last executing test programs: 2m53.007567448s ago: executing program 4 (id=8): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{0x0, 0x0, 0x3, 0x1}, 'syz1\x00', 0x10}) 2m52.822559995s ago: executing program 4 (id=9): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0xe) ioctl$FIONREAD(r0, 0x541b, 0x0) 2m52.463624112s ago: executing program 4 (id=11): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, 0x0, &(0x7f0000001500)) 2m52.199006625s ago: executing program 4 (id=13): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 2m51.88893739s ago: executing program 4 (id=17): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mkdirat(r0, &(0x7f0000002040)='./file0\x00', 0x5) 2m51.592896517s ago: executing program 4 (id=23): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000000000)={0xe, {"a2e3ad21ed0d52f90b9b39094bf70e06d038e7ff7fc6e5539b324b298b089b0732376d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d1780700523c921b1b9b31070d325d0936cd3b78130daa61f94b61404d64aec1b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c088215ec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6f44ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d208001349b41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2a15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee53259289d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c1980778efa5ea567b7b7430acc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a0700d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8440daaa69bf5c8f4350aeae9ca1207e76061b28f27da19acc7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211c7847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e781171e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b906ce2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11ee9afb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e75c40e42e07b34449e15e065cc7348663a52190202c7ae288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289d8523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c78e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e7c7b2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df06720ba2b26bbfcc807c8aabb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db38b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 2m36.447898055s ago: executing program 32 (id=23): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000000000)={0xe, {"a2e3ad21ed0d52f90b9b39094bf70e06d038e7ff7fc6e5539b324b298b089b0732376d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d1780700523c921b1b9b31070d325d0936cd3b78130daa61f94b61404d64aec1b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c088215ec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6f44ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d208001349b41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2a15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee53259289d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c1980778efa5ea567b7b7430acc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a0700d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8440daaa69bf5c8f4350aeae9ca1207e76061b28f27da19acc7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211c7847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e781171e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b906ce2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11ee9afb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e75c40e42e07b34449e15e065cc7348663a52190202c7ae288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289d8523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c78e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e7c7b2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df06720ba2b26bbfcc807c8aabb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db38b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 2m28.112021159s ago: executing program 2 (id=220): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000000)=0x1, 0x4) 2m27.996454229s ago: executing program 2 (id=221): io_uring_setup(0x1694, &(0x7f0000000080)) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0x10, 0x1, 'BATMAN_IV'}]}}}]}, 0x44}}, 0x0) 2m27.643304306s ago: executing program 2 (id=223): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x6, &(0x7f0000000240)={&(0x7f0000000000)=@bridge_dellink={0x34, 0x13, 0x5, 0x2000, 0x25dfdbfd, {0x7, 0x0, 0x0, r1, 0x10400, 0x1952}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x6, 0x0, 0x1, [{0x8, 0x16, 0x0, 0x0, 0x3ff}]}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2m27.371846958s ago: executing program 2 (id=226): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000000c0)=0x7, &(0x7f0000000240)=0x2) 2m27.049183091s ago: executing program 2 (id=229): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x17c, &(0x7f0000000380)="$eJzskr9OAkEQxr+9O/5oFDWxooGC+KdQjkONnZbY29lI4ETiocKRKITijDEUFsbSJ+A1THwBLYwPQE1BrM2ZvZ3bLL6C+yvu2/l2ZnZ2c+d+208B+JkOajhEhIkMPhiDBSDHhDcxhD6TfpI+CcE75R2Rf0+a9Xv9JAC+nceKMC6qnud28gC+I09a/sGdgUnU6ms6qPHFKYAwDEPu1QGejgUlxwTQVnKyFrAaXSKUORYNsA6g2G1dF/1ef6vZqjbchnvpmOU9e8e2d53iWdNzbfFlyhF0FXDdBJBKQ8L3EwAeKJ7HLEwZjfbZHE5kbTJ+www9IExZayi1sTK8yrlSSsUx1sDHugmWFLcQdbEQXakCBpOCkqXMJ85KRxvbtSuvPgQDi8tGsGSP0hgJGThqUN4PsChaDallgbRCOiIdk+b+/DJWwL+PFG0EQBK31W63U+KPJFYsXjnSc5YD9cH4qS/G7OXeDGg0Go1Go9FoNBrNf+c3AAD//8PfdhM=") prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) 2m25.962791139s ago: executing program 2 (id=240): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket(0x1d, 0x2, 0x6) getsockopt$inet_mreqn(r0, 0x6a, 0x4, 0x0, &(0x7f00000000c0)=0x5c) 2m10.788770751s ago: executing program 33 (id=240): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket(0x1d, 0x2, 0x6) getsockopt$inet_mreqn(r0, 0x6a, 0x4, 0x0, &(0x7f00000000c0)=0x5c) 1m36.95517641s ago: executing program 5 (id=742): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x8000000) 1m35.912525245s ago: executing program 5 (id=756): syz_mount_image$exfat(&(0x7f0000002bc0), &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10000, &(0x7f00000002c0)={[{@utf8}, {@dmask={'dmask', 0x3d, 0x6}}, {@uid={'uid', 0x3d, 0xee00}}, {@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@fmask={'fmask', 0x3d, 0x1}}, {@namecase}, {@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@namecase}, {@errors_remount}, {@errors_continue}]}, 0x1, 0x1533, &(0x7f0000006800)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k0uiyTJJUkuSZIkSW4JSZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJEmTJCG5Jev/mZi/OnX+55xfnfz+Z57v5/N+Zj2z3mftZ88z73733vPyTZehNRrVrNqAiOAPwYtfEgAgFgAGAsA1ABAAQNm4snEZ89klJvyxjbA/10PJV7oCdiVx/7M27n/Wxv3P2rj/WRv3P2vj/mdt3P+sjfvPWFa2eXr+a/mRdR98/z8r4/f//yLpJcd+sbbk9V0BYv7VFO7////wD+Ry//9rBf/Kk7j/WRv3P6uKvdIFsP8F+PWfFWT7hzPc/6yN+89YVvbLe8GxcOXvR//VD4j8J/8G4ntd/Clf+f38h/vPGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4z9Bc74yxQAZI6vdF2MMcYYY4wxxhj78/hsV7oCxhhjjDHGGGOM/echCJCgIIAYyAaxkB1ygACIyZy/FuLgOsgN10MeyAv5ID/EQwEoCBoMWCAIoRAUhijcAEXgRigKxaA4lAAHJaEU3ASl4WYoA7dAWbgVysFtUB4qQEWoBLdDZbgDqsCdUBXugmpQHWpATbgbasE9UBvuhTpwH9SF+6EePAD14UFoAA9BQ3gYGsEj0BgehSbQFJpBc2jxP8p/AXrAi9ATekEC9IY+8BL0hX7QHwbAQHgZBsErMBhehUQYAkPhNRgGr8NweANGwEgYBW/CaHgLxsBYGAfjIQkmwER4GybBOzAZpsBUmAbJMB1mwLswE2bBbHgP5sD7MBfmwXxYACnwASyERZAKH8Ji+AjSYAkshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFbbAddsBO+Bh2wSewG/bAXvgU9sFn/2b+6b/L74qAgAIFKlQYgzEYi7GYA3NgTsyJuTAXRjCCcRiHuTE35sE8mA/zYTzGY0EsiAYNEhIWwkIYxSgWwSJYFIticSyODh2WwlJYGm/GMlgGy2JZLIflsDxWwApYCSthZayMVbAKVsWqWA2rYQ2sgXfj3dgba2NtrIN1sC7Wzbw9hQ2wATbEhtgIG2FjbIxNsAk2w2bYAltgS2yJrbAVtsE22BbbYjtsh+2xPXbADtgRO2In7ISdsTN2wS7YFbtht/QXsgG+iC9iL6wmemMf7IN9MTFbfxyAA/BlHISv4Cv4KibiEByKr+Fr+DoOx1M44sJIHIWjsLJ4C8fgWCQxHpMwCSfiRJyEk3AyTsEpOA2TcTrOwBk4E2fhLHwP5+D7+D7Ow3m4AFMwBRfiIkzFVFyMpzENl+BSXIbLcQUux1W4GlfhWlyHa3EDbsBNuAm34BbchttwB+7Aj1EB4Ce4B/dgIu7Dfbgf9+MBPIAH8SCmYzoewkN4GA/jETyCR/EoHsPjeAKP40k8iafwNJ7BM3gOz+F5fC7+q4YfF1uTCCKDEkrEiBgRK2JFDpFD5BQ5RS6RS0RERMSJOJFb5BZ5RB6RT+QT8SJeFBQFhRFGkAgzjhQiKqKiiCgiioqiorgoLpxwopQoJUqL0qKMKCPKiltFOXGbKC8qiNaukqgkKos2roq4U1QVVUU1UV3UEDVFTVFL1BK1RW1RR9QRdUVdUU88IOqL3tgfHxIZnWkkhmBjMRSbiKZCXjpCtRTDsZVoLdqIJ8RIHIHtREvXXjwtOogx2FH8TYzFZ0VnMR67iOdFV9FNdBcviB6ilespeonJ2Fv0EdOwr+gn+osBYiZWF+/hnOw1xKsiUQwRQ8VrYgG+LoaLN8QIMVKMEm+K0eItMUaMFePEeJEkJoiJ4m0xSbwjJospYqqYJpLFdDFDvCtmillitnhPzBHvi7linpgvFogU8YFYKBaJVPGhWCw+EmliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Ck+FrvEJ2K32CP2ik/FPvGZ2C8+FwfEF+Kg+FKki6/EIfG1OCy+EUfEt+Ko+E4cE8fFCfG9OCl+EKfEaXFGnBXnxI/ivPhJXBBegEQppJRKBjJGZpOxMrvMIa+SOWWQefyXcfI6mVteL/PIvDKfzC/jZQFZUGpppJUkQ1lIFpZReYMsIm+URWUxWVyWkE6WlKXkTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiF7dRTVaXNWRNebdMgHtkbXmvrCPvk3Xl/bKefEDWlw/KBvIh2VA+LBvJR2Rj+ahsIpvKZrK5bCEfky3l47KVbC3byCdkW/mkbCefku3l07KD9Jd+RZ6VneVzsot8XnaV3WR3+ZO8IL3sKXtJ6A2yj3xJ9pX9ZH85QA6UL8tB8hU5WL4qE+UQOVS+JofJ1+Vw+YYcIUfKUfJNOVq+JcfIsXKcHC+T5AQ5Ub4tJ8l35GQ5RU6V02SynC77X1pptpT/NP/t38kf/PPWN8nNcovcKrfJ7XKH3Ck/lrvkLrlb7pZ75V65T+6T++V+eUAekAflQZku0+UheUgeloflEXlEHpVH5TF5XJ6V38uT8gd5Sp6Wp+VZeU6ek+cv/QxAoRJKKqUCFaOyqViVXeVQV6mc6mqVS12jIupaFaeuU7nV9SqPyqvyqfwqXhVQBZVWRllFKlSFVGEVVTfgpV8YVVyVUE6VVKXUTf9OviqiblRFVbFf5WfWl/AP6muhWqiWqqVqpVqpNqqNaqvaqnaqnWqv2qsOqoPqqDqqTqqT6qw6qy6qi+qquqruqrvqoXqonqqnSlAJqo96SfVV/VR/NUANVC+LjH0YrAarRJWohqqhapgapoar4WqEGqFGqVFqtBqtxqgxapwap5JUkpqoJqpJapKarCarqWqqSlbJaoaaoWaqmWq2mq3mqDlqrpqr5qv5KkWlqIVqoUpVqWqxWqzS1BK1RC1Ty9QKtUKtUqvUGrVGrVPr1Aa1QaWpzWqz2qq2qu1qu9qpdqpdapfarXarvWqv2qf2qf1qvzqgDqiD6qBKV+nqkDqkDqvD6og6oo6qo+qYOqZOqBPqpDqpTqlT6ow6o86pc+q8Oq8uqAsZp32BCESgAhXEBDFBbBAb5AhyBDmDnEGuIFcQCSJBXBAX5A6uD/IEeYN8Qf4gPigQFAx0YAIbiEtNjwY3BEWCG4OiQbGgeFAicEHJoFRwU1A6uDkoE9wSlA1uDcoFtwXlgwpBxaBScHtQObgjqBLcGVQN7gqqBdWDGkHN4O6gVnBPUDu4N6gT3BfUDe4P6gUPBPWDB4MGwUNBw+DhoFHwSNA4eDRoEjQNmgXNgxZ/6vren8r7uOupe+kE3Vv30S/pvrqf7q8H6IH6ZT1Iv6IH61d1oh6ih+rX9DD9uh6u39Aj9Eg9Sr+pR+u39Bg9Vo/T43WSnqAn6rf1JP2Onqyn6Kl6mk7W0/UM/a6eqWfp2fo9PUe/r+fqeXq+XqBT9Ad6oV6kU/WHerH+SKfpJXqpXqaX6xV6pV6lV+s1eq1ep9frDXqj3qQ36y16q96mt+sdeqf+WO/Sn+jdeo/eqz/V+/Rner/+XB/QX+iD+kudrr/Sh/TX+rD+Rh/R3+qj+jt9TB/XZfT3+qT+QZ/Sp/UZfVaf0z/q8/onfUH7jJP7jLd3o4wyMSbGxJpYk8PkMDlNTpPL5DIREzFxJs7kNrlNHpPH5DP5TLyJNwVNQZOBDJlCppCJmqgpYoqYoqaoKW6KG2ecKWVKmdKmtCljypiypqwpZ8qZ8qa8qWgqmtvN7eYOc4e509xp7jJ3meqmuqlpappappapbWqbOqaOqWvqmnqmnqlv6psGpoFpaBqaRqaRaWwamyamiWlmmpkWpoVpaVqaVqaVaWPamLamrWln2pn2pr3pYDqYjqaj6WQ6mc6ms+liupiupqvpbrqbHqaH6Wl6mgSTYPqYPqav6Wv6m/5moBloBplBZrAZbBJNohlqhpphZpgZboabEWakGZVxomreMmPMWDPOjDdJJslMNBPNJDPJTDaTzVQz1SSbZDPDzDAzzUwz28w2c8wcM9fMNfPNfJNiUsxCs9CkmlSz2Cw2aSbNLDVLzXKz3Kw0K81qs9qsNWvNelhvNpqNZrPZbLaarWa72W52mp1ml9lldpvdZq/Za/aZfWa/2W8OmAPmoDlo0k26OWQOmcPmsDlijpij5qg5Zo6ZE+aEOWlOmlPmlDljzphzJu+l90tvYm12m8NeZXPaq20ue439+zifzW/jbQFb0Gqbx+b9VWystUVtMVvclrDOlrSl7E2/icvbCrairWRvt5XtHbbKb+Ja9h5b295r69j7bE1796/iuvZ+W88+YusjAtimtqFtbhvZR2xj+6htYpvaZra5bWuftO3sU7a9fdp2sM/8Jl5oF9nVdo1da9fZ3XaPPWPP2sP2G3vO/mh72l52oH3ZDrKv2MH2VZtoh/wmHmXftKPtW3aMHWvH2fG/iafaaTbZTrcz7Lt2pp31mzjFfmDn2FQ7186z8+2Cn+OMmlLth3ax/cim2QCW2mV2uV1hV9pV/7fWZXaD3Wg32V32E7vVbrPb7Q67M/NE2O6xe+2ndp/9zB6yX9sD9gt70B6x6farn+OM/Ttiv7VH7Xf2mD1uT9jv7Un7g8rMztj37+1P9oL1FggJSJKigGIoG8VSdspBV1FOuppy0TUUoWspjq6j3HQ95aG8lI/yUzwVoIKkyZAlopAKUWGK0g2UWV5xKkGOSlIpuolK081Uhm6hsnQrlaPbqDxVoIpUiW6nynQHVaE7qSrdRdWoOtWgmnQ31aJ7qDbdS3XoPqpL91M9eoDq04PUgB6ihvQwNaJHqDE9Sk2oKTWj5tSCHqOW9Di1otbUhp6gtvQktaOnqD09TR3oGepIf6NO9Cx1pueoCz1PXakbdacXqAe9SD2pFyVQb+pDL1Ff6kf9aQANpJdpEL1Cg+lVSqQhNJReo2H0Og2nN2gEjaRR9CaNprdoDI2lcTSekmgCTaS3aRK9Q5NpCk2laZRM02kGvUszaRbNpvdoDr1Pc2kezacFlEIf0EJaRKn0IS2mjyiNltBSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRttpB+2kj2kXfUK7aQ/tpU9pH31G++lzOkBf0EH6ktLpKzpEX9Nh+oaO0Le+F31Hx+g4naDv6ST9QKfoNJ2hs3SOfqTz9BNdIE8QYihCGaowCGPCbGFsmD3MEV4V5gyvDnOF14SR8NowLrwuzB1eH+YJ84b5wvxhfFggLBjq0IQ2pDAMC4WFw2h4Q1gkvDEsGhYLi4clQheWDEuFN4Wlw5vDMuEtYdnw1rBceFtYPqwQPnJfpfD2sHJ4R1glvDOsGt4VVgurhzXCmuHdYa3wnrB2eG9YJ7wvLBPeH9YLHwjrhw+GDcKHwobhw2Gj8JGwcfho2CRsGjYLm4ctwsfCluHjYauwddgmvCpsGz4ZtgufCtuHT4cdwmd+nr9/Ueb8E7+ZTwh7h33Cl8KXQu/vlfOjC6Ip0Q+iC6OLoqnRD6OLox9F06JLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohujm6Le18wGDp1w0ikXuBiXzcW67C6Hu8rldFe7XO4aF3HXujh3ncvtrnd5XF6Xz+V38a6AK+i0M846cqEr5Aq7qLvBFXE3uqKumCvuSjjnSrpSrrlr4Vq4lu5x18q1dm3cE+4J96R70j3lnnJPuw7uGdfR/c11cs+6zu4595x73nV13Vx394Lr4SbkuviaTHB9XB/X1/V1/V1/N9ANdIPcIDfYDXaJLtENdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOJbkkN9FNdJPcJDfZTXZT3VSX7JLdDDfDzXQzXeVZF7cy18118918l+JS3EKXcc6Y6ha7xS7Npbmlbqlb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+62u51up9vldrnd/pqLi7p9br/b7w64A+6g+9Klu6/cIfe1O+y+cUfct+6o+84dc8fdCfe9O+l+cKfcaXfGnXXn3I/uvPvJXXDeJUUmRCZG3o5MirwTmRyZEpkamRZJjkyPzIi8G5kZmRWZHXkvMifyfmRuZF5kfmRBJCXyQWRhZFEkNfJhZHHko0haZElkaWRZZHlkRcT7AltDX8gX9lF/gy/ib/RFfTFf3Jfwzpf0pfxNvvTFutO8v9WX87f58r6Cr+gf9U18U9/MN/ct/GO+pX/ct/KtfRv/hG/rn/Tt/FO+vX/ad/DP+I7+b76Tf9Z39s/5Lv5539V38939C76Hf9H39L18gu/t+/iXfF/fz/f3A/xA/7If5F/xg/2rPtEP8UP9a36Yf90P92/4EX6kHxXzph+deYkM432Sn+An+rf9JP+On+yn+Kl+mk/20/0M/66f6Wf52f49P8e/7+f6eX6+X+BT/Ad+oV/kU/2HfrH/yKf5JZk3jf1Kv8qv9mv8Wr/Or/cb/Ea/yW/2W/xWv81v9zv8Tv+x3+U/8bv9Hr/Xf+r3+c/8fv+5P+C/8Af9lz7df+UP+a/9Yf+NP+K/9Uf9d/6YP+5P+O/9Sf+DP+VP+zP+rD/nf/Tn/U/+Av+bNcYYY4yxf8mEy0Px65mLt/N7/06O+MWT+wDA1dvyp/9yPuOMcn2ei+N+Ij424+vTvbo8lPmoVi0hIeHSc9MkBIXnAWT+JSjDzx89uBQvgTbwJLSH1lD6d+vvJ7qdo3+yfvRWgBy/yMkoKDO+vP7nAJjwO+s/9sSoheXCM3H/j/XnARQtfDknO1yOl0Cbn++vtIYy/6D+vC3/Sf3Zv0gCaPWLnJxwOb5cfyl4HJ6B9r96JmOMMcYYY4wxdlE/UbFT5vVn5ic+f+/6PF5dzskGl+N/dn3OGGOMMcYYY4yxK+/Zbt2feqx9+9ad/v1Blf9R1r88aAz/qZV58LsD7wEyv6MA4A8uCJAxkH/lXmz5S7aVeOml8/dTy8/6AP53tPLPGFzhAxNjjDHGGGPsT3f5pP/X31dXqiDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYywL+iv+O7ErvY+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYlfZ/AgAA//+1tfsI") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 1m35.521508596s ago: executing program 5 (id=761): r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x60c43, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pread64(r0, 0x0, 0x0, 0x2f) 1m35.278389513s ago: executing program 5 (id=763): syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x10081, &(0x7f00000000c0)={[{@nodioread_nolock}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000dc0)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb") mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00') 1m34.465424998s ago: executing program 5 (id=767): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1000840, &(0x7f0000000300)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c756e695f786c6174653d312c757466383d312c696f636861727365743d63703836352c7379735f696d6d757461626c652c636865636b3d7374726963742c696f636861727365743d69736f383835392d31352c636f6465706167653d3836302c756e695f786c6174653d312c726f6469722c73686f72746e616d653d6c6f7765722c757466383d302c000effbb67cf", @ANYRES16, @ANYRES32], 0x1, 0x362, &(0x7f0000000d00)="$eJzs3U9oY1UXAPCTeWnSmY/52oUwKAhPd4KWmYoLXbUMHRjMRiX4ZyEGp6PS1IEGg51FM3UjLgWXunLnQhcuZi2CIu5cuHUEqYoLnd2Ag0+SvDQvTdJWsTMWf79FOL33nnfveQnN62tz+9JSrF2aics3b+7E7Gwpykvnl+JWKeYjiYFrMa4yoQ0AOB5uZVn8lvUdMqV0xEsCAI5Y7/3/ldOFlre+2G985t0fAI69/Of/k/uNmZ3WceVIlgQAHLGx+/8PjnRXRn/VXy78VQAAcFw98/wLTy7XIp5O09mI9bfb9XY9nhj2L1+O16IZq3E25uJ2RP9CoftQ6j1euFhbOZumaSd+nI96N6Ndj1jvtOv9K4XlpJdfjXMxF/N5fn61kWVZcuHT2sq5tCcirnV688d6qV2fiVP5/N+ditVYjDTuGcuPuFhbWUzzA9TXB/mdiO3hfYvu+hdiLr55Oa5EMy5FN3dwWVNb2TqXpuez2kh+u17tjeubegcEAAAAAAAAAAAAAAAAAAAAAAD+loV01/zu/jfZcP+ehYUJ/b39cfr5+f5A2/39gbJqFln265uP1N9JYmR/oL3787Tr5Thxd0sHAAAAAAAAAAAAAAAAAACAf43WZiUazebqRmvz6lox6Gy0Nk9ERLfl9a8+/vxkjI85ICjncxS60rzp6lojSwaDs6Q3Zi7vywcn3ckHB/zo+u6Ki1NUd6uYuIzq9K5m8/QDP7w/bLk/GRz5j+GYJPZkFXYsmFb7+v9HqpgyeykiSsUC+8HiAWf1RpZl00741ovjWd05yn/9ids/yLrBlzuv3vto68xjvZbPsr6HHp579sZ7H/681mj2qusVWNlo3c7WGvnXxRdbefS1MTFICmNK0Q9KxaegvF/69mhLI/n2l+fue/frw1WaFVvemDAm6Zfzyd6uSj/oLvN/owWenDTXzIEn4R8Jznyw1Li+9f1Ph80qfJOwUQcAAAAAAAAAAAAAAAAAANwRhc+K5/IP+87sl/X4U0e/MgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4c4b//78QbI+1HCI48XsnxruqqxutiErs3O1CAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4T/szAAD//4rGYms=") r0 = open(&(0x7f00000000c0)='.\x00', 0x101000, 0x190) getdents(r0, &(0x7f0000000100)=""/236, 0xec) 1m33.905458319s ago: executing program 5 (id=774): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000050, &(0x7f00000001c0)={0xa, 0x4e22, 0x40000000, @local, 0x1}, 0x1c) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000002c0)) 1m33.551845407s ago: executing program 34 (id=774): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000050, &(0x7f00000001c0)={0xa, 0x4e22, 0x40000000, @local, 0x1}, 0x1c) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000002c0)) 10.237183512s ago: executing program 3 (id=1554): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x28a, 0x0, &(0x7f0000000180)="b44c806748f06309624431ed3373010001000000bf7e47d5fe008c6390009c4ebd873094563683b7ee0fae7a6a53200386ce51def6a4effb9de8b4645c2b9c0614907dac12c6d34a8266e6124b925240080cd4f4e5b5da601596c31f137d2ce6ca74fd87f90ea0be786fe13ac0805807dd6853458eccc84575e9af5fee93c9427fc0bd19ccae5d3bc54f9bdf5cf073b5a597a9df9cb422ce2ab5ff0700001130ef7824c0d3af6a0000000093b110a54f32ad69d05a805194380816a626940f4b74417bcc7ebcdf627041732f2eb0e4c6b6ed2449161c8b447829e7110b031b2e42528ed9aacbacae558272260c6b6ab183dd433a628de952e48f76d92cb36789fa2048c18441e99f6d3928bbcba48129e9c76ea7bafde2f322a406679edc8807a1ac048371092e1545d4feae4e5cc5d59840916e65ca94a1543a0ceb72c7342ce4f36d2a0d920d256eb72edc1b5d501eedc374c9ecf7c9ea0f5b494802a0365859c94850e0b20ad984b7b20dec8b6880e17e7638b63daa1d02f17ede125f97fec2bae28917819041750faee85b9e12f969c2acb24d6bdd83ab595c535fd20eec50cd53db292baaecb91e26df80c19eb88382dec1b5293c061833a33546fc699dcb187b66c91d23bb498494b0d45ad577c4a70f7fc82f5538eb7f3753f8f609377d2b5893d99c69ddc1dce10a0396f20c0a3e9fa981b642abda8753f155a7e0b829359617ade0749518458238ef376274b342c827199a5fa19c09c010e6759a045c5a15c1bdaaf707919ea5950adcad65dc128370ae91022956e9f55eee4a7b3aa2dbf8e2ec52e064d37c372db525ed9ee97aec279340dca0962c1470e8d3bda2da435703e76409bceadae533b484703a4af966187106d4efdda76c521ac0b2106c6728ee650c7001d0be", 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffff6}, 0x50) r0 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x2) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 9.799621435s ago: executing program 3 (id=1560): io_setup(0x4, &(0x7f00000014c0)=0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0xfffe, r1, 0x0}]) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) 9.556549492s ago: executing program 3 (id=1566): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x2c, 0x7, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x400c0c0) 9.383735181s ago: executing program 3 (id=1569): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") syz_mount_image$fuse(0x0, &(0x7f0000000300)='./bus\x00', 0x3000001, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]}) setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000080), 0x0, 0x0, 0x3) 8.580916859s ago: executing program 3 (id=1581): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x2000004, &(0x7f0000000340)={[{@creator={'creator', 0x3d, "ec38b5a1"}}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@codepage={'codepage', 0x3d, 'cp936'}}]}, 0x41, 0x30d, &(0x7f0000000ac0)="$eJzs3c9q1EAcB/DvJNl2+4ea/hHBi1It6KVY9VC8rMhevXsStbuFYqi4W8F6sRWP4gN49xV8CC+KL6AnQfABeovML5PdSTbJNqW76drvB3adncxMfmMmyUxAAyI6tx40f36+81t/FODCBXAPcADUAQ/ARVyqv9rd29kL2q2ihlypoT8KUU01UGZrt51VVdeTGoavf3mYt/NsarBlOqEwDO//qjoIqpyc/RkcYNqch7K9Pua4RuUAuFJ1DONmH2B1hCO8xkKF4RAR0Rlg7v+OuU3MS5aC4wBr5rb/X93/j6oO4HTdDQaywsIK1v1fZneh0sf3gmzqr/dkoaW3O/EqcVggenzUUnlTiEZWYoKphq0qJRZnZnvHw/rWIVoO3qFhWMVW5LsVDd3YkGhXM9amBfJbq+HhbNQbmVGmxSFt7wTtaZ2w4o8jWD72HqfKxDzoj/lTfVXf1WPl4xNavfmfFyrdvuzCTx0pp6bjv5Xf8pzU0qVgOtZoNJxEkUXZyeVkJ4YcpXpqRZK+9Cz2Hxoc9CIoilP2vYTkY4WodxtDai1n1fJ7v3JqrSRquWYkrG+9CAofpYxG3EX1UT1Sq/iLL2ha839Hx7cG68wsutQrKWlGRtSfnOHpSUl/4PD1T5ervQiM6dJ9IyDvaVmOD3iGTSx09988d4Og3dGJpxmJl/MdZXJq74HMMnYCOjGLdqcbH8+CwtkJL9hMb3JRUAsH/ZxQexuG3X0Xx9lXWCawsombp9qgvn50NhDl6NMnq3Dd/gt3RtSvc59ofkPRgDxbicPEOagvrv0yYQjkVB/JNYrOmK6KD7r89DBTdUQ0Zvo+raL1n8zkzaxOFij6yy+YpxcvMpFocaO3gktOBZfke7bUCm4ufwVn7fF2zppR1lzXbgDXrUyFvD2Wm1hNBtXEDzzh838iIiIiIiIiIiIiIiIiIiIiIiIiokkzjn+EUHUfiYiIiIiIiIiIiIiIiIiIiIiIiIiIiIgm3Yne/5v1f8TL+3/947//V9qI3hRV9v2/RHQ6/gUAAP//iRJv/A==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x802, 0xa2) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0x4) 5.952403723s ago: executing program 3 (id=1611): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x6, 0xff, @local, @local, {[], {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x4, "8000"}, @fastopen={0x22, 0x2}]}}}}}}}}, 0x0) 5.53689418s ago: executing program 35 (id=1611): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x6, 0xff, @local, @local, {[], {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x4, "8000"}, @fastopen={0x22, 0x2}]}}}}}}}}, 0x0) 4.285312748s ago: executing program 0 (id=1625): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$FUSE(r1, &(0x7f00000022c0)={0x2020}, 0x2020) 4.233567279s ago: executing program 1 (id=1627): r0 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2c, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000540)={0x4}) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) 4.214604006s ago: executing program 0 (id=1628): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchmodat(r1, &(0x7f0000000000)='.\x00', 0xe0) 4.044359595s ago: executing program 0 (id=1629): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in=@empty, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x1, 0x394, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@local, {0x0, 0x1, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0x6, 0x6, 0x1f, 0x1ff}, {0x0, 0xfffffffc}, 0x70bd2a, 0x3504, 0xa, 0x0, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x3}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in=@local, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x8, 0x0, 0x0, 0x0, 0x3a}, {@in=@multicast2, 0x4d4, 0x6c}, @in=@rand_addr=0x64010102, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x9, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 4.023183692s ago: executing program 7 (id=1630): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 3.995646457s ago: executing program 1 (id=1631): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) write$binfmt_misc(r0, &(0x7f0000000040), 0xfe46) 3.7329244s ago: executing program 0 (id=1633): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc) 3.662553858s ago: executing program 1 (id=1634): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_POLICY={0x8}]}], {0x14}}, 0x6c}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000380)={0x14, 0x15, 0xa, 0x201}, 0x14}}, 0x0) 2.407687536s ago: executing program 6 (id=1635): r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 2.405231506s ago: executing program 0 (id=1644): r0 = epoll_create1(0x80000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0xc0000011}) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 2.404629435s ago: executing program 1 (id=1636): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f00000003c0)={[{@memory_low}, {@background_gc_off}, {@noquota}, {@inline_dentry}, {@data_flush}, {@discard_unit_segment}, {@noinline_xattr}, {@discard}, {@checkpoint_diasble}, {@user_xattr}, {@resgid}, {@resuid}, {@jqfmt_vfsv1}, {@usrjquota={'usrjquota', 0x3d, '-)$-.%\'*,'}}]}, 0xff, 0x5512, &(0x7f00000079c0)="$eJzs3EtvG1UUAODjpGnpgxIhFuw6UoWUSLVVpw/BrkArHiJVVGDBChzbsdzanih2nJAVC5aIBf8EgcSKJb+BBWt2iAWIHRLIcyfQ8JCQ4sSk+T5pfOZeX58516oqnZnIAZxai9kvP1XicpyPiPmIuBRRnFfKo3Anhecj4kpEzD12VMr5PybORsSFiLg8SZ5yVsq3Prs2vnrrxzd//vrbc2cufv7Vd7PbNTBrL0REfzOd7/RTzDspPiznG+NuEfs3x2VMb/QfleM8xZ32epFhp7G/rlHEG520Pt/cHk7iRq/RnMROd6OY3xykCw7Hnf08xQceNraKcau9XsTuMC9iZy/VtbuX/m/bG45SnlaZ78MifYxG+zHNt3fbaT+bj4rYHIzK+ZQ3b7V3J3FcxvJy0cx7raKO9cN80/9vb3UH27vZuL017OaD7Fat/mKtfrta38pb7VH7ZrXRb92+mS11epNl1VG70b/TyfNOr11r5v3lbKnTbFbr9Wzpbnu92xhk9XrtRu169dZyeXYte+3+u1mvlS1N4ivdwfao2xtmG/lWlj6xnK3Ubry0nF2tZ2+vrmVrD+7dW1175/27791/efWNV8tFfysrW1q5vrJSrV+vrtSXT9H+Py6LnuL+4VAqsy4A4OTR/wOzcHT9/9aDiKPv/0P/PxUnqv897f3/EewfDkX/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwan2/8MXrxcliGl8s558up54tx5WImIuI3/7BfJw9kHO+zLPwL+sX/lLDN5UoMkyuca48LkTEnfL49Zmj/hYAAADgyfXlR1c+Td16elmcdUEcp3TTZu7SB1PKV4mIhcUfppRtbvLy3JSSFf++z8TulLIVN7DOTClZuuU2tWz/yfyB8NRjoZLC3LGWAwAAHIuDncDxdiEAAAAcp09mXQCzUYn9R5n7z4KLv7z/84Hg+QMjAAAA4ASqzLoAAAAA4MgV/b/f/wMAAIAnW/r9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB3du4mN20gjgPo3wYX6IeKqu57le7gGD1Cl11WHKCX4ABd0Cv0ApyB7HKECCLsCYEIRZE8NiF6TzLDGPNjxoLFzKABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3VSr+b/f3/60zdnu2snTGwAAAOCcTbWa10+mTf1DOv8pnfqS6kVElBFxbuw+iHcnmYOUUz1e//f4+upJG/5H1An7zxil431EfE/H3eeu7wIAAABcsdHzL68Xy1kzWm8epv20itehmbQpP/7IlFdERDW9zZRW7vO+Zgqrv9/D+JUprZ7AGmcKa6bchrnSXqT+uR9m7cZHRdEU5dm3HRqZre8AAECPBidFv6MQAAAA+vTz0g3gMop4WMo8LAWmPwyk5b3JSQ0AAAC4QsWlGwAAAAB0rh7/97T/3y73/n+T3HcDAAAA3qhm/z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6tKlW8/ViOWubs921k6c3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXM/r3FUcQDA38zsbH+ouEbZQ0QUPOjFbre1tTfxoAQP/glCSLc1duuPNgdbipiLN8m5F9GjiKDEW/+Hnlvopd562EMFz8qbnclO0oCr4swm+XzgzfvuY5j3fbMQ8p03CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCZvDOLs3joTeO0HLv3+NZa7O/v6aM7Ww+WY4tx0mTSB8NL9Q9Jv71EAAAAODqyqr4PITzMt1din/aK+j+vzok1/3fPTOOqnt9b91d9VfvH9usvj17Ymag3nSde9NL6eHT6yVQ6/98qF9uzf3tGp7jzxbOXrPhC0vc3n5/kx+P9TL65e/fdbnFrjzWRLQDwb5yq+jKofh+K/bDNxAA4Mjq1wruq/7NeuzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANGGyGZ6q4iSEsNyZxdH9x7fW9uvvbD1Yrtr527e3wleza8ZL5CGES+vj0elGV7PYrt+4eWV1PB5daz54OYTQ1uxvl8u/8uEcJ4eweyQLe0cEixyk5Ze9KPkcjKDFH0oAABxKedliXf8w316JY8lSCH9+v7v+f60Whznr/0cfnb9Xn6te/w8bW+HiG2xc/Wxw/cbNN9avrl4eXR598uaZ4VvDsxfOnbswKJ6VDDwxAQAA4L/plq1e/6dLT+7/n6zFYc76//Nvh1/W58rU//uabfq1nQkAAMDR9twrf/ye7DOedLvhi9WNjWvD6XHn85npsYVU/7FjZavX/9lS21kBAAAATZhsJrv2/y/W4jDn/v/TP7z4U/2aWQjhRLn/f2rt0/HF5paz0Jr4c+K21wgAAEC7TpStvv+fF+//pzuvPKQhhNdfncblvwGcq/7P3vv6x/pc9ff/zza3xIWU9qf3o+j7IXT6bWcEAADAYXa8bLHY/y3fXvn455MfdL3/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANC0vwIAAP//PJY89w==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x100, 0x100000002, 0x6}) 2.404479265s ago: executing program 7 (id=1637): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40814) 2.243309726s ago: executing program 0 (id=1638): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fd9e1a40f30c74933bbc0000000109021b000104"], 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8202}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x3c}, 0x1, 0xd, 0x0, 0x480c5}, 0x0) 2.212001451s ago: executing program 7 (id=1639): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@init_itable}, {@nobh}, {@nodiscard}]}, 0x3, 0x45c, &(0x7f0000000940)="$eJzs281vFGUYAPBnZtsCArYifvChVtHY+NFSQOXgQY0mHjAx0YMem7YQZKGG1kQIUTAGT8aYeDce/Rc86cUYTyZe9W5IiOECeFozuzN0d9ld6LLbLezvlwy873z0fZ6deXffmXc3gKE1mf2TRGyLiL8iYrxWbdxhsvbftSvn5q9fOTefRKXy3r9Jdb+rV87NF7sWx23NK1NpRPplEntatLt85uyJuXJ58XRen1k5+fHM8pmzLx4/OXds8djiqQOHDx86OPvKywde6kmeWUxXd3+2tHfX2x9++86Rr7N1aZF/Ux49Mtlp4zOVSo+bG6ztdeVkZICBsCaliMhO12i1/49HKVZP3ni89cVAgwP6qlKpVLa233y+AtzDkmis6/IwLIoP+uz+t1iaBwGv9W/4MXCXX6/dAGV5X8uX2paR6vOByO+Ntvep/cmI+OD8f99nS/TnOQQAQIOfs/HPC63Gf2k8XLff/fnc0EREPBAROyLiwYjYGREPRVT3fSQiHl1j+82TJDePf9JLXSV2m7Lx36v53Fbj+K8Y/cVEKa9tr+Y/mhw9Xl7cn78mUzG6KavPdmjjlzf//KbdtvrxX7Zk7RdjwTyOSyObGo9ZmFuZu5Oc612+ELF7pFX+yY2ZgCQidkXE7i7bOP7cj3vbbbt1/h30YJ6p8kPEs7Xzfz6a8i8knecnZzZHeXH/THFV3Oz3Py6+2679O8q/B7Lzf1/L6/9G/hNJ/Xzt8trbuPj3V23vabq9/seS96vlsXzdp3MrK6dnI8aSI7Wg69cfWD22qBf7Z/lP7Wvd/3fE6iuxJyKyi/ixiHg8Ip7IY38yIp6KiH0d8v/tjac/6j7//sryX1jT+V8tjEXzmtaF0olff2podOKm/K93Pv+HqqWpfM3tvP/dTlzdXc0AAABw90kjYlsk6fSNcppOT9e+L78zIi0vLa88f3Tpk1MLtd8ITESkxZOu8brnobP5bX2tfiEial8tKLYfzJ8bf1faUq1Pzy+VFwadPAy5rW36f+af0qCjA/rO77VgeOn/MLxu1f8/X6c4gPXn8x+GV4v+v2UQcQDrbVPLz39jfhgOTf3ftB8Mkab+v3lQcQDrr/vnf2M9jQNYf57/w1Ba3hK3/pF8x0Lxl7o8/J4txOiGCKNvhUg3RBgbtjB6l/eLwb0nAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NL/AQAA//8kV94B") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 1.554063515s ago: executing program 7 (id=1640): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380), 0x149842, 0x0) write$dsp(r0, &(0x7f0000000900)='B', 0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) close(r0) 1.549419824s ago: executing program 6 (id=1641): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x28, 0x1, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffcb1, &(0x7f0000000240)={&(0x7f00000019c0)=@delchain={0x2c, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x2c}}, 0x0) 774.908887ms ago: executing program 1 (id=1642): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x5b, 0x0, 0x0) 774.756066ms ago: executing program 6 (id=1643): syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$USBDEVFS_CONNECTINFO(r0, 0x80045503, &(0x7f00000000c0)) 774.645387ms ago: executing program 7 (id=1645): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r0, &(0x7f0000000080)=@other={'lock', ' ', 'io'}, 0x8) write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r0, &(0x7f00000000c0)=@other={'unlock', ' ', 'io'}, 0xa) 632.017341ms ago: executing program 7 (id=1646): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}}, 0x0) 586.618693ms ago: executing program 6 (id=1647): r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet(r0, &(0x7f0000000940)=[{{&(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000040)="93", 0x1}], 0x1}}], 0x1, 0x46054) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x1, 0x7}, 0x8) close(r0) 385.125018ms ago: executing program 6 (id=1648): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="62a02a3a340977770a89"], 0xa) 262.682236ms ago: executing program 6 (id=1649): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x3c}, 0xb73, 0x1, 0x0, 0x7, 0x7e49, 0xffff}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8b32, &(0x7f0000000040)) 0s ago: executing program 1 (id=1650): syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f00000000c0)='./file0\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x2b2, &(0x7f0000000440)="$eJzs3U9rE08cx/HPbLbN/trS39pWBOmpWvAk/XMRL4L0GXjxJGoToRgqaAX1VD2LD8B7noIPwKMn8Sz01pMPoJ4i8yfNZrubNMGwbXy/oGFj5jv7ncxsZiYSVgD+Wfd3jtrbx/bPSDXVJN2VIkmJFEu6qmvJ6/2DvYNWszGoopqLsH9GPtKcKbO731R4MSvJ/WNqn8VaOFMQf13yU4er81VngaqZoutV7pOgHq5O+9ngr9UpcFh1AhUzJzrRGy1WnQcAoFrGz+9RmOcXJNlVYRRJ62Ha9/N/d5VwySfQk6oTmLCvQ17PzP9ul9Uxtn//dy/19nuus2PNhKD29vE4uczKj6xaXwLDdpUul+i/Z3ut5u3dF61GpA+6F8z0iq24x4Yful1HbeP2tPb4/dmq18Ja95z7y6N2clrbaNzGKpqxbdjK5p8pslx8xu0xzzic+Wa+m0cm1Wc1Ttd/ccfYbnI9leZ6yue/UV6ja+WsXKmSVl5xJ7kezhAMbGVNuTSyZkOdfR2YluQZ90Ut5aJ86zbLW+eilgujtoZEreSjeqO5PHLSzCfz0Kzpl75oJ7P+j+y7va7zXJm2jCsZRsbA9sSuZOqmmDB3HK4WlozGbRHG8FFPdUeLr96+e/6k1Wq+nNoDeyWOHGVH60VIfkIH3UFwUfKZ2gP7Jldy9u68M3495R8dfC0/PXqdPmIgg2Ba2HWX8fu/zH5lwy3W7EPav06vZ2M7wyrP1LhZsjdYco9z+R1cyd7AuK8e5ov/t0Jle67fHc8XcXuuG7ekm+c5o5eGPC+e0/eyPkKQ2dEPPeb7fwAAAAAAAAAAAAAAAAAAgMtmhB8GzA0uk5T+YKbqNgIAAAAAAAAAAAAAAAAAAAAAcNkV3P+3Pun7/+b13f/3gfwz7v8LTNyfAAAA///AXngC") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) truncate(&(0x7f0000000080)='./file1\x00', 0xfff) kernel console output (not intermixed with test programs): interface, different from the descriptor's value: 66 [ 143.948333][ T4312] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 143.971029][ T4312] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 143.997594][ T4312] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 144.011048][ T5057] usb 7-1: USB disconnect, device number 2 [ 144.011105][ C1] synaptics_usb 7-1:0.0: synusb_irq - usb_submit_urb failed with result: -19 [ 144.039061][ T4312] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 144.047166][ T4312] usb 2-1: Product: syz [ 144.073620][ T4312] usb 2-1: Manufacturer: syz [ 144.104382][ T4312] cdc_wdm 2-1:1.0: skipping garbage [ 144.116029][ T4312] cdc_wdm 2-1:1.0: skipping garbage [ 144.142981][ T4312] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 144.153266][ T4312] cdc_wdm 2-1:1.0: Unknown control protocol [ 144.697037][ T6446] loop5: detected capacity change from 0 to 256 [ 144.728372][ T6446] exfat: Deprecated parameter 'utf8' [ 144.750651][ T6446] exfat: Deprecated parameter 'namecase' [ 144.756411][ T6446] exfat: Deprecated parameter 'namecase' [ 144.820863][ T6446] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 145.152868][ T6459] loop0: detected capacity change from 0 to 512 [ 145.237466][ T6459] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 145.284648][ T6459] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.287292][ T6456] ntfs: (device loop6): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 145.344623][ T6456] ntfs: volume version 3.1. [ 145.445994][ T6456] ntfs: (device loop6): ntfs_mark_quotas_out_of_date(): Quota defaults entry version 0x5 is not supported. [ 145.464483][ T6464] EXT4-fs: Ignoring removed mblk_io_submit option [ 145.492996][ T6456] ntfs: (device loop6): load_system_files(): Failed to mark quotas out of date. Mounting read-only. Run chkdsk. [ 145.517915][ T6464] EXT4-fs (loop5): orphan cleanup on readonly fs [ 145.535237][ T6464] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13 [ 145.585562][ T6464] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.763: attempt to clear invalid blocks 2 len 1 [ 145.618202][ T6464] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1111: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 145.652389][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 145.673276][ T6464] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.763: invalid indirect mapped block 1819239214 (level 0) [ 145.687441][ T6454] set_capacity_and_notify: 2 callbacks suppressed [ 145.687456][ T6454] loop3: detected capacity change from 0 to 32768 [ 145.737659][ T6464] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.763: invalid indirect mapped block 1819239214 (level 1) [ 145.785482][ T6454] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 145.807738][ T6454] JBD2: Ignoring recovery information on journal [ 145.810176][ T6470] loop0: detected capacity change from 0 to 512 [ 145.846137][ T6464] EXT4-fs (loop5): 1 truncate cleaned up [ 145.866357][ T6470] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 145.867850][ T6464] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 145.944463][ T6470] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 145.968350][ T6470] EXT4-fs (loop0): orphan cleanup on readonly fs [ 145.990531][ T6454] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 146.009808][ T6470] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.765: bad orphan inode 267 [ 146.047038][ T4761] EXT4-fs error (device loop5): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 146.067558][ C0] vkms_vblank_simulate: vblank timer overrun [ 146.078825][ T6470] EXT4-fs (loop0): Remounting filesystem read-only [ 146.086345][ T6470] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 146.115905][ T4761] EXT4-fs error (device loop5): ext4_iget_extra_inode:4756: inode #15: comm syz-executor: corrupted in-inode xattr [ 146.158268][ T4761] EXT4-fs error (device loop5): ext4_iget_extra_inode:4756: inode #15: comm syz-executor: corrupted in-inode xattr [ 146.314177][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 146.350915][ T4268] ocfs2: Unmounting device (7,3) on (node local) [ 146.436598][ T5057] usb 2-1: USB disconnect, device number 5 [ 146.544570][ T4761] EXT4-fs (loop5): unmounting filesystem. [ 146.846598][ T11] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.889420][ T6487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.769'. [ 146.913314][ T6487] device dummy0 entered promiscuous mode [ 146.927059][ T6487] device dummy0 left promiscuous mode [ 147.042697][ T11] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.230651][ T11] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.401678][ T11] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.699985][ T6511] loop1: detected capacity change from 0 to 1024 [ 147.820093][ T6516] netlink: 16 bytes leftover after parsing attributes in process `syz.3.788'. [ 147.841377][ T6511] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 147.872696][ T6511] syz.1.786: attempt to access beyond end of device [ 147.872696][ T6511] loop1: rw=0, sector=917504, nr_sectors = 2 limit=1024 [ 147.950351][ T6511] Buffer I/O error on dev loop1, logical block 458752, async page read [ 147.976511][ T4283] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 147.989723][ T6511] syz.1.786: attempt to access beyond end of device [ 147.989723][ T6511] loop1: rw=0, sector=917504, nr_sectors = 2 limit=1024 [ 147.990416][ T4283] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 148.015267][ T4283] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 148.023439][ T4283] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 148.033264][ T4283] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 148.047676][ T4281] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 148.086581][ T6511] Buffer I/O error on dev loop1, logical block 458752, async page read [ 148.095075][ T27] audit: type=1326 audit(1772847043.630:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6522 comm="syz.6.790" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x0 [ 148.390502][ T6531] netlink: 60 bytes leftover after parsing attributes in process `syz.3.792'. [ 148.875068][ T6550] bridge: RTM_DELNEIGH with unconfigured vlan 2 on bridge_slave_0 [ 149.012289][ T6518] chnl_net:caif_netlink_parms(): no params data found [ 149.146885][ T6557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.800'. [ 149.195361][ T6561] loop1: detected capacity change from 0 to 512 [ 149.203372][ T6560] netlink: 'syz.3.800': attribute type 21 has an invalid length. [ 149.211322][ T6560] netlink: 20 bytes leftover after parsing attributes in process `syz.3.800'. [ 149.267562][ T6561] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 149.281972][ T6561] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 149.292885][ T6561] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.801: Corrupt directory, running e2fsck is recommended [ 149.311046][ T6561] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 149.351561][ T6561] EXT4-fs error (device loop1): ext4_iget_extra_inode:4756: inode #15: comm syz.1.801: corrupted in-inode xattr [ 149.370374][ T6561] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.801: couldn't read orphan inode 15 (err -117) [ 149.406232][ T6561] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 149.419510][ T6567] loop3: detected capacity change from 0 to 512 [ 149.549240][ T6561] EXT4-fs error (device loop1): __ext4_remount:6644: comm syz.1.801: Abort forced by user [ 149.583110][ T6561] EXT4-fs (loop1): Remounting filesystem read-only [ 149.591236][ T6561] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 149.696911][ T6518] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.729371][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 149.733518][ T6518] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.761685][ T6518] device bridge_slave_0 entered promiscuous mode [ 149.814249][ T6518] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.858661][ T6518] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.880614][ T6518] device bridge_slave_1 entered promiscuous mode [ 150.119141][ T4284] Bluetooth: hci5: command 0x0409 tx timeout [ 150.211758][ T11] device hsr_slave_0 left promiscuous mode [ 150.238795][ T11] device hsr_slave_1 left promiscuous mode [ 150.301057][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.319165][ T6593] loop0: detected capacity change from 0 to 64 [ 150.326762][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.338941][ T128] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 150.349183][ T6593] hfs: unable to locate alternate MDB [ 150.355575][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.372892][ T6593] hfs: continuing without an alternate MDB [ 150.404047][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.436103][ T11] device bridge_slave_1 left promiscuous mode [ 150.452257][ T6599] loop1: detected capacity change from 0 to 64 [ 150.461045][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.492536][ T11] device bridge_slave_0 left promiscuous mode [ 150.513474][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.558902][ T128] usb 7-1: Using ep0 maxpacket: 16 [ 150.571275][ T128] usb 7-1: config 0 has an invalid interface number: 34 but max is 0 [ 150.615931][ T128] usb 7-1: config 0 has no interface number 0 [ 150.636160][ T128] usb 7-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 150.648902][ T128] usb 7-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 150.663001][ T11] device veth1_macvtap left promiscuous mode [ 150.677520][ T11] device veth0_macvtap left promiscuous mode [ 150.679171][ T128] usb 7-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 150.699784][ T11] device veth1_vlan left promiscuous mode [ 150.713370][ T128] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.716060][ T11] device veth0_vlan left promiscuous mode [ 150.731715][ T128] usb 7-1: Product: syz [ 150.737069][ T128] usb 7-1: Manufacturer: syz [ 150.742224][ T128] usb 7-1: SerialNumber: syz [ 150.757168][ T128] usb 7-1: config 0 descriptor?? [ 150.764249][ T6586] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 150.775677][ T6586] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 150.786312][ T4272] hfs: node 4:3 still has 1 user(s)! [ 151.007551][ T6586] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 151.023814][ T6586] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 151.244672][ T128] asix 7-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 151.269319][ T128] asix: probe of 7-1:0.34 failed with error -61 [ 151.386195][ T6608] loop1: detected capacity change from 0 to 32768 [ 151.466613][ T128] usb 7-1: USB disconnect, device number 3 [ 151.487647][ T6608] JBD2: Ignoring recovery information on journal [ 151.583208][ T6608] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 151.652388][ T4272] ocfs2: Unmounting device (7,1) on (node local) [ 151.760184][ T6614] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 151.774271][ T6614] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 151.781777][ T6614] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 151.792337][ T6614] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 151.799967][ T6614] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 151.807623][ T6614] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffa,4) [ 151.817376][ T6614] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 152.092819][ T6618] loop6: detected capacity change from 0 to 512 [ 152.170705][ T6618] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 152.197420][ T6618] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 152.198590][ T4284] Bluetooth: hci5: command 0x041b tx timeout [ 152.219831][ T6618] EXT4-fs (loop6): orphan cleanup on readonly fs [ 152.227422][ T6618] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.819: bad orphan inode 267 [ 152.256134][ T6618] EXT4-fs (loop6): Remounting filesystem read-only [ 152.288992][ T6618] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 152.471481][ T11] team0 (unregistering): Port device team_slave_1 removed [ 152.471511][ T5476] EXT4-fs (loop6): unmounting filesystem. [ 152.589721][ T6620] loop1: detected capacity change from 0 to 32768 [ 152.610333][ T11] team0 (unregistering): Port device team_slave_0 removed [ 152.698041][ T6620] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 152.729007][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 152.737226][ T6620] XFS (loop1): Mounting V5 Filesystem [ 152.829055][ T6620] XFS (loop1): Ending clean mount [ 152.842824][ T6620] XFS (loop1): Quotacheck needed: Please wait. [ 152.914505][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 152.923764][ T6620] XFS (loop1): Quotacheck: Done. [ 153.053464][ T6635] loop6: detected capacity change from 0 to 4096 [ 153.066190][ T4272] XFS (loop1): Unmounting Filesystem [ 153.859792][ T11] bond0 (unregistering): Released all slaves [ 153.971923][ T6518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.981197][ T6603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.815'. [ 154.010278][ T6603] device vlan2 entered promiscuous mode [ 154.026137][ T6603] device bridge0 entered promiscuous mode [ 154.062571][ T6642] netlink: 'syz.1.824': attribute type 12 has an invalid length. [ 154.079057][ T6642] netlink: 132 bytes leftover after parsing attributes in process `syz.1.824'. [ 154.103746][ T6518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.178570][ T6648] netlink: 'syz.6.829': attribute type 4 has an invalid length. [ 154.218993][ T6652] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 154.226885][ T6652] IPv6: NLM_F_CREATE should be set when creating new route [ 154.278509][ T4284] Bluetooth: hci5: command 0x040f tx timeout [ 154.307169][ T6518] team0: Port device team_slave_0 added [ 154.343150][ T6518] team0: Port device team_slave_1 added [ 154.450457][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.470318][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.558349][ T6518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.601600][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.677566][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.728517][ T4312] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 154.736181][ T6518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.864349][ T6518] device hsr_slave_0 entered promiscuous mode [ 154.911687][ T6518] device hsr_slave_1 entered promiscuous mode [ 154.928629][ T4312] usb 7-1: Using ep0 maxpacket: 32 [ 154.942578][ T6518] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.954282][ T4312] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.989918][ T6518] Cannot create hsr debugfs directory [ 155.005993][ T4312] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.046349][ T4312] usb 7-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 155.075960][ T4312] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.122409][ T4312] usb 7-1: config 0 descriptor?? [ 155.546088][ T4312] hid (null): global environment stack underflow [ 155.650463][ T4312] nintendo 0003:057E:200E.0004: global environment stack underflow [ 155.679579][ T6518] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 155.702400][ T4312] nintendo 0003:057E:200E.0004: item 0 4 1 11 parsing failed [ 155.769220][ T4312] nintendo 0003:057E:200E.0004: HID parse failed [ 155.901831][ T6518] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 155.928593][ T4312] nintendo 0003:057E:200E.0004: probe - fail = -22 [ 155.967901][ T4312] nintendo: probe of 0003:057E:200E.0004 failed with error -22 [ 156.037015][ T4312] usb 7-1: USB disconnect, device number 4 [ 156.058398][ C0] sched: RT throttling activated [ 156.138282][ T6518] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 156.215683][ T6518] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 156.358732][ T4284] Bluetooth: hci5: command 0x0419 tx timeout [ 156.760218][ T6518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.855262][ T6679] loop0: detected capacity change from 0 to 262144 [ 156.869910][ T6679] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 scanned by syz.0.840 (6679) [ 156.890629][ T6705] IPVS: Error connecting to the multicast addr [ 156.900288][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.912542][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.924595][ T6679] BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 156.935727][ T6679] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 156.945481][ T6679] BTRFS info (device loop0): setting nodatasum [ 156.952204][ T6679] BTRFS info (device loop0): doing ref verification [ 156.959348][ T6679] BTRFS info (device loop0): using free space tree [ 156.965457][ T6518] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.039836][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.065035][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.108061][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.115297][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.272314][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.312940][ T6679] BTRFS info (device loop0): enabling ssd optimizations [ 157.400538][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.451914][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.485021][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.492255][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.539765][ T4269] BTRFS info (device loop0): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 157.551808][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.584096][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.618235][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.666173][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.713741][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.780054][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.806296][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.857475][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.919659][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.976362][ T6518] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.133772][ T6752] loop3: detected capacity change from 0 to 512 [ 158.148062][ T6752] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 158.159520][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.200161][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.261479][ T27] audit: type=1326 audit(1772847053.810:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6754 comm="syz.0.857" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f06bcf9c799 code=0x0 [ 158.299244][ T6752] EXT4-fs (loop3): 1 truncate cleaned up [ 158.305106][ T6752] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 158.519444][ T4268] EXT4-fs (loop3): unmounting filesystem. [ 158.680598][ T6765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.863'. [ 158.740848][ T6765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.863'. [ 158.772907][ T6765] netlink: 'syz.3.863': attribute type 14 has an invalid length. [ 159.401067][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 159.429434][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.475268][ T6518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.173330][ T27] audit: type=1326 audit(1772847055.720:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.1.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4499c799 code=0x7ffc0000 [ 160.259620][ T27] audit: type=1326 audit(1772847055.740:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.1.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4499c799 code=0x7ffc0000 [ 160.352601][ T27] audit: type=1326 audit(1772847055.740:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.1.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f5f4499c799 code=0x7ffc0000 [ 160.480265][ T27] audit: type=1326 audit(1772847055.750:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.1.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4499c799 code=0x7ffc0000 [ 160.564215][ T27] audit: type=1326 audit(1772847055.750:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.1.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4499c799 code=0x7ffc0000 [ 160.917146][ T6835] loop1: detected capacity change from 0 to 512 [ 160.955293][ T6835] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 160.969064][ T27] audit: type=1326 audit(1772847056.520:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.6.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 161.027518][ T6835] EXT4-fs (loop1): 1 truncate cleaned up [ 161.047657][ T6835] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 161.086045][ T27] audit: type=1326 audit(1772847056.540:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.6.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 161.136569][ T6835] EXT4-fs (loop1): Online resizing not supported with sparse_super2 [ 161.174076][ T27] audit: type=1326 audit(1772847056.540:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.6.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 161.224567][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 161.255276][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.295893][ T27] audit: type=1326 audit(1772847056.540:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.6.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 161.329037][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 161.338220][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.357046][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 161.417270][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.441978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.466213][ T6518] device veth0_vlan entered promiscuous mode [ 161.487194][ T6849] EXT4-fs: Conflicting test_dummy_encryption options [ 161.512060][ T6518] device veth1_vlan entered promiscuous mode [ 161.563036][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 161.609887][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 161.618221][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.651570][ T5491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.667833][ T6518] device veth0_macvtap entered promiscuous mode [ 161.695425][ T6855] loop1: detected capacity change from 0 to 256 [ 161.698743][ T6747] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 161.719724][ T6518] device veth1_macvtap entered promiscuous mode [ 161.724019][ T6855] exfat: Deprecated parameter 'utf8' [ 161.755538][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.775238][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.787627][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.806533][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.817417][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.837938][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.856994][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.858213][ T6855] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 161.868038][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.899932][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.924566][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.929652][ T6747] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 161.945413][ T6518] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.976606][ T6747] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.986221][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.007498][ T6747] usb 4-1: Product: syz [ 162.027757][ T6747] usb 4-1: Manufacturer: syz [ 162.032596][ T6747] usb 4-1: SerialNumber: syz [ 162.041538][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.070309][ T6747] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 162.078865][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.098416][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.133133][ T6747] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 162.139794][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.173492][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.196705][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.222697][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.233806][ T6518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.245604][ T6518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.309500][ T6518] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.318806][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 162.328250][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 162.336965][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 162.402468][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.474919][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 162.504377][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 162.539476][ T6518] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.548677][ T6518] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.557800][ T6518] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.586973][ T6518] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.688598][ T6745] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 162.719365][ T6872] loop0: detected capacity change from 0 to 512 [ 162.801601][ T6872] EXT4-fs error (device loop0): ext4_iget_extra_inode:4756: inode #12: comm syz.0.898: corrupted in-inode xattr [ 162.814484][ T6872] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.898: couldn't read orphan inode 12 (err -117) [ 162.826533][ T4338] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.836917][ T4338] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.844591][ T6872] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 162.883070][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 162.908021][ T6745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.931290][ T6745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 162.949777][ T6745] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 162.960544][ T6745] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.975634][ T6745] usb 2-1: config 0 descriptor?? [ 163.009150][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.039420][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 163.041755][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.122335][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 163.387825][ T6885] netlink: 'syz.0.901': attribute type 1 has an invalid length. [ 163.406267][ T6745] holtek_kbd 0003:04D9:A055.0005: unknown main item tag 0x0 [ 163.420922][ T6745] holtek_kbd 0003:04D9:A055.0005: unknown main item tag 0x0 [ 163.440027][ T6745] holtek_kbd 0003:04D9:A055.0005: unknown main item tag 0x0 [ 163.457621][ T6745] holtek_kbd 0003:04D9:A055.0005: unknown main item tag 0x0 [ 163.479465][ T6747] usb 4-1: Service connection timeout for: 256 [ 163.498602][ T6747] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 163.511137][ T6745] holtek_kbd 0003:04D9:A055.0005: unknown main item tag 0x0 [ 163.541423][ T6745] holtek_kbd 0003:04D9:A055.0005: unknown main item tag 0x0 [ 163.583233][ T6747] ath9k_htc: Failed to initialize the device [ 163.597080][ T6745] holtek_kbd 0003:04D9:A055.0005: unknown main item tag 0x0 [ 163.642488][ T6747] usb 4-1: ath9k_htc: USB layer deinitialized [ 163.658073][ T6745] holtek_kbd 0003:04D9:A055.0005: hidraw0: USB HID v10.00 Device [HID 04d9:a055] on usb-dummy_hcd.1-1/input0 [ 163.678810][ T6894] loop0: detected capacity change from 0 to 512 [ 163.713694][ T6745] usb 2-1: USB disconnect, device number 6 [ 163.743305][ T6894] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 163.806068][ T6894] EXT4-fs (loop0): 1 truncate cleaned up [ 163.830010][ T6894] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 163.910640][ T5057] usb 4-1: USB disconnect, device number 7 [ 163.923281][ T6894] EXT4-fs error (device loop0): ext4_get_parent:1910: comm syz.0.902: inode #2: comm syz.0.902: iget: illegal inode # [ 164.060015][ T6896] fido_id[6896]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 164.067191][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 164.651086][ T6923] xt_l2tp: v2 tid > 0xffff: 37482740 [ 164.828482][ T6747] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 165.038555][ T6747] usb 8-1: Using ep0 maxpacket: 8 [ 165.045972][ T6747] usb 8-1: unable to get BOS descriptor or descriptor too short [ 165.074016][ T6747] usb 8-1: config 4 interface 0 has no altsetting 0 [ 165.103240][ T6747] usb 8-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 165.131773][ T6747] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 165.170423][ T6747] usb 8-1: Manufacturer: syz [ 165.188645][ T6747] usb 8-1: SerialNumber: syz [ 165.409072][ T6942] netlink: 12 bytes leftover after parsing attributes in process `syz.3.919'. [ 165.424919][ T6914] loop1: detected capacity change from 0 to 32768 [ 165.443312][ T6747] usb 8-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 165.539132][ T6747] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 165.617949][ T6747] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 165.656330][ T6747] usb 8-1: media controller created [ 165.770040][ T6747] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 165.868365][ T6747] zl10353_read_register: readreg error (reg=127, ret==0) [ 165.972869][ T6967] loop3: detected capacity change from 0 to 128 [ 166.028323][ T6747] usb 8-1: USB disconnect, device number 2 [ 166.064762][ T6914] XFS (loop1): Mounting V5 Filesystem [ 166.156029][ T6914] XFS (loop1): Ending clean mount [ 166.342692][ T4272] XFS (loop1): Unmounting Filesystem [ 166.505567][ T6985] loop3: detected capacity change from 0 to 256 [ 166.569906][ T6985] exfat: Deprecated parameter 'utf8' [ 166.575361][ T6985] exfat: Deprecated parameter 'namecase' [ 166.607796][ T6985] exfat: Deprecated parameter 'utf8' [ 166.719051][ T6985] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 167.279867][ T7000] loop3: detected capacity change from 0 to 4096 [ 167.292371][ T7003] netlink: 'syz.1.932': attribute type 1 has an invalid length. [ 167.400071][ T7006] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 167.543775][ T7008] loop0: detected capacity change from 0 to 1764 [ 167.670427][ T7016] overlayfs: unrecognized mount option "obj_role=\,\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa./bus" or missing value [ 167.679017][ T7014] netlink: 24 bytes leftover after parsing attributes in process `syz.6.941'. [ 167.917690][ T6981] loop7: detected capacity change from 0 to 40427 [ 167.979009][ T6981] F2FS-fs (loop7): build fault injection attr: rate: 771, type: 0x3ffff [ 167.998445][ T6981] F2FS-fs (loop7): invalid crc value [ 168.052028][ T6981] F2FS-fs (loop7): Found nat_bits in checkpoint [ 168.256563][ T6981] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 168.434165][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.950'. [ 168.565356][ T6518] syz-executor: attempt to access beyond end of device [ 168.565356][ T6518] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 168.598743][ T6745] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 168.788575][ T6745] usb 4-1: Using ep0 maxpacket: 16 [ 168.795571][ T6745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.843955][ T6745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.874975][ T6745] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 168.944894][ T7054] loop1: detected capacity change from 0 to 1024 [ 168.948766][ T6745] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 169.013024][ T6745] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.045878][ T6745] usb 4-1: config 0 descriptor?? [ 169.156519][ T4334] hfsplus: b-tree write err: -5, ino 25 [ 169.172423][ T4334] hfsplus: b-tree write err: -5, ino 4 [ 169.178032][ T4334] hfsplus: b-tree write err: -5, ino 2 [ 169.493642][ T6745] microsoft 0003:045E:07DA.0006: ignoring exceeding usage max [ 169.524877][ T6745] microsoft 0003:045E:07DA.0006: unsupported Resolution Multiplier 0 [ 169.574189][ T6745] microsoft 0003:045E:07DA.0006: implement() called with n (152) > 32! (kworker/1:9) [ 169.693624][ T6745] microsoft 0003:045E:07DA.0006: No inputs registered, leaving [ 169.718311][ T6745] microsoft 0003:045E:07DA.0006: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 169.783598][ T6745] microsoft 0003:045E:07DA.0006: no inputs found [ 169.802028][ T6745] microsoft 0003:045E:07DA.0006: could not initialize ff, continuing anyway [ 169.823695][ T7086] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 169.866838][ T6745] usb 4-1: USB disconnect, device number 8 [ 169.891108][ T7086] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 169.959389][ T7086] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 170.003876][ T7086] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 170.018538][ T7086] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 170.025053][ T7086] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 170.080889][ T7086] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 170.183071][ T7087] fido_id[7087]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 170.492127][ T7107] loop3: detected capacity change from 0 to 128 [ 170.687240][ T7117] loop7: detected capacity change from 0 to 64 [ 170.783151][ T7117] hfs: bad catalog entry type 0 [ 170.988558][ T6745] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 171.043249][ T7128] loop7: detected capacity change from 0 to 256 [ 171.178587][ T6745] usb 2-1: Using ep0 maxpacket: 16 [ 171.187697][ T6745] usb 2-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 171.228869][ T6745] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.236924][ T6745] usb 2-1: Product: syz [ 171.304518][ T6745] usb 2-1: Manufacturer: syz [ 171.319827][ T6745] usb 2-1: SerialNumber: syz [ 171.764197][ T6745] snd-usb-audio: probe of 2-1:222.0 failed with error -71 [ 171.799276][ T6745] usb 2-1: USB disconnect, device number 7 [ 171.858297][ T7154] loop3: detected capacity change from 0 to 256 [ 171.983989][ T7156] loop0: detected capacity change from 0 to 1024 [ 171.993218][ T7154] FAT-fs (loop3): Directory bread(block 64) failed [ 172.024246][ T7154] FAT-fs (loop3): Directory bread(block 65) failed [ 172.034426][ T4426] udevd[4426]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 172.064828][ T7156] EXT4-fs: Ignoring removed bh option [ 172.088628][ T7154] FAT-fs (loop3): Directory bread(block 66) failed [ 172.095147][ T7156] EXT4-fs: inline encryption not supported [ 172.131817][ T7154] FAT-fs (loop3): Directory bread(block 67) failed [ 172.157322][ T7156] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 172.175579][ T7154] FAT-fs (loop3): Directory bread(block 68) failed [ 172.204572][ T7154] FAT-fs (loop3): Directory bread(block 69) failed [ 172.242799][ T7154] FAT-fs (loop3): Directory bread(block 70) failed [ 172.314984][ T7156] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 2: comm syz.0.993: lblock 2 mapped to illegal pblock 2 (length 1) [ 172.315020][ T7154] FAT-fs (loop3): Directory bread(block 71) failed [ 172.369535][ T7156] __quota_error: 23 callbacks suppressed [ 172.369555][ T7156] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 172.399072][ T7154] FAT-fs (loop3): Directory bread(block 72) failed [ 172.405655][ T7154] FAT-fs (loop3): Directory bread(block 73) failed [ 172.412745][ T7156] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 48: comm syz.0.993: lblock 0 mapped to illegal pblock 48 (length 1) [ 172.490111][ T7156] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 172.553161][ T7156] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.993: Failed to acquire dquot type 0 [ 172.608218][ T7156] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 172.613755][ T7171] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 172.658525][ T7156] EXT4-fs error (device loop0): ext4_evict_inode:279: inode #11: comm syz.0.993: mark_inode_dirty error [ 172.719422][ T7156] EXT4-fs warning (device loop0): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 172.734207][ T7156] EXT4-fs (loop0): 1 orphan inode deleted [ 172.758003][ T4334] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 172.793395][ T7156] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 172.835400][ T4334] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 172.858609][ T4334] EXT4-fs error (device loop0): ext4_release_dquot:6871: comm kworker/u4:6: Failed to release dquot type 0 [ 172.967533][ T7156] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 173.010264][ T7156] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 173.056168][ T7156] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 173.083889][ T7156] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 48: comm syz.0.993: lblock 0 mapped to illegal pblock 48 (length 1) [ 173.154684][ T7156] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=-117 [ 173.212109][ T7191] loop6: detected capacity change from 0 to 128 [ 173.219988][ T7156] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 173.341895][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 173.364874][ T7191] FAT-fs (loop6): error, clusters badly computed (2 != 0) [ 173.400867][ T7191] FAT-fs (loop6): Filesystem has been set read-only [ 173.418764][ T7195] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 173.948497][ T5057] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 174.176417][ T5057] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 174.176448][ T5057] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.187660][ T5057] usb 2-1: config 0 descriptor?? [ 174.564249][ T7208] loop6: detected capacity change from 0 to 32768 [ 174.593836][ T5057] usb 2-1: Cannot set MAC address [ 174.599540][ T5057] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71 [ 174.620897][ T5057] usb 2-1: USB disconnect, device number 8 [ 175.310736][ T7254] loop1: detected capacity change from 0 to 64 [ 175.406741][ T7263] hugetlbfs: Bad value 'k' for mount option 'nr_inodes' [ 175.406741][ T7263] [ 175.429125][ T4513] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 175.591695][ T7265] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1038'. [ 175.642458][ T4513] usb 8-1: config 0 has an invalid interface number: 37 but max is 1 [ 175.674711][ T4513] usb 8-1: config 0 has an invalid interface number: 255 but max is 1 [ 175.713951][ T4513] usb 8-1: config 0 has no interface number 0 [ 175.731688][ T4513] usb 8-1: config 0 has no interface number 1 [ 175.737930][ T4513] usb 8-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 175.772222][ T4513] usb 8-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 175.818462][ T4513] usb 8-1: config 0 interface 255 has no altsetting 0 [ 175.862123][ T4513] usb 8-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=20.a3 [ 175.896756][ T4513] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.946447][ T27] audit: type=1326 audit(1772847071.490:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.6.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 175.952205][ T4513] usb 8-1: Product: syz [ 176.001531][ T7280] Bluetooth: MGMT ver 1.22 [ 176.016252][ T27] audit: type=1326 audit(1772847071.520:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.6.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 176.018424][ T4513] usb 8-1: Manufacturer: syz [ 176.095032][ T27] audit: type=1326 audit(1772847071.520:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.6.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 176.124374][ T4513] usb 8-1: SerialNumber: syz [ 176.143030][ T4513] usb 8-1: config 0 descriptor?? [ 176.227892][ T27] audit: type=1326 audit(1772847071.520:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.6.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 176.305715][ T27] audit: type=1326 audit(1772847071.520:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.6.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 176.433238][ T27] audit: type=1326 audit(1772847071.530:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.6.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 176.434584][ T4513] usb 8-1: USB disconnect, device number 3 [ 176.732352][ T7310] comedi comedi3: 8255: I/O port conflict (0xa,4) [ 176.739621][ T7310] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 176.759748][ T7310] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 176.775211][ T7310] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 176.792248][ T7310] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 176.813075][ T7310] comedi comedi3: 8255: I/O port conflict (0xf8,4) [ 176.828713][ T7310] comedi comedi3: 8255: I/O port conflict (0xe,4) [ 176.856236][ T7310] comedi comedi3: 8255: I/O port conflict (0xfd,4) [ 176.877116][ T7310] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 176.924266][ T7310] comedi comedi3: 8255: I/O port conflict (0xffffffffffffffff,4) [ 176.947194][ T7310] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 177.007531][ T7310] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 177.021014][ T7310] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 177.066635][ T7310] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 177.076770][ T7310] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffbff,4) [ 177.115636][ T7310] comedi comedi3: 8255: I/O port conflict (0x7f,4) [ 177.138889][ T7310] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 177.164594][ T7310] comedi comedi3: 8255: I/O port conflict (0x40000003,4) [ 177.180175][ T7322] loop7: detected capacity change from 0 to 1024 [ 177.187406][ T7322] EXT4-fs: Ignoring removed orlov option [ 177.195921][ T7310] comedi comedi3: 8255: I/O port conflict (0x89,4) [ 177.213073][ T7310] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 177.228854][ T7310] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 177.245637][ T7310] comedi comedi3: 8255: I/O port conflict (0x20001e58,4) [ 177.303005][ T7322] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 177.470839][ T7335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'. [ 177.576076][ T6518] EXT4-fs (loop7): unmounting filesystem. [ 177.746388][ T7341] loop7: detected capacity change from 0 to 512 [ 177.817390][ T7341] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 177.845294][ T7341] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 177.989745][ T7341] EXT4-fs: Ignoring sb option on remount [ 177.995541][ T7341] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 178.040626][ T7341] EXT4-fs: Cannot change journaled quota options when quota turned on [ 178.081250][ T7319] loop3: detected capacity change from 0 to 40427 [ 178.114897][ T7319] F2FS-fs (loop3): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 178.139814][ T7319] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 178.145184][ T6518] EXT4-fs (loop7): unmounting filesystem. [ 178.151547][ T7319] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7 [ 178.168713][ T6747] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 178.172638][ T7319] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3ffff [ 178.306259][ T7319] F2FS-fs (loop3): invalid crc value [ 178.360808][ T7361] loop7: detected capacity change from 0 to 256 [ 178.368620][ T6747] usb 2-1: Using ep0 maxpacket: 16 [ 178.376080][ T6747] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.397677][ T6747] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.408192][ T7319] F2FS-fs (loop3): Found nat_bits in checkpoint [ 178.417970][ T6747] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 178.449455][ T7361] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 178.460392][ T6747] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 178.469903][ T7361] exFAT-fs (loop7): Medium has reported failures. Some data may be lost. [ 178.485949][ T6747] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.506955][ T6747] usb 2-1: config 0 descriptor?? [ 178.518981][ T7361] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 178.589530][ T7319] F2FS-fs (loop3): Start checkpoint disabled! [ 178.634864][ T7319] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 178.670605][ T7319] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 178.872165][ T4321] kworker/u4:5: attempt to access beyond end of device [ 178.872165][ T4321] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 178.966497][ T6747] microsoft 0003:045E:07DA.0007: ignoring exceeding usage max [ 179.000667][ T6747] microsoft 0003:045E:07DA.0007: unsupported Resolution Multiplier 0 [ 179.024583][ T6747] microsoft 0003:045E:07DA.0007: unsupported Resolution Multiplier 0 [ 179.055036][ T6747] microsoft 0003:045E:07DA.0007: No inputs registered, leaving [ 179.082465][ T7370] loop7: detected capacity change from 0 to 4096 [ 179.090536][ T6747] microsoft 0003:045E:07DA.0007: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 179.114657][ T6747] microsoft 0003:045E:07DA.0007: no inputs found [ 179.121679][ T6747] microsoft 0003:045E:07DA.0007: could not initialize ff, continuing anyway [ 179.130698][ T7370] __ntfs_error: 2 callbacks suppressed [ 179.130713][ T7370] ntfs: (device loop7): ntfs_read_locked_inode(): $DATA attribute is missing. [ 179.151983][ T7370] ntfs: (device loop7): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 179.184398][ T6747] usb 2-1: USB disconnect, device number 9 [ 179.234984][ T7370] ntfs: (device loop7): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 179.293004][ T7370] ntfs: volume version 3.1. [ 179.443312][ T6518] ntfs: (device loop7): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 179.458229][ T7371] fido_id[7371]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 179.744324][ T7379] loop6: detected capacity change from 0 to 512 [ 179.795051][ T7379] EXT4-fs error (device loop6): ext4_xattr_inode_iget:401: comm syz.6.1072: inode #1: comm syz.6.1072: iget: illegal inode # [ 180.006682][ T7379] EXT4-fs error (device loop6): ext4_xattr_inode_iget:406: comm syz.6.1072: error while reading EA inode 1 err=-117 [ 180.085560][ T7379] EXT4-fs error (device loop6): ext4_xattr_inode_iget:401: comm syz.6.1072: inode #1: comm syz.6.1072: iget: illegal inode # [ 180.140226][ T7394] tipc: Enabling of bearer rejected, failed to enable media [ 180.152232][ T7379] EXT4-fs error (device loop6): ext4_xattr_inode_iget:406: comm syz.6.1072: error while reading EA inode 1 err=-117 [ 180.221276][ T7379] EXT4-fs (loop6): 1 orphan inode deleted [ 180.227165][ T7379] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 180.530874][ T5476] EXT4-fs (loop6): unmounting filesystem. [ 181.186714][ T7386] loop7: detected capacity change from 0 to 40427 [ 181.196684][ T7426] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 181.241417][ T7386] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12 [ 181.252497][ T7426] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 181.287745][ T7386] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 181.334144][ T7426] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 181.366108][ T7386] F2FS-fs (loop7): Found nat_bits in checkpoint [ 181.383355][ T7426] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 181.399337][ T7436] netlink: 'syz.6.1098': attribute type 11 has an invalid length. [ 181.423786][ T7426] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 181.474655][ T7426] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 181.502273][ T7426] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 181.534917][ T7426] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 181.587426][ T7426] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 181.618870][ T7386] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 181.633690][ T7426] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 181.638954][ T7386] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 181.683668][ T7426] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 181.726244][ T7426] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 181.992927][ T7453] loop6: detected capacity change from 0 to 256 [ 182.031890][ T7456] loop1: detected capacity change from 0 to 512 [ 182.048169][ T7456] EXT4-fs: Ignoring removed nobh option [ 182.106740][ T7456] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 182.194136][ T7456] EXT4-fs warning (device loop1): ext4_xattr_inode_get:492: inode #11: comm syz.1.1105: ea_inode file size=0 entry size=6 [ 182.254428][ T7456] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #11: comm syz.1.1105: iget: bad extra_isize 90 (inode size 256) [ 182.377197][ T7456] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.1105: error while reading EA inode 11 err=-117 [ 182.413723][ T7456] EXT4-fs (loop1): 1 orphan inode deleted [ 182.428851][ T7456] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 182.729922][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 182.796238][ T7480] netlink: 'syz.6.1114': attribute type 2 has an invalid length. [ 183.135412][ T7492] loop6: detected capacity change from 0 to 512 [ 183.210428][ T7492] EXT4-fs: Ignoring removed mblk_io_submit option [ 183.244055][ T27] audit: type=1326 audit(1772847078.790:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.0.1120" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f06bcf9c799 code=0x0 [ 183.273292][ T7494] loop1: detected capacity change from 0 to 4096 [ 183.287169][ T7492] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 183.316884][ T7499] loop7: detected capacity change from 0 to 1024 [ 183.370185][ T7494] NILFS (loop1): invalid segment: Checksum error in segment payload [ 183.405579][ T7492] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 183.440111][ T7494] NILFS (loop1): trying rollback from an earlier position [ 183.449465][ T7492] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.538024][ T7494] NILFS (loop1): recovery complete [ 183.559166][ T7506] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.589502][ T51] hfsplus: b-tree write err: -5, ino 25 [ 183.600500][ T7492] Quota error (device loop6): do_check_range: Getting block 393220 out of range 0-5 [ 183.616100][ T51] hfsplus: b-tree write err: -5, ino 4 [ 183.650160][ T51] hfsplus: b-tree write err: -5, ino 2 [ 183.679779][ T51] hfsplus: b-tree write err: -5, ino 26 [ 183.831548][ T5476] EXT4-fs (loop6): unmounting filesystem. [ 184.653064][ T7537] loop7: detected capacity change from 0 to 512 [ 184.701977][ T7537] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended [ 184.810446][ T7537] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 184.961870][ T7537] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.1134: bg 0: block 248: padding at end of block bitmap is not set [ 185.114174][ T7518] loop6: detected capacity change from 0 to 32768 [ 185.121868][ T7537] Quota error (device loop7): write_blk: dquota write failed [ 185.138526][ T7537] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota [ 185.168982][ T7537] EXT4-fs error (device loop7): ext4_acquire_dquot:6835: comm syz.7.1134: Failed to acquire dquot type 1 [ 185.262224][ T7537] EXT4-fs (loop7): 1 truncate cleaned up [ 185.282330][ T7537] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 185.630252][ T6518] EXT4-fs (loop7): unmounting filesystem. [ 185.641238][ T11] Quota error (device loop7): do_check_range: Getting block 0 out of range 1-5 [ 185.677019][ T11] EXT4-fs error (device loop7): ext4_release_dquot:6871: comm kworker/u4:1: Failed to release dquot type 1 [ 185.795280][ T7578] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1150'. [ 185.846318][ T7578] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1150'. [ 185.866028][ T7578] netlink: 'syz.6.1150': attribute type 12 has an invalid length. [ 186.000948][ T7586] netlink: 'syz.3.1153': attribute type 1 has an invalid length. [ 186.119322][ T4281] Bluetooth: hci3: command 0x0406 tx timeout [ 186.119336][ T4284] Bluetooth: hci2: command 0x0406 tx timeout [ 186.119364][ T4284] Bluetooth: hci1: command 0x0406 tx timeout [ 186.559581][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.585835][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.639295][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.650136][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.667449][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.695696][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.778600][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.802416][ T7613] loop1: detected capacity change from 0 to 2048 [ 186.808330][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.855797][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.876861][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.884888][ T7613] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.935047][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 186.973768][ T27] audit: type=1800 audit(1772847082.520:65): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1164" name="file1" dev="loop1" ino=1367 res=0 errno=0 [ 186.978608][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 187.121776][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 187.192530][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 187.234234][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 187.318193][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 187.379508][ T7605] binder: 7602:7605 ioctl 4020ae46 7f06bdddebd0 returned -22 [ 187.683548][ T7643] loop0: detected capacity change from 0 to 512 [ 187.771690][ T7643] EXT4-fs error (device loop0): dx_probe:823: inode #2: comm syz.0.1176: Directory hole found for htree index block 0 [ 187.801604][ T7643] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 187.810339][ T7643] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 187.910854][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 187.914044][ T7650] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1181'. [ 188.317205][ T7667] loop1: detected capacity change from 0 to 2048 [ 188.373284][ T7628] loop6: detected capacity change from 0 to 32768 [ 188.381541][ T7669] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 188.495977][ T7667] NILFS error (device loop1): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 188.652818][ T7667] Remounting filesystem read-only [ 188.802610][ T7677] netlink: 766 bytes leftover after parsing attributes in process `syz.6.1187'. [ 189.773557][ T7666] loop7: detected capacity change from 0 to 40427 [ 189.827217][ T7666] F2FS-fs (loop7): build fault injection attr: rate: 690, type: 0x3ffff [ 189.887867][ T7666] F2FS-fs (loop7): invalid crc value [ 189.920087][ T7666] F2FS-fs (loop7): Found nat_bits in checkpoint [ 190.018287][ T7709] loop1: detected capacity change from 0 to 4096 [ 190.098138][ T7666] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 190.167076][ T7709] ntfs3: loop1: ino=9, attr_set_size [ 190.185977][ T7718] sp0: Synchronizing with TNC [ 190.223292][ T7717] [U] è` [ 190.372497][ T6518] syz-executor: attempt to access beyond end of device [ 190.372497][ T6518] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 190.684623][ T7701] loop6: detected capacity change from 0 to 32768 [ 190.787998][ T7701] XFS (loop6): Mounting V5 Filesystem [ 190.996880][ T7701] XFS (loop6): Ending clean mount [ 191.029090][ T7701] XFS (loop6): Quotacheck needed: Please wait. [ 191.132901][ T7701] XFS (loop6): Quotacheck: Done. [ 191.166063][ T7750] loop1: detected capacity change from 0 to 2048 [ 191.180917][ T7752] device gretap0 entered promiscuous mode [ 191.189402][ T7752] device vlan2 entered promiscuous mode [ 191.295698][ T7750] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a840c018, mo2=0002] [ 191.314276][ T5476] XFS (loop6): Unmounting Filesystem [ 191.355104][ T7750] System zones: 0-4 [ 191.415257][ T7750] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 191.469035][ T7750] ext4 filesystem being mounted at /273/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.527352][ T7750] fs-verity: sha256 using implementation "sha256-avx2" [ 191.573233][ T7750] fs-verity (loop1, inode 18): fs-verity keyring is empty, rejecting signed file! [ 191.681829][ T7764] loop7: detected capacity change from 0 to 24 [ 191.709399][ T7764] MTD: Attempt to mount non-MTD device "/dev/loop7" [ 191.724518][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 191.794619][ T7764] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 192.206034][ T7761] loop3: detected capacity change from 0 to 32768 [ 192.223880][ T128] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 192.291676][ T7761] XFS (loop3): Mounting V5 Filesystem [ 192.343130][ T7761] XFS (loop3): Ending clean mount [ 192.408636][ T128] usb 2-1: Using ep0 maxpacket: 32 [ 192.423145][ T128] usb 2-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c [ 192.472298][ T128] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.500349][ T128] usb 2-1: Product: syz [ 192.514160][ T128] usb 2-1: Manufacturer: syz [ 192.526193][ T128] usb 2-1: SerialNumber: syz [ 192.555836][ T7794] loop7: detected capacity change from 0 to 128 [ 192.575276][ T128] usb 2-1: config 0 descriptor?? [ 192.618050][ T7761] syz.3.1209 (7761) used greatest stack depth: 19824 bytes left [ 192.627578][ T128] dw2102: su3000_identify_state [ 192.673527][ T128] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state. [ 192.710719][ T128] dw2102: su3000_power_ctrl: 1, initialized 0 [ 192.717567][ T128] dvb-usb: bulk message failed: -22 (2/0) [ 192.746771][ T4268] XFS (loop3): Unmounting Filesystem [ 192.764528][ T128] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 192.789216][ T128] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0) [ 192.799242][ T128] usb 2-1: media controller created [ 192.804944][ T128] dvb-usb: bulk message failed: -22 (6/0) [ 192.812243][ T128] dw2102: i2c transfer failed. [ 192.834385][ T7767] dvb-usb: bulk message failed: -22 (3/0) [ 192.852616][ T7767] dw2102: i2c transfer failed. [ 192.866786][ T7767] dvb-usb: bulk message failed: -22 (4/0) [ 192.919168][ T7767] dw2102: i2c transfer failed. [ 192.959769][ T7767] dvb-usb: bulk message failed: -22 (3/0) [ 192.965647][ T7767] dw2102: i2c transfer failed. [ 193.011381][ T128] dvb-usb: bulk message failed: -22 (6/0) [ 193.019460][ T128] dw2102: i2c transfer failed. [ 193.024293][ T128] dvb-usb: bulk message failed: -22 (6/0) [ 193.032662][ T128] dw2102: i2c transfer failed. [ 193.041440][ T128] dvb-usb: bulk message failed: -22 (6/0) [ 193.047226][ T128] dw2102: i2c transfer failed. [ 193.052867][ T128] dvb-usb: bulk message failed: -22 (6/0) [ 193.073024][ T128] dw2102: i2c transfer failed. [ 193.077868][ T128] dvb-usb: bulk message failed: -22 (6/0) [ 193.095201][ T128] dw2102: i2c transfer failed. [ 193.105320][ T128] dvb-usb: MAC address: 02:02:02:02:02:02 [ 193.189893][ T128] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 193.203718][ T7809] loop7: detected capacity change from 0 to 128 [ 193.309380][ T128] dvb-usb: bulk message failed: -22 (3/0) [ 193.309442][ T128] dw2102: command 0x0e transfer failed. [ 193.309509][ T128] dvb-usb: bulk message failed: -22 (3/0) [ 193.309522][ T128] dw2102: command 0x0e transfer failed. [ 193.322676][ T7809] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 193.323071][ T7809] hpfs: filesystem error: improperly stopped [ 193.323091][ T7809] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 193.323105][ T7809] hpfs: You really don't want any checks? You are crazy... [ 193.323727][ T7809] hpfs: hpfs_map_sector(): read error [ 193.323739][ T7809] hpfs: code page support is disabled [ 193.341635][ T7809] hpfs: hpfs_map_4sectors(): unaligned read [ 193.352128][ T7809] hpfs: hpfs_map_4sectors(): unaligned read [ 193.352149][ T7809] hpfs: filesystem error: unable to find root dir [ 193.415532][ T7807] loop0: detected capacity change from 0 to 4096 [ 193.430625][ T7807] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 193.629128][ T128] dvb-usb: bulk message failed: -22 (3/0) [ 193.629152][ T128] dw2102: command 0x0e transfer failed. [ 193.629162][ T128] dvb-usb: bulk message failed: -22 (3/0) [ 193.629175][ T128] dw2102: command 0x0e transfer failed. [ 193.629184][ T128] dvb-usb: bulk message failed: -22 (1/0) [ 193.629197][ T128] dw2102: command 0x51 transfer failed. [ 193.928823][ T7822] loop0: detected capacity change from 0 to 256 [ 193.931314][ T128] DVB: Unable to find symbol ds3000_attach() [ 193.931364][ T128] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' [ 193.939171][ T7822] exfat: Deprecated parameter 'namecase' [ 193.973113][ T7822] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 194.283204][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.283251][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.289011][ T128] rc_core: IR keymap rc-su3000 not found [ 194.289040][ T128] Registered IR keymap rc-empty [ 194.290643][ T128] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 194.291749][ T128] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input12 [ 194.296802][ T128] dvb-usb: schedule remote query interval to 150 msecs. [ 194.296824][ T128] dw2102: su3000_power_ctrl: 0, initialized 1 [ 194.296836][ T128] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected. [ 194.299567][ T128] usb 2-1: USB disconnect, device number 10 [ 194.387626][ T4272] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 194.387688][ T4272] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 194.450645][ T128] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected. [ 195.065713][ T7844] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1231'. [ 195.117452][ T7824] set_capacity_and_notify: 1 callbacks suppressed [ 195.117468][ T7824] loop3: detected capacity change from 0 to 32768 [ 195.144121][ T7817] loop7: detected capacity change from 0 to 40427 [ 195.251889][ T7817] F2FS-fs (loop7): Small segment_count (9 < 1 * 24) [ 195.278678][ T7817] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 195.396170][ T7817] F2FS-fs (loop7): Found nat_bits in checkpoint [ 195.462912][ T27] audit: type=1326 audit(1772847091.010:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 195.490671][ T7852] loop1: detected capacity change from 0 to 2048 [ 195.519080][ T7852] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 195.584539][ T27] audit: type=1326 audit(1772847091.060:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 195.639355][ T7859] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 195.651091][ T7852] syz.1.1232: attempt to access beyond end of device [ 195.651091][ T7852] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 195.699624][ T7817] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 195.706737][ T7817] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 195.731419][ T27] audit: type=1326 audit(1772847091.060:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 195.872417][ T27] audit: type=1326 audit(1772847091.060:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 196.009646][ T7834] loop0: detected capacity change from 0 to 32768 [ 196.049854][ T27] audit: type=1326 audit(1772847091.150:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 196.215532][ T7834] XFS (loop0): Mounting V5 Filesystem [ 196.308988][ T27] audit: type=1326 audit(1772847091.150:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 196.318481][ T7834] XFS (loop0): Ending clean mount [ 196.457172][ T27] audit: type=1326 audit(1772847091.240:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7858 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7f8755cfce code=0x7ffc0000 [ 196.497656][ T7879] loop6: detected capacity change from 0 to 2048 [ 196.541808][ T4283] Bluetooth: hci3: unexpected event for opcode 0x0c1c [ 196.560700][ T7879] EXT4-fs: inline encryption not supported [ 196.606195][ T27] audit: type=1326 audit(1772847091.240:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 196.704453][ T4269] XFS (loop0): Unmounting Filesystem [ 196.711809][ T27] audit: type=1326 audit(1772847091.240:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 196.745605][ T7879] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 196.831420][ T27] audit: type=1326 audit(1772847091.300:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.6.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f7f8759c799 code=0x7ffc0000 [ 197.005535][ T5476] EXT4-fs (loop6): unmounting filesystem. [ 197.146993][ T7861] loop3: detected capacity change from 0 to 32768 [ 197.196390][ T7861] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.1234 (7861) [ 197.264326][ T7894] netlink: 'syz.6.1242': attribute type 1 has an invalid length. [ 197.302171][ T7861] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 197.377776][ T7861] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 197.445613][ T7861] BTRFS info (device loop3): using free space tree [ 197.613338][ T7917] loop6: detected capacity change from 0 to 1024 [ 197.656489][ T7861] BTRFS info (device loop3): enabling ssd optimizations [ 197.749546][ T7917] EXT4-fs: Ignoring removed mblk_io_submit option [ 197.762554][ T7917] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 197.831394][ T7917] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 197.938323][ T7932] loop1: detected capacity change from 0 to 4096 [ 198.189744][ T5476] EXT4-fs (loop6): unmounting filesystem. [ 198.615804][ T4268] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 198.753086][ T7943] loop6: detected capacity change from 0 to 8192 [ 198.804085][ T7943] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 198.858498][ T7943] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal [ 198.867916][ T7943] REISERFS (device loop6): using ordered data mode [ 198.968929][ T7943] reiserfs: using flush barriers [ 199.007762][ T7943] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 199.075513][ T4426] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 11 /dev/loop3 scanned by udevd (4426) [ 199.164831][ T7963] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1260'. [ 199.179185][ T7943] REISERFS (device loop6): checking transaction log (loop6) [ 199.207206][ T7963] tipc: Invalid UDP bearer configuration [ 199.207251][ T7963] tipc: Enabling of bearer rejected, failed to enable media [ 199.259493][ T7966] loop1: detected capacity change from 0 to 512 [ 199.274655][ T7943] REISERFS (device loop6): Using r5 hash to sort names [ 199.319042][ T7966] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 199.372183][ T7943] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 199.460896][ T7966] EXT4-fs (loop1): 1 truncate cleaned up [ 199.466605][ T7966] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 199.755054][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 200.103445][ T128] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 200.129993][ T128] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 200.177391][ T128] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 200.316162][ T128] hid-generic 0003:0004:0000.0008: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 200.358304][ T7991] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1269'. [ 200.438937][ T7991] block nbd0: not configured, cannot reconfigure [ 200.595523][ T7992] fido_id[7992]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 200.724812][ T8005] loop3: detected capacity change from 0 to 764 [ 200.917951][ T8010] loop7: detected capacity change from 0 to 64 [ 201.091053][ T8010] hfs: request for non-existent node 196608 in B*Tree [ 201.126887][ T8010] hfs: request for non-existent node 196608 in B*Tree [ 201.329028][ T128] hid-generic 0003:0004:0000.0009: unknown main item tag 0x0 [ 201.341090][ T128] hid-generic 0003:0004:0000.0009: unknown main item tag 0x0 [ 201.355912][ T128] hid-generic 0003:0004:0000.0009: unknown main item tag 0x0 [ 201.373211][ T128] hid-generic 0003:0004:0000.0009: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 201.580162][ T8027] fido_id[8027]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 201.746272][ T8008] loop6: detected capacity change from 0 to 40427 [ 201.787157][ T8035] loop3: detected capacity change from 0 to 2048 [ 201.794343][ T8008] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 201.815535][ T8008] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 201.850466][ T8035] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 201.888876][ T8035] syz.3.1290: attempt to access beyond end of device [ 201.888876][ T8035] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 201.907272][ T8008] F2FS-fs (loop6): Found nat_bits in checkpoint [ 201.913770][ T8041] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 202.067304][ T8008] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 202.082001][ T8008] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 202.554551][ T8033] loop1: detected capacity change from 0 to 32768 [ 202.580781][ T8033] XFS: attr2 mount option is deprecated. [ 202.653918][ T8055] loop7: detected capacity change from 0 to 4096 [ 202.665055][ T8033] XFS (loop1): Mounting V5 Filesystem [ 202.687494][ T8055] ntfs3: loop7: Different NTFS' sector size (1024) and media sector size (512) [ 202.780136][ T8033] XFS (loop1): Ending clean mount [ 202.828705][ T8033] XFS (loop1): Quotacheck needed: Please wait. [ 202.865402][ T8055] ntfs3: loop7: Mark volume as dirty due to NTFS errors [ 202.898763][ T8033] XFS (loop1): Quotacheck: Done. [ 203.198935][ T8069] device gretap0 entered promiscuous mode [ 203.235860][ T8069] device vlan2 entered promiscuous mode [ 203.430727][ T4272] XFS (loop1): Unmounting Filesystem [ 203.596812][ T8052] loop6: detected capacity change from 0 to 40427 [ 203.606803][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 203.606819][ T27] audit: type=1326 audit(1772847099.140:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 203.687884][ T27] audit: type=1326 audit(1772847099.140:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 203.712377][ T8052] F2FS-fs (loop6): Found nat_bits in checkpoint [ 203.807108][ T27] audit: type=1326 audit(1772847099.170:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 203.845618][ T8052] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 203.923018][ T27] audit: type=1326 audit(1772847099.170:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 203.995760][ T8052] F2FS-fs (loop6): Inconsistent error blkaddr:5633, sit bitmap:0 [ 204.020660][ T27] audit: type=1326 audit(1772847099.170:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 204.065234][ T8052] CPU: 1 PID: 8052 Comm: syz.6.1293 Not tainted syzkaller #0 [ 204.072673][ T8052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 204.082769][ T8052] Call Trace: [ 204.086096][ T8052] [ 204.089052][ T8052] dump_stack_lvl+0x188/0x24e [ 204.093786][ T8052] ? show_regs_print_info+0x12/0x12 [ 204.099025][ T8052] ? f2fs_get_next_page_offset+0x6a0/0x6a0 [ 204.104882][ T8052] f2fs_is_valid_blkaddr+0xc3b/0x1250 [ 204.110299][ T8052] f2fs_get_read_data_page+0x40f/0x640 [ 204.115806][ T8052] ? f2fs_reserve_block+0x240/0x240 [ 204.121070][ T8052] f2fs_find_data_page+0x9b/0x3a0 [ 204.126135][ T8052] f2fs_readdir+0x4b6/0xa00 [ 204.130691][ T8052] ? f2fs_fill_dentries+0xce0/0xce0 [ 204.136388][ T8052] ? lockdep_hardirqs_on+0x94/0x140 [ 204.141711][ T8052] ? __fdget_pos+0x2ae/0x360 [ 204.146431][ T8052] ? end_current_label_crit_section+0x14b/0x170 [ 204.152717][ T8052] ? iterate_dir+0x10d/0x560 [ 204.157346][ T8052] ? down_read_killable+0x1cc/0x340 [ 204.162588][ T8052] ? fsnotify_perm+0x248/0x550 [ 204.167405][ T8052] iterate_dir+0x218/0x560 [ 204.171863][ T8052] ? f2fs_fill_dentries+0xce0/0xce0 [ 204.177107][ T8052] __se_sys_getdents+0xf2/0x260 [ 204.182004][ T8052] ? __x64_sys_getdents+0x80/0x80 [ 204.187078][ T8052] ? fillonedir+0x490/0x490 [ 204.191629][ T8052] ? lockdep_hardirqs_on+0x94/0x140 [ 204.196867][ T8052] do_syscall_64+0x4c/0xa0 [ 204.201320][ T8052] ? clear_bhb_loop+0x60/0xb0 [ 204.206026][ T8052] ? clear_bhb_loop+0x60/0xb0 [ 204.210752][ T8052] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 204.216696][ T8052] RIP: 0033:0x7f7f8759c799 [ 204.221156][ T8052] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.241490][ T8052] RSP: 002b:00007f7f8836f028 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 204.249944][ T8052] RAX: ffffffffffffffda RBX: 00007f7f87815fa0 RCX: 00007f7f8759c799 [ 204.253561][ T8092] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 204.258098][ T8052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 204.267266][ T8092] nbd: must specify a size in bytes for the device [ 204.275018][ T8052] RBP: 00007f7f87632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 204.275041][ T8052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.275051][ T8052] R13: 00007f7f87816038 R14: 00007f7f87815fa0 R15: 00007ffe5760b5f8 [ 204.275083][ T8052] [ 204.323373][ T27] audit: type=1326 audit(1772847099.170:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 204.401839][ T27] audit: type=1326 audit(1772847099.170:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 204.449367][ T8084] loop7: detected capacity change from 0 to 8192 [ 204.463384][ T8094] loop3: detected capacity change from 0 to 256 [ 204.467275][ T27] audit: type=1326 audit(1772847099.170:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 204.531393][ T8094] exfat: Deprecated parameter 'utf8' [ 204.536771][ T8094] exfat: Deprecated parameter 'utf8' [ 204.545422][ T8084] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 204.560457][ T8094] exfat: Deprecated parameter 'utf8' [ 204.597634][ T27] audit: type=1326 audit(1772847099.170:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 204.622675][ T27] audit: type=1326 audit(1772847099.170:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8075 comm="syz.7.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee399c799 code=0x7ffc0000 [ 204.631346][ T8094] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 204.658419][ T8084] REISERFS (device loop7): found reiserfs format "3.6" with non-standard journal [ 204.682519][ T8084] REISERFS (device loop7): using ordered data mode [ 204.721162][ T8084] reiserfs: using flush barriers [ 204.765527][ T8084] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 204.885034][ T8084] REISERFS (device loop7): checking transaction log (loop7) [ 204.885446][ T8106] exfat: Deprecated parameter 'utf8' [ 204.908890][ T8094] exFAT-fs (loop3): error, exfat_zeroed_cluster: out of range(sect:224 len:8) [ 204.970733][ T8106] exfat: Deprecated parameter 'utf8' [ 204.975679][ T8094] exFAT-fs (loop3): Filesystem has been set read-only [ 205.040114][ T8106] exfat: Deprecated parameter 'utf8' [ 205.190743][ T8084] REISERFS (device loop7): Using r5 hash to sort names [ 205.228756][ T8084] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 205.915085][ T8122] loop6: detected capacity change from 0 to 256 [ 206.026593][ T8105] loop1: detected capacity change from 0 to 32768 [ 206.157908][ T8105] XFS (loop1): Mounting V5 Filesystem [ 206.167523][ T8108] loop0: detected capacity change from 0 to 32768 [ 206.320539][ T8108] XFS (loop0): Mounting V5 Filesystem [ 206.431529][ T8154] loop3: detected capacity change from 0 to 1024 [ 206.439109][ T8154] EXT4-fs: Ignoring removed orlov option [ 206.476532][ T8105] XFS (loop1): Ending clean mount [ 206.497190][ T8108] XFS (loop0): Ending clean mount [ 206.498609][ T7974] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 206.510768][ T8154] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 206.641087][ T4268] EXT4-fs (loop3): unmounting filesystem. [ 206.703810][ T7974] usb 7-1: too many endpoints for config 0 interface 0 altsetting 254: 185, using maximum allowed: 30 [ 206.748635][ T7974] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.798474][ T7974] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.841990][ T7974] usb 7-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 185 [ 206.896654][ T7974] usb 7-1: config 0 interface 0 has no altsetting 0 [ 206.913042][ T7974] usb 7-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 206.957439][ T7974] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.974660][ T7974] usb 7-1: config 0 descriptor?? [ 207.004354][ T4269] XFS (loop0): Unmounting Filesystem [ 207.012536][ T4272] XFS (loop1): Unmounting Filesystem [ 207.235368][ T8149] loop7: detected capacity change from 0 to 32768 [ 207.293654][ T8149] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop7 scanned by syz.7.1329 (8149) [ 207.341455][ T8149] BTRFS info (device loop7): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 207.366741][ T8149] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm [ 207.379499][ T8149] BTRFS info (device loop7): turning off barriers [ 207.409036][ T8149] BTRFS info (device loop7): enabling ssd optimizations [ 207.416119][ T8149] BTRFS info (device loop7): using spread ssd allocation scheme [ 207.443861][ T7974] nintendo 0003:057E:200E.000A: ignoring exceeding usage max [ 207.462076][ T8149] BTRFS info (device loop7): enabling auto defrag [ 207.498566][ T8149] BTRFS info (device loop7): not using ssd optimizations [ 207.531682][ T7974] nintendo 0003:057E:200E.000A: hidraw0: USB HID v80.04 Device [HID 057e:200e] on usb-dummy_hcd.6-1/input0 [ 207.566500][ T8149] BTRFS info (device loop7): not using spread ssd allocation scheme [ 207.597016][ T8149] BTRFS info (device loop7): ignoring data csums [ 207.637619][ T8149] BTRFS info (device loop7): force zlib compression, level 3 [ 207.657678][ T8149] BTRFS info (device loop7): enabling ssd optimizations [ 207.677934][ T8149] BTRFS info (device loop7): using spread ssd allocation scheme [ 207.687283][ T7974] nintendo 0003:057E:200E.000A: Failed charging grip handshake [ 207.717626][ T7974] nintendo 0003:057E:200E.000A: Failed to initialize controller; ret=-110 [ 207.734277][ T8149] BTRFS info (device loop7): using free space tree [ 207.838912][ T7974] nintendo 0003:057E:200E.000A: probe - fail = -110 [ 207.866362][ T7974] nintendo: probe of 0003:057E:200E.000A failed with error -110 [ 207.889581][ T8190] loop1: detected capacity change from 0 to 512 [ 207.897546][ T8190] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 207.924161][ T7974] usb 7-1: USB disconnect, device number 5 [ 208.027150][ T8190] EXT4-fs (loop1): 1 truncate cleaned up [ 208.041297][ T8198] fido_id[8198]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 208.058485][ T8190] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 208.419601][ T6518] BTRFS info (device loop7: state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 208.853010][ T8174] loop3: detected capacity change from 0 to 32768 [ 208.864846][ T8174] XFS: attr2 mount option is deprecated. [ 208.870461][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 208.998027][ T8216] netlink: 'syz.7.1343': attribute type 7 has an invalid length. [ 209.049418][ T8174] XFS (loop3): Mounting V5 Filesystem [ 209.124702][ T8216] netlink: 'syz.7.1343': attribute type 8 has an invalid length. [ 209.244807][ T8174] XFS (loop3): Ending clean mount [ 209.252643][ T8174] XFS (loop3): Quotacheck needed: Please wait. [ 209.356731][ T8174] XFS (loop3): Quotacheck: Done. [ 209.478532][ T7974] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 209.656286][ T4268] XFS (loop3): Unmounting Filesystem [ 209.674675][ T7974] usb 2-1: Using ep0 maxpacket: 32 [ 209.695650][ T7974] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.728173][ T7974] usb 2-1: config 1 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 209.767764][ T7974] usb 2-1: config 1 interface 0 has no altsetting 0 [ 209.800462][ T7974] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 209.827469][ T7974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 209.836231][ T7974] usb 2-1: SerialNumber: syz [ 209.877901][ T7974] cdc_acm 2-1:1.0: invalid descriptor buffer length [ 209.892376][ T7974] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 209.901425][ T7974] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 209.907975][ T7974] cdc_acm: probe of 2-1:1.0 failed with error -22 [ 210.036606][ T8248] loop0: detected capacity change from 0 to 8 [ 210.112022][ T7967] usb 2-1: USB disconnect, device number 11 [ 210.166213][ T8248] SQUASHFS error: Unable to read inode 0xe3 [ 210.566048][ T8263] loop3: detected capacity change from 0 to 2048 [ 210.607608][ T8263] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 210.673024][ T8263] syz.3.1354: attempt to access beyond end of device [ 210.673024][ T8263] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 210.688268][ T8267] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 210.826078][ T8268] syz.3.1354: attempt to access beyond end of device [ 210.826078][ T8268] loop3: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 210.846802][ T8263] NILFS (loop3): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 210.906660][ T8263] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 210.943964][ T8268] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=3) [ 210.957559][ T8268] NILFS (loop3): error -5 reading inode: ino=12 [ 210.984549][ T8263] Remounting filesystem read-only [ 210.990583][ T8263] NILFS (loop3): error -5 truncating bmap (ino=16) [ 211.044623][ T4268] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 211.138629][ T7967] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 211.167030][ T8257] loop0: detected capacity change from 0 to 32768 [ 211.179962][ T8278] [U] ¦Þ„#=ÃÄØC [ 211.255555][ T8257] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 211.264639][ T8257] XFS (loop0): Mounting V5 Filesystem [ 211.324584][ T8257] XFS (loop0): Ending clean mount [ 211.332873][ T7967] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 211.352143][ T7967] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.385535][ T7967] usb 7-1: Product: syz [ 211.390110][ T7973] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 211.410135][ T7967] usb 7-1: Manufacturer: syz [ 211.444827][ T7967] usb 7-1: SerialNumber: syz [ 211.453517][ T8257] XFS (loop0): Quotacheck needed: Please wait. [ 211.453638][ T7967] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 211.485092][ T6744] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 211.546429][ T8257] XFS (loop0): Quotacheck: Done. [ 211.608626][ T7973] usb 2-1: Using ep0 maxpacket: 16 [ 211.619623][ T7973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.668536][ T7973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 211.694866][ T7973] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 211.713536][ T4269] XFS (loop0): Unmounting Filesystem [ 211.731746][ T7973] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 211.761496][ T7973] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.795833][ T7973] usb 2-1: config 0 descriptor?? [ 212.123536][ T8303] netlink: 194188 bytes leftover after parsing attributes in process `syz.3.1380'. [ 212.144521][ T8303] netlink: zone id is out of range [ 212.150961][ T8303] netlink: zone id is out of range [ 212.156208][ T8303] netlink: zone id is out of range [ 212.175402][ T8303] netlink: zone id is out of range [ 212.183523][ T8303] netlink: zone id is out of range [ 212.193819][ T8303] netlink: zone id is out of range [ 212.203187][ T8303] netlink: zone id is out of range [ 212.215953][ T8303] netlink: zone id is out of range [ 212.224376][ T8303] netlink: zone id is out of range [ 212.230961][ T8303] netlink: zone id is out of range [ 212.247393][ T7973] microsoft 0003:045E:07DA.000B: No inputs registered, leaving [ 212.269001][ T7973] microsoft 0003:045E:07DA.000B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 212.290604][ T7973] microsoft 0003:045E:07DA.000B: no inputs found [ 212.313359][ T7973] microsoft 0003:045E:07DA.000B: could not initialize ff, continuing anyway [ 212.480634][ T4515] usb 2-1: USB disconnect, device number 12 [ 212.543735][ T8310] fido_id[8310]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 212.838845][ T6744] usb 7-1: Service connection timeout for: 256 [ 212.846145][ T6744] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services [ 212.881247][ T6744] ath9k_htc: Failed to initialize the device [ 212.892432][ T6744] usb 7-1: ath9k_htc: USB layer deinitialized [ 212.899481][ T8318] syz.0.1386 (8318) used obsolete PPPIOCDETACH ioctl [ 213.114770][ T128] usb 7-1: USB disconnect, device number 6 [ 213.271360][ T8328] loop0: detected capacity change from 0 to 64 [ 214.152041][ T8363] loop6: detected capacity change from 0 to 8 [ 214.239070][ T8363] SQUASHFS error: Unable to read inode 0xe3 [ 214.866752][ T8368] loop7: detected capacity change from 0 to 32768 [ 214.942409][ T8368] XFS (loop7): DAX unsupported by block device. Turning off DAX. [ 214.969149][ T8368] XFS (loop7): Mounting V5 Filesystem [ 215.044989][ T8388] block nbd1: NBD_DISCONNECT [ 215.049576][ T8374] loop6: detected capacity change from 0 to 32768 [ 215.067433][ T8374] XFS: attr2 mount option is deprecated. [ 215.125398][ T8374] XFS (loop6): Mounting V5 Filesystem [ 215.133387][ T8368] XFS (loop7): Ending clean mount [ 215.186968][ T8368] XFS (loop7): Quotacheck needed: Please wait. [ 215.195087][ T8374] XFS (loop6): Ending clean mount [ 215.223274][ T8374] XFS (loop6): Quotacheck needed: Please wait. [ 215.271096][ T8374] XFS (loop6): Quotacheck: Done. [ 215.435932][ T8368] XFS (loop7): Quotacheck: Done. [ 215.666954][ T6518] XFS (loop7): Unmounting Filesystem [ 215.850154][ T5476] XFS (loop6): Unmounting Filesystem [ 215.987781][ T8409] loop1: detected capacity change from 0 to 256 [ 216.042420][ T8409] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d) [ 216.194922][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 216.194938][ T27] audit: type=1800 audit(1772847111.740:100): pid=8411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1424" name="file1" dev="loop1" ino=1048779 res=0 errno=0 [ 216.873185][ T8435] netlink: 'syz.0.1433': attribute type 30 has an invalid length. [ 218.024134][ T8482] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1454'. [ 218.095754][ T8484] loop6: detected capacity change from 0 to 1024 [ 218.133120][ T8484] hfsplus: failed to load catalog file [ 218.168874][ T128] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 218.390805][ T128] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 218.395595][ T8474] loop7: detected capacity change from 0 to 32768 [ 218.424785][ T128] usb 4-1: config 1 has no interface number 0 [ 218.449523][ T128] usb 4-1: config 1 interface 7 altsetting 0 has an invalid endpoint with address 0xDB, skipping [ 218.503463][ T128] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.532776][ T8474] XFS (loop7): Mounting V5 Filesystem [ 218.534117][ T128] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 218.556040][ T128] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.565136][ T128] usb 4-1: Product: syz [ 218.570313][ T128] usb 4-1: Manufacturer: syz [ 218.575071][ T128] usb 4-1: SerialNumber: syz [ 218.585433][ T8478] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 218.594553][ T128] usb 4-1: Expected 3 endpoints, found: 2 [ 218.642165][ T8474] XFS (loop7): Ending clean mount [ 218.671967][ T8506] loop1: detected capacity change from 0 to 256 [ 218.737230][ T6518] XFS (loop7): Unmounting Filesystem [ 219.765490][ T8510] loop1: detected capacity change from 0 to 32768 [ 219.870235][ T8510] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 219.930995][ T8510] XFS (loop1): Mounting V5 Filesystem [ 220.118181][ T8510] XFS (loop1): Ending clean mount [ 220.171239][ T8510] XFS (loop1): Quotacheck needed: Please wait. [ 220.230077][ T8552] netlink: 'syz.0.1478': attribute type 2 has an invalid length. [ 220.237854][ T8552] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1478'. [ 220.239331][ T8550] loop7: detected capacity change from 0 to 4096 [ 220.295821][ T8510] XFS (loop1): Quotacheck: Done. [ 220.378761][ T8550] ntfs3: loop7: ntfs_set_state r=3 failed, -22. [ 220.547420][ T4272] XFS (loop1): Unmounting Filesystem [ 220.586814][ T5491] ntfs3: loop7: ntfs3_write_inode r=3 failed, -22. [ 220.605253][ T6518] ntfs3: loop7: ntfs_set_state r=3 failed, -22. [ 220.616482][ T6518] ntfs3: loop7: Mark volume as dirty due to NTFS errors [ 220.641003][ T6518] ntfs3: loop7: ntfs_set_state r=3 failed, -22. [ 220.660638][ T5491] ntfs3: loop7: ntfs3_write_inode r=3 failed, -22. [ 220.678020][ T6518] ntfs3: loop7: ntfs_evict_inode r=3 failed, -22. [ 220.959936][ T8538] loop6: detected capacity change from 0 to 40427 [ 220.970098][ T128] usb 4-1: USB disconnect, device number 9 [ 221.017004][ T8538] F2FS-fs (loop6): Small segment_count (9 < 1 * 24) [ 221.049034][ T8538] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 221.106572][ T8538] F2FS-fs (loop6): Found nat_bits in checkpoint [ 221.143736][ T8570] netlink: 116 bytes leftover after parsing attributes in process `syz.7.1487'. [ 221.259719][ T8538] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 221.277053][ T8538] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 221.357416][ T8538] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix. [ 221.404082][ T8574] loop3: detected capacity change from 0 to 128 [ 221.479380][ T8574] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 221.546663][ T8574] hpfs: filesystem error: improperly stopped [ 221.568806][ T8574] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 221.576595][ T8574] hpfs: You really don't want any checks? You are crazy... [ 221.644201][ T8574] hpfs: hpfs_map_sector(): read error [ 221.668427][ T8574] hpfs: code page support is disabled [ 221.674053][ T8574] hpfs: hpfs_map_4sectors(): unaligned read [ 221.729021][ T8574] hpfs: hpfs_map_4sectors(): unaligned read [ 221.734992][ T8574] hpfs: filesystem error: unable to find root dir [ 222.366010][ T8595] loop3: detected capacity change from 0 to 1024 [ 222.478186][ T8595] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 222.709613][ T4268] EXT4-fs (loop3): unmounting filesystem. [ 222.772577][ T8614] loop1: detected capacity change from 0 to 64 [ 223.515675][ T8632] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 223.531552][ T8608] loop6: detected capacity change from 0 to 32768 [ 223.576259][ T8608] (syz.6.1502,8608,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 223.605444][ T8632] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.642052][ T8608] (syz.6.1502,8608,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 223.661290][ T8632] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.709575][ T8632] net_ratelimit: 12 callbacks suppressed [ 223.709593][ T8632] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 223.756330][ T8608] JBD2: Ignoring recovery information on journal [ 223.981411][ T8634] loop3: detected capacity change from 0 to 32768 [ 223.990593][ T8608] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 224.058647][ T8634] [ 224.058647][ T8634] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.058647][ T8634] [ 224.149945][ T8634] ERROR: (device loop3): dbDiscardAG: -EIO [ 224.149945][ T8634] [ 224.249136][ T5476] ocfs2: Unmounting device (7,6) on (node local) [ 224.380190][ T4268] [ 224.380190][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.380190][ T4268] [ 224.418898][ T4268] [ 224.418898][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.418898][ T4268] [ 225.248644][ T8642] loop0: detected capacity change from 0 to 32768 [ 225.327806][ T8642] XFS (loop0): Mounting V5 Filesystem [ 225.366391][ T8671] loop3: detected capacity change from 0 to 256 [ 225.410299][ T8671] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d) [ 225.469928][ T8642] XFS (loop0): Ending clean mount [ 225.513585][ T8671] gfs2: path_lookup on c::: returned error -2 [ 225.547539][ T8642] XFS (loop0): syz.0.1518 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 225.742800][ T8654] loop7: detected capacity change from 0 to 40427 [ 225.766330][ T4269] XFS (loop0): Unmounting Filesystem [ 225.793572][ T8654] F2FS-fs (loop7): invalid crc value [ 225.833147][ T8654] F2FS-fs (loop7): Found nat_bits in checkpoint [ 225.941584][ T8658] loop6: detected capacity change from 0 to 32768 [ 226.002089][ T8658] (syz.6.1527,8658,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 226.044319][ T8654] F2FS-fs (loop7): Cannot turn on quotas: -2 on 0 [ 226.078714][ T8658] (syz.6.1527,8658,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 226.082547][ T8654] F2FS-fs (loop7): Start checkpoint disabled! [ 226.172946][ T8654] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6 [ 226.189250][ T8658] (syz.6.1527,8658,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xbec99099, computed 0x3881d996. Applying ECC. [ 226.266267][ T8658] (syz.6.1527,8658,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x93f628a2, computed 0x2aee8be5. Applying ECC. [ 226.339086][ T8658] JBD2: Ignoring recovery information on journal [ 226.480202][ T8658] (syz.6.1527,8658,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xbec99099, computed 0x3881d996. Applying ECC. [ 226.528747][ T8658] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 226.554144][ T8658] (syz.6.1527,8658,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x93f628a2, computed 0x2aee8be5. Applying ECC. [ 226.605792][ T8688] loop0: detected capacity change from 0 to 8192 [ 226.661450][ T8658] (syz.6.1527,8658,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 226.687359][ T8688] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 226.700605][ T8688] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 226.710937][ T8688] REISERFS (device loop0): using journaled data mode [ 226.717672][ T8688] reiserfs: using flush barriers [ 226.743690][ T8688] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 226.830057][ T8688] REISERFS (device loop0): checking transaction log (loop0) [ 226.837682][ T8658] (syz.6.1527,8658,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xb8c23ae4. Applying ECC. [ 226.855998][ T8688] REISERFS (device loop0): Using r5 hash to sort names [ 226.863783][ T8658] (syz.6.1527,8658,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x2acb7e3c [ 226.890330][ T8688] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 226.896566][ T9] kworker/u4:0: attempt to access beyond end of device [ 226.896566][ T9] loop7: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 226.929647][ T8658] (syz.6.1527,8658,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 226.941569][ T8688] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 226.958857][ T8658] (syz.6.1527,8658,0):ocfs2_quota_read:201 ERROR: status = -5 [ 227.017115][ T8658] Quota error (device loop6): qtree_write_dquot: Error -5 occurred while creating quota [ 227.023014][ T9] kworker/u4:0: attempt to access beyond end of device [ 227.023014][ T9] loop7: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 227.061173][ T8658] (syz.6.1527,8658,0):ocfs2_acquire_dquot:878 ERROR: status = -5 [ 227.206265][ T5476] ocfs2: Unmounting device (7,6) on (node local) [ 228.005964][ T8694] loop3: detected capacity change from 0 to 40427 [ 228.037531][ T8694] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 228.085066][ T8694] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 228.116837][ T8694] F2FS-fs (loop3): invalid crc_offset: 33558524 [ 228.170167][ T8694] F2FS-fs (loop3): Found nat_bits in checkpoint [ 228.319987][ T8694] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 228.327111][ T8694] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 228.340950][ T8700] loop0: detected capacity change from 0 to 32768 [ 228.464260][ T8700] XFS (loop0): Mounting V5 Filesystem [ 228.478219][ T27] audit: type=1800 audit(1772847124.020:101): pid=8694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1547" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 228.594997][ T8704] loop6: detected capacity change from 0 to 40427 [ 228.692235][ T8704] F2FS-fs (loop6): Mismatch start address, segment0(512) cp_blkaddr(918016) [ 228.720970][ T8700] XFS (loop0): Ending clean mount [ 228.733341][ T8700] XFS (loop0): Quotacheck needed: Please wait. [ 228.761234][ T8704] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 228.820209][ T8700] XFS (loop0): Quotacheck: Done. [ 228.821753][ T8704] F2FS-fs (loop6): invalid crc value [ 228.913092][ T8704] F2FS-fs (loop6): Found nat_bits in checkpoint [ 229.051322][ T4269] XFS (loop0): Unmounting Filesystem [ 229.119460][ T8704] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 229.149479][ T8704] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 229.408227][ T5476] syz-executor: attempt to access beyond end of device [ 229.408227][ T5476] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 229.456679][ T8717] loop7: detected capacity change from 0 to 40427 [ 229.521864][ T8717] F2FS-fs (loop7): invalid crc value [ 229.549874][ T8717] F2FS-fs (loop7): Found nat_bits in checkpoint [ 229.685429][ T8717] F2FS-fs (loop7): recover fsync data on readonly fs [ 229.714647][ T8738] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1546'. [ 229.739205][ T8717] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 229.996918][ T8742] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 230.022516][ T8742] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 230.079262][ T8742] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 230.099536][ T8742] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 230.455630][ T8755] program syz.3.1554 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.942043][ T8770] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1562'. [ 231.001618][ T4513] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 231.016394][ T8774] loop0: detected capacity change from 0 to 64 [ 231.212696][ T4513] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 231.233422][ T4513] usb 2-1: config 0 interface 0 has no altsetting 0 [ 231.284660][ T4513] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 231.309626][ T8783] loop3: detected capacity change from 0 to 1024 [ 231.316894][ T8783] EXT4-fs: Ignoring removed bh option [ 231.322678][ T4513] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 231.353916][ T4513] usb 2-1: Product: syz [ 231.358168][ T4513] usb 2-1: Manufacturer: syz [ 231.383640][ T4513] usb 2-1: SerialNumber: syz [ 231.416949][ T4513] usb 2-1: config 0 descriptor?? [ 231.505678][ T8783] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 231.521464][ T4513] usb 2-1: selecting invalid altsetting 0 [ 231.764998][ T4513] usb 2-1: USB disconnect, device number 13 [ 232.034929][ T4268] EXT4-fs error (device loop3): ext4_read_inline_dir:1611: inode #12: block 7: comm syz-executor: path /355/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 232.057004][ C0] vkms_vblank_simulate: vblank timer overrun [ 232.133814][ T4347] udevd[4347]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 232.142052][ T8816] loop6: detected capacity change from 0 to 1024 [ 232.169974][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 232.178175][ T4268] EXT4-fs error (device loop3): ext4_read_inline_dir:1611: inode #12: block 7: comm syz-executor: path /355/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 232.207997][ T8816] EXT4-fs: Ignoring removed orlov option [ 232.249340][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 232.256359][ T4268] EXT4-fs error (device loop3): empty_inline_dir:1895: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 232.283370][ T8816] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c018, mo2=0002] [ 232.295727][ T8816] System zones: 0-1, 3-12 [ 232.306207][ T8816] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 232.359498][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 232.366048][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 232.422076][ T5476] EXT4-fs (loop6): unmounting filesystem. [ 232.469133][ T4268] EXT4-fs error (device loop3): ext4_read_inline_dir:1611: inode #12: block 7: comm syz-executor: path /355/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 232.491251][ C0] vkms_vblank_simulate: vblank timer overrun [ 232.595014][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 232.638915][ T4268] EXT4-fs error (device loop3): ext4_read_inline_dir:1611: inode #12: block 7: comm syz-executor: path /355/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 232.661103][ C0] vkms_vblank_simulate: vblank timer overrun [ 232.726601][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 232.739165][ T4268] EXT4-fs error (device loop3): empty_inline_dir:1895: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 232.758944][ C0] vkms_vblank_simulate: vblank timer overrun [ 232.828229][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 232.858596][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 232.899150][ T4268] EXT4-fs error (device loop3): ext4_read_inline_dir:1611: inode #12: block 7: comm syz-executor: path /355/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 232.979340][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 232.996941][ T4268] EXT4-fs error (device loop3): ext4_read_inline_dir:1611: inode #12: block 7: comm syz-executor: path /355/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 233.099211][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 233.112681][ T4268] EXT4-fs error (device loop3): empty_inline_dir:1895: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 233.200751][ T4268] EXT4-fs (loop3): Remounting filesystem read-only [ 233.207322][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.279122][ T4268] EXT4-fs error (device loop3): ext4_read_inline_dir:1611: inode #12: block 7: comm syz-executor: path /355/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 233.359701][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.458804][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.520133][ T8824] loop1: detected capacity change from 0 to 40427 [ 233.526683][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.556898][ T8824] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(918016) [ 233.587861][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.620057][ T8824] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 233.644955][ T8824] F2FS-fs (loop1): invalid crc value [ 233.648224][ T8858] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 233.666350][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.703274][ T8824] F2FS-fs (loop1): Found nat_bits in checkpoint [ 233.716543][ T8858] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 233.731850][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.751877][ T8858] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 233.791670][ T4268] EXT4-fs warning (device loop3): empty_inline_dir:1902: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 233.794389][ T8858] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 233.892466][ T8824] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 233.936688][ T8824] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 234.248715][ T4272] syz-executor: attempt to access beyond end of device [ 234.248715][ T4272] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 234.399443][ T8877] pim6reg: tun_chr_ioctl cmd 1074812117 [ 234.457953][ T8880] vxcan1: tx address claim with dest, not broadcast [ 234.778247][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.806611][ T8882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1608'. [ 234.838563][ T8882] netlink: 'syz.6.1608': attribute type 21 has an invalid length. [ 234.983648][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.194694][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.356250][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.550051][ T4284] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 235.588953][ T4284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 235.603770][ T4284] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 235.611784][ T4284] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 235.619969][ T4284] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 235.627333][ T4284] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 235.709609][ T8908] loop0: detected capacity change from 0 to 1024 [ 235.751346][ T8908] hfsplus: bad catalog entry type [ 236.031367][ T4321] hfsplus: b-tree write err: -5, ino 25 [ 236.037279][ T4321] hfsplus: b-tree write err: -5, ino 4 [ 236.118939][ T4321] hfsplus: b-tree write err: -5, ino 2 [ 236.124551][ T4321] hfsplus: b-tree write err: -5, ino 26 [ 236.210678][ T8922] program syz.0.1622 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 236.690794][ T8903] chnl_net:caif_netlink_parms(): no params data found [ 237.044583][ T8951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1634'. [ 237.318785][ T4284] Bluetooth: hci4: command 0x0406 tx timeout [ 237.338693][ T8903] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.345849][ T8903] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.379665][ T8903] device bridge_slave_0 entered promiscuous mode [ 237.451955][ T8903] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.486716][ T8903] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.495581][ T8903] device bridge_slave_1 entered promiscuous mode [ 237.586308][ T8943] loop6: detected capacity change from 0 to 40427 [ 237.627837][ T8943] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 237.645191][ T8943] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 237.667101][ T8903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.678874][ T8943] F2FS-fs (loop6): invalid crc value [ 237.696527][ T8903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.726728][ T4284] Bluetooth: hci0: command 0x0409 tx timeout [ 237.748426][ T8943] F2FS-fs (loop6): Found nat_bits in checkpoint [ 237.856041][ T8903] team0: Port device team_slave_0 added [ 237.873832][ T8943] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 237.882019][ T8943] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 237.899453][ T8903] team0: Port device team_slave_1 added [ 237.945811][ T8903] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.970909][ T8903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.053520][ T8903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.088755][ T8903] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.096098][ T8903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.218310][ T8903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.453295][ T8980] loop7: detected capacity change from 0 to 512 [ 238.533681][ T8980] EXT4-fs: Ignoring removed nobh option [ 238.601319][ T8980] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 238.634354][ T8903] device hsr_slave_0 entered promiscuous mode [ 238.658317][ T8903] device hsr_slave_1 entered promiscuous mode [ 238.689622][ T8980] EXT4-fs (loop7): 1 truncate cleaned up [ 238.695352][ T8980] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 238.739584][ T8903] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 238.747383][ T8903] Cannot create hsr debugfs directory [ 238.997525][ T6518] EXT4-fs (loop7): unmounting filesystem. [ 239.138304][ T8994] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1641'. [ 239.190767][ T11] device hsr_slave_0 left promiscuous mode [ 239.200836][ T11] device hsr_slave_1 left promiscuous mode [ 239.217948][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.239038][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.247278][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.268156][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.307930][ T11] device bridge_slave_1 left promiscuous mode [ 239.315619][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.331971][ T8976] loop1: detected capacity change from 0 to 40427 [ 239.342366][ T11] device bridge_slave_0 left promiscuous mode [ 239.352460][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.379657][ T8976] F2FS-fs (loop1): invalid crc value [ 239.405590][ T8976] F2FS-fs (loop1): Found nat_bits in checkpoint [ 239.450879][ T11] device veth1_macvtap left promiscuous mode [ 239.468139][ T11] device veth0_macvtap left promiscuous mode [ 239.494400][ T8976] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0 [ 239.495008][ T11] device veth1_vlan left promiscuous mode [ 239.514270][ T8976] F2FS-fs (loop1): Start checkpoint disabled! [ 239.526932][ T8976] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 239.798650][ T4284] Bluetooth: hci0: command 0x041b tx timeout [ 239.835173][ T9] kworker/u4:0: attempt to access beyond end of device [ 239.835173][ T9] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 239.850192][ T9] kworker/u4:0: attempt to access beyond end of device [ 239.850192][ T9] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 240.587744][ T9017] loop1: detected capacity change from 0 to 64 [ 240.950011][ T11] team0 (unregistering): Port device team_slave_1 removed [ 240.998742][ T28] INFO: task syz-executor:4270 blocked for more than 143 seconds. [ 241.015022][ T28] Not tainted syzkaller #0 [ 241.020407][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 241.034925][ T28] task:syz-executor state:D stack:22064 pid:4270 ppid:1 flags:0x00004004 [ 241.044785][ T28] Call Trace: [ 241.048183][ T28] [ 241.052077][ T28] __schedule+0x11d1/0x40e0 [ 241.056649][ T28] ? mark_lock+0x94/0x320 [ 241.061692][ T28] ? __sched_text_start+0x8/0x8 [ 241.066929][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 241.073701][ T28] ? lock_chain_count+0x20/0x20 [ 241.079630][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 241.084700][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 241.090455][ T28] schedule+0xb9/0x180 [ 241.094715][ T28] io_schedule+0x7c/0xd0 [ 241.099286][ T28] folio_wait_bit_common+0x70a/0xfa0 [ 241.104697][ T28] ? folio_wait_bit+0x30/0x30 [ 241.110759][ T28] ? migration_entry_wait_on_locked+0xe90/0xe90 [ 241.117043][ T28] ? __lock_acquire+0x7d10/0x7d10 [ 241.122920][ T28] ? __filemap_get_folio+0x10f/0xdb0 [ 241.128219][ T28] __filemap_get_folio+0x423/0xdb0 [ 241.134026][ T28] ? __filemap_get_folio+0x10f/0xdb0 [ 241.139469][ T28] ? page_cache_prev_miss+0x380/0x380 [ 241.144880][ T28] ? mlock_page_drain_local+0x75/0x490 [ 241.150564][ T28] ? mlock_page_drain_local+0x289/0x490 [ 241.156136][ T28] truncate_inode_pages_range+0x402/0x1090 [ 241.162251][ T28] ? mapping_evict_folio+0x520/0x520 [ 241.167591][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 241.173848][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 241.179140][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 241.184341][ T28] evict+0x4dc/0x8d0 [ 241.188501][ T28] ? proc_nr_inodes+0x2f0/0x2f0 [ 241.193431][ T28] ? do_raw_spin_unlock+0x11d/0x230 [ 241.198721][ T28] ? do_raw_spin_unlock+0x11d/0x230 [ 241.203936][ T28] evict_inodes+0x60c/0x6a0 [ 241.208591][ T28] ? clear_inode+0x150/0x150 [ 241.213755][ T28] generic_shutdown_super+0x93/0x340 [ 241.219138][ T28] kill_block_super+0x7c/0xe0 [ 241.223845][ T28] deactivate_locked_super+0x93/0xf0 [ 241.229271][ T28] cleanup_mnt+0x42c/0x4b0 [ 241.233723][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 241.239151][ T28] task_work_run+0x1d0/0x260 [ 241.243967][ T28] ? task_work_cancel+0x220/0x220 [ 241.249158][ T28] ? exit_to_user_mode_loop+0x3b/0x110 [ 241.254657][ T28] exit_to_user_mode_loop+0xe6/0x110 [ 241.260135][ T28] exit_to_user_mode_prepare+0xee/0x180 [ 241.265713][ T28] syscall_exit_to_user_mode+0x16/0x40 [ 241.271282][ T28] do_syscall_64+0x58/0xa0 [ 241.275717][ T28] ? clear_bhb_loop+0x60/0xb0 [ 241.280489][ T28] ? clear_bhb_loop+0x60/0xb0 [ 241.285193][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 241.291241][ T28] RIP: 0033:0x7fc9fd59d9d7 [ 241.295674][ T28] RSP: 002b:00007fff4f1efca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 241.304155][ T28] RAX: 0000000000000000 RBX: 00007fc9fd631f90 RCX: 00007fc9fd59d9d7 [ 241.312929][ T28] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4f1efd60 [ 241.321540][ T28] RBP: 00007fff4f1efd60 R08: 00007fff4f1f0d60 R09: 00000000ffffffff [ 241.329794][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4f1f0df0 [ 241.337787][ T28] R13: 00007fc9fd631f90 R14: 00000000000170f0 R15: 00007fff4f1f0e30 [ 241.345944][ T28] [ 241.349183][ T28] [ 241.349183][ T28] Showing all locks held in the system: [ 241.357012][ T28] 4 locks held by kworker/u4:1/11: [ 241.362372][ T28] 1 lock held by rcu_tasks_kthre/12: [ 241.367678][ T28] #0: ffffffff8cb2dfb0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 241.378533][ T28] 1 lock held by rcu_tasks_trace/13: [ 241.383835][ T28] #0: ffffffff8cb2e7d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 241.394987][ T28] 1 lock held by khungtaskd/28: [ 241.415472][ T28] #0: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 241.427371][ T28] 1 lock held by dhcpcd/3932: [ 241.432258][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x288/0x1af0 [ 241.441499][ T28] 2 locks held by getty/4029: [ 241.446233][ T28] #0: ffff88814ce0c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 241.456318][ T28] #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x429/0x1390 [ 241.466560][ T28] 1 lock held by syz-executor/4270: [ 241.471861][ T28] #0: ffff8880734dc0e0 (&type->s_umount_key#87){+.+.}-{3:3}, at: deactivate_super+0xa0/0xd0 [ 241.482270][ T28] 3 locks held by kworker/u4:6/4334: [ 241.487575][ T28] #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.501715][ T28] #1: ffffc90004207d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.512357][ T28] #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 [ 241.522282][ T28] 2 locks held by kworker/u4:7/4338: [ 241.527709][ T28] 2 locks held by kworker/0:9/4513: [ 241.533070][ T28] #0: ffff888017472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.543602][ T28] #1: ffffc900046c7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.555179][ T28] 3 locks held by kworker/0:11/4515: [ 241.560510][ T28] #0: ffff88802f422538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.573912][ T28] #1: ffffc90004987d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.587067][ T28] #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30 [ 241.596852][ T28] 3 locks held by kworker/0:17/5057: [ 241.602227][ T28] #0: ffff888017470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.612884][ T28] #1: ffffc90003d57d00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 241.623959][ T28] #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 241.634447][ T28] 1 lock held by syz-executor/8903: [ 241.639876][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 241.649415][ T28] 2 locks held by syz.7.1646/9006: [ 241.654564][ T28] #0: ffffffff8dda6c50 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 241.662928][ T28] #1: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5b/0x930 [ 241.672366][ T28] 1 lock held by syz.6.1649/9015: [ 241.677411][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: wext_ioctl_dispatch+0xaf/0x470 [ 241.687074][ T28] [ 241.689474][ T28] ============================================= [ 241.689474][ T28] [ 241.697934][ T28] NMI backtrace for cpu 1 [ 241.698637][ T11] team0 (unregistering): Port device team_slave_0 removed [ 241.702255][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 241.702275][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 241.702284][ T28] Call Trace: [ 241.702292][ T28] [ 241.702300][ T28] dump_stack_lvl+0x188/0x24e [ 241.737553][ T28] ? irq_work_queue+0xbf/0x140 [ 241.742346][ T28] ? show_regs_print_info+0x12/0x12 [ 241.747640][ T28] ? load_image+0x400/0x400 [ 241.752154][ T28] ? vprintk_emit+0x59f/0x6a0 [ 241.756856][ T28] ? printk_sprint+0x460/0x460 [ 241.761732][ T28] nmi_cpu_backtrace+0x3e6/0x460 [ 241.766686][ T28] ? nmi_trigger_cpumask_backtrace+0x450/0x450 [ 241.772843][ T28] ? _printk+0xda/0x130 [ 241.777000][ T28] ? load_image+0x400/0x400 [ 241.781498][ T28] ? load_image+0x400/0x400 [ 241.786076][ T28] ? nmi_trigger_cpumask_backtrace+0xf3/0x450 [ 241.792140][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 241.798203][ T28] nmi_trigger_cpumask_backtrace+0x1d4/0x450 [ 241.804191][ T28] watchdog+0xeee/0xf30 [ 241.808354][ T28] ? watchdog+0x1ed/0xf30 [ 241.812683][ T28] kthread+0x29d/0x330 [ 241.816745][ T28] ? hungtask_pm_notify+0x40/0x40 [ 241.821771][ T28] ? kthread_blkcg+0xd0/0xd0 [ 241.826374][ T28] ret_from_fork+0x1f/0x30 [ 241.830890][ T28] [ 241.834688][ T28] Sending NMI from CPU 1 to CPUs 0: [ 241.840141][ C0] NMI backtrace for cpu 0 [ 241.840151][ C0] CPU: 0 PID: 4338 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 241.840167][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 241.840176][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 241.840199][ C0] RIP: 0010:stack_trace_consume_entry+0x18/0x270 [ 241.840221][ C0] Code: 78 75 09 48 8d 65 f0 5b 41 5e 5d c3 e8 61 e3 bb 08 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 18 48 ba 00 00 00 00 00 fc ff df <4c> 8d 47 10 4c 89 c5 48 c1 ed 03 0f b6 44 15 00 84 c0 0f 85 04 01 [ 241.840233][ C0] RSP: 0018:ffffc900041f76d8 EFLAGS: 00000296 [ 241.840246][ C0] RAX: ffffffff81004c0f RBX: ffffc900041f77e0 RCX: 0000000080000000 [ 241.840257][ C0] RDX: dffffc0000000000 RSI: ffffffff81004c0f RDI: ffffc900041f77e0 [ 241.840268][ C0] RBP: ffffc900041f77b0 R08: ffffc900041f7f48 R09: ffffc900041f7778 [ 241.840278][ C0] R10: dffffc0000000000 R11: fffff5200083eef1 R12: ffff888024239dc0 [ 241.840289][ C0] R13: ffffc900041f7b38 R14: ffffffff81712210 R15: ffffc900041f7728 [ 241.840300][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 241.840312][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 241.840322][ C0] CR2: 00007f06bd1e82f8 CR3: 00000000297d6000 CR4: 00000000003506f0 [ 241.840336][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 241.840344][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 241.840354][ C0] Call Trace: [ 241.840358][ C0] [ 241.840363][ C0] ? ret_from_fork+0x1f/0x30 [ 241.840382][ C0] ? stack_trace_save+0xf0/0xf0 [ 241.840398][ C0] arch_stack_walk+0x100/0x140 [ 241.840416][ C0] ? ret_from_fork+0x1f/0x30 [ 241.840434][ C0] stack_trace_save+0xa6/0xf0 [ 241.840449][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 241.840464][ C0] ? skb_release_data+0x5db/0x7c0 [ 241.840482][ C0] ? process_one_work+0x8a2/0x1160 [ 241.840497][ C0] ? kthread+0x29d/0x330 [ 241.840512][ C0] kasan_set_track+0x4b/0x70 [ 241.840529][ C0] ? kasan_set_track+0x4b/0x70 [ 241.840544][ C0] ? kasan_save_free_info+0x2d/0x50 [ 241.840556][ C0] ? ____kasan_slab_free+0x126/0x1e0 [ 241.840578][ C0] ? slab_free_freelist_hook+0x131/0x1a0 [ 241.840594][ C0] ? kmem_cache_free+0xf7/0x290 [ 241.840607][ C0] ? ieee80211_iface_work+0x7b3/0xc80 [ 241.840627][ C0] ? cfg80211_wiphy_work+0x221/0x260 [ 241.840643][ C0] ? process_one_work+0x8a2/0x1160 [ 241.840657][ C0] ? worker_thread+0xaa2/0x1270 [ 241.840671][ C0] ? kthread+0x29d/0x330 [ 241.840702][ C0] ? kmem_cache_free+0xf7/0x290 [ 241.840716][ C0] kasan_save_free_info+0x2d/0x50 [ 241.840729][ C0] ____kasan_slab_free+0x126/0x1e0 [ 241.840747][ C0] slab_free_freelist_hook+0x131/0x1a0 [ 241.840765][ C0] ? ieee80211_iface_work+0x7b3/0xc80 [ 241.840782][ C0] kmem_cache_free+0xf7/0x290 [ 241.840798][ C0] ieee80211_iface_work+0x7b3/0xc80 [ 241.840817][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 241.840834][ C0] cfg80211_wiphy_work+0x221/0x260 [ 241.840852][ C0] ? process_one_work+0x7b0/0x1160 [ 241.840867][ C0] process_one_work+0x8a2/0x1160 [ 241.840888][ C0] ? worker_detach_from_pool+0x240/0x240 [ 241.840906][ C0] ? _raw_spin_lock_irq+0xb7/0xf0 [ 241.840920][ C0] ? _raw_spin_lock_irqsave+0x100/0x100 [ 241.840934][ C0] ? kthread_data+0x4b/0xc0 [ 241.840954][ C0] worker_thread+0xaa2/0x1270 [ 241.840977][ C0] ? __kthread_parkme+0x162/0x1c0 [ 241.840997][ C0] kthread+0x29d/0x330 [ 241.841009][ C0] ? worker_clr_flags+0x1a0/0x1a0 [ 241.841023][ C0] ? kthread_blkcg+0xd0/0xd0 [ 241.841036][ C0] ret_from_fork+0x1f/0x30 [ 241.841058][ C0] [ 242.201163][ T4284] Bluetooth: hci0: command 0x040f tx timeout [ 242.218822][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 242.225716][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 242.232928][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 242.242999][ T28] Call Trace: [ 242.246284][ T28] [ 242.249229][ T28] dump_stack_lvl+0x188/0x24e [ 242.253899][ T28] ? memcpy+0x3c/0x60 [ 242.257896][ T28] ? show_regs_print_info+0x12/0x12 [ 242.263121][ T28] ? load_image+0x400/0x400 [ 242.267646][ T28] panic+0x2e5/0x730 [ 242.271536][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 242.277164][ T28] ? bpf_jit_dump+0xd0/0xd0 [ 242.281683][ T28] ? nmi_trigger_cpumask_backtrace+0x35b/0x450 [ 242.287858][ T28] ? nmi_trigger_cpumask_backtrace+0x360/0x450 [ 242.294273][ T28] watchdog+0xf2d/0xf30 [ 242.298440][ T28] ? watchdog+0x1ed/0xf30 [ 242.302791][ T28] kthread+0x29d/0x330 [ 242.306861][ T28] ? hungtask_pm_notify+0x40/0x40 [ 242.311884][ T28] ? kthread_blkcg+0xd0/0xd0 [ 242.316468][ T28] ret_from_fork+0x1f/0x30 [ 242.320904][ T28] [ 242.324343][ T28] Kernel Offset: disabled [ 242.328690][ T28] Rebooting in 86400 seconds..