] slcan: can't register candev [ 248.074793][ T7586] Falling back ldisc for ttyS3. [ 248.245814][ T6514] veth1_macvtap: left promiscuous mode [ 248.267231][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.289807][ T6514] veth0_macvtap: left promiscuous mode [ 248.314772][ T6514] veth1_vlan: left promiscuous mode [ 250.697718][ T7605] loop2: detected capacity change from 0 to 128 [ 250.934878][ T7605] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 251.008262][ T7605] ext4 filesystem being mounted at /82/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 251.613224][ T30] audit: type=1800 audit(1751469175.020:76): pid=7605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.436" name="file1" dev="loop2" ino=12 res=0 errno=0 [ 255.393401][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.893855][ T6514] team0 (unregistering): Port device vlan0 removed [ 255.924460][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 265.122415][ T6514] team0 (unregistering): Port device team_slave_1 removed [ 265.224857][ T6514] team0 (unregistering): Port device team_slave_0 removed [ 265.689022][ T7695] loop2: detected capacity change from 0 to 4096 [ 265.700576][ T7695] EXT4-fs: Ignoring removed oldalloc option [ 266.056972][ T7695] EXT4-fs (loop2): Test dummy encryption mode enabled [ 266.081329][ T5950] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 266.092260][ T7695] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 266.100568][ T7695] System zones: 0-5 [ 266.129187][ T7695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.166946][ T7335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 266.252523][ T5950] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 266.380286][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.417520][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.734068][ T7335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 266.801195][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 266.848893][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.889831][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.912711][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 266.922071][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.937621][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.969597][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 266.983485][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.983754][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 267.071021][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 267.083622][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 267.103197][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 267.117707][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 267.310962][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 268.004659][ T7335] team0: Port device team_slave_0 added [ 268.012237][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 268.031848][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 268.043315][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 268.179758][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 268.231067][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 268.242574][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 268.250576][ T5950] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 268.260187][ T5950] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 268.272308][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0 [ 268.287096][ T5950] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 268.300001][ T5950] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 268.310944][ T5950] usb 2-1: Product: syz [ 268.315393][ T5950] usb 2-1: Manufacturer: syz [ 268.320014][ T5950] usb 2-1: SerialNumber: syz [ 268.331736][ T7335] team0: Port device team_slave_1 added [ 268.341907][ T5950] usb 2-1: config 0 descriptor?? [ 268.408465][ T5950] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 268.467493][ T7722] loop4: detected capacity change from 0 to 64 [ 269.047560][ T7335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 269.141899][ T7335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.319673][ T7335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 269.458376][ T5950] usb 2-1: USB disconnect, device number 6 [ 269.887007][ T7335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 269.904191][ T5950] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 269.935654][ T7335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.021068][ T7335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 271.309689][ T7335] hsr_slave_0: entered promiscuous mode [ 271.431939][ T7335] hsr_slave_1: entered promiscuous mode [ 271.439322][ T7335] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 271.490897][ T7335] Cannot create hsr debugfs directory [ 271.556539][ T7752] loop1: detected capacity change from 0 to 512 [ 271.646935][ T7752] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 271.740366][ T7752] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 272.497833][ T7752] EXT4-fs (loop1): 1 truncate cleaned up [ 272.587027][ T7752] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 273.064114][ T7763] loop4: detected capacity change from 0 to 32768 [ 273.071766][ T7763] XFS: ikeep mount option is deprecated. [ 274.691063][ T7763] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 274.921972][ T7763] XFS (loop4): Ending clean mount [ 274.932248][ T7763] XFS (loop4): Quotacheck needed: Please wait. [ 275.011304][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.076407][ T7763] XFS (loop4): Quotacheck: Done. [ 278.246146][ T7802] loop2: detected capacity change from 0 to 256 [ 278.253618][ T7802] exfat: Unknown parameter '' [ 278.254106][ T5828] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 278.519066][ T7805] capability: warning: `syz.1.473' uses deprecated v2 capabilities in a way that may be insecure [ 278.571630][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 278.589253][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 278.599642][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 279.551059][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 279.577674][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 280.119909][ T7824] loop2: detected capacity change from 0 to 512 [ 280.457270][ T7827] overlayfs: missing 'lowerdir' [ 280.998154][ T7450] chnl_net:caif_netlink_parms(): no params data found [ 281.707769][ T7847] netlink: 20 bytes leftover after parsing attributes in process `syz.1.479'. [ 282.405479][ T51] Bluetooth: hci0: command tx timeout [ 283.271315][ T7855] netlink: 'syz.2.480': attribute type 1 has an invalid length. [ 283.279112][ T7855] netlink: 224 bytes leftover after parsing attributes in process `syz.2.480'. [ 284.491257][ T5842] Bluetooth: hci0: command tx timeout [ 284.651674][ T5816] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 285.380966][ T5816] usb 5-1: Using ep0 maxpacket: 8 [ 285.399873][ T5816] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 285.409551][ T5816] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.426668][ T5816] usb 5-1: Product: syz [ 285.432982][ T5816] usb 5-1: Manufacturer: syz [ 285.437738][ T5816] usb 5-1: SerialNumber: syz [ 286.280325][ T5816] usb 5-1: config 0 descriptor?? [ 286.586798][ T5842] Bluetooth: hci0: command tx timeout [ 286.770735][ T5816] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 287.251479][ T55] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 287.395967][ T6514] bridge_slave_1: left allmulticast mode [ 287.424239][ T6514] bridge_slave_1: left promiscuous mode [ 287.437964][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.461078][ T55] usb 3-1: Using ep0 maxpacket: 8 [ 287.479542][ T55] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 287.490425][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.499005][ T55] usb 3-1: Product: syz [ 287.507217][ T55] usb 3-1: Manufacturer: syz [ 287.512096][ T55] usb 3-1: SerialNumber: syz [ 287.524603][ T6514] bridge_slave_0: left allmulticast mode [ 287.528114][ T55] usb 3-1: config 0 descriptor?? [ 287.590976][ T6514] bridge_slave_0: left promiscuous mode [ 287.596834][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.777727][ T55] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 288.158764][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 288.177941][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 288.206149][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 288.216218][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 288.227298][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 288.276806][ T5816] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 288.312221][ T5816] usb 5-1: USB disconnect, device number 7 [ 288.850426][ T5842] Bluetooth: hci0: command tx timeout [ 290.262867][ T5842] Bluetooth: hci4: command tx timeout [ 290.371228][ T55] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 290.630663][ T55] usb 3-1: USB disconnect, device number 4 [ 292.340231][ T5842] Bluetooth: hci4: command tx timeout [ 295.078924][ T5842] Bluetooth: hci4: command tx timeout [ 297.231024][ T5842] Bluetooth: hci4: command tx timeout [ 298.804579][ T6514] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.828921][ T6514] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.899777][ T6514] bond0 (unregistering): Released all slaves [ 299.197101][ T7974] loop4: detected capacity change from 0 to 256 [ 299.204452][ T7974] exfat: Unknown parameter '' [ 299.756105][ T7984] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 301.042912][ T7986] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 301.410999][ T6514] hsr_slave_0: left promiscuous mode [ 301.430855][ T6514] hsr_slave_1: left promiscuous mode [ 301.452528][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 302.231793][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.936311][ T8009] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 307.766856][ T8017] overlay: ./file0 is not a directory [ 309.423071][ T6514] team0 (unregistering): Port device team_slave_1 removed [ 310.468292][ T6514] team0 (unregistering): Port device team_slave_0 removed [ 311.314151][ T8037] ubi31: attaching mtd0 [ 311.320454][ T8037] ubi31: scanning is finished [ 311.326663][ T8037] ubi31: empty MTD device detected [ 311.619222][ T8037] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 311.756650][ T8040] loop4: detected capacity change from 0 to 1024 [ 312.499490][ T8042] loop2: detected capacity change from 0 to 131072 [ 312.529571][ T8042] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0) [ 312.537808][ T8042] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 312.569436][ T8042] F2FS-fs (loop2): invalid crc value [ 312.752709][ T8042] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 312.756265][ T8040] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.759861][ T8042] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 312.816242][ T8042] F2FS-fs (loop2): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7 [ 314.028657][ T8049] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 88: padding at end of block bitmap is not set [ 314.692904][ T8052] syz.2.522 (8052): drop_caches: 2 [ 314.713113][ T8052] syz.2.522 (8052): drop_caches: 2 [ 314.915702][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.856117][ T8061] loop4: detected capacity change from 0 to 1024 [ 315.909011][ T8061] hfsplus: Unknown parameter 'ÿÿÿÿÿÿÿÿ' [ 317.119158][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.023458][ T8074] netlink: 'syz.4.526': attribute type 1 has an invalid length. [ 318.031895][ T8074] netlink: 224 bytes leftover after parsing attributes in process `syz.4.526'. [ 322.746683][ T8101] loop4: detected capacity change from 0 to 256 [ 322.773536][ T8101] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 322.837093][ T8101] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 322.856811][ T8101] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 323.005129][ T51] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 323.015021][ T51] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 323.023600][ T51] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 323.035151][ T51] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 323.136408][ T51] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 323.504591][ T30] audit: type=1804 audit(1751469246.870:77): pid=8104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.535" name="/newroot/103/file1/file1" dev="loop4" ino=1048634 res=1 errno=0 [ 323.956064][ T8111] QAT: failed to copy from user cfg_data. [ 324.506840][ T8110] loop1: detected capacity change from 0 to 64 [ 325.813974][ T51] Bluetooth: hci6: command tx timeout [ 325.865250][ T7806] chnl_net:caif_netlink_parms(): no params data found [ 327.863228][ T51] Bluetooth: hci6: command tx timeout [ 329.487904][ T8136] loop4: detected capacity change from 0 to 2048 [ 329.937856][ T51] Bluetooth: hci6: command tx timeout [ 330.788261][ T8149] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 331.512706][ T8150] loop2: detected capacity change from 0 to 40427 [ 331.537236][ T8150] F2FS-fs (loop2): invalid crc value [ 331.857250][ T8150] F2FS-fs (loop2): Start checkpoint disabled! [ 331.912515][ T8150] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 332.012679][ T51] Bluetooth: hci6: command tx timeout [ 332.296279][ T8158] F2FS-fs (loop2): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled [ 332.727134][ T7745] bio_check_eod: 58 callbacks suppressed [ 332.727157][ T7745] kworker/u8:21: attempt to access beyond end of device [ 332.727157][ T7745] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 333.026771][ T7745] kworker/u8:21: attempt to access beyond end of device [ 333.026771][ T7745] loop2: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 334.028403][ T7745] CPU: 0 UID: 0 PID: 7745 Comm: kworker/u8:21 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 334.028444][ T7745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.028466][ T7745] Workqueue: writeback wb_workfn (flush-7:2) [ 334.028511][ T7745] Call Trace: [ 334.028521][ T7745] [ 334.028532][ T7745] dump_stack_lvl+0x189/0x250 [ 334.028581][ T7745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.028623][ T7745] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 334.028661][ T7745] ? __pfx_queue_work_on+0x10/0x10 [ 334.028686][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.028715][ T7745] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 334.028749][ T7745] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 334.028785][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.028813][ T7745] ? f2fs_hw_is_readonly+0x39b/0x470 [ 334.028851][ T7745] f2fs_handle_critical_error+0x37c/0x540 [ 334.028889][ T7745] f2fs_write_end_io+0x495/0x810 [ 334.028922][ T7745] ? blkg_put+0x22/0x240 [ 334.028966][ T7745] __submit_merged_bio+0x27a/0x6a0 [ 334.029004][ T7745] __submit_merged_write_cond+0x255/0x530 [ 334.029042][ T7745] f2fs_write_data_pages+0x261d/0x3000 [ 334.029117][ T7745] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 334.029243][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.029275][ T7745] ? f2fs_write_meta_pages+0x357/0x450 [ 334.029318][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.029346][ T7745] ? __lock_acquire+0xab9/0xd20 [ 334.029387][ T7745] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 334.029421][ T7745] do_writepages+0x32e/0x550 [ 334.029467][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.029495][ T7745] ? reacquire_held_locks+0x127/0x1d0 [ 334.029518][ T7745] ? writeback_sb_inodes+0x372/0x1000 [ 334.029567][ T7745] __writeback_single_inode+0x145/0xff0 [ 334.029606][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.029640][ T7745] ? do_raw_spin_unlock+0x122/0x240 [ 334.029674][ T7745] writeback_sb_inodes+0x6b5/0x1000 [ 334.029729][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.029766][ T7745] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 334.029849][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.029876][ T7745] ? rcu_is_watching+0x15/0xb0 [ 334.029915][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.029954][ T7745] wb_writeback+0x43b/0xaf0 [ 334.030002][ T7745] ? queue_io+0x3c1/0x590 [ 334.030044][ T7745] ? __pfx_wb_writeback+0x10/0x10 [ 334.030093][ T7745] ? _raw_spin_unlock_irq+0x23/0x50 [ 334.030133][ T7745] wb_workfn+0x409/0xef0 [ 334.030184][ T7745] ? __pfx_wb_workfn+0x10/0x10 [ 334.030222][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.030250][ T7745] ? __lock_acquire+0xab9/0xd20 [ 334.030298][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.030330][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.030362][ T7745] ? _raw_spin_unlock_irq+0x23/0x50 [ 334.030390][ T7745] ? process_scheduled_works+0x9ef/0x17b0 [ 334.030425][ T7745] ? process_scheduled_works+0x9ef/0x17b0 [ 334.030465][ T7745] process_scheduled_works+0xae1/0x17b0 [ 334.030539][ T7745] ? __pfx_process_scheduled_works+0x10/0x10 [ 334.030588][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.030632][ T7745] worker_thread+0x8a0/0xda0 [ 334.030688][ T7745] ? __kthread_parkme+0x7b/0x200 [ 334.030725][ T7745] kthread+0x711/0x8a0 [ 334.030757][ T7745] ? __pfx_worker_thread+0x10/0x10 [ 334.030795][ T7745] ? __pfx_kthread+0x10/0x10 [ 334.030819][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.030853][ T7745] ? _raw_spin_unlock_irq+0x23/0x50 [ 334.030884][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.030911][ T7745] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.030946][ T7745] ? __pfx_kthread+0x10/0x10 [ 334.030975][ T7745] ret_from_fork+0x3fc/0x770 [ 334.031015][ T7745] ? __pfx_ret_from_fork+0x10/0x10 [ 334.031058][ T7745] ? __switch_to_asm+0x39/0x70 [ 334.031084][ T7745] ? __switch_to_asm+0x33/0x70 [ 334.031107][ T7745] ? __pfx_kthread+0x10/0x10 [ 334.031136][ T7745] ret_from_fork_asm+0x1a/0x30 [ 334.031183][ T7745] [ 334.542320][ T7745] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 334.549388][ T7745] CPU: 0 UID: 0 PID: 7745 Comm: kworker/u8:21 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 334.549425][ T7745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.549443][ T7745] Workqueue: writeback wb_workfn (flush-7:2) [ 334.549488][ T7745] Call Trace: [ 334.549498][ T7745] [ 334.549508][ T7745] dump_stack_lvl+0x189/0x250 [ 334.549562][ T7745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.549599][ T7745] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 334.549644][ T7745] ? __pfx_queue_work_on+0x10/0x10 [ 334.549670][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.549699][ T7745] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 334.549734][ T7745] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 334.549770][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.549798][ T7745] ? f2fs_hw_is_readonly+0x39b/0x470 [ 334.549837][ T7745] f2fs_handle_critical_error+0x37c/0x540 [ 334.549878][ T7745] f2fs_write_end_io+0x495/0x810 [ 334.549911][ T7745] ? blkg_put+0x22/0x240 [ 334.549960][ T7745] __submit_merged_bio+0x27a/0x6a0 [ 334.550000][ T7745] __submit_merged_write_cond+0x255/0x530 [ 334.550041][ T7745] f2fs_write_data_pages+0x261d/0x3000 [ 334.550127][ T7745] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 334.550278][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.550311][ T7745] ? f2fs_write_meta_pages+0x357/0x450 [ 334.550359][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.550387][ T7745] ? __lock_acquire+0xab9/0xd20 [ 334.550437][ T7745] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 334.550472][ T7745] do_writepages+0x32e/0x550 [ 334.550523][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.550550][ T7745] ? reacquire_held_locks+0x127/0x1d0 [ 334.550573][ T7745] ? writeback_sb_inodes+0x372/0x1000 [ 334.550636][ T7745] __writeback_single_inode+0x145/0xff0 [ 334.550674][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.550702][ T7745] ? do_raw_spin_unlock+0x122/0x240 [ 334.550740][ T7745] writeback_sb_inodes+0x6b5/0x1000 [ 334.550802][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.550848][ T7745] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 334.550949][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.550979][ T7745] ? rcu_is_watching+0x15/0xb0 [ 334.551019][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.551061][ T7745] wb_writeback+0x43b/0xaf0 [ 334.551114][ T7745] ? queue_io+0x3c1/0x590 [ 334.551159][ T7745] ? __pfx_wb_writeback+0x10/0x10 [ 334.551211][ T7745] ? _raw_spin_unlock_irq+0x23/0x50 [ 334.551255][ T7745] wb_workfn+0x409/0xef0 [ 334.551313][ T7745] ? __pfx_wb_workfn+0x10/0x10 [ 334.551353][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.551381][ T7745] ? __lock_acquire+0xab9/0xd20 [ 334.551436][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.551469][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.551504][ T7745] ? _raw_spin_unlock_irq+0x23/0x50 [ 334.551536][ T7745] ? process_scheduled_works+0x9ef/0x17b0 [ 334.551574][ T7745] ? process_scheduled_works+0x9ef/0x17b0 [ 334.551621][ T7745] process_scheduled_works+0xae1/0x17b0 [ 334.551707][ T7745] ? __pfx_process_scheduled_works+0x10/0x10 [ 334.551759][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.551801][ T7745] worker_thread+0x8a0/0xda0 [ 334.551863][ T7745] ? __kthread_parkme+0x7b/0x200 [ 334.551905][ T7745] kthread+0x711/0x8a0 [ 334.551939][ T7745] ? __pfx_worker_thread+0x10/0x10 [ 334.551978][ T7745] ? __pfx_kthread+0x10/0x10 [ 334.552003][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.552038][ T7745] ? _raw_spin_unlock_irq+0x23/0x50 [ 334.552070][ T7745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.552098][ T7745] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.552133][ T7745] ? __pfx_kthread+0x10/0x10 [ 334.552165][ T7745] ret_from_fork+0x3fc/0x770 [ 334.552205][ T7745] ? __pfx_ret_from_fork+0x10/0x10 [ 334.552248][ T7745] ? __switch_to_asm+0x39/0x70 [ 334.552273][ T7745] ? __switch_to_asm+0x33/0x70 [ 334.552296][ T7745] ? __pfx_kthread+0x10/0x10 [ 334.552326][ T7745] ret_from_fork_asm+0x1a/0x30 [ 334.552376][ T7745] [ 335.089659][ T7745] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 335.442615][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 335.452777][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 335.460627][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 335.471063][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 335.481175][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 337.189831][ T8190] loop4: detected capacity change from 0 to 16 [ 337.483572][ T8190] erofs (device loop4): mounted with root inode @ nid 36. [ 337.624316][ T8195] overlay: ./file0 is not a directory [ 338.215385][ T5842] Bluetooth: hci5: command tx timeout [ 339.599608][ T8205] erofs (device loop4): inline data across blocks @ nid 36 [ 339.607173][ T8205] syz.4.550: attempt to access beyond end of device [ 339.607173][ T8205] loop4: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16 [ 340.107501][ T8211] sctp: [Deprecated]: syz.2.552 (pid 8211) Use of int in max_burst socket option. [ 340.107501][ T8211] Use struct sctp_assoc_value instead [ 340.251114][ T51] Bluetooth: hci5: command tx timeout [ 340.368033][ T7895] chnl_net:caif_netlink_parms(): no params data found [ 341.266566][ T8204] bridge0: port 3(syz_tun) entered blocking state [ 341.336742][ T8204] bridge0: port 3(syz_tun) entered disabled state [ 341.401835][ T8204] syz_tun: entered allmulticast mode [ 341.439316][ T8204] syz_tun: entered promiscuous mode [ 341.461017][ T8221] loop4: detected capacity change from 0 to 256 [ 341.464077][ T8204] bridge0: port 3(syz_tun) entered blocking state [ 341.474116][ T8204] bridge0: port 3(syz_tun) entered forwarding state [ 341.498814][ T8221] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 341.540400][ T8221] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 341.574724][ T8221] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 342.330963][ T51] Bluetooth: hci5: command tx timeout [ 342.335976][ T8102] chnl_net:caif_netlink_parms(): no params data found [ 342.757034][ T8230] netlink: 'syz.4.555': attribute type 1 has an invalid length. [ 342.764844][ T8230] netlink: 224 bytes leftover after parsing attributes in process `syz.4.555'. [ 344.420963][ T51] Bluetooth: hci5: command tx timeout [ 345.849895][ T6514] bridge_slave_1: left allmulticast mode [ 345.860873][ T6514] bridge_slave_1: left promiscuous mode [ 345.866683][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.002921][ T6514] bridge_slave_0: left allmulticast mode [ 346.008638][ T6514] bridge_slave_0: left promiscuous mode [ 346.046365][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.973376][ T8261] fuse: Bad value for 'fd' [ 348.465762][ T6514] bond0 (unregistering): Released all slaves [ 349.103009][ T8256] tty tty25: ldisc open failed (-12), clearing slot 24 [ 350.299398][ T6514] bond0 (unregistering): Released all slaves [ 351.498476][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 351.511633][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 351.520742][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 351.532244][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 351.542313][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 351.569579][ T8290] loop2: detected capacity change from 0 to 1024 [ 351.791572][ T6514] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 352.726805][ T6514] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 352.747296][ T6514] bond0 (unregistering): Released all slaves [ 352.818930][ T8296] loop1: detected capacity change from 0 to 4096 [ 352.827501][ T8296] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 352.951174][ T8296] ntfs3(loop1): ino=1d, mi_enum_attr [ 352.956653][ T8296] ntfs3(loop1): ino=1d, mi_enum_attr [ 353.701405][ T51] Bluetooth: hci0: command tx timeout [ 353.932000][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.939201][ T8102] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.031182][ T8102] bridge_slave_0: entered allmulticast mode [ 354.068084][ T8102] bridge_slave_0: entered promiscuous mode [ 354.297259][ T6514] hsr_slave_0: left promiscuous mode [ 354.346619][ T6514] hsr_slave_1: left promiscuous mode [ 355.323958][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 355.513720][ T8318] tty tty23: ldisc open failed (-12), clearing slot 22 [ 355.655504][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 355.784778][ T51] Bluetooth: hci0: command tx timeout [ 358.020900][ T51] Bluetooth: hci0: command tx timeout [ 358.918920][ T8338] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 358.925706][ T8338] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 358.935571][ T8338] vhci_hcd vhci_hcd.0: Device attached [ 359.908967][ T8344] vhci_hcd: connection closed [ 359.925884][ T5901] vhci_hcd: vhci_device speed not set [ 359.941826][ T224] vhci_hcd: stop threads [ 359.948854][ T224] vhci_hcd: release socket [ 360.009504][ T224] vhci_hcd: disconnect device [ 360.056810][ T5901] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 360.101586][ T5842] Bluetooth: hci0: command tx timeout [ 360.179828][ T5901] usb 35-1: enqueue for inactive port 0 [ 360.512341][ T5901] vhci_hcd: vhci_device speed not set [ 361.262084][ T8360] loop4: detected capacity change from 0 to 2048 [ 361.421003][ T8363] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 361.535441][ T6514] team0 (unregistering): Port device team_slave_1 removed [ 362.097595][ T6514] team0 (unregistering): Port device team_slave_0 removed [ 363.560441][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.584085][ T8102] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.610327][ T8102] bridge_slave_1: entered allmulticast mode [ 363.633103][ T8102] bridge_slave_1: entered promiscuous mode [ 364.319667][ T8382] loop4: detected capacity change from 0 to 1024 [ 364.416983][ T8102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.766806][ T8390] Bluetooth: MGMT ver 1.23 [ 365.329804][ T8102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.657575][ T8393] loop1: detected capacity change from 0 to 512 [ 365.733636][ T8393] EXT4-fs: Ignoring removed orlov option [ 365.809956][ T8393] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 365.861804][ T8102] team0: Port device team_slave_0 added [ 365.901220][ T8393] ext4 filesystem being mounted at /121/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 365.967434][ T8182] chnl_net:caif_netlink_parms(): no params data found [ 366.032319][ T8102] team0: Port device team_slave_1 added [ 366.106823][ T7745] Bluetooth: hci4: Frame reassembly failed (-84) [ 366.181173][ T8402] No source specified [ 366.555022][ T8403] loop4: detected capacity change from 0 to 32768 [ 366.587029][ T8402] syz.1.585 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 367.809555][ T8401] net_ratelimit: 10 callbacks suppressed [ 367.809578][ T8401] sctp: failed to load transform for md5: -4 [ 367.960127][ T8102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 367.995745][ T8102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.069770][ T8102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 368.087557][ T8102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 368.096153][ T8102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.125284][ T8102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 368.178747][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 368.180898][ T5842] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 368.307363][ T8182] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.330243][ T8182] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.361338][ T8182] bridge_slave_0: entered allmulticast mode [ 368.386437][ T8182] bridge_slave_0: entered promiscuous mode [ 368.672319][ T8182] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.689849][ T8182] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.424663][ T8182] bridge_slave_1: entered allmulticast mode [ 369.455922][ T8182] bridge_slave_1: entered promiscuous mode [ 369.468961][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 369.932814][ T7744] Bluetooth: hci4: Frame reassembly failed (-84) [ 372.000498][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 372.007277][ T5842] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 373.488605][ T8102] hsr_slave_0: entered promiscuous mode [ 373.644225][ T8102] hsr_slave_1: entered promiscuous mode [ 373.658300][ T8446] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input9 [ 373.678174][ T8102] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 373.686760][ T8102] Cannot create hsr debugfs directory [ 374.628600][ T8182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 375.138697][ T8182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 377.377247][ T8182] team0: Port device team_slave_0 added [ 377.441436][ T8182] team0: Port device team_slave_1 added [ 378.256196][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.361611][ T8482] loop2: detected capacity change from 0 to 512 [ 378.425728][ T8482] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 378.458023][ T8482] UDF-fs: Scanning with blocksize 512 failed [ 378.495109][ T8482] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 378.516711][ T8284] chnl_net:caif_netlink_parms(): no params data found [ 378.529151][ T8482] UDF-fs: Scanning with blocksize 1024 failed [ 378.551966][ T8484] loop4: detected capacity change from 0 to 764 [ 378.581354][ T8482] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 378.588818][ T8482] UDF-fs: Scanning with blocksize 2048 failed [ 378.608284][ T8182] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 378.638962][ T8182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.665027][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.710499][ T8182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 378.771075][ T8482] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 378.986847][ T8482] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 379.019049][ T8489] rock: directory entry would overflow storage [ 379.030937][ T8489] rock: sig=0x4f50, size=4, remaining=3 [ 379.036812][ T8489] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 379.439555][ T8182] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 379.484629][ T8182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 379.620595][ T8182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.904367][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 382.931217][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 382.951185][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 382.974164][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 382.982684][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 383.067812][ T8518] loop4: detected capacity change from 0 to 128 [ 383.433819][ T8518] loop4: detected capacity change from 0 to 40427 [ 383.469094][ T8520] loop2: detected capacity change from 0 to 2048 [ 383.511515][ T8518] F2FS-fs (loop4): build fault injection rate: 690 [ 383.561991][ T8518] F2FS-fs (loop4): invalid crc value [ 383.568316][ T8520] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 383.779884][ T8518] F2FS-fs (loop4): Start checkpoint disabled! [ 384.143127][ T8518] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 384.742828][ T8182] hsr_slave_0: entered promiscuous mode [ 384.749756][ T8182] hsr_slave_1: entered promiscuous mode [ 384.864354][ T8182] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 384.881058][ T8182] Cannot create hsr debugfs directory [ 385.211035][ T5838] Bluetooth: hci4: command tx timeout [ 387.557961][ T5838] Bluetooth: hci4: command tx timeout [ 387.612485][ T6514] bond0 (unregistering): Released all slaves [ 387.802731][ T8284] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.830501][ T8284] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.855176][ T8284] bridge_slave_0: entered allmulticast mode [ 387.897495][ T8284] bridge_slave_0: entered promiscuous mode [ 388.083984][ T8543] loop2: detected capacity change from 0 to 64 [ 388.278098][ T8284] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.348055][ T8284] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.505472][ T8284] bridge_slave_1: entered allmulticast mode [ 388.841472][ T8284] bridge_slave_1: entered promiscuous mode [ 389.492840][ T224] kworker/u8:5: attempt to access beyond end of device [ 389.492840][ T224] loop4: rw=1, sector=77824, nr_sectors = 2072 limit=40427 [ 389.585607][ T224] kworker/u8:5: attempt to access beyond end of device [ 389.585607][ T224] loop4: rw=1, sector=79896, nr_sectors = 2024 limit=40427 [ 389.614444][ T5838] Bluetooth: hci4: command tx timeout [ 389.695506][ T224] kworker/u8:5: attempt to access beyond end of device [ 389.695506][ T224] loop4: rw=1, sector=49152, nr_sectors = 1088 limit=40427 [ 389.752282][ T7744] kworker/u8:20: attempt to access beyond end of device [ 389.752282][ T7744] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 390.505969][ T7744] CPU: 1 UID: 0 PID: 7744 Comm: kworker/u8:20 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 390.506009][ T7744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 390.506027][ T7744] Workqueue: writeback wb_workfn (flush-7:4) [ 390.506072][ T7744] Call Trace: [ 390.506082][ T7744] [ 390.506093][ T7744] dump_stack_lvl+0x189/0x250 [ 390.506141][ T7744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 390.506178][ T7744] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 390.506213][ T7744] ? __pfx_queue_work_on+0x10/0x10 [ 390.506237][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.506266][ T7744] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 390.506300][ T7744] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 390.506335][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.506364][ T7744] ? f2fs_hw_is_readonly+0x39b/0x470 [ 390.506400][ T7744] f2fs_handle_critical_error+0x37c/0x540 [ 390.506439][ T7744] f2fs_write_end_io+0x495/0x810 [ 390.506472][ T7744] ? blkg_put+0x22/0x240 [ 390.506515][ T7744] __submit_merged_bio+0x27a/0x6a0 [ 390.506551][ T7744] __submit_merged_write_cond+0x255/0x530 [ 390.506589][ T7744] f2fs_write_data_pages+0x261d/0x3000 [ 390.506669][ T7744] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 390.506699][ T7744] ? __switch_to+0x6c0/0x1600 [ 390.506789][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.506817][ T7744] ? trace_sched_exit_tp+0x38/0x120 [ 390.506850][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.506878][ T7744] ? __schedule+0x1713/0x4d00 [ 390.506934][ T7744] ? preempt_schedule_common+0x83/0xd0 [ 390.506976][ T7744] ? __pfx___schedule+0x10/0x10 [ 390.507007][ T7744] ? f2fs_write_meta_pages+0x357/0x450 [ 390.507051][ T7744] ? irqentry_exit+0x74/0x90 [ 390.507100][ T7744] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 390.507135][ T7744] do_writepages+0x32e/0x550 [ 390.507176][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.507205][ T7744] ? preempt_schedule+0xae/0xc0 [ 390.507238][ T7744] ? __pfx_preempt_schedule+0x10/0x10 [ 390.507270][ T7744] ? reacquire_held_locks+0x127/0x1d0 [ 390.507293][ T7744] ? writeback_sb_inodes+0x372/0x1000 [ 390.507343][ T7744] __writeback_single_inode+0x145/0xff0 [ 390.507392][ T7744] writeback_sb_inodes+0x6b5/0x1000 [ 390.507447][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.507492][ T7744] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 390.507581][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.507609][ T7744] ? rcu_is_watching+0x15/0xb0 [ 390.507648][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.507688][ T7744] wb_writeback+0x43b/0xaf0 [ 390.507736][ T7744] ? queue_io+0x3c1/0x590 [ 390.507785][ T7744] ? __pfx_wb_writeback+0x10/0x10 [ 390.507829][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.507858][ T7744] ? preempt_schedule_thunk+0x16/0x30 [ 390.507900][ T7744] wb_workfn+0x409/0xef0 [ 390.507952][ T7744] ? __pfx_wb_workfn+0x10/0x10 [ 390.507980][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.508008][ T7744] ? lockdep_hardirqs_on+0x9c/0x150 [ 390.508048][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.508076][ T7744] ? __lock_acquire+0xab9/0xd20 [ 390.508126][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.508158][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.508192][ T7744] ? _raw_spin_unlock_irq+0x23/0x50 [ 390.508223][ T7744] ? process_scheduled_works+0x9ef/0x17b0 [ 390.508261][ T7744] ? process_scheduled_works+0x9ef/0x17b0 [ 390.508302][ T7744] process_scheduled_works+0xae1/0x17b0 [ 390.508378][ T7744] ? __pfx_process_scheduled_works+0x10/0x10 [ 390.508426][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.508466][ T7744] worker_thread+0x8a0/0xda0 [ 390.508522][ T7744] ? __kthread_parkme+0x7b/0x200 [ 390.508559][ T7744] kthread+0x711/0x8a0 [ 390.508592][ T7744] ? __pfx_worker_thread+0x10/0x10 [ 390.508632][ T7744] ? __pfx_kthread+0x10/0x10 [ 390.508657][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.508690][ T7744] ? _raw_spin_unlock_irq+0x23/0x50 [ 390.508721][ T7744] ? srso_alias_return_thunk+0x5/0xfbef5 [ 390.508749][ T7744] ? lockdep_hardirqs_on+0x9c/0x150 [ 390.508791][ T7744] ? __pfx_kthread+0x10/0x10 [ 390.508820][ T7744] ret_from_fork+0x3fc/0x770 [ 390.508859][ T7744] ? __pfx_ret_from_fork+0x10/0x10 [ 390.508901][ T7744] ? __switch_to_asm+0x39/0x70 [ 390.508925][ T7744] ? __switch_to_asm+0x33/0x70 [ 390.508952][ T7744] ? __pfx_kthread+0x10/0x10 [ 390.508982][ T7744] ret_from_fork_asm+0x1a/0x30 [ 390.509029][ T7744] [ 390.509089][ T7744] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 392.253387][ T5838] Bluetooth: hci4: command tx timeout [ 392.799875][ T8566] netlink: 'syz.1.612': attribute type 1 has an invalid length. [ 392.809168][ T8566] netlink: 'syz.1.612': attribute type 4 has an invalid length. [ 392.854552][ T8566] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.612'. [ 393.119588][ T30] audit: type=1326 audit(1751469316.470:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 393.356279][ T30] audit: type=1326 audit(1751469316.470:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 393.626482][ T8284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 393.762899][ T30] audit: type=1326 audit(1751469316.470:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 394.064924][ T30] audit: type=1326 audit(1751469316.470:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 394.087100][ C0] vkms_vblank_simulate: vblank timer overrun [ 394.407822][ T30] audit: type=1326 audit(1751469316.470:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 394.477329][ T8284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 394.748156][ T30] audit: type=1326 audit(1751469316.470:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 394.770343][ C0] vkms_vblank_simulate: vblank timer overrun [ 395.001655][ T30] audit: type=1326 audit(1751469316.490:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 395.023792][ C0] vkms_vblank_simulate: vblank timer overrun [ 395.308803][ T30] audit: type=1326 audit(1751469316.490:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 395.432755][ T30] audit: type=1326 audit(1751469316.490:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 395.454885][ C0] vkms_vblank_simulate: vblank timer overrun [ 395.568768][ T30] audit: type=1326 audit(1751469316.490:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 395.769913][ T8573] loop2: detected capacity change from 0 to 32768 [ 395.925858][ T8573] find_entry called with index = 0 [ 395.932179][ T8573] find_entry called with index = 0 [ 395.941073][ T8573] read_mapping_page failed! [ 395.945784][ T8573] ERROR: (device loop2): txCommit: [ 395.945784][ T8573] [ 396.664254][ C0] vkms_vblank_simulate: vblank timer overrun [ 396.667254][ T8583] binder: BINDER_SET_CONTEXT_MGR already set [ 396.677324][ T8583] binder: 8578:8583 ioctl 4018620d 200000000040 returned -16 [ 396.940859][ C0] vkms_vblank_simulate: vblank timer overrun [ 396.978126][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.225378][ C0] vkms_vblank_simulate: vblank timer overrun [ 398.164974][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 398.165001][ T30] audit: type=1326 audit(1751469319.270:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 398.553519][ T30] audit: type=1326 audit(1751469319.270:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 398.845115][ T30] audit: type=1326 audit(1751469319.290:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 399.413107][ T8284] team0: Port device team_slave_0 added [ 399.429561][ T30] audit: type=1326 audit(1751469319.290:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 399.561317][ T8284] team0: Port device team_slave_1 added [ 399.646411][ T30] audit: type=1326 audit(1751469319.290:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 400.201325][ T30] audit: type=1326 audit(1751469319.420:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 400.341265][ T30] audit: type=1326 audit(1751469321.610:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8569 comm="syz.2.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b718e929 code=0x7ffc0000 [ 400.512091][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 400.544329][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 400.571564][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 400.612158][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 401.188395][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 401.303427][ T8606] 9pnet_fd: Insufficient options for proto=fd [ 401.398894][ T8600] Process accounting resumed [ 401.913731][ T8611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.618'. [ 402.018009][ T8611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.618'. [ 402.187783][ T8284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 402.217713][ T8284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 402.331236][ T8284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 402.446475][ T8284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 402.494310][ T8284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 402.574589][ T8284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 403.318797][ T5842] Bluetooth: hci5: command tx timeout [ 403.707590][ T8511] chnl_net:caif_netlink_parms(): no params data found [ 403.820965][ T8627] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 403.827565][ T8627] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 403.871135][ T8627] vhci_hcd vhci_hcd.0: Device attached [ 404.161293][ T5816] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 406.731735][ T5842] Bluetooth: hci5: command tx timeout [ 406.761401][ T6514] bridge_slave_1: left allmulticast mode [ 406.767457][ T6514] bridge_slave_1: left promiscuous mode [ 406.791673][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.828083][ T6514] bridge_slave_0: left allmulticast mode [ 406.861556][ T6514] bridge_slave_0: left promiscuous mode [ 406.873318][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.899411][ T8629] vhci_hcd: connection reset by peer [ 406.914624][ T60] vhci_hcd: stop threads [ 406.931014][ T60] vhci_hcd: release socket [ 406.936564][ T60] vhci_hcd: disconnect device [ 407.788819][ T6514] bridge_slave_1: left allmulticast mode [ 407.819695][ T6514] bridge_slave_1: left promiscuous mode [ 407.830693][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.864625][ T6514] bridge_slave_0: left allmulticast mode [ 407.870409][ T6514] bridge_slave_0: left promiscuous mode [ 407.878097][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.028067][ T6514] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 408.051453][ T6514] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 408.068260][ T6514] bond0 (unregistering): Released all slaves [ 408.312002][ T6514] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 408.407152][ T6514] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 408.811897][ T5842] Bluetooth: hci5: command tx timeout [ 409.192956][ T6514] bond0 (unregistering): Released all slaves [ 409.947583][ T8673] netlink: 'syz.4.629': attribute type 1 has an invalid length. [ 409.955367][ T8673] netlink: 224 bytes leftover after parsing attributes in process `syz.4.629'. [ 410.590972][ T5816] vhci_hcd: vhci_device speed not set [ 410.604120][ T8670] loop2: detected capacity change from 0 to 2048 [ 410.899953][ T5842] Bluetooth: hci5: command tx timeout [ 411.215027][ T5999] IPVS: starting estimator thread 0... [ 411.372705][ T8679] IPVS: using max 24 ests per chain, 57600 per kthread [ 411.380569][ T8682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.478211][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 411.538551][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 411.554005][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 411.565718][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 411.573698][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 411.671029][ T6514] hsr_slave_0: left promiscuous mode [ 411.762597][ T6514] hsr_slave_1: left promiscuous mode [ 411.782536][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.939715][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 412.448299][ T8597] loop2: unable to read partition table [ 412.458145][ T8597] loop2: partition table beyond EOD, truncated [ 412.512991][ T6514] hsr_slave_0: left promiscuous mode [ 412.529796][ T6514] hsr_slave_1: left promiscuous mode [ 412.541804][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 412.642933][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 412.882932][ T8692] loop2: detected capacity change from 0 to 764 [ 412.985812][ T8692] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 413.291441][ T6514] team0 (unregistering): Port device team_slave_1 removed [ 413.461829][ T6514] team0 (unregistering): Port device team_slave_0 removed [ 413.632557][ T5838] Bluetooth: hci6: command tx timeout [ 435.481448][ T15] sched: DL replenish lagged too much [ 518.660844][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 518.667860][ C0] rcu: 1-...!: (1 GPs behind) idle=2974/0/0x1 softirq=38187/38188 fqs=144 [ 518.678594][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5942/1:b..l [ 518.686541][ C0] rcu: (detected by 0, t=10502 jiffies, g=30877, q=25 ncpus=2) [ 518.694179][ C0] Sending NMI from CPU 0 to CPUs 1: [ 518.694216][ C1] NMI backtrace for cpu 1 [ 518.694232][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 518.694260][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.694274][ C1] RIP: 0010:__hrtimer_run_queues+0x291/0xc60 [ 518.694321][ C1] Code: 89 de e8 82 f4 11 00 85 db 74 2c 48 8b bc 24 98 00 00 00 be ff ff ff ff e8 4c 9d b8 09 89 c3 31 ff 89 c6 e8 61 f4 11 00 85 db <0f> 84 8c 04 00 00 e8 14 f0 11 00 eb 05 e8 0d f0 11 00 48 8b 5c 24 [ 518.694340][ C1] RSP: 0018:ffffc90000a08d40 EFLAGS: 00000002 [ 518.694359][ C1] RAX: ffffffff81ae5e7f RBX: 0000000000000001 RCX: 0000000000010000 [ 518.694374][ C1] RDX: ffff88801ced5a00 RSI: 0000000000000001 RDI: 0000000000000000 [ 518.694389][ C1] RBP: ffffc90000a08e90 R08: ffff888030de4357 R09: ffff888030de4340 [ 518.694406][ C1] R10: dffffc0000000000 R11: ffffed10061bc86b R12: ffff888030de4340 [ 518.694423][ C1] R13: dffffc0000000000 R14: 18568ee9bc000000 R15: ffff8880b8727bc0 [ 518.694443][ C1] FS: 0000000000000000(0000) GS:ffff888125d50000(0000) knlGS:0000000000000000 [ 518.694462][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 518.694478][ C1] CR2: 0000001b2fd1cff8 CR3: 000000005b740000 CR4: 0000000000350ef0 [ 518.694495][ C1] Call Trace: [ 518.694506][ C1] [ 518.694519][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 518.694561][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 518.694596][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 518.694631][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 518.694693][ C1] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 518.694737][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 518.694773][ C1] [ 518.694780][ C1] [ 518.694790][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 518.694813][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 518.694846][ C1] Code: 6e 4c a9 f5 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 35 21 00 f3 0f 1e fa fb f4 43 4c a9 f5 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 518.694865][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 00000282 [ 518.694884][ C1] RAX: 33a033e0a3e83100 RBX: ffffffff81974d88 RCX: 33a033e0a3e83100 [ 518.694900][ C1] RDX: 0000000000000001 RSI: ffffffff8d982066 RDI: ffffffff8be28cc0 [ 518.694916][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 518.694933][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa104f0 [ 518.694950][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039dab40 [ 518.694968][ C1] ? do_idle+0x1e8/0x510 [ 518.694997][ C1] default_idle+0x13/0x20 [ 518.695018][ C1] default_idle_call+0x74/0xb0 [ 518.695040][ C1] do_idle+0x1e8/0x510 [ 518.695064][ C1] ? __pfx_do_idle+0x10/0x10 [ 518.695098][ C1] cpu_startup_entry+0x44/0x60 [ 518.695119][ C1] start_secondary+0x101/0x110 [ 518.695148][ C1] common_startup_64+0x13e/0x147 [ 518.695186][ C1] [ 518.695206][ C0] task:kworker/u8:7 state:R running task stack:21160 pid:5942 tgid:5942 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 518.997606][ C0] Workqueue: bat_events batadv_nc_worker [ 519.003266][ C0] Call Trace: [ 519.006546][ C0] [ 519.009485][ C0] __schedule+0x16f5/0x4d00 [ 519.014028][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 519.019942][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 519.025192][ C0] ? preempt_schedule_irq+0xb5/0x150 [ 519.030497][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 519.036411][ C0] ? __pfx___schedule+0x10/0x10 [ 519.041285][ C0] ? rcu_preempt_deferred_qs_irqrestore+0x851/0xc40 [ 519.047892][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 519.053115][ C0] ? preempt_schedule_irq+0xaa/0x150 [ 519.058423][ C0] preempt_schedule_irq+0xb5/0x150 [ 519.063573][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 519.069329][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.074999][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 519.080842][ C0] irqentry_exit+0x6f/0x90 [ 519.085304][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 519.090800][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 519.096110][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 0b dd fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 519.115751][ C0] RSP: 0018:ffffc90005017980 EFLAGS: 00000206 [ 519.121844][ C0] RAX: 6ca7f796cf161e00 RBX: 0000000000000000 RCX: 6ca7f796cf161e00 [ 519.130032][ C0] RDX: 0000000000000000 RSI: ffffffff8db6ee30 RDI: ffffffff8be28cc0 [ 519.138033][ C0] RBP: ffffffff8b34bec2 R08: 0000000000000000 R09: ffffffff8b34bec2 [ 519.146015][ C0] R10: dffffc0000000000 R11: fffffbfff1f4209f R12: 0000000000000002 [ 519.154028][ C0] R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000246 [ 519.162028][ C0] ? batadv_nc_worker+0xd2/0x610 [ 519.166999][ C0] ? batadv_nc_worker+0xd2/0x610 [ 519.171968][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.177619][ C0] ? batadv_nc_worker+0xd2/0x610 [ 519.182575][ C0] ? batadv_nc_worker+0xd2/0x610 [ 519.187528][ C0] batadv_nc_worker+0xef/0x610 [ 519.192305][ C0] ? batadv_nc_worker+0xd2/0x610 [ 519.197300][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 519.203171][ C0] process_scheduled_works+0xae1/0x17b0 [ 519.208883][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 519.214920][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.220583][ C0] worker_thread+0x8a0/0xda0 [ 519.225236][ C0] kthread+0x711/0x8a0 [ 519.229323][ C0] ? __pfx_worker_thread+0x10/0x10 [ 519.234456][ C0] ? __pfx_kthread+0x10/0x10 [ 519.239058][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.244713][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 519.249935][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.255586][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 519.260814][ C0] ? __pfx_kthread+0x10/0x10 [ 519.265419][ C0] ret_from_fork+0x3fc/0x770 [ 519.270037][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 519.275175][ C0] ? __switch_to_asm+0x39/0x70 [ 519.279973][ C0] ? __switch_to_asm+0x33/0x70 [ 519.284758][ C0] ? __pfx_kthread+0x10/0x10 [ 519.289366][ C0] ret_from_fork_asm+0x1a/0x30 [ 519.294163][ C0] [ 519.297184][ C0] rcu: rcu_preempt kthread starved for 10214 jiffies! g30877 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 519.308385][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 519.318389][ C0] rcu: RCU grace-period kthread stack dump: [ 519.324469][ C0] task:rcu_preempt state:R running task stack:26632 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 519.338070][ C0] Call Trace: [ 519.341349][ C0] [ 519.344303][ C0] __schedule+0x16f5/0x4d00 [ 519.348854][ C0] ? schedule+0x165/0x360 [ 519.353207][ C0] ? __pfx___schedule+0x10/0x10 [ 519.358091][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.363741][ C0] ? schedule+0x91/0x360 [ 519.368006][ C0] schedule+0x165/0x360 [ 519.372183][ C0] schedule_timeout+0x12b/0x270 [ 519.377043][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 519.382423][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 519.388334][ C0] ? __pfx_process_timeout+0x10/0x10 [ 519.393635][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.399301][ C0] ? prepare_to_swait_event+0x341/0x380 [ 519.404873][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 519.410026][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 519.416203][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 519.421502][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 519.426729][ C0] ? finish_swait+0xcd/0x1f0 [ 519.431347][ C0] rcu_gp_kthread+0x99/0x390 [ 519.435970][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 519.441278][ C0] ? __kthread_parkme+0x7b/0x200 [ 519.446223][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.451871][ C0] ? __kthread_parkme+0x1a1/0x200 [ 519.456929][ C0] kthread+0x711/0x8a0 [ 519.461015][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 519.466229][ C0] ? __pfx_kthread+0x10/0x10 [ 519.470825][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.476474][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 519.481693][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.487345][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 519.492588][ C0] ? __pfx_kthread+0x10/0x10 [ 519.497199][ C0] ret_from_fork+0x3fc/0x770 [ 519.501817][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 519.506960][ C0] ? __switch_to_asm+0x39/0x70 [ 519.511826][ C0] ? __switch_to_asm+0x33/0x70 [ 519.516598][ C0] ? __pfx_kthread+0x10/0x10 [ 519.521208][ C0] ret_from_fork_asm+0x1a/0x30 [ 519.526000][ C0] [ 519.529018][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 519.535342][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 519.547013][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 519.557075][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 519.562833][ C0] Code: 6e 4c a9 f5 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 35 21 00 f3 0f 1e fa fb f4 43 4c a9 f5 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 519.582542][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 00000282 [ 519.588625][ C0] RAX: f91de9527914e700 RBX: ffffffff81974d88 RCX: f91de9527914e700 [ 519.596604][ C0] RDX: 0000000000000001 RSI: ffffffff8d982066 RDI: ffffffff8be28cc0 [ 519.604584][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 519.612562][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa104f0 [ 519.620628][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 519.628605][ C0] FS: 0000000000000000(0000) GS:ffff888125c50000(0000) knlGS:0000000000000000 [ 519.637540][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 519.644217][ C0] CR2: 0000001b2ff16ff8 CR3: 0000000027af8000 CR4: 0000000000350ef0 [ 519.652284][ C0] Call Trace: [ 519.655565][ C0] [ 519.658497][ C0] default_idle+0x13/0x20 [ 519.662839][ C0] default_idle_call+0x74/0xb0 [ 519.667611][ C0] do_idle+0x1e8/0x510 [ 519.671703][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 519.677350][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 519.682576][ C0] ? __pfx_do_idle+0x10/0x10 [ 519.687181][ C0] ? do_idle+0x11/0x510 [ 519.691349][ C0] cpu_startup_entry+0x44/0x60 [ 519.696134][ C0] rest_init+0x2de/0x300 [ 519.700389][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 519.705958][ C0] start_kernel+0x47d/0x500 [ 519.710477][ C0] x86_64_start_reservations+0x24/0x30 [ 519.715959][ C0] x86_64_start_kernel+0x143/0x1c0 [ 519.721089][ C0] common_startup_64+0x13e/0x147 [ 519.726055][ C0]