last executing test programs: 1m28.157511355s ago: executing program 0 (id=244): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="15020000fe0f00001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="080004"], 0x54}, 0x1, 0xba01, 0x0, 0x4010}, 0x4000000) 1m27.935188875s ago: executing program 0 (id=246): r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x400, 0x4}, &(0x7f0000000300)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_MKDIRAT={0x25, 0x11, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x6e2, 0x3900, 0x3, 0x0, 0x0) 1m27.855518441s ago: executing program 0 (id=247): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848290000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x80) 1m27.503043722s ago: executing program 0 (id=250): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x2000002, &(0x7f00000001c0)={[{@shortad}, {@fileset={'fileset', 0x3d, 0x5}}, {@unhide}, {}, {@volume={'volume', 0x3d, 0x401}}, {@gid_ignore}, {@uid_forget}, {@anchor}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {}, {@noadinicb}]}, 0x1, 0xc47, &(0x7f0000001800)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM+KQomxGFCVKeh6b+s3cOefec+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr544taP7//r6+vretwcA2HuX/f8/AAAAAAAAAAAAAADsdymKeDpSzF1cS5PV+676hc7gzVsTo2PbVzuYqpoDVfnyp37y1OkzX3pp5GwvL3RmPqL+/fbZeGP88vnGq7M35ubbCwvtqcbETOfq7FR7x3vYbf2tjlUnoHHjzZtT164tNE69eHrTx7eGPxx66sjwuZHnjz/XKzsxOjY2vlGk3l++ds8N6brbDI8DUcTxSPHC936aWhFRxO7PRf3Bjv1WB6tOHKs6MTE6VnVkutOaWSw/vNQ7EUVEo69Ss3eOth+LqA0+0D7cXTNiqWx+2eBjZffG51rzrSvT7cal1vxiZ7EzO3MpdVtb9qcRRZxNEcsRsTp05+4Go4hapPjO4bV0JSIGeufhi9XE4Lu3o9jDPu5A2c7GYMRy8QiM2T42FEW8Hil+9t7RuJqvM9W15gsRr5f5g4h3ynwlIpVfjDMRH2zzPeLRVIsi/rwc/3Nraaq6HvSuKxe+1vjKzLXZvrK968ovdX94684rxUO6Pxzckg/miPv82lSPIlrVFX8t3ftvdgAAAAAAAAAAAAAAAAC43w5GEZ+JFK/92x9V84qjmpd++NzI7w////45489+zH7Ksi9GxFKxszm5B/IU4kvpUkoPeS7xk6weRfxxnv/3rYfdGAAAAAAAAAAAAAAAAAAAgCdaET+JFC+/fzQtR/+a4p2Z643LrSvT3VVhe2v/9tZMX19fX2+kbjZzTuZcyrmccyXnas4ocv2czZyTOZdyLudcybmaMwZy/ZzNnJM5l3Iu51zJuZozarl+zmbOyZxLOZdzruRczRn7ZO1eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHSRFF/CJSfPsbaylSRDQjJqObK0MPu3UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGkoFfH9SNH4g+btbbWISNW/XUfLX85E80CZn4zmSJmvRPN8zlaVtea3HkL72Z3BVMSPI8VQ/d3bA57Hf7D77vbXIN755sa7z9a6OdD7cPjDoaeOHD43MvZrz97tddquAccudGZu3mpMjI6NjUf99uZaPvon+4oO5+MW96vzxMJbb7/Zmp5uz9/7i/IrsIvqj9CLVHtSeupF9SJq+6IZD6fvPAHK+/8HkeK33//33g2/e/+vx//rvrt9h4+f/8nG/f/lrTva4f2/trVevv+X9/Txvs29+//Tfdtezr8bGaxF1BdvzA0eiagvvPX28c6N1vX29fbMmRMnvjwy8uXTJwYPRNSvdabbfa/uy+kCAAAAAAAAAAAAAAAAeHBSEb8bKVo/XkuNiLhVzdcaPjfy/PHnBmKgmm+1ad72G+OXzzdenb0xN99eWGhPNSZmOldnp9o7PVy9mu41MTq2J535WAf3uP0H66/Ozr0137n+h4vbfn6ofv7KwuJ86+r2H8fBKCKa/VuOVQ2eGB2rGj3dac1UVS9tO5n+lzeYiviPSHH1TCN9Pm/L8/+3zvDfNP9/aeuO7sv8/w29+X+f6NtWHjOlIn4eKX7rL56Nz1ftPBR3nLNc7m8ixbGzn8vl4kBZrteG7nMFujMDy7L/Eyn+4Reby/bmQz69Ufbkjk/sI6Ic/8OR4vt/9t349bxt8/Mfth//Q1t3tEfj/0zftkObnlew666Tx/94pHjl6XfjN/K2j3r+R+/ZG0dz4dvP59ij8f9U37bhfNzfvD9dBwAAAAAAAAAAeKQNpiL+NlL8cKyWXsrbdvL3/6a27miP/v7Xp/u2Td2f9Yo+9sWuTyoAAAAA7BODqYifRIrri+/enkO9ef533/zP39mY/zmatnxa/Tnfr1TPDbiff/7Xbzgfd3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mn7rqe+kqkeO2/Xsjl0pGyXG8d+OHq1/rF2Znj56enZ6+2FltXptuN8bnW1XZZ95lIsfbXn8t1i2p99d5689013jfWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PvNZXvrWH9qY7+nyrJ/FSm+/k/blz2yUfZ0Wfa7keJHX2/0yh4qy/aej/rpjbIvXp0t9mBUAAAAAAAAAAAAAAAAAAAAeNIMpiL+NFL8943l23P58/r/g31vK+98s2+9/y1uVev8D1fr/9/t9b2s/189V2DpbkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3o4UcxfX0spQ+b6rfqEzc/PWxOjY9tUOpqrmQFW+/KmfPHX6zJdeGjnby4+uf799Jt4Yv3y+8ersjbn59sJCe6oxMdO5OjvV3vEedlt/q2PVCWjcePPm1LVrC41TL57e9PGt4Q+HnjoyfG7k+ePP9cpOjI6NjfeVqQ3e89HvkO6y/UAU8ZeR4oXv/TT9cCiiiN2fi4/57uy1g1UnjlWdmBgdqzoy3WnNLJYfXuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgdunN3g1HEm5HiO4fX0j8PRQz0zsMXL45/9cSpu7ej2MM+7kDZzsZgxHLxUWO2TYfZZCiK+MdI8bP3jsa/DEXUovsTX4h4vcwfRLwT3fFO5RfjTMQHTutjoxZF/G85/ufW0ntD5fWgd1258LXGV2auzfaV7V1XHvn7w4O0z+8n9SjiR9UVfy39q/+uAQAAAAAAAAAAAAAAAPaRIn41Urz8/tFUzQ++Pae4M3O9cbl1Zbo7ra839683Z3p9fX29kbrZzDmZcynncs6VnKs5o8j1czbLrK+vT+b3SzmXc67kXM0ZA7l+zmbOyZxLOZdzruRczRm1XD9nM+dkzqWcyzlXcq7m7E6SfOohjhkAAAAAAAAAAAAAAAAAAPA4Kqp/Unz7G2tpfahaX3qg99mK9UAfe/8XAAD//6Bw/Lo=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 1m26.987022778s ago: executing program 0 (id=251): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)="eb4c", 0x2}], 0x1}, 0x4045) recvmsg$unix(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x2122) 1m26.327292365s ago: executing program 0 (id=258): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r0, r0, 0x0, 0x200900) 1m25.954684569s ago: executing program 32 (id=258): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r0, r0, 0x0, 0x200900) 39.601123121s ago: executing program 3 (id=541): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="31032abd7000fbdbdf250b00000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x400c080}, 0x0) 39.488200561s ago: executing program 3 (id=542): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r2, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000002540)="955232d6c9", 0x5}], 0x1}}], 0x1, 0x4044805) splice(r1, 0x0, r0, 0x0, 0x10000008ebc, 0x0) 39.375563451s ago: executing program 3 (id=544): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x6c, 0x24, 0xd0f, 0x0, 0x8000, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8, '\x00\x00\x00\b\x00\x00\x00\x00\b\x00'}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x3, 0x4e7, 0x372, 0x0, 0x8, 0x1000}}, {0x4}}]}]}, 0x6c}}, 0x48050) 39.246149982s ago: executing program 3 (id=545): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x380470a, &(0x7f0000000a00)={[{@quota}, {@bsdgroups}, {@lazytime}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) 38.781524713s ago: executing program 3 (id=548): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000100)=0x2, 0x4) 38.059277866s ago: executing program 3 (id=554): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x85) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f00000022c0), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000140)={0x28, 0x2, 0x0, {0x3, 0x5, 0xe}}, 0x28) 37.744207364s ago: executing program 33 (id=554): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x85) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f00000022c0), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000140)={0x28, 0x2, 0x0, {0x3, 0x5, 0xe}}, 0x28) 5.079221284s ago: executing program 2 (id=796): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x12, r0, 0x0) syz_io_uring_setup(0x48ba, &(0x7f0000000000)={0x0, 0xfdfffffc, 0x20, 0xfffffdfb, 0x71}, &(0x7f0000000080), &(0x7f0000ff4000)) 4.844934955s ago: executing program 2 (id=797): setuid(0xee00) r0 = msgget$private(0x0, 0x790) msgsnd(r0, &(0x7f0000000100)=ANY=[@ANYRES8], 0x401, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x1}) 4.637483293s ago: executing program 4 (id=798): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt(r0, 0x1, 0x10000000000009, &(0x7f00000000c0)="f5c89e1e", 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x2, @local, 0x9}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000040)=0x2, 0x4) 3.936903204s ago: executing program 2 (id=804): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x4, 0x14a}}) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000140)) read(r0, &(0x7f0000000180)=""/183, 0xb7) 3.64378541s ago: executing program 4 (id=805): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="666c7573682c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c00a56dc300a96c9b20f3fabdcb10cad696323259cc0500e5f91620d7b9dc000000000057c51b98cfb3b59f8db941abb77112000000b8ff"], 0x1, 0x250, &(0x7f0000000b80)="$eJzs2k9rHHUYB/BnYqUxJd2I/2hB+kMP6mVocvIgkiAtiAFFG6EK0qmZ6JJxN2SWwIrYeNGLB1+CZ/HoTZCKFy+5+Ao8eMslxx7EkXbTNhtWyKJxS/P5XPZhn/0uz/AMw+8wu69888n6Wp2vFb2YyrKYWoztuJXFXEzFXdvx0gtXf332navvvbG0vHzp7ZQuL12ZX0gpnb3w0/ufff/czd6Zd384++Pp2Jn7YHfviz92nt45t/vXlY/bdWrXqdPtpSJd73Z7xfWqTKvtej1P6a2qLOoytTt1uTnUX6u6Gxv9VHRWZ2c2Nsu6TkWnn9bLfup1U2+zn4qPinYn5XmeZmeCf2Plu1tNE3vNo9ciu/vd7O/RiuzxlD2xmD11LXtmOzu31zStyQ7KMbm3/6ZpHvs2zty0/xPlwEN9OqL6amtla2XwOegvrUU7qijjYrTiz7h9m+wb1JdfX750Md0xF19WN/bzN7ZWHhnOz0cr5kbn5wf5NJw/HTMH8wvRiidH5xdG5qfjxecP5PNoxW8fRjeqWI3b2fv5z+dTeu3N5UP583d+BwDwsMnTPSPPb3n+T/1Bfozz4aHz1ak4f2qy105E3f90vaiqclMxTnFh3NT05GeeeHH8N1uTRTwIV3qk4pefX335ARhjv1g8vJ1JP5n4P9xf+lET08c7EAAAAAAAAAAAAEfy371F+PX+Pw61snHeLAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6mvwMAAP//cOvMBw==") syz_emit_ethernet(0x86, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbec1d9463d1be2371f1b21ec221e0daf4beba5e41010800450000784400000000119078ac1414bbe000000100004e220064907802000000020000000300000087404a1521cd01f9df5ed1edadd5f225602902d238b3605ef3d3776442bc6a4af34f90b9c395844234c7cdd78918f38e876f904f4b9b8b0be78ecf3ecf49"], 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 3.406413091s ago: executing program 4 (id=806): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f00000005c0)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e0500001e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba0", @ANYRESOCT], 0x1, 0x11dc, &(0x7f0000001280)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eexBHTNR2l3hYdDewfD6X/OD3vuQ9BgbeMG/23/jq40Gvynr5NNbOnIm1cUR6kCLFWvzt83j19R9/euHWnbs32p3O9s2Urrdvt15LKW28+P17n37z0g/Ti+9+u/Hd+djbfH//161f9i7vXdn//fZH/Sr1qzQcTVOe7o1G0/xeWaSdfjXIUnqnLPKqSP1hVUwO9HvlaDyepXy4s94YT4qqSvlwlgbFLE1HaTqZpfzDvD9MWZal9UbwX3S/flDXdURdPx7noq7r+oloxMV4MtZjI5qxGU/F0/FMXIpn43I8F8/HlfmoVc8bAAAAAAAAAAAAAAAAAAAAThfn/wEAAAAAAAAAAAAAAAAAAGD1bt25e6Pd6WzfTOlCRPnlbne3u/hd9Nu96EcZRVyLZvwW89P/C4v6+lud7WtpbjO+KO//lb+/233sYL41/5zA0nxrkU8H8+ej8Wh+K5pxaXl+a2n+Qrzy8iP5LJrx8wcxijJ24s/sw/xnrZTefLtzKH91Pg4AAABOgyz9Y+n+Pcv+rb/IH+H5wKH99dm4ena1ayeimn0yyMuymBxbcS6O/S8UCsX/XKz6zsRJeHjRVz0TAAAAAAAAAAAAjuIkXidc9RoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2IFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBVAAAA//8xgdSv") chdir(&(0x7f0000000540)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) rmdir(&(0x7f0000000140)='./file1\x00') 3.089912569s ago: executing program 5 (id=808): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x1000000, 0x0) 3.08147916s ago: executing program 2 (id=809): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$hid(0x1, 0x0, 0x0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x64, &(0x7f00000001c0)=@string={0x64, 0x3, "13bb35dcde613b716bea6d9be72ea62d0e8ac3efd6dee458d728139cfb729b4d39fd893400379927a9c77b4fd56d9a082d12598fcc6dadc5f06ec781da5c8f03459e4430ac9ca1174538384ddbcc12dbcf86143aedb0c06d95c5d925f7942aa1d744"}}, {0x0, 0x0}, {0x10, &(0x7f00000005c0)=@string={0x10, 0x3, "e1df75527eea5b681abdff405502"}}]}) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 2.766370787s ago: executing program 5 (id=811): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r0, &(0x7f0000000000), 0x100000008) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f00000001c0)=0x29) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 2.700347853s ago: executing program 4 (id=812): syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882) r0 = syz_io_uring_setup(0x1644, &(0x7f0000000580)={0x0, 0x0, 0x10100, 0x0, 0x17b}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0) 2.429445787s ago: executing program 4 (id=813): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) syz_usb_disconnect(r0) read$char_usb(r1, 0x0, 0x0) 2.351321644s ago: executing program 5 (id=814): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'gretap0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f031c00eee8140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 2.158921921s ago: executing program 5 (id=816): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.94160615s ago: executing program 5 (id=817): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x121c02, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f00000003c0)={0x2, &(0x7f0000000080)=[{0x50, 0x1, 0x2, 0x6}, {0x6, 0x0, 0x3}]}) write$ppp(r0, &(0x7f0000000400)="6b27e58a4a", 0x5) 1.863816086s ago: executing program 1 (id=818): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x3, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xffff}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r1, &(0x7f0000000400)={0x1f, 0x3, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0xf, 0x1}, 0xe) 1.70338881s ago: executing program 5 (id=819): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x256c, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x394}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0) syz_emit_ethernet(0x0, 0x0, &(0x7f0000000080)={0x0, 0x2, [0x2a0, 0x517, 0x1ce, 0x282]}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 1.665804164s ago: executing program 1 (id=820): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x4}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 1.421364425s ago: executing program 1 (id=821): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="20003300d0000000080211000001080211000000505050505050000008"], 0x3c}}, 0xd0) 1.269848269s ago: executing program 1 (id=822): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x8, @remote, 0xb}, 0x1c) syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000641100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0) 1.083124745s ago: executing program 1 (id=823): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x4008032, 0xffffffffffffffff, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) timer_settime(0x0, 0x0, 0x0, 0x0) 1.042817239s ago: executing program 2 (id=824): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOTMODE={0x5}, @NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x6}]}]}, 0x30}}, 0xc000) 828.047537ms ago: executing program 2 (id=825): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000005900)={[{@noinline_xattr}, {@heap}, {@discard}, {@noextent_cache}, {@age_extent_cache}, {@user_xattr}, {@noinline_xattr}, {@fastboot}, {@block_mode}, {@errors_remount}]}, 0x21, 0x5541, &(0x7f00000059c0)="$eJzs3EtvG1UYBuDPSdPSCyVCLNh1UIWUSLVVpxfBrkArrq2qAgtW4Niu5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskECeM+kFqIQUJ67b55HG78zx8TfnjJJIZyZyAE+t5eyP3ypxOo5HxGJEnIoo9ivlVriS4sWIOBMRCw9slbL9XsPRiDgREacnxVPNSvnWV+fGZy/9+s7v3/947MjJr7/7aXazBmbt5Yjob6T97X7KvJPyTtneGHeL7F8cl5ne6N8tj/OU2+31osJ2Y69fo8gLndQ/39gaTvJ2r9GcZKd7u2jfGKQTDsedvTrFB+40NovjVnu9yO4wL7Kzm8a1s5v+tu0OR6lOq6z3aVE+RqO9TO3tnXaaz8bdIpuDUdme6uat9s4kx2WWp4tm3msV41jfz5V+rL30XnewtZON25vDbj7ILtXqr9Tql6v1zbzVHrUvVhv91uWL2UqnN+lWHbUb/SudPO/02rVm3l/NVjrNZrVez1autte7jUFWr9cu1M5XL62We+eyN298mPVa2cokX+8Otkbd3jC7nW9m6ROr2Vrtwqur2dl69v71m9nNW9euXb/5wcdXP7rx2vW33yg7/WtY2cra+bW1av18da2+ur8LMFfz/7wc9BTnD/tSmfUAAOaP9T8wCwe3/t+8FXHw6/+w/p+KuVr/Pt7r/8Wy5FzNH/bF+h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Kn189I3bxU7y+n4ZNn+bNn0fHlciYiFiPjrPyzG0YdqLpZ1lh7Rf+kfY/ihEkWFyTmOlduJiLhSbn8+d9BXAQAAAJ5c33525su0Wk8vy7MeEIcp3bRZOPXJlOpVImJp+ZcpVVuYvLwwpWLFz/eR2JlSteIG1jNTKpZuuR2ZVrX/pfh1fzfFvZkUUUmxcL/v0Qf7AAAAc2zxoTjcVQgAAACH6YtHvnP3UMfBIavE3qPMvYd8xX/e33/Ydzwde/QHAAAA86sy6wEAAAAAB65Y//v+PwAAAHiype//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPibnXu5URuI4wD8t8GBvBQU5Z4ycs0Nysg9lxxzjCggTVACaSENUAO5pYQVrPB40bJiH+Ax1q6+T7LHtuyfZ3gcZkYaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC69K9azv78+vy7bc5m206e1gAAAADHrKvlrD6YpPO3zfX3zaWPzXkREWVEHOu7D+LVQeagyanuub+6U4e/EXXC7h2jZnsTEV/Tto0PXX8KAAAA8CINd7vVfDFNvfW0m/RdK1o74TtMgzblu2+ZXl1ERDX5nymt3OV9yhRW/76H8TNTWj2ANc4UlobchrnSnqT+u+9H7ca3iiIV5cPPZ2s7AABwQYOD4rK9EAAAAC7pR98VoAuvH72jiJupzP1U4CgV44MIk30AAADwfBV9VwAAAADoXN3/P2X9v+hn/b+4sv4fAAAAnC2t/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECX1tVytpovpmc+/v1Lc7DZtpOxSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1+zPOwqEQBiEwd71ncnc/7DSoKGxSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXM/r3FUcQDA38zsbH9oMUbJISIKHvRi021t7U08KMGDf4IQ0m2N3fqjzcGWIuTiTXLuRfQoIijx1n/AU29CC73UWw97qODFy8qbndmdNgU3LZ3ZNp8PvHnf3bzM+75ZCPnOmwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAzfn8ZZPCyM47R87+a9q+uxv/VAH13fvr0cW4yTJpN+Orxaf5EstZcIAAAA+0dW1fchhDv5zmrs04Wi/s+rMbHm/+HIOK7q+Qfr/qqvav/Yfv/t7suTiRbG88STnt0Y9I/tTqXz5FY531743xGd4soX916y4gNJP9p6aZgX1zP57saND7pFeKCJbAGAR3G06sug+n0o9r02EwNg3+jUCu+q/s8W2s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnDrfBcFSchhOXONI5u3bu6/rD++vbt5aqdunZtu37OeIo8hHB2Y9A/1uBa5t2ly1fOrw0G/YvNB6+FENqa/b1y+ec/mWFwCK1cnycV/Dsajfb0XQfbz/mxgrT8sGcY3J2XnNsPWvyhBADAMykvW6zr7+Q7q/G9ZDGE0Y+x/j8yGfdm2e+l/r/76amb9bnq9X+vqQU+BVY2L3y5cunylbc3Lqyd65/rf/7O8d67vROnT548vVLcK1lxxwQAAIDH0y1bvf5PF3fv/x+uxWHG+v+r73vfTGf6sziq/3ebbvq1nQkAAMD+9uLr//ydPOT9pNsNX69tbl7sjY+T18fHxxZS3bMDZavX/9li21kBAAAATRhuJfft/5+pxWHG/f/nf3rll/o5sxDCoXL//+j6F4MzzS1nrjXx58RtrxEAAIB2HSpbff8/L57/TyePPKQhhLfeGMflvwGcqf7PPvz25/pcWe35/xPNLXEupUvj61H0SyF0lu778h+tJQYAAMAz6WDZYrH/V76z+tmvhz/uev4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGn/BQAA///Wa0FV") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x80000, 0x1) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) open_by_handle_at(r0, &(0x7f0000000040)=@reiserfs_2={0x8, 0x2, {0xb}}, 0x0) 2.51155ms ago: executing program 1 (id=826): r0 = open(&(0x7f0000000040)='./file0\x00', 0x101040, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 0s ago: executing program 4 (id=827): r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000600)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x2, 0x1}) io_uring_enter(r1, 0x46f3, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 70.942315][ T5884] ntfs: volume version 3.1. [ 70.965000][ T5853] usb 4-1: selecting invalid altsetting 0 [ 70.972754][ T5853] usbtest: probe of 4-1:220.1 failed with error -22 [ 71.019411][ T5853] usb 4-1: USB disconnect, device number 2 [ 71.271208][ T41] ntfs: (device loop2): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. [ 71.290425][ T5768] ntfs: (device loop2): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 71.708724][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.715574][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.260803][ T5770] Bluetooth: hci0: command tx timeout [ 72.331065][ T5770] Bluetooth: hci3: command tx timeout [ 72.336540][ T5770] Bluetooth: hci1: command tx timeout [ 72.410978][ T5770] Bluetooth: hci2: command tx timeout [ 72.689911][ T5923] loop1: detected capacity change from 0 to 32768 [ 72.754443][ T5931] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 73.207803][ T5944] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.242376][ T5944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.39'. [ 73.294623][ T5946] loop1: detected capacity change from 0 to 16 [ 73.321815][ T5946] ======================================================= [ 73.321815][ T5946] WARNING: The mand mount option has been deprecated and [ 73.321815][ T5946] and is ignored by this kernel. Remove the mand [ 73.321815][ T5946] option from the mount to silence this warning. [ 73.321815][ T5946] ======================================================= [ 73.388892][ T5946] erofs: (device loop1): mounted with root inode @ nid 36. [ 73.432288][ T5946] erofs: (device loop1): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46 [ 73.453380][ T5946] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 46 [ 74.247038][ T5971] loop2: detected capacity change from 0 to 1024 [ 74.395801][ T12] hfsplus: b-tree write err: -5, ino 3 [ 74.489810][ T5977] netlink: 20 bytes leftover after parsing attributes in process `syz.2.51'. [ 75.158022][ T5990] loop1: detected capacity change from 0 to 64 [ 75.183062][ T5984] loop2: detected capacity change from 0 to 40427 [ 75.198119][ T5984] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 75.208284][ T5984] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 75.236261][ T5984] F2FS-fs (loop2): invalid crc value [ 75.269537][ T5984] F2FS-fs (loop2): Found nat_bits in checkpoint [ 75.277951][ T27] audit: type=1800 audit(1771390256.681:2): pid=5990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.56" name="file1" dev="loop1" ino=21 res=0 errno=0 [ 75.394378][ T5984] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 75.420912][ T5984] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 76.317881][ T6020] loop2: detected capacity change from 0 to 512 [ 76.359576][ T6022] loop3: detected capacity change from 0 to 1024 [ 76.444915][ T6020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.468540][ T11] hfsplus: b-tree write err: -5, ino 4 [ 76.506639][ T6020] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 76.557404][ T6031] warning: `syz.1.73' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 76.750691][ T6038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 76.932552][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.980419][ T6044] Driver unsupported XDP return value 0 on prog (id 7) dev N/A, expect packet loss! [ 77.588827][ T6056] loop1: detected capacity change from 0 to 1024 [ 77.681855][ T6056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.793262][ T6040] loop3: detected capacity change from 0 to 32768 [ 77.835594][ T6056] EXT4-fs error (device loop1): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.1.83: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=8, size=56 fake=0 [ 77.932552][ T6040] (syz.3.76,6040,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 77.961980][ T6056] EXT4-fs error (device loop1) in ext4_delete_inline_entry:1794: Corrupt filesystem [ 78.013487][ T6040] (syz.3.76,6040,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 78.170224][ T6040] JBD2: Ignoring recovery information on journal [ 78.181246][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.393400][ T6040] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 78.663871][ T6069] overlayfs: invalid origin (0000005e40a88832162e012d21233a2c2826000000ca8a0000000000) [ 78.942164][ T5766] ocfs2: Unmounting device (7,3) on (node local) [ 79.320043][ T6078] loop0: detected capacity change from 0 to 8192 [ 79.386230][ T6078] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 79.484763][ T6078] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 79.518136][ T6078] ntfs3: loop0: Failed to load $Extend (-2). [ 79.530477][ T6078] ntfs3: loop0: Failed to initialize $Extend. [ 79.719672][ T6091] Attempt to restore checkpoint with obsolete wellknown handles [ 80.300667][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 80.421267][ T5775] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 80.434756][ T6114] loop1: detected capacity change from 0 to 512 [ 80.484867][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 80.495291][ T23] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 80.511452][ T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 80.525170][ T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 80.536536][ T6114] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 80.536886][ T23] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 80.559828][ T6114] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 80.567648][ T23] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 80.583182][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.598506][ T6114] System zones: 0-1, 15-15, 18-18, 34-34 [ 80.611087][ T6114] EXT4-fs (loop1): orphan cleanup on readonly fs [ 80.618598][ T6114] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 80.628503][ T6114] EXT4-fs warning (device loop1): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 80.630800][ T5775] usb 1-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 80.644400][ T6114] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 80.677755][ T6114] EXT4-fs (loop1): 1 truncate cleaned up [ 80.689035][ T6114] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 80.693720][ T5775] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.745169][ T5775] usb 1-1: config 0 descriptor?? [ 80.767648][ T6114] fscrypt (loop1, inode 16): Error -61 getting encryption context [ 80.820763][ T23] usb 3-1: GET_CAPABILITIES returned 0 [ 80.841335][ T23] usbtmc 3-1:16.0: can't read capabilities [ 80.859483][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.085994][ T5853] usb 3-1: USB disconnect, device number 2 [ 81.205756][ T5775] elecom 0003:056E:00FB.0001: unknown main item tag 0x0 [ 81.213501][ T5775] elecom 0003:056E:00FB.0001: unknown main item tag 0x0 [ 81.220481][ T5775] elecom 0003:056E:00FB.0001: unknown main item tag 0x0 [ 81.227983][ T5775] elecom 0003:056E:00FB.0001: unknown main item tag 0x0 [ 81.235057][ T5775] elecom 0003:056E:00FB.0001: unknown main item tag 0x0 [ 81.242112][ T5775] elecom 0003:056E:00FB.0001: unknown main item tag 0x0 [ 81.249295][ T5775] elecom 0003:056E:00FB.0001: unknown main item tag 0x0 [ 81.265007][ T5775] elecom 0003:056E:00FB.0001: hidraw0: USB HID v10.00 Device [HID 056e:00fb] on usb-dummy_hcd.0-1/input0 [ 81.441738][ T5775] usb 1-1: USB disconnect, device number 2 [ 81.940268][ T42] cfg80211: failed to load regulatory.db [ 82.194485][ T6146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.119'. [ 82.642623][ T6160] loop2: detected capacity change from 0 to 16 [ 82.687189][ T6160] erofs: (device loop2): mounted with root inode @ nid 36. [ 83.045629][ T6169] loop1: detected capacity change from 0 to 4096 [ 83.053982][ T6152] loop3: detected capacity change from 0 to 32768 [ 83.091337][ T6169] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 83.195158][ T6152] overlayfs: upper fs needs to support d_type. [ 83.251890][ T6152] overlayfs: upper fs does not support tmpfile. [ 83.274924][ T6152] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 83.697137][ T6186] syz.0.138 uses obsolete (PF_INET,SOCK_PACKET) [ 84.080750][ T42] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 84.160829][ T5775] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 84.264282][ T42] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 84.274605][ T42] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 84.286586][ T42] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 84.297000][ T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 84.305169][ T42] usb 2-1: SerialNumber: syz [ 84.340672][ T5775] usb 1-1: Using ep0 maxpacket: 32 [ 84.348064][ T5775] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 84.356314][ T5775] usb 1-1: config 0 has no interface number 0 [ 84.362586][ T5775] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 84.373655][ T5775] usb 1-1: config 0 interface 85 has no altsetting 0 [ 84.383739][ T5775] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 84.392892][ T5775] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.401149][ T5775] usb 1-1: Product: syz [ 84.405352][ T5775] usb 1-1: Manufacturer: syz [ 84.409956][ T5775] usb 1-1: SerialNumber: syz [ 84.418344][ T5775] usb 1-1: config 0 descriptor?? [ 84.548862][ T42] usb 2-1: 0:2 : does not exist [ 84.614097][ T42] usb 2-1: USB disconnect, device number 2 [ 84.709646][ T5758] udevd[5758]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 84.775873][ T6201] loop2: detected capacity change from 0 to 16 [ 84.798255][ T6201] erofs: (device loop2): mounted with root inode @ nid 36. [ 85.056648][ T5775] appletouch 1-1:0.85: Geyser mode initialized. [ 85.073320][ T5775] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input5 [ 85.295293][ T8] usb 1-1: USB disconnect, device number 3 [ 85.352753][ T8] appletouch 1-1:0.85: input: appletouch disconnected [ 85.472230][ T6214] 9pnet_fd: p9_fd_create_tcp (6214): problem binding to privport [ 85.669871][ T6220] netlink: 24 bytes leftover after parsing attributes in process `syz.3.154'. [ 85.931978][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.159'. [ 85.947942][ T6230] erspan0: entered promiscuous mode [ 85.951036][ T6226] syz.1.157 (6226) used greatest stack depth: 20816 bytes left [ 86.110698][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 86.211605][ T6238] loop3: detected capacity change from 0 to 64 [ 86.305070][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 86.316964][ T8] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 86.331699][ T8] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 86.340671][ T8] usb 3-1: Product: syz [ 86.344884][ T8] usb 3-1: Manufacturer: syz [ 86.349524][ T8] usb 3-1: SerialNumber: syz [ 86.365795][ T8] usb 3-1: config 0 descriptor?? [ 86.460034][ T6232] loop0: detected capacity change from 0 to 40427 [ 86.509796][ T6232] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 86.519401][ T6232] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 86.540416][ T6232] F2FS-fs (loop0): invalid crc value [ 86.558300][ T6232] F2FS-fs (loop0): Found nat_bits in checkpoint [ 86.622334][ T787] usb 3-1: USB disconnect, device number 3 [ 86.735225][ T6232] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 86.746758][ T6232] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 86.934584][ T6250] loop3: detected capacity change from 0 to 256 [ 87.025851][ T6250] FAT-fs (loop3): Directory bread(block 64) failed [ 87.050325][ T6250] FAT-fs (loop3): Directory bread(block 65) failed [ 87.078050][ T6250] FAT-fs (loop3): Directory bread(block 66) failed [ 87.097925][ T6250] FAT-fs (loop3): Directory bread(block 67) failed [ 87.108179][ T6250] FAT-fs (loop3): Directory bread(block 68) failed [ 87.115175][ T6250] FAT-fs (loop3): Directory bread(block 69) failed [ 87.122165][ T6250] FAT-fs (loop3): Directory bread(block 70) failed [ 87.129007][ T6250] FAT-fs (loop3): Directory bread(block 71) failed [ 87.137901][ T6250] FAT-fs (loop3): Directory bread(block 72) failed [ 87.145644][ T6250] FAT-fs (loop3): Directory bread(block 73) failed [ 87.350856][ T5775] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 87.570690][ T5775] usb 2-1: Using ep0 maxpacket: 32 [ 87.581746][ T5775] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 87.600752][ T5775] usb 2-1: config 0 has no interface number 0 [ 87.607829][ T5775] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 87.660698][ T5775] usb 2-1: config 0 interface 85 has no altsetting 0 [ 87.672713][ T5775] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 87.695548][ T5775] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.740501][ T5775] usb 2-1: Product: syz [ 87.745186][ T5775] usb 2-1: Manufacturer: syz [ 87.770059][ T5775] usb 2-1: SerialNumber: syz [ 87.787652][ T5775] usb 2-1: config 0 descriptor?? [ 88.285381][ T6269] loop0: detected capacity change from 0 to 32768 [ 88.482755][ T5775] appletouch 2-1:0.85: Geyser mode initialized. [ 88.492147][ T6269] JBD2: Ignoring recovery information on journal [ 88.512511][ T5775] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input6 [ 88.639939][ T6281] loop3: detected capacity change from 0 to 164 [ 88.680176][ T6269] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 88.827977][ T5775] usb 2-1: USB disconnect, device number 3 [ 88.834136][ C0] appletouch 2-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 88.857689][ T6284] loop2: detected capacity change from 0 to 256 [ 88.908261][ T5775] appletouch 2-1:0.85: input: appletouch disconnected [ 88.919781][ T6284] exfat: Deprecated parameter 'namecase' [ 89.000004][ T6269] syz.0.175 (6269) used greatest stack depth: 18768 bytes left [ 89.071759][ T6284] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 89.133537][ T5767] ocfs2: Unmounting device (7,0) on (node local) [ 89.436028][ T6296] loop2: detected capacity change from 0 to 64 [ 90.272957][ T6313] loop0: detected capacity change from 0 to 256 [ 90.319972][ T6317] loop3: detected capacity change from 0 to 512 [ 90.327492][ T6317] EXT4-fs: Ignoring removed i_version option [ 90.348817][ T6317] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 90.377722][ T6299] loop1: detected capacity change from 0 to 32768 [ 90.427041][ T6299] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.189 (6299) [ 90.469120][ T6317] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.544777][ T6317] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.592580][ T6299] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 90.617438][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.621473][ T6299] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 90.635699][ T6299] BTRFS info (device loop1): using free space tree [ 90.801125][ T6299] BTRFS info (device loop1): enabling ssd optimizations [ 90.808125][ T6299] BTRFS info (device loop1): auto enabling async discard [ 90.872429][ T6348] capability: warning: `syz.2.204' uses 32-bit capabilities (legacy support in use) [ 90.918152][ T6346] program syz.2.204 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 91.080334][ T6299] BTRFS error (device loop1): balance: invalid convert data profile raid0 [ 91.211442][ T6357] netlink: 284 bytes leftover after parsing attributes in process `syz.0.207'. [ 91.222194][ T6355] loop2: detected capacity change from 0 to 2048 [ 91.249372][ T6355] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 91.279598][ T6359] loop3: detected capacity change from 0 to 2048 [ 91.350464][ T5765] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 91.354109][ T6360] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 91.380941][ T6359] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 91.547691][ T6362] loop0: detected capacity change from 0 to 1024 [ 91.876229][ T6364] netlink: 'syz.2.211': attribute type 10 has an invalid length. [ 91.907924][ T6364] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 92.038978][ T6364] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 92.087466][ T6364] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 92.154162][ T5853] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 92.168266][ T6374] loop0: detected capacity change from 0 to 256 [ 92.195336][ T6374] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 92.290644][ T787] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 92.368328][ T5853] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.379290][ T6380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.218'. [ 92.391618][ T5853] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.402941][ T5853] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 92.420897][ T5853] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.441488][ T5853] usb 4-1: config 0 descriptor?? [ 92.497026][ T787] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 92.514444][ T787] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 92.526815][ T787] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 92.536473][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.548860][ T6370] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 92.562271][ T787] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 92.670716][ T5775] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 92.869147][ T5775] usb 1-1: config 4 has an invalid interface number: 28 but max is 0 [ 92.885925][ T5775] usb 1-1: config 4 has no interface number 0 [ 92.889549][ T5853] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 92.893601][ T968] usb 2-1: USB disconnect, device number 4 [ 92.913721][ T5775] usb 1-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 92.913747][ T5775] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.913765][ T5775] usb 1-1: Product: syz [ 92.913778][ T5775] usb 1-1: Manufacturer: syz [ 92.913791][ T5775] usb 1-1: SerialNumber: syz [ 92.953571][ T5775] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:4.28/input/input7 [ 92.987351][ T5853] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 93.093397][ T5853] cp2112 0003:10C4:EA90.0002: Part Number: 0x09 Device Version: 0x69 [ 93.152266][ T5121] bcm5974 1-1:4.28: could not read from device [ 93.169317][ T5775] bcm5974 1-1:4.28: could not read from device [ 93.187797][ T5121] bcm5974 1-1:4.28: could not read from device [ 93.207680][ T5775] input: failed to attach handler mousedev to device input7, error: -5 [ 93.227325][ T5121] bcm5974 1-1:4.28: could not read from device [ 93.238237][ T5775] usb 1-1: USB disconnect, device number 4 [ 93.309787][ T5853] cp2112 0003:10C4:EA90.0002: error requesting SMBus config [ 93.330599][ T5853] cp2112: probe of 0003:10C4:EA90.0002 failed with error -71 [ 93.367315][ T5853] usb 4-1: USB disconnect, device number 3 [ 93.505135][ T6388] capability: warning: `syz.2.221' uses deprecated v2 capabilities in a way that may be insecure [ 93.584950][ T8] IPVS: starting estimator thread 0... [ 93.588534][ T6391] IPVS: lc: SCTP 172.20.20.187:0 - no destination available [ 93.680846][ T6392] IPVS: using max 21 ests per chain, 50400 per kthread [ 94.133953][ T6408] loop0: detected capacity change from 0 to 512 [ 94.169014][ T6408] EXT4-fs (loop0): 1 truncate cleaned up [ 94.205826][ T6408] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.306410][ T6408] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.229: bg 0: block 465: padding at end of block bitmap is not set [ 94.328308][ T6408] EXT4-fs (loop0): Delayed block allocation failed for inode 13 at logical offset 3 with max blocks 9 with error 28 [ 94.347843][ T6408] EXT4-fs (loop0): This should not happen!! Data will be lost [ 94.347843][ T6408] [ 94.353617][ T6415] loop2: detected capacity change from 0 to 16 [ 94.358587][ T6408] EXT4-fs (loop0): Total free blocks count 0 [ 94.366876][ T6415] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 94.376436][ T6408] EXT4-fs (loop0): Free/Dirty block details [ 94.384239][ T6408] EXT4-fs (loop0): free_blocks=0 [ 94.389349][ T6408] EXT4-fs (loop0): dirty_blocks=9 [ 94.399078][ T6408] EXT4-fs (loop0): Block reservation details [ 94.408691][ T6408] EXT4-fs (loop0): i_reserved_data_blocks=9 [ 94.494686][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.530650][ T5775] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 94.751787][ T5775] usb 4-1: Using ep0 maxpacket: 16 [ 94.780113][ T5775] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.797439][ T5775] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.808301][ T5775] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 94.830830][ T5775] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 94.840229][ T5775] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.879653][ T5775] usb 4-1: config 0 descriptor?? [ 94.940692][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 95.001186][ T6433] loop0: detected capacity change from 0 to 256 [ 95.037276][ T6433] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 95.136321][ T8] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 95.155245][ T8] usb 2-1: config 0 has no interface number 0 [ 95.164422][ T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.183422][ T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.219232][ T8] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 95.237860][ T8] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 95.249384][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.268000][ T8] usb 2-1: config 0 descriptor?? [ 95.310430][ T5775] microsoft 0003:045E:07DA.0003: ignoring exceeding usage max [ 95.339583][ T5775] microsoft 0003:045E:07DA.0003: implement() called with n (56) > 32! (kworker/0:3) [ 95.518323][ T5775] microsoft 0003:045E:07DA.0003: No inputs registered, leaving [ 95.519889][ T6446] netlink: 'syz.0.247': attribute type 10 has an invalid length. [ 95.549521][ T6446] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.549526][ T5775] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 95.549553][ T5775] microsoft 0003:045E:07DA.0003: no inputs found [ 95.582413][ T5775] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway [ 95.614540][ T6448] set_capacity_and_notify: 1 callbacks suppressed [ 95.614555][ T6448] loop2: detected capacity change from 0 to 2048 [ 95.614971][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.632108][ T6448] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 95.669010][ T6446] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 95.828302][ T5775] usb 4-1: USB disconnect, device number 4 [ 95.949635][ T6451] loop0: detected capacity change from 0 to 2048 [ 95.969295][ T8] input: HID 28bd:0042 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0042.0004/input/input8 [ 95.979739][ T6451] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 96.009663][ T6453] loop2: detected capacity change from 0 to 1024 [ 96.068105][ T6451] overlayfs: upper fs needs to support d_type. [ 96.111924][ T6451] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 96.125288][ T6451] overlayfs: failed to set xattr on upper [ 96.134007][ T6451] overlayfs: ...falling back to redirect_dir=nofollow. [ 96.146613][ T8] uclogic 0003:28BD:0042.0004: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.1-1/input1 [ 96.150641][ T6451] overlayfs: ...falling back to index=off. [ 96.183695][ T8] usb 2-1: USB disconnect, device number 5 [ 96.217471][ T6451] overlayfs: ...falling back to uuid=null. [ 96.293876][ T41] hfsplus: b-tree write err: -5, ino 4 [ 96.331140][ T5767] UDF-fs: error (device loop0): udf_read_inode: (ino 1440) failed !bh [ 96.345788][ T5767] UDF-fs: error (device loop0): udf_read_inode: (ino 1440) failed !bh [ 96.387135][ T6455] fido_id[6455]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 97.068434][ T1305] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.267321][ T1305] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.344546][ T1305] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.487622][ T1305] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.880689][ T5775] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 97.919540][ T6485] loop2: detected capacity change from 0 to 4096 [ 98.128094][ T5771] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.139152][ T5771] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 98.148687][ T5771] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.160633][ T5775] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 98.169184][ T5771] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.176742][ T5775] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.189974][ T5771] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 98.198466][ T5775] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 98.208045][ T5771] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.216880][ T5775] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 98.225525][ T5775] usb 2-1: Manufacturer: syz [ 98.233758][ T5775] usb 2-1: config 0 descriptor?? [ 98.371649][ T5775] rc_core: IR keymap rc-hauppauge not found [ 98.378036][ T5775] Registered IR keymap rc-empty [ 98.395033][ T5775] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 98.409376][ T5775] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input9 [ 98.805913][ T6500] rc rc0: two consecutive events of type space [ 98.999041][ T5853] usb 2-1: USB disconnect, device number 6 [ 99.140771][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 99.347404][ T8] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 99.361714][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.384060][ T8] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 99.402988][ T8] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 99.420755][ T8] usb 3-1: Manufacturer: syz [ 99.429580][ T8] usb 3-1: config 0 descriptor?? [ 99.520624][ T8] rc_core: IR keymap rc-hauppauge not found [ 99.526584][ T8] Registered IR keymap rc-empty [ 99.543795][ T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 99.578572][ T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input10 [ 99.631549][ T6491] chnl_net:caif_netlink_parms(): no params data found [ 99.665897][ C0] igorplugusb 3-1:0.0: Error: urb status = -32 [ 99.901893][ T6530] macvtap1: entered promiscuous mode [ 99.910057][ T6530] dummy0: entered promiscuous mode [ 99.933922][ T6530] team0: Device macvtap1 failed to register rx_handler [ 100.001749][ T8] usb 3-1: USB disconnect, device number 4 [ 100.002545][ T6530] dummy0: left promiscuous mode [ 100.302772][ T6491] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.317116][ T6491] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.330832][ T6491] bridge_slave_0: entered allmulticast mode [ 100.336979][ T5770] Bluetooth: hci2: command tx timeout [ 100.354740][ T6491] bridge_slave_0: entered promiscuous mode [ 100.434335][ T6491] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.446379][ T6491] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.455131][ T6491] bridge_slave_1: entered allmulticast mode [ 100.468699][ T6491] bridge_slave_1: entered promiscuous mode [ 100.487802][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.276'. [ 100.570789][ T5853] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 100.763169][ T5853] usb 4-1: Using ep0 maxpacket: 16 [ 100.789525][ T5853] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 100.791954][ T1321] Bluetooth: hci4: Frame reassembly failed (-84) [ 100.807407][ T5853] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 100.823908][ T6491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.833576][ T5853] usb 4-1: Product: syz [ 100.837778][ T5853] usb 4-1: Manufacturer: syz [ 100.844539][ T6551] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 100.861438][ T6491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.875959][ T49] Bluetooth: hci4: Frame reassembly failed (-84) [ 100.878768][ T5853] usb 4-1: SerialNumber: syz [ 100.897133][ T5853] usb 4-1: config 0 descriptor?? [ 101.126447][ T6491] team0: Port device team_slave_0 added [ 101.143068][ T6491] team0: Port device team_slave_1 added [ 101.220354][ T6491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.250793][ T6491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.263934][ T5853] usb 4-1: USB disconnect, device number 5 [ 101.350857][ T6491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.395933][ T6491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.430441][ T6491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.466626][ T6491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.511459][ T1305] hsr_slave_0: left promiscuous mode [ 101.551841][ T1305] hsr_slave_1: left promiscuous mode [ 101.581013][ T1305] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.600876][ T1305] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.620864][ T1305] bridge_slave_1: left allmulticast mode [ 101.626833][ T1305] bridge_slave_1: left promiscuous mode [ 101.658094][ T1305] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.685464][ T1305] bridge_slave_0: left allmulticast mode [ 101.701436][ T1305] bridge_slave_0: left promiscuous mode [ 101.711808][ T1305] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.779353][ T1305] veth1_macvtap: left promiscuous mode [ 101.786411][ T1305] veth0_macvtap: left promiscuous mode [ 101.801896][ T1305] veth1_vlan: left promiscuous mode [ 101.817872][ T1305] veth0_vlan: left promiscuous mode [ 102.109830][ T6566] loop2: detected capacity change from 0 to 32768 [ 102.274472][ T6566] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 102.340131][ T6566] XFS (loop2): Ending clean mount [ 102.411648][ T5771] Bluetooth: hci2: command tx timeout [ 102.583049][ T5768] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 102.810780][ T5771] Bluetooth: hci4: command 0x1003 tx timeout [ 102.818763][ T5770] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 103.089583][ T6594] loop7: detected capacity change from 0 to 7 [ 103.156868][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.167499][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.193048][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.202288][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.223703][ T1305] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 103.232044][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.241669][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.255658][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.264884][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.275050][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.284373][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.294420][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.303655][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.312572][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.321894][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.329845][ T6594] ldm_validate_partition_table(): Disk read failed. [ 103.346285][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.355513][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.369188][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.369697][ T1305] team0 (unregistering): Port device team_slave_1 removed [ 103.378436][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.379285][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.403981][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 103.414594][ T6594] Dev loop7: unable to read RDB block 0 [ 103.423055][ T6594] loop7: unable to read partition table [ 103.432440][ T6594] loop7: partition table beyond EOD, truncated [ 103.438936][ T6594] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ֘ȵ4FLQkÝŠ5) failed (rc=-5) [ 103.475610][ T1305] team0 (unregistering): Port device team_slave_0 removed [ 103.578058][ T1305] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.666602][ T1305] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.030223][ T1305] bond0 (unregistering): Released all slaves [ 104.130671][ T6586] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 104.284030][ T6491] hsr_slave_0: entered promiscuous mode [ 104.303530][ T6491] hsr_slave_1: entered promiscuous mode [ 104.320873][ T6491] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.333527][ T6491] Cannot create hsr debugfs directory [ 104.493704][ T5770] Bluetooth: hci2: command tx timeout [ 104.871234][ T6622] loop3: detected capacity change from 0 to 256 [ 104.925338][ T6622] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 105.199994][ T6491] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 105.235252][ T6491] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 105.267973][ T6491] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 105.289736][ T6491] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 105.527035][ T6491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.598941][ T6491] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.652052][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.659306][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.706016][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.713350][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.795973][ T6491] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 105.834414][ T6491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 105.891154][ T5775] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 106.082655][ T5775] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.105820][ T5775] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 106.147487][ T5775] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 106.169765][ T5775] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.211793][ T5775] usb 4-1: config 0 descriptor?? [ 106.290102][ T6677] loop1: detected capacity change from 0 to 64 [ 106.386358][ T6491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.571010][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 106.579062][ T5770] Bluetooth: hci2: command tx timeout [ 106.643384][ T5775] kovaplus 0003:1E7D:2D50.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0 [ 106.762784][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 106.800716][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 106.841449][ T9] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 106.864082][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 106.884560][ T9] usb 3-1: SerialNumber: syz [ 107.029645][ T6491] veth0_vlan: entered promiscuous mode [ 107.041231][ T5775] kovaplus 0003:1E7D:2D50.0005: couldn't init struct kovaplus_device [ 107.059940][ T5775] kovaplus 0003:1E7D:2D50.0005: couldn't install mouse [ 107.070152][ T6491] veth1_vlan: entered promiscuous mode [ 107.087931][ T5775] kovaplus: probe of 0003:1E7D:2D50.0005 failed with error -71 [ 107.129882][ T9] usb 3-1: 0:2 : does not exist [ 107.155650][ T6491] veth0_macvtap: entered promiscuous mode [ 107.159898][ T5775] usb 4-1: USB disconnect, device number 6 [ 107.189836][ T6491] veth1_macvtap: entered promiscuous mode [ 107.218874][ T9] usb 3-1: USB disconnect, device number 5 [ 107.274812][ T6491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.309671][ T5758] udevd[5758]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 107.317674][ T6491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.383826][ T6491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.404573][ T6491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.423500][ T6491] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.447040][ T6491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.471437][ T6491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.486387][ T6491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.497494][ T6491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.513219][ T6491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.526222][ T6491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.540297][ T6491] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.579963][ T6491] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.624323][ T6491] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.648911][ T6491] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.667568][ T6491] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.851325][ T1305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.885255][ T1305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.943329][ T1305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.963775][ T1305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.225458][ T23] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 108.264035][ T6730] loop4: detected capacity change from 0 to 256 [ 108.291736][ T23] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 108.388936][ T6730] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 108.807237][ T6742] netlink: 'syz.4.321': attribute type 10 has an invalid length. [ 108.836072][ T6742] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.900961][ T78] Bluetooth: hci4: Frame reassembly failed (-84) [ 108.920848][ T6743] Bluetooth: hci4: Frame reassembly failed (-84) [ 108.929227][ T6742] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.993886][ T6742] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 109.214018][ T6752] loop4: detected capacity change from 0 to 128 [ 109.275718][ T6752] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 109.349464][ T6752] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 109.459836][ T6760] loop2: detected capacity change from 0 to 2364 [ 109.511030][ T5759] blk_print_req_error: 10 callbacks suppressed [ 109.511047][ T5759] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 109.983513][ T6779] loop1: detected capacity change from 0 to 512 [ 110.004746][ T6779] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 110.550319][ T6794] netlink: 24 bytes leftover after parsing attributes in process `syz.2.337'. [ 110.705323][ T6800] input: syz0 as /devices/virtual/input/input11 [ 110.894794][ T5770] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 111.099523][ T6810] loop3: detected capacity change from 0 to 256 [ 111.112874][ T6779] loop1: detected capacity change from 0 to 32768 [ 111.217815][ T6810] FAT-fs (loop3): Directory bread(block 64) failed [ 111.239417][ T6779] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 111.281288][ T6810] FAT-fs (loop3): Directory bread(block 65) failed [ 111.288053][ T6810] FAT-fs (loop3): Directory bread(block 66) failed [ 111.314456][ T6779] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 111.314720][ T6796] loop4: detected capacity change from 0 to 40427 [ 111.339781][ T6796] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 111.349514][ T6796] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 111.366136][ T6796] F2FS-fs (loop4): invalid crc value [ 111.381040][ T6810] FAT-fs (loop3): Directory bread(block 67) failed [ 111.388621][ T6810] FAT-fs (loop3): Directory bread(block 68) failed [ 111.425163][ T6796] F2FS-fs (loop4): Found nat_bits in checkpoint [ 111.455504][ T6810] FAT-fs (loop3): Directory bread(block 69) failed [ 111.488839][ T6810] FAT-fs (loop3): Directory bread(block 70) failed [ 111.510789][ T6810] FAT-fs (loop3): Directory bread(block 71) failed [ 111.552257][ T6779] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 1ms [ 111.558397][ T6810] FAT-fs (loop3): Directory bread(block 72) failed [ 111.603220][ T6810] FAT-fs (loop3): Directory bread(block 73) failed [ 111.603540][ T5775] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 111.639135][ T5775] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 111.679485][ T6796] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 111.720666][ T6796] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 111.854987][ T5775] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 215ms [ 111.877880][ T5775] gfs2: fsid=syz:syz.0: jid=0: Done [ 111.888416][ T6779] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 112.943643][ T6856] loop1: detected capacity change from 0 to 128 [ 113.422605][ T6869] netlink: 56 bytes leftover after parsing attributes in process `syz.2.360'. [ 113.646828][ T6862] loop3: detected capacity change from 0 to 32768 [ 113.673260][ T6862] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.357 (6862) [ 113.737831][ T6862] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 113.764455][ T6862] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 113.796872][ T6862] BTRFS info (device loop3): setting nodatacow, compression disabled [ 113.822065][ T6862] BTRFS info (device loop3): force clearing of disk cache [ 113.850748][ T6862] BTRFS info (device loop3): enabling ssd optimizations [ 113.857762][ T6862] BTRFS info (device loop3): using spread ssd allocation scheme [ 113.902944][ T6862] BTRFS info (device loop3): turning off barriers [ 113.936939][ T6862] BTRFS info (device loop3): disabling free space tree [ 113.949999][ T6862] BTRFS info (device loop3): not using ssd optimizations [ 113.969026][ T6859] loop4: detected capacity change from 0 to 32768 [ 113.978893][ T6862] BTRFS info (device loop3): not using spread ssd allocation scheme [ 114.039807][ T27] audit: type=1800 audit(1771390295.451:3): pid=6859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.347" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 114.154630][ T6859] syz.4.347: attempt to access beyond end of device [ 114.154630][ T6859] loop4: rw=34817, sector=4680064, nr_sectors = 120 limit=32768 [ 114.294050][ T113] blkno = 8ed30, nblocks = f [ 114.337297][ T113] ERROR: (device loop4): dbFree: block to be freed is outside the map [ 114.337297][ T113] [ 114.364103][ T6862] BTRFS info (device loop3): rebuilding free space tree [ 114.377467][ T113] ERROR: (device loop4): remounting filesystem as read-only [ 114.468182][ T6902] netlink: 28 bytes leftover after parsing attributes in process `syz.2.366'. [ 114.512126][ T6862] BTRFS info (device loop3): disabling free space tree [ 114.519159][ T6862] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 114.556471][ T6862] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 114.705245][ T1321] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.938825][ T5766] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 114.952836][ T1321] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.157858][ T1321] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.231920][ T6912] loop2: detected capacity change from 0 to 256 [ 115.479842][ T1321] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.766343][ T6922] loop3: detected capacity change from 0 to 1024 [ 115.810662][ T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 115.836059][ T6922] EXT4-fs: Ignoring removed orlov option [ 115.955640][ T6922] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.023552][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 116.042471][ T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 116.062028][ T8] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 116.075644][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 116.097457][ T8] usb 5-1: SerialNumber: syz [ 116.209778][ T5771] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 116.221941][ T5771] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 116.239302][ T5771] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 116.261634][ T5771] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 116.273698][ T5771] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 116.287864][ T5771] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 116.300099][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.365453][ T8] usb 5-1: 0:2 : does not exist [ 116.386278][ T8] usb 5-1: USB disconnect, device number 2 [ 116.525707][ T5758] udevd[5758]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 117.184169][ T5770] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 117.194740][ T5770] CPU: 0 PID: 5770 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 117.202328][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.212777][ T5770] Workqueue: hci2 hci_rx_work [ 117.217509][ T5770] Call Trace: [ 117.220910][ T5770] [ 117.224034][ T5770] dump_stack_lvl+0x18c/0x250 [ 117.228929][ T5770] ? show_regs_print_info+0x20/0x20 [ 117.234167][ T5770] ? load_image+0x400/0x400 [ 117.238726][ T5770] sysfs_create_dir_ns+0x26e/0x2a0 [ 117.244048][ T5770] ? sysfs_warn_dup+0xa0/0xa0 [ 117.248760][ T5770] ? do_raw_spin_unlock+0x121/0x230 [ 117.253991][ T5770] kobject_add_internal+0x61c/0xcc0 [ 117.259388][ T5770] kobject_add+0x164/0x240 [ 117.263976][ T5770] ? __rwlock_init+0x150/0x150 [ 117.268744][ T5770] ? kobject_init+0x1e0/0x1e0 [ 117.273416][ T5770] ? _raw_spin_unlock+0x28/0x40 [ 117.278361][ T5770] ? get_device_parent+0x366/0x390 [ 117.283479][ T5770] device_add+0x408/0xc20 [ 117.288101][ T5770] hci_conn_add_sysfs+0xd5/0x1e0 [ 117.293165][ T5770] le_conn_complete_evt+0xf5d/0x1540 [ 117.298494][ T5770] ? hci_event_packet+0x4cb/0x1270 [ 117.303648][ T5770] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 117.309901][ T5770] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 117.315573][ T5770] ? skb_pull_data+0xfb/0x200 [ 117.320320][ T5770] hci_le_conn_complete_evt+0x187/0x440 [ 117.325941][ T5770] ? hci_remote_host_features_evt+0x150/0x150 [ 117.332022][ T5770] hci_event_packet+0x7ba/0x1270 [ 117.337138][ T5770] ? bis_list+0x290/0x290 [ 117.341558][ T5770] ? lockdep_hardirqs_on+0x98/0x150 [ 117.346772][ T5770] ? hci_send_to_monitor+0xd7/0x4f0 [ 117.351976][ T5770] hci_rx_work+0x43a/0xd60 [ 117.356402][ T5770] ? process_scheduled_works+0x96f/0x15d0 [ 117.362210][ T5770] process_scheduled_works+0xa5d/0x15d0 [ 117.367775][ T5770] ? assign_work+0x430/0x430 [ 117.372403][ T5770] ? assign_work+0x3d0/0x430 [ 117.377104][ T5770] worker_thread+0xa55/0xfc0 [ 117.381918][ T5770] kthread+0x2fa/0x390 [ 117.385986][ T5770] ? pr_cont_work+0x560/0x560 [ 117.390776][ T5770] ? kthread_blkcg+0xd0/0xd0 [ 117.395548][ T5770] ret_from_fork+0x48/0x80 [ 117.399959][ T5770] ? kthread_blkcg+0xd0/0xd0 [ 117.404565][ T5770] ret_from_fork_asm+0x11/0x20 [ 117.409347][ T5770] [ 117.413755][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 117.423632][ T5770] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 117.437872][ T5770] Bluetooth: hci2: failed to register connection device [ 117.501312][ T6935] chnl_net:caif_netlink_parms(): no params data found [ 117.543876][ T6956] loop2: detected capacity change from 0 to 32768 [ 117.616124][ T6956] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 117.625478][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 117.632826][ T9] usb 4-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00 [ 117.666207][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.684799][ T9] usb 4-1: config 0 descriptor?? [ 117.774970][ T6956] XFS (loop2): Ending clean mount [ 117.843406][ T6956] XFS (loop2): Quotacheck needed: Please wait. [ 117.912446][ T6935] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.935490][ T6935] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.978036][ T6935] bridge_slave_0: entered allmulticast mode [ 117.996610][ T6935] bridge_slave_0: entered promiscuous mode [ 118.011503][ T6956] XFS (loop2): Quotacheck: Done. [ 118.022856][ T6935] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.030026][ T6935] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.049864][ T6935] bridge_slave_1: entered allmulticast mode [ 118.062109][ T6935] bridge_slave_1: entered promiscuous mode [ 118.157585][ T9] a4tech 0003:09DA:000A.0007: item fetching failed at offset 0/7 [ 118.191485][ T9] a4tech 0003:09DA:000A.0007: parse failed [ 118.207902][ T9] a4tech: probe of 0003:09DA:000A.0007 failed with error -22 [ 118.346425][ T5768] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 118.368129][ T6935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.411337][ T5771] Bluetooth: hci0: command tx timeout [ 118.440421][ T787] usb 4-1: USB disconnect, device number 7 [ 118.460903][ T1321] hsr_slave_0: left promiscuous mode [ 118.470743][ T5853] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 118.494650][ T1321] hsr_slave_1: left promiscuous mode [ 118.504199][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.511870][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.520149][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.527721][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.536405][ T1321] bridge_slave_1: left allmulticast mode [ 118.542175][ T1321] bridge_slave_1: left promiscuous mode [ 118.548126][ T1321] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.565594][ T1321] bridge_slave_0: left allmulticast mode [ 118.571793][ T1321] bridge_slave_0: left promiscuous mode [ 118.577730][ T1321] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.607345][ T1321] veth1_macvtap: left promiscuous mode [ 118.615544][ T1321] veth0_macvtap: left promiscuous mode [ 118.621484][ T1321] veth1_vlan: left promiscuous mode [ 118.626865][ T1321] veth0_vlan: left promiscuous mode [ 118.672957][ T5853] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 118.698338][ T5853] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 118.730968][ T5853] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 118.750324][ T5853] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 118.762364][ T5853] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 118.782831][ T5853] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 118.792393][ T5853] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 118.800505][ T5853] usb 5-1: Product: syz [ 118.805693][ T5853] usb 5-1: Manufacturer: syz [ 118.827040][ T5853] cdc_wdm 5-1:1.0: skipping garbage [ 118.834572][ T5853] cdc_wdm 5-1:1.0: skipping garbage [ 118.850932][ T5853] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 118.856981][ T5853] cdc_wdm 5-1:1.0: Unknown control protocol [ 119.095977][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.102953][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.111108][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.117777][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.134414][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.141186][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.148161][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.154809][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.161782][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.168508][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.175685][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.179652][ T6994] netlink: 48 bytes leftover after parsing attributes in process `syz.3.387'. [ 119.182396][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.182729][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.182751][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.182967][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.217863][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.224791][ T787] usb 5-1: USB disconnect, device number 3 [ 119.230915][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 119.230940][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 119.230958][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 119.458558][ T5771] Bluetooth: hci2: command tx timeout [ 119.759900][ T1321] team0 (unregistering): Port device team_slave_1 removed [ 119.896661][ T1321] team0 (unregistering): Port device team_slave_0 removed [ 120.076206][ T1321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 120.296062][ T1321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.350429][ T7000] loop4: detected capacity change from 0 to 16 [ 120.372475][ T7000] erofs: (device loop4): mounted with root inode @ nid 36. [ 120.530677][ T5771] Bluetooth: hci0: command tx timeout [ 120.536397][ T27] audit: type=1800 audit(1771390301.861:4): pid=7000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.389" name="file1" dev="loop4" ino=86 res=0 errno=0 [ 120.755079][ T6996] loop2: detected capacity change from 0 to 131072 [ 120.761666][ C0] sched: RT throttling activated [ 120.790942][ T6996] F2FS-fs (loop2): Segment count (31) mismatch with total segments from devices (0) [ 120.800481][ T6996] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 120.819569][ T6996] F2FS-fs (loop2): invalid crc value [ 120.863468][ T6996] F2FS-fs (loop2): Found nat_bits in checkpoint [ 120.941656][ T6996] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 120.948755][ T6996] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 121.244332][ T7012] Zero length message leads to an empty skb [ 121.379692][ T1321] bond0 (unregistering): Released all slaves [ 121.537099][ T6935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.729458][ T6935] team0: Port device team_slave_0 added [ 121.802848][ T6935] team0: Port device team_slave_1 added [ 121.831079][ T7026] loop3: detected capacity change from 0 to 16 [ 121.865474][ T7026] erofs: (device loop3): mounted with root inode @ nid 36. [ 121.933024][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.990629][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.059285][ T6935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.114274][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.125752][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.155373][ T6935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.190676][ T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 122.266576][ T6935] hsr_slave_0: entered promiscuous mode [ 122.291409][ T6935] hsr_slave_1: entered promiscuous mode [ 122.330695][ T6935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 122.348920][ T6935] Cannot create hsr debugfs directory [ 122.417543][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.460193][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.486965][ T8] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 122.526138][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.570739][ T5771] Bluetooth: hci0: command tx timeout [ 122.588218][ T8] usb 5-1: config 0 descriptor?? [ 122.688280][ T7033] loop3: detected capacity change from 0 to 32768 [ 122.718343][ T7033] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.399 (7033) [ 122.784896][ T7033] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 122.813391][ T7033] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 122.841721][ T7033] BTRFS info (device loop3): allowing degraded mounts [ 122.854791][ T7033] BTRFS info (device loop3): enabling auto defrag [ 122.867960][ T7033] BTRFS info (device loop3): using free space tree [ 123.000424][ T7033] BTRFS info (device loop3): enabling ssd optimizations [ 123.009847][ T7033] BTRFS info (device loop3): auto enabling async discard [ 123.075875][ T8] pyra 0003:1E7D:2CF6.0008: item fetching failed at offset 0/7 [ 123.126437][ T8] pyra 0003:1E7D:2CF6.0008: parse failed [ 123.173783][ T8] pyra: probe of 0003:1E7D:2CF6.0008 failed with error -22 [ 123.304924][ T8] usb 5-1: USB disconnect, device number 4 [ 123.487473][ T5766] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 123.858562][ T5758] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 11 /dev/loop3 scanned by udevd (5758) [ 124.024591][ T6935] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 124.049486][ T6935] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 124.113499][ T6935] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 124.220432][ T6935] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 124.487690][ T7092] loop4: detected capacity change from 0 to 1024 [ 124.553181][ T6935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.660786][ T5771] Bluetooth: hci0: command tx timeout [ 124.677500][ T6935] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.743224][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.750514][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.817299][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.824754][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.851305][ T42] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 125.072510][ T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.083988][ T42] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 125.106723][ T42] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 125.140639][ T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.167411][ T42] usb 3-1: config 0 descriptor?? [ 125.545211][ T6935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.638643][ T42] kovaplus 0003:1E7D:2D50.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0 [ 125.723884][ T6935] veth0_vlan: entered promiscuous mode [ 125.796287][ T6935] veth1_vlan: entered promiscuous mode [ 125.883621][ T6935] veth0_macvtap: entered promiscuous mode [ 125.918834][ T6935] veth1_macvtap: entered promiscuous mode [ 125.974559][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.005850][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.032333][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.039791][ T42] kovaplus 0003:1E7D:2D50.0009: couldn't init struct kovaplus_device [ 126.055731][ T42] kovaplus 0003:1E7D:2D50.0009: couldn't install mouse [ 126.076356][ T42] kovaplus: probe of 0003:1E7D:2D50.0009 failed with error -71 [ 126.106452][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.121242][ T42] usb 3-1: USB disconnect, device number 6 [ 126.156664][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.199644][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.213835][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.224256][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.236200][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.248078][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.260187][ T6935] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.281303][ T6935] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.294790][ T6935] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.331460][ T6935] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.401601][ T7149] netlink: 132 bytes leftover after parsing attributes in process `syz.3.422'. [ 126.426984][ T7149] netlink: 'syz.3.422': attribute type 12 has an invalid length. [ 126.471688][ T7149] netlink: 132 bytes leftover after parsing attributes in process `syz.3.422'. [ 126.682208][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.700337][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.756655][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.771610][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.247165][ T7172] ieee802154 phy0 wpan0: encryption failed: -22 [ 127.339827][ T7175] loop3: detected capacity change from 0 to 512 [ 127.363383][ T7175] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 127.585878][ T7155] loop4: detected capacity change from 0 to 32768 [ 127.722452][ T7155] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 127.910210][ T7155] XFS (loop4): Ending clean mount [ 128.195122][ T6491] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 128.672392][ T7175] loop3: detected capacity change from 0 to 32768 [ 128.735783][ T7194] loop1: detected capacity change from 0 to 32768 [ 128.744866][ T7175] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 128.773858][ T7175] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 128.924160][ T7175] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 128.968481][ T5848] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 128.981443][ T5848] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 129.171448][ T5848] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 190ms [ 129.208042][ T5848] gfs2: fsid=syz:syz.0: jid=0: Done [ 129.243814][ T7175] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 129.411013][ T23] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 129.622836][ T23] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 129.644289][ T23] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 129.673448][ T23] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 129.712647][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 129.740698][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 129.775714][ T23] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 129.812877][ T23] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 129.844575][ T23] usb 2-1: Product: syz [ 129.848900][ T23] usb 2-1: Manufacturer: syz [ 129.865486][ T23] cdc_wdm 2-1:1.0: skipping garbage [ 129.880611][ T23] cdc_wdm 2-1:1.0: skipping garbage [ 129.887378][ T23] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 129.900686][ T23] cdc_wdm 2-1:1.0: Unknown control protocol [ 130.025264][ T7215] loop4: detected capacity change from 0 to 32768 [ 130.090931][ T7215] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.437 (7215) [ 130.117147][ T7221] loop2: detected capacity change from 0 to 40427 [ 130.145191][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.151857][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.158166][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.164797][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.171759][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.178574][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.185169][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.191806][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.198169][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.204800][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.212025][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.218655][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.225069][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.231701][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.238050][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.238459][ T7221] F2FS-fs (loop2): invalid crc value [ 130.244659][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.244905][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.262769][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.270081][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 130.276730][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 130.289894][ T23] usb 2-1: USB disconnect, device number 7 [ 130.289970][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 130.306158][ T7215] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 130.321313][ T7215] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 130.330080][ T7215] BTRFS info (device loop4): setting nodatacow, compression disabled [ 130.346989][ T7215] BTRFS info (device loop4): force clearing of disk cache [ 130.352678][ T7221] F2FS-fs (loop2): Found nat_bits in checkpoint [ 130.363762][ T7215] BTRFS info (device loop4): enabling ssd optimizations [ 130.396383][ T7215] BTRFS info (device loop4): using spread ssd allocation scheme [ 130.436082][ T7215] BTRFS info (device loop4): turning off barriers [ 130.448267][ T7215] BTRFS info (device loop4): disabling free space tree [ 130.460804][ T7215] BTRFS info (device loop4): not using ssd optimizations [ 130.480617][ T7215] BTRFS info (device loop4): not using spread ssd allocation scheme [ 130.616680][ T7221] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 130.728236][ T7215] BTRFS info (device loop4): rebuilding free space tree [ 130.783840][ T7215] BTRFS info (device loop4): disabling free space tree [ 130.818995][ T7215] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 130.873528][ T7215] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 131.142830][ T6491] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 131.689639][ T7279] loop2: detected capacity change from 0 to 512 [ 131.860491][ T7279] EXT4-fs (loop2): 1 truncate cleaned up [ 131.867445][ T7279] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.177398][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.139562][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.149372][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.657974][ T7342] dvmrp1: tun_chr_ioctl cmd 2147767506 [ 133.908605][ T7334] loop1: detected capacity change from 0 to 32768 [ 134.092648][ T5853] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 134.219588][ T7362] loop4: detected capacity change from 0 to 128 [ 134.311213][ T5853] usb 3-1: Using ep0 maxpacket: 16 [ 134.326088][ T5853] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.364152][ T5853] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.390673][ T5853] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 134.450879][ T5853] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 134.459980][ T5853] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.503809][ T7367] loop4: detected capacity change from 0 to 512 [ 134.520027][ T5853] usb 3-1: config 0 descriptor?? [ 134.549088][ T7367] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.662231][ T7372] netlink: 'syz.1.468': attribute type 39 has an invalid length. [ 134.784213][ T7352] loop2: detected capacity change from 0 to 8 [ 134.813611][ T7352] SQUASHFS error: lzo decompression failed, data probably corrupt [ 134.832682][ T6491] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.836544][ T7352] SQUASHFS error: Failed to read block 0x91: -5 [ 134.868660][ T7352] SQUASHFS error: Unable to read metadata cache entry [8f] [ 134.897840][ T7352] SQUASHFS error: Unable to read inode 0x11f [ 135.203367][ T5853] microsoft 0003:045E:07DA.000A: unknown main item tag 0x0 [ 135.243959][ T7384] loop1: detected capacity change from 0 to 512 [ 135.254668][ T7384] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 135.262312][ T5853] microsoft 0003:045E:07DA.000A: unknown main item tag 0x0 [ 135.301091][ T5853] microsoft 0003:045E:07DA.000A: ignoring exceeding usage max [ 135.302228][ T7384] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 135.318652][ T5853] microsoft 0003:045E:07DA.000A: ignoring exceeding usage max [ 135.341221][ T5853] microsoft 0003:045E:07DA.000A: item fetching failed at offset 31/34 [ 135.372939][ T5853] microsoft 0003:045E:07DA.000A: parse failed [ 135.386101][ T7384] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 135.390129][ T5853] microsoft: probe of 0003:045E:07DA.000A failed with error -22 [ 135.458925][ T7384] EXT4-fs error (device loop1): __ext4_iget:5071: inode #15: block 1803188595: comm syz.1.472: invalid block [ 135.462645][ T5853] usb 3-1: USB disconnect, device number 7 [ 135.485742][ T7384] EXT4-fs (loop1): Remounting filesystem read-only [ 135.508549][ T7384] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.664684][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.896086][ T7407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.479'. [ 136.190356][ T5853] kernel write not supported for file /sysvipc/sem (pid: 5853 comm: kworker/1:6) [ 136.257629][ T7422] loop2: detected capacity change from 0 to 1024 [ 136.382643][ T7426] loop3: detected capacity change from 0 to 64 [ 136.753250][ T7432] loop2: detected capacity change from 0 to 1024 [ 136.875981][ T7432] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 136.963118][ T7432] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.976529][ T7413] loop1: detected capacity change from 0 to 32768 [ 137.006276][ T7413] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.481 (7413) [ 137.088598][ T7432] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 3: comm syz.2.487: lblock 3 mapped to illegal pblock 3 (length 2) [ 137.103272][ T7413] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 137.121391][ T7443] loop3: detected capacity change from 0 to 16 [ 137.127740][ T7413] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 137.168951][ T7443] erofs: (device loop3): mounted with root inode @ nid 36. [ 137.176550][ T7413] BTRFS info (device loop1): using free space tree [ 137.203163][ T7445] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: comm syz.2.487: lblock 0 mapped to illegal pblock 0 (length 3) [ 137.322060][ T7445] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 117 [ 137.359309][ T7413] BTRFS info (device loop1): enabling ssd optimizations [ 137.379385][ T7445] EXT4-fs (loop2): This should not happen!! Data will be lost [ 137.379385][ T7445] [ 137.410670][ T7413] BTRFS info (device loop1): auto enabling async discard [ 137.564352][ T7413] BTRFS error (device loop1): target device group/net cgroup rw,relatime,blkio,devices,freezer,net_prio 0 0 [ 137.564352][ T7413] gadgetfs /dev/gadgetfs gadgetfs rw,relatime 0 0 [ 137.564352][ T7413] binder /dev/binderfs binder rw,relatime,max=1048576 0 0 [ 137.564352][ T7413] is invalid! [ 137.657087][ T49] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 4: comm kworker/u4:3: lblock 4 mapped to illegal pblock 4 (length 1) [ 137.740420][ T49] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 117 [ 137.797996][ T6935] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 137.813299][ T49] EXT4-fs (loop2): This should not happen!! Data will be lost [ 137.813299][ T49] [ 137.855593][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 138.006185][ T7481] trusted_key: encrypted_key: keyword 'uew' not recognized [ 138.848915][ T7507] netlink: 44 bytes leftover after parsing attributes in process `syz.4.505'. [ 139.157480][ T27] audit: type=1326 audit(1771390320.571:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.4.507" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba4d59c629 code=0x0 [ 139.361063][ T7523] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 139.761218][ T7532] loop1: detected capacity change from 0 to 512 [ 139.807214][ T7535] loop2: detected capacity change from 0 to 512 [ 139.824723][ T7535] EXT4-fs: Ignoring removed nomblk_io_submit option [ 139.911905][ T7535] EXT4-fs error (device loop2): ext4_iget_extra_inode:4732: inode #15: comm syz.2.512: corrupted in-inode xattr: e_value size too large [ 139.954660][ T7535] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.512: couldn't read orphan inode 15 (err -117) [ 140.042874][ T7535] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.144416][ T7548] loop4: detected capacity change from 0 to 512 [ 140.200694][ T7548] FAT-fs (loop4): Invalid FSINFO signature: 0x41000000, 0x61417272 (sector = 1) [ 140.354384][ T7552] loop3: detected capacity change from 0 to 1024 [ 140.434664][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.463110][ T49] FAT-fs (loop4): Invalid FSINFO signature: 0x41000000, 0x61417272 (sector = 1) [ 140.677260][ T7561] loop4: detected capacity change from 0 to 1024 [ 140.911236][ T11] hfsplus: b-tree write err: -5, ino 4 [ 141.383749][ T7555] loop1: detected capacity change from 0 to 32768 [ 141.497828][ T7555] UFO tlock:0xffffc9000285a1f8 [ 141.667541][ T7566] loop2: detected capacity change from 0 to 32768 [ 141.761338][ T7566] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 141.816730][ T7566] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 141.968076][ T7566] XFS (loop2): Ending clean mount [ 141.986509][ T7566] XFS (loop2): Quotacheck needed: Please wait. [ 142.119152][ T7597] loop1: detected capacity change from 0 to 4096 [ 142.141123][ T7566] XFS (loop2): Quotacheck: Done. [ 142.268382][ T7602] loop4: detected capacity change from 0 to 47 [ 142.280222][ T7599] 8021q: adding VLAN 0 to HW filter on device bond1 [ 142.290347][ T7599] bond0: (slave bond1): Enslaving as an active interface with an up link [ 142.298658][ T7597] ntfs: volume version 3.1. [ 142.371821][ T5853] kernel write not supported for file /input/mouse0 (pid: 5853 comm: kworker/1:6) [ 142.525452][ T7597] ntfs: (device loop1): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). [ 142.561456][ T7597] ntfs: (device loop1): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28. [ 142.648824][ T5768] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 142.680409][ T7606] loop3: detected capacity change from 0 to 4096 [ 142.740026][ T7606] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 143.069984][ T7611] netlink: 8 bytes leftover after parsing attributes in process `syz.4.534'. [ 143.090302][ T7611] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 143.866399][ T5853] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 144.018187][ T7624] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 144.055123][ T7624] JBD2: Ignoring recovery information on journal [ 144.084027][ T5853] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 144.099569][ T5853] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 144.112565][ T5853] usb 3-1: config 220 contains an unexpected descriptor of type 0x1, skipping [ 144.121689][ T5853] usb 3-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config [ 144.133127][ T5853] usb 3-1: config 220 has no interface number 2 [ 144.139464][ T5853] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 144.153365][ T5853] usb 3-1: config 220 interface 0 has no altsetting 0 [ 144.160251][ T5853] usb 3-1: config 220 interface 76 has no altsetting 0 [ 144.167568][ T5853] usb 3-1: config 220 interface 1 has no altsetting 0 [ 144.176473][ T7624] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 144.186550][ T5853] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 144.192470][ T7640] EXT4-fs: Ignoring removed oldalloc option [ 144.195871][ T5853] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.209883][ T5853] usb 3-1: Product: syz [ 144.214941][ T5853] usb 3-1: Manufacturer: syz [ 144.219571][ T5853] usb 3-1: SerialNumber: syz [ 144.257271][ T7640] EXT4-fs (loop3): 1 truncate cleaned up [ 144.289841][ T7640] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.349275][ T6491] ocfs2: Unmounting device (7,4) on (node local) [ 144.455112][ T5853] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 144.471037][ T5853] usb 3-1: No valid video chain found. [ 144.482385][ T5853] usb 3-1: selecting invalid altsetting 0 [ 144.519487][ T5853] usb 3-1: selecting invalid altsetting 0 [ 144.527236][ T5766] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 144.533410][ T5853] usbtest: probe of 3-1:220.1 failed with error -22 [ 144.595267][ T5853] usb 3-1: USB disconnect, device number 8 [ 144.604731][ T5766] EXT4-fs (loop3): Remounting filesystem read-only [ 145.094780][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.155674][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.351060][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.485181][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.650721][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.685340][ T7651] set_capacity_and_notify: 5 callbacks suppressed [ 145.685353][ T7651] loop4: detected capacity change from 0 to 40427 [ 145.701795][ T7653] loop1: detected capacity change from 0 to 32768 [ 145.724369][ T7651] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 145.754923][ T7651] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 145.790856][ T7653] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 145.829969][ T7651] F2FS-fs (loop4): Found nat_bits in checkpoint [ 145.974592][ T7653] XFS (loop1): Ending clean mount [ 146.070355][ T7651] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 146.125015][ T7651] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 146.276301][ T6935] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 146.522813][ T6491] syz-executor: attempt to access beyond end of device [ 146.522813][ T6491] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 146.563516][ T5770] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 146.577698][ T5770] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 146.595805][ T5770] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 146.605355][ T6491] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 146.614766][ T5770] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 146.626314][ T5770] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 146.636787][ T5770] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 147.180633][ T5848] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 147.212374][ T5775] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 147.410774][ T5848] usb 2-1: Using ep0 maxpacket: 16 [ 147.416072][ T5775] usb 3-1: Using ep0 maxpacket: 8 [ 147.433365][ T5848] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 147.438511][ T7698] loop4: detected capacity change from 0 to 4096 [ 147.450024][ T5775] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 147.473192][ T5848] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 147.486950][ T5775] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.494314][ T7698] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 147.495576][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.516642][ T5848] usb 2-1: Product: syz [ 147.525020][ T5848] usb 2-1: Manufacturer: syz [ 147.529716][ T5848] usb 2-1: SerialNumber: syz [ 147.532583][ T5775] pvrusb2: Hardware description: Terratec Grabster AV400 [ 147.548161][ T5775] pvrusb2: ********** [ 147.553796][ T5775] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 147.571300][ T5848] usb 2-1: config 0 descriptor?? [ 147.577606][ T7674] chnl_net:caif_netlink_parms(): no params data found [ 147.589670][ T5848] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 147.622977][ T5775] pvrusb2: Important functionality might not be entirely working. [ 147.631427][ T5848] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 147.643372][ T5775] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 147.657329][ T5775] pvrusb2: ********** [ 147.756425][ T2316] pvrusb2: Invalid write control endpoint [ 147.972509][ T2316] pvrusb2: Invalid write control endpoint [ 147.997116][ T2316] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 148.083440][ T2316] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 148.104813][ T2316] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 148.128532][ T2316] pvrusb2: Device being rendered inoperable [ 148.149417][ T7687] pvrusb2: Attempted to execute control transfer when device not ok [ 148.184080][ T787] usb 3-1: USB disconnect, device number 9 [ 148.191179][ T2316] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 148.200234][ T2316] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 148.228049][ T2316] pvrusb2: Attached sub-driver cx25840 [ 148.253069][ T5848] em28xx 2-1:0.0: chip ID is em2765 [ 148.270351][ T2316] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 148.309827][ T2316] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 148.324310][ T7674] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.357422][ T7674] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.382068][ T7674] bridge_slave_0: entered allmulticast mode [ 148.399975][ T7674] bridge_slave_0: entered promiscuous mode [ 148.445917][ T7674] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.459114][ T7674] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.468723][ T7674] bridge_slave_1: entered allmulticast mode [ 148.484688][ T7674] bridge_slave_1: entered promiscuous mode [ 148.552321][ T5848] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 148.565968][ T49] hsr_slave_0: left promiscuous mode [ 148.572695][ T5848] em28xx 2-1:0.0: board has no eeprom [ 148.579751][ T49] hsr_slave_1: left promiscuous mode [ 148.592958][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.600863][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.611909][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.619457][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.635387][ T49] bridge_slave_1: left allmulticast mode [ 148.641487][ T49] bridge_slave_1: left promiscuous mode [ 148.647317][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.671011][ T5848] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 148.687438][ T49] bridge_slave_0: left allmulticast mode [ 148.693375][ T5848] em28xx 2-1:0.0: dvb set to bulk mode. [ 148.706286][ T49] bridge_slave_0: left promiscuous mode [ 148.713515][ T5775] em28xx 2-1:0.0: Binding DVB extension [ 148.727388][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.734520][ T5848] usb 2-1: USB disconnect, device number 8 [ 148.740707][ T5771] Bluetooth: hci1: command tx timeout [ 148.772224][ T5848] em28xx 2-1:0.0: Disconnecting em28xx [ 148.835502][ T5775] em28xx 2-1:0.0: Registering input extension [ 148.892326][ T5848] em28xx 2-1:0.0: Closing input extension [ 148.986647][ T49] veth1_macvtap: left promiscuous mode [ 149.004660][ T49] veth0_macvtap: left promiscuous mode [ 149.023287][ T5848] em28xx 2-1:0.0: Freeing device [ 149.025061][ T49] veth1_vlan: left promiscuous mode [ 149.070788][ T49] veth0_vlan: left promiscuous mode [ 149.252767][ T5771] block nbd0: Receive control failed (result -32) [ 149.452488][ T7735] loop1: detected capacity change from 0 to 128 [ 149.888940][ T49] bond0 (unregistering): (slave bond1): Releasing backup interface [ 149.929872][ T7745] loop4: detected capacity change from 0 to 256 [ 149.944789][ T49] bond1 (unregistering): Released all slaves [ 149.969222][ T7745] exfat: Deprecated parameter 'namecase' [ 150.040772][ T7742] loop1: detected capacity change from 0 to 32768 [ 150.054466][ T7745] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5cb490d, utbl_chksum : 0xe619d30d) [ 150.096412][ T7742] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 150.104824][ T7742] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 150.207819][ T7742] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 150.222453][ T5848] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 150.230772][ T5848] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 150.314674][ T5848] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 83ms [ 150.324275][ T5848] gfs2: fsid=syz:syz.0: jid=0: Done [ 150.331858][ T7742] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 150.810957][ T5771] Bluetooth: hci1: command tx timeout [ 151.604564][ T49] team0 (unregistering): Port device team_slave_1 removed [ 151.605738][ T7759] loop4: detected capacity change from 0 to 32768 [ 151.709388][ T49] team0 (unregistering): Port device team_slave_0 removed [ 151.770213][ T7759] UFO tlock:0xffffc9000285a0d8 [ 151.788581][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 151.885018][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 152.379628][ T49] bond0 (unregistering): Released all slaves [ 152.499594][ T7769] loop4: detected capacity change from 0 to 64 [ 152.597202][ T7746] netlink: 'syz.2.574': attribute type 14 has an invalid length. [ 152.673636][ T7674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.709546][ T7674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.768453][ T7771] [U] [ 152.771744][ T7771] [U] [ 152.774458][ T7771] [U] [ 152.777162][ T7771] [U] [ 152.788803][ T7771] [U] [ 152.791559][ T7771] [U] [ 152.794267][ T7771] [U] [ 152.796947][ T7771] [U] [ 152.799698][ T7771] [U] ( [ 152.802460][ T7771] [U]  [ 152.805324][ T7771] [U] [ 152.808034][ T7771] [U] [ 152.850147][ T7771] [U] [ 152.852915][ T7771] [U] [ 152.855633][ T7771] [U] [ 152.858350][ T7771] [U] [ 152.892347][ T5771] Bluetooth: hci1: command tx timeout [ 152.893781][ T7770] [U] [ 152.972382][ T7674] team0: Port device team_slave_0 added [ 152.984610][ T7674] team0: Port device team_slave_1 added [ 153.065564][ T7674] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.128089][ T7674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.167457][ T7674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.181729][ T7674] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.187372][ T5853] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 153.189119][ T7674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.233489][ T7674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.416174][ T5853] usb 3-1: Using ep0 maxpacket: 32 [ 153.434465][ T7674] hsr_slave_0: entered promiscuous mode [ 153.437338][ T5853] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 153.457766][ T7674] hsr_slave_1: entered promiscuous mode [ 153.483724][ T5853] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.506063][ T5853] usb 3-1: config 0 descriptor?? [ 153.751172][ T5853] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 153.807416][ T5853] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 153.837246][ T5853] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 153.870698][ T5853] usb 3-1: media controller created [ 153.928072][ T5853] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 153.981700][ T5853] az6027: usb out operation failed. (-71) [ 153.989523][ T5853] az6027: usb out operation failed. (-71) [ 154.000832][ T5853] stb0899_attach: Driver disabled by Kconfig [ 154.010830][ T5853] az6027: no front-end attached [ 154.010830][ T5853] [ 154.065565][ T5853] az6027: usb out operation failed. (-71) [ 154.075556][ T5853] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 154.102457][ T5853] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13 [ 154.122368][ T5853] dvb-usb: schedule remote query interval to 400 msecs. [ 154.129480][ T5853] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 154.162770][ T5853] usb 3-1: USB disconnect, device number 10 [ 154.219434][ T7804] team0 (unregistering): Port device team_slave_0 removed [ 154.256983][ T7804] team0 (unregistering): Port device team_slave_1 removed [ 154.326614][ T5853] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 154.349111][ T7813] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831599472947593698 ! [ 154.551290][ T7818] loop4: detected capacity change from 0 to 1024 [ 154.576073][ T7674] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 154.598382][ T7674] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 154.606463][ T7818] hfsplus: xattr searching failed [ 154.615871][ T27] audit: type=1800 audit(1771390337.028:6): pid=7818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.597" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 154.622090][ T7818] hfsplus: xattr searching failed [ 154.646469][ T7674] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 154.681221][ T7674] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 154.715218][ T7818] hfsplus: xattr searching failed [ 154.831264][ T23] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 154.971007][ T5771] Bluetooth: hci1: command tx timeout [ 154.992289][ T7674] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.006932][ T7835] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 155.061661][ T23] usb 2-1: unable to get BOS descriptor or descriptor too short [ 155.069991][ T23] usb 2-1: not running at top speed; connect to a high speed hub [ 155.086160][ T7674] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.121924][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.124654][ T4542] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.139325][ T4542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.163623][ T23] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 155.196650][ T23] usb 2-1: string descriptor 0 read error: -22 [ 155.197479][ T4542] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.210172][ T4542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.215011][ T23] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 155.253935][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.308118][ T23] usb 2-1: 0:2 : does not exist [ 155.528016][ T7850] input: syz1 as /devices/virtual/input/input14 [ 155.939472][ T7674] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.199801][ T23] usb 2-1: 5:0: bogus dB values (-9883/-9610), disabling dB reporting [ 156.233565][ T23] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 156.269433][ T23] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 156.311746][ T23] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 156.393122][ T23] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 156.449580][ T23] usb 2-1: USB disconnect, device number 9 [ 156.509919][ T7846] loop4: detected capacity change from 0 to 40427 [ 156.581397][ T7846] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x7ffff [ 156.639588][ T7846] F2FS-fs (loop4): invalid crc value [ 156.684845][ T7846] F2FS-fs (loop4): Found nat_bits in checkpoint [ 156.866444][ T7674] veth0_vlan: entered promiscuous mode [ 156.877290][ T7846] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 156.909987][ T7674] veth1_vlan: entered promiscuous mode [ 157.066355][ T7674] veth0_macvtap: entered promiscuous mode [ 157.112870][ T7674] veth1_macvtap: entered promiscuous mode [ 157.189774][ T7896] loop2: detected capacity change from 0 to 128 [ 157.192484][ T7674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.238661][ T7674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.258287][ T7896] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 157.276532][ T7674] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.301248][ T7674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.323483][ T6491] syz-executor: attempt to access beyond end of device [ 157.323483][ T6491] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 157.345948][ T7896] ext4 filesystem being mounted at /186/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 157.384921][ T7674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.391354][ T6491] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 157.420716][ T7674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.456688][ T7674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.468155][ T7674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.479519][ T7674] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.491126][ T7674] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.502308][ T7896] EXT4-fs (loop2): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 157.523467][ T7674] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.550742][ T7674] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.581802][ T7674] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.593828][ T7674] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.622711][ T5768] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 157.837470][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.881704][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.983038][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.996429][ T7908] netlink: 80 bytes leftover after parsing attributes in process `syz.2.616'. [ 158.014944][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.643301][ T7935] loop5: detected capacity change from 0 to 256 [ 158.736934][ T7935] exFAT-fs (loop5): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 158.876784][ T27] audit: type=1800 audit(1771390341.288:7): pid=7935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.621" name="file1" dev="loop5" ino=1048622 res=0 errno=0 [ 160.713853][ T7988] loop1: detected capacity change from 0 to 1024 [ 160.826903][ T7988] hfsplus: bad catalog entry type [ 161.003187][ T1045] hfsplus: b-tree write err: -5, ino 4 [ 161.182798][ T7995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.639'. [ 161.829785][ T8024] loop5: detected capacity change from 0 to 64 [ 161.979842][ T8028] loop1: detected capacity change from 0 to 1024 [ 162.007792][ T8028] EXT4-fs: Ignoring removed bh option [ 162.041711][ T8028] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 162.080800][ T8028] EXT4-fs (loop1): stripe (9) is not aligned with cluster size (16), stripe is disabled [ 162.145387][ T8028] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.187117][ T8035] loop4: detected capacity change from 0 to 1024 [ 162.201141][ T8035] EXT4-fs: Ignoring removed nobh option [ 162.206750][ T8035] EXT4-fs: Ignoring removed bh option [ 162.226241][ T8035] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 162.342574][ T8035] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.439808][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.619657][ T6491] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.682677][ T8021] loop2: detected capacity change from 0 to 32768 [ 162.745369][ T8021] (syz.2.646,8021,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 162.797950][ T8021] (syz.2.646,8021,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 162.915428][ T8054] netlink: 96 bytes leftover after parsing attributes in process `syz.4.655'. [ 162.930120][ T8021] JBD2: Ignoring recovery information on journal [ 163.048227][ T8056] loop5: detected capacity change from 0 to 1024 [ 163.062930][ T8056] EXT4-fs: Ignoring removed bh option [ 163.079742][ T8021] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 163.176600][ T8056] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.501043][ T7674] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.879549][ T5768] ocfs2: Unmounting device (7,2) on (node local) [ 164.003837][ T8086] loop1: detected capacity change from 0 to 256 [ 164.005737][ T8081] netlink: 4 bytes leftover after parsing attributes in process `syz.5.663'. [ 164.579909][ T8107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.674'. [ 164.687893][ T8109] netlink: 32 bytes leftover after parsing attributes in process `syz.5.675'. [ 164.736780][ T8111] loop2: detected capacity change from 0 to 512 [ 165.133195][ T8127] netlink: 44 bytes leftover after parsing attributes in process `syz.4.683'. [ 165.383216][ T8137] loop2: detected capacity change from 0 to 64 [ 166.115908][ T8143] loop4: detected capacity change from 0 to 32768 [ 166.129464][ T8143] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 11 [ 166.369313][ T5758] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 11 [ 166.764913][ T8160] loop5: detected capacity change from 0 to 2048 [ 166.775899][ T8160] EXT4-fs: Ignoring removed mblk_io_submit option [ 166.901970][ T8160] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.098942][ T27] audit: type=1804 audit(1771390349.508:8): pid=8160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.699" name="/newroot/19/file1/file1" dev="loop5" ino=15 res=1 errno=0 [ 167.199073][ T8156] loop1: detected capacity change from 0 to 32768 [ 167.207118][ T7674] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.279202][ T8156] (syz.1.696,8156,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 167.340938][ T8156] (syz.1.696,8156,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 167.388135][ T8169] loop4: detected capacity change from 0 to 32768 [ 167.388261][ T8176] netlink: 8 bytes leftover after parsing attributes in process `syz.5.703'. [ 167.457700][ T8169] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 167.477768][ T8156] JBD2: Ignoring recovery information on journal [ 167.564068][ T8169] XFS (loop4): Ending clean mount [ 167.589897][ T8156] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 167.631824][ T8169] XFS (loop4): Quotacheck needed: Please wait. [ 167.790216][ T8169] XFS (loop4): Quotacheck: Done. [ 168.023163][ T6491] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 168.119119][ T6935] ocfs2: Unmounting device (7,1) on (node local) [ 168.375463][ T8197] loop5: detected capacity change from 0 to 128 [ 168.404173][ T8174] loop2: detected capacity change from 0 to 32768 [ 168.453268][ T8197] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 168.502415][ T8174] [ 168.502415][ T8174] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.502415][ T8174] [ 168.514240][ T8197] hpfs: filesystem error: improperly stopped [ 168.520292][ T8197] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 168.576386][ T8197] hpfs: You really don't want any checks? You are crazy... [ 168.623567][ T8197] hpfs: hpfs_map_sector(): read error [ 168.629111][ T8197] hpfs: code page support is disabled [ 168.634326][ T8174] ialloc: diAlloc returned -5! [ 168.645120][ T8197] hpfs: hpfs_map_4sectors(): unaligned read [ 168.675039][ T8197] hpfs: hpfs_map_4sectors(): unaligned read [ 168.690107][ T8197] hpfs: filesystem error: unable to find root dir [ 168.747583][ T5768] [ 168.747583][ T5768] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.747583][ T5768] [ 168.778806][ T5768] [ 168.778806][ T5768] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.778806][ T5768] [ 169.154175][ T8219] loop1: detected capacity change from 0 to 65 [ 169.189625][ T8219] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway [ 169.954774][ T8224] loop5: detected capacity change from 0 to 32768 [ 169.972871][ T8224] (syz.5.716,8224,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 170.021622][ T8224] (syz.5.716,8224,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 170.093230][ T8224] JBD2: Ignoring recovery information on journal [ 170.136955][ T8227] loop2: detected capacity change from 0 to 40427 [ 170.196065][ T8224] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 170.230846][ T8227] F2FS-fs (loop2): Invalid segment count (1) [ 170.277645][ T8227] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 170.316870][ T8227] F2FS-fs (loop2): heap/no_heap options were deprecated [ 170.357738][ T8227] F2FS-fs (loop2): invalid crc value [ 170.362152][ T8248] loop1: detected capacity change from 0 to 2048 [ 170.394948][ T8227] F2FS-fs (loop2): Found nat_bits in checkpoint [ 170.508439][ T8253] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 170.611338][ T8227] F2FS-fs (loop2): Try to recover 1th superblock, ret: -30 [ 170.663234][ T27] audit: type=1800 audit(1771390353.078:9): pid=8248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.725" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 170.663410][ T8227] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 170.683426][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.849302][ T7674] ocfs2: Unmounting device (7,5) on (node local) [ 171.052559][ T8259] loop4: detected capacity change from 0 to 1024 [ 171.164285][ T8259] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 171.262697][ T8266] loop5: detected capacity change from 0 to 4096 [ 171.277932][ T8266] ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 171.365922][ T6491] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 171.442133][ T8266] ntfs: volume version 3.1. [ 172.029724][ T8288] input: syz0 as /devices/virtual/input/input15 [ 172.389672][ T8294] misc userio: Begin command sent, but we're already running [ 172.546254][ T8301] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 172.553602][ T8301] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 172.744797][ T8307] loop5: detected capacity change from 0 to 128 [ 172.762624][ T8309] loop1: detected capacity change from 0 to 2048 [ 173.250979][ T787] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 173.326614][ T8322] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 173.423408][ T8322] ext4 filesystem being mounted at /83/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 173.444641][ T787] usb 6-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 173.461429][ T787] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.478246][ T787] usb 6-1: Product: syz [ 173.486527][ T787] usb 6-1: Manufacturer: syz [ 173.501008][ T787] usb 6-1: SerialNumber: syz [ 173.537883][ T787] usb 6-1: config 0 descriptor?? [ 173.568669][ T8322] fscrypt (loop1, inode 12): Unsupported encryption flags (0x0e) [ 174.022163][ T6935] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 174.377818][ T787] usb 6-1: f81604_write: reg: 105 data: 56 failed: -EPROTO [ 174.390159][ T787] f81604 6-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 174.407975][ T787] f81604: probe of 6-1:0.0 failed with error -71 [ 174.442485][ T787] usb 6-1: USB disconnect, device number 2 [ 174.577753][ T8361] process 'syz.4.767' launched '/dev/fd/3' with NULL argv: empty string added [ 174.937104][ T8373] set_capacity_and_notify: 1 callbacks suppressed [ 174.937119][ T8373] loop4: detected capacity change from 0 to 4096 [ 174.954218][ T8373] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 175.160746][ T8373] ntfs: volume version 3.1. [ 176.164349][ T8384] loop2: detected capacity change from 0 to 32768 [ 176.192705][ T8384] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.773 (8384) [ 176.282300][ T8384] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 176.299893][ T8384] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 176.350836][ T8384] BTRFS info (device loop2): setting nodatacow, compression disabled [ 176.358985][ T8384] BTRFS info (device loop2): force clearing of disk cache [ 176.375212][ T8422] loop1: detected capacity change from 0 to 128 [ 176.400618][ T8384] BTRFS info (device loop2): enabling ssd optimizations [ 176.418009][ T8384] BTRFS info (device loop2): using spread ssd allocation scheme [ 176.449816][ T8422] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 176.510717][ T8384] BTRFS info (device loop2): turning off barriers [ 176.517213][ T8384] BTRFS info (device loop2): disabling free space tree [ 176.556111][ T8422] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.573510][ T8384] BTRFS info (device loop2): not using ssd optimizations [ 176.670678][ T8384] BTRFS info (device loop2): not using spread ssd allocation scheme [ 176.682086][ T8422] fscrypt (loop1, inode 12): Unsupported encryption flags (0x29) [ 176.827219][ T6935] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 176.923591][ T8384] BTRFS info (device loop2): rebuilding free space tree [ 176.978544][ T8384] BTRFS info (device loop2): disabling free space tree [ 176.999860][ T8384] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 177.027055][ T8384] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 177.336129][ T5768] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 177.808351][ T8471] loop4: detected capacity change from 0 to 2048 [ 177.868591][ T8471] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 178.349671][ T8483] loop4: detected capacity change from 0 to 128 [ 178.437303][ T8483] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 178.544044][ T8483] ext4 filesystem being mounted at /148/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 178.673044][ T6491] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 178.883961][ T8492] loop1: detected capacity change from 0 to 4096 [ 178.991002][ T8492] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 179.247491][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.802'. [ 179.757641][ T8524] loop4: detected capacity change from 0 to 128 [ 180.114644][ T8513] loop1: detected capacity change from 0 to 32768 [ 180.296965][ T8531] loop4: detected capacity change from 0 to 8192 [ 180.390248][ T8513] XFS (loop1): Invalid device [./file0], error=-6 [ 180.661007][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 180.681096][ T8548] loop1: detected capacity change from 0 to 512 [ 180.689161][ T8548] EXT4-fs: Ignoring removed orlov option [ 180.725028][ T8548] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 180.840900][ T8548] EXT4-fs (loop1): 1 orphan inode deleted [ 180.846660][ T8548] EXT4-fs (loop1): 1 truncate cleaned up [ 180.887071][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 180.894928][ T8] usb 3-1: config 0 interface 0 has no altsetting 0 [ 180.910680][ T8] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 180.923514][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.942796][ T8] usb 3-1: config 0 descriptor?? [ 180.943011][ T8548] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.131266][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.258766][ T8567] binder: 8566:8567 ioctl c0306201 200000000080 returned -14 [ 181.261707][ T5848] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 181.331937][ T8569] netlink: 16 bytes leftover after parsing attributes in process `syz.1.815'. [ 181.384000][ T8] hid (null): unknown global tag 0xe [ 181.391790][ T8] hid (null): unknown global tag 0xd [ 181.397134][ T8] hid (null): unknown global tag 0xd [ 181.418016][ T8] hid (null): unknown global tag 0xc [ 181.429478][ T8] hid (null): report_id 14868 is invalid [ 181.441972][ T8] hid (null): unknown global tag 0xc [ 181.488236][ T5848] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 181.512247][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.534287][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.591144][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 181.608186][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.626631][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.660381][ T8] usb 3-1: USB disconnect, device number 11 [ 181.674676][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 181.710120][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.725300][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.739006][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 181.747973][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.759044][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.762264][ T8582] netlink: 64 bytes leftover after parsing attributes in process `syz.1.820'. [ 181.786766][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 181.795225][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.808488][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.828454][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 181.837730][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.854139][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.870469][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 181.891010][ T787] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 181.916467][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.925828][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.939078][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 181.954825][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 181.965640][ T5848] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 181.980879][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0 [ 182.001729][ T5848] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 182.021399][ T5848] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 182.029823][ T5848] usb 5-1: Product: syz [ 182.052145][ T5848] usb 5-1: Manufacturer: syz [ 182.067266][ T5848] usb 5-1: SerialNumber: syz [ 182.092363][ T787] usb 6-1: Using ep0 maxpacket: 32 [ 182.100250][ T5848] usb 5-1: config 0 descriptor?? [ 182.112155][ T787] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.116359][ T5848] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 182.140036][ T787] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 182.185356][ T787] usb 6-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 182.232133][ T787] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.270993][ T787] usb 6-1: config 0 descriptor?? [ 182.551710][ T5848] usb 5-1: USB disconnect, device number 5 [ 182.566648][ T5848] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 182.925088][ T787] usb 6-1: string descriptor 0 read error: -71 [ 182.948597][ T787] uclogic 0003:256C:006E.000C: failed retrieving string descriptor #200: -71 [ 182.967754][ T787] uclogic 0003:256C:006E.000C: failed retrieving pen parameters: -71 [ 182.983802][ T787] uclogic 0003:256C:006E.000C: failed probing pen v2 parameters: -71 [ 183.023038][ T787] uclogic 0003:256C:006E.000C: failed probing parameters: -71 [ 183.051704][ T787] uclogic: probe of 0003:256C:006E.000C failed with error -71 [ 183.070958][ T787] usb 6-1: USB disconnect, device number 3 [ 183.355240][ T8604] loop2: detected capacity change from 0 to 40427 [ 183.373624][ T8604] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 183.384546][ T8604] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 183.396755][ T8618] [ 183.399119][ T8618] ===================================================== [ 183.406057][ T8618] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 183.413524][ T8618] syzkaller #0 Not tainted [ 183.417926][ T8618] ----------------------------------------------------- [ 183.424884][ T8618] syz.1.826/8618 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 183.432426][ T8618] ffffffff8ce0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xf9/0x360 [ 183.440962][ T8618] [ 183.440962][ T8618] and this task is already holding: [ 183.448479][ T8618] ffff8880751da398 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360 [ 183.457349][ T8618] which would create a new lock dependency: [ 183.463239][ T8618] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 183.471241][ T8618] [ 183.471241][ T8618] but this new dependency connects a HARDIRQ-irq-safe lock: [ 183.480680][ T8618] (&dev->event_lock#2){-.-.}-{2:2} [ 183.480707][ T8618] [ 183.480707][ T8618] ... which became HARDIRQ-irq-safe at: [ 183.493680][ T8618] lock_acquire+0x19e/0x420 [ 183.498262][ T8618] _raw_spin_lock_irqsave+0xb4/0x100 [ 183.503623][ T8618] input_event+0x7a/0xc0 [ 183.507940][ T8618] psmouse_report_standard_packet+0x53/0x200 [ 183.513993][ T8618] psmouse_process_byte+0x478/0x670 [ 183.519269][ T8618] psmouse_handle_byte+0x43/0x490 [ 183.524368][ T8618] ps2_interrupt+0x164/0x980 [ 183.529030][ T8618] serio_interrupt+0x8b/0x130 [ 183.533776][ T8618] i8042_interrupt+0x385/0x710 [ 183.538613][ T8618] __handle_irq_event_percpu+0x271/0x940 [ 183.544370][ T8618] handle_irq_event+0x8b/0x1e0 [ 183.549231][ T8618] handle_edge_irq+0x247/0xb30 [ 183.554077][ T8618] __common_interrupt+0x13b/0x230 [ 183.559181][ T8618] common_interrupt+0xb4/0xd0 [ 183.563940][ T8618] asm_common_interrupt+0x26/0x40 [ 183.569040][ T8618] _raw_spin_unlock_irqrestore+0xc0/0x120 [ 183.574833][ T8618] i8042_aux_write+0x109/0x170 [ 183.579679][ T8618] ps2_do_sendbyte+0x1fd/0x6f0 [ 183.584515][ T8618] ps2_sendbyte+0x5f/0x120 [ 183.589003][ T8618] cypress_send_ext_cmd+0x244/0x930 [ 183.594274][ T8618] cypress_detect+0x93/0x1a0 [ 183.598934][ T8618] psmouse_extensions+0x471/0xc00 [ 183.604031][ T8618] psmouse_switch_protocol+0xc8/0x5f0 [ 183.609475][ T8618] psmouse_connect+0x8d8/0x14c0 [ 183.614404][ T8618] serio_driver_probe+0x7a/0xa0 [ 183.619327][ T8618] really_probe+0x25b/0xb20 [ 183.623912][ T8618] __driver_probe_device+0x18c/0x330 [ 183.629296][ T8618] driver_probe_device+0x4f/0x420 [ 183.634395][ T8618] __driver_attach+0x44e/0x6e0 [ 183.639238][ T8618] bus_for_each_dev+0x235/0x2b0 [ 183.644187][ T8618] serio_handle_event+0x1a2/0x860 [ 183.649503][ T8618] process_scheduled_works+0xa5d/0x15d0 [ 183.655141][ T8618] worker_thread+0xa55/0xfc0 [ 183.659813][ T8618] kthread+0x2fa/0x390 [ 183.663963][ T8618] ret_from_fork+0x48/0x80 [ 183.668460][ T8618] ret_from_fork_asm+0x11/0x20 [ 183.673301][ T8618] [ 183.673301][ T8618] to a HARDIRQ-irq-unsafe lock: [ 183.680579][ T8618] (tasklist_lock){.+.+}-{2:2} [ 183.680602][ T8618] [ 183.680602][ T8618] ... which became HARDIRQ-irq-unsafe at: [ 183.693210][ T8618] ... [ 183.693216][ T8618] lock_acquire+0x19e/0x420 [ 183.700355][ T8618] _raw_read_lock+0x36/0x50 [ 183.704936][ T8618] do_wait+0x294/0xae0 [ 183.709085][ T8618] kernel_wait+0xd7/0x1c0 [ 183.713544][ T8618] call_usermodehelper_exec_work+0xb9/0x220 [ 183.719520][ T8618] process_scheduled_works+0xa5d/0x15d0 [ 183.725138][ T8618] worker_thread+0xa55/0xfc0 [ 183.729800][ T8618] kthread+0x2fa/0x390 [ 183.733938][ T8618] ret_from_fork+0x48/0x80 [ 183.738426][ T8618] ret_from_fork_asm+0x11/0x20 [ 183.743323][ T8618] [ 183.743323][ T8618] other info that might help us debug this: [ 183.743323][ T8618] [ 183.753534][ T8618] Chain exists of: [ 183.753534][ T8618] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 183.753534][ T8618] [ 183.766823][ T8618] Possible interrupt unsafe locking scenario: [ 183.766823][ T8618] [ 183.775227][ T8618] CPU0 CPU1 [ 183.780574][ T8618] ---- ---- [ 183.785920][ T8618] lock(tasklist_lock); [ 183.790151][ T8618] local_irq_disable(); [ 183.796885][ T8618] lock(&dev->event_lock#2); [ 183.804229][ T8618] lock(&f->f_owner.lock); [ 183.811240][ T8618] [ 183.814695][ T8618] lock(&dev->event_lock#2); [ 183.819535][ T8618] [ 183.819535][ T8618] *** DEADLOCK *** [ 183.819535][ T8618] [ 183.827771][ T8618] 5 locks held by syz.1.826/8618: [ 183.832808][ T8618] #0: ffffffff8d27bf70 (file_rwsem){.+.+}-{0:0}, at: __break_lease+0x184/0x12b0 [ 183.841937][ T8618] #1: ffff88801bf7fd28 (&ctx->flc_lock){+.+.}-{2:2}, at: __break_lease+0x191/0x12b0 [ 183.851842][ T8618] #2: ffffffff8d131fa0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0 [ 183.860881][ T8618] #3: ffff88801bff7168 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 183.870100][ T8618] #4: ffff8880751da398 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360 [ 183.879398][ T8618] [ 183.879398][ T8618] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 183.889872][ T8618] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 183.895704][ T8618] IN-HARDIRQ-W at: [ 183.899928][ T8618] lock_acquire+0x19e/0x420 [ 183.906593][ T8618] _raw_spin_lock_irqsave+0xb4/0x100 [ 183.914032][ T8618] input_event+0x7a/0xc0 [ 183.920443][ T8618] psmouse_report_standard_packet+0x53/0x200 [ 183.928584][ T8618] psmouse_process_byte+0x478/0x670 [ 183.935943][ T8618] psmouse_handle_byte+0x43/0x490 [ 183.943126][ T8618] ps2_interrupt+0x164/0x980 [ 183.949872][ T8618] serio_interrupt+0x8b/0x130 [ 183.956703][ T8618] i8042_interrupt+0x385/0x710 [ 183.963630][ T8618] __handle_irq_event_percpu+0x271/0x940 [ 183.971426][ T8618] handle_irq_event+0x8b/0x1e0 [ 183.978351][ T8618] handle_edge_irq+0x247/0xb30 [ 183.985277][ T8618] __common_interrupt+0x13b/0x230 [ 183.992484][ T8618] common_interrupt+0xb4/0xd0 [ 183.999319][ T8618] asm_common_interrupt+0x26/0x40 [ 184.006503][ T8618] _raw_spin_unlock_irqrestore+0xc0/0x120 [ 184.014377][ T8618] i8042_aux_write+0x109/0x170 [ 184.021306][ T8618] ps2_do_sendbyte+0x1fd/0x6f0 [ 184.028314][ T8618] ps2_sendbyte+0x5f/0x120 [ 184.034888][ T8618] cypress_send_ext_cmd+0x244/0x930 [ 184.042250][ T8618] cypress_detect+0x93/0x1a0 [ 184.049078][ T8618] psmouse_extensions+0x471/0xc00 [ 184.056266][ T8618] psmouse_switch_protocol+0xc8/0x5f0 [ 184.063798][ T8618] psmouse_connect+0x8d8/0x14c0 [ 184.070931][ T8618] serio_driver_probe+0x7a/0xa0 [ 184.077987][ T8618] really_probe+0x25b/0xb20 [ 184.084655][ T8618] __driver_probe_device+0x18c/0x330 [ 184.092097][ T8618] driver_probe_device+0x4f/0x420 [ 184.099275][ T8618] __driver_attach+0x44e/0x6e0 [ 184.106284][ T8618] bus_for_each_dev+0x235/0x2b0 [ 184.113294][ T8618] serio_handle_event+0x1a2/0x860 [ 184.120561][ T8618] process_scheduled_works+0xa5d/0x15d0 [ 184.128267][ T8618] worker_thread+0xa55/0xfc0 [ 184.135014][ T8618] kthread+0x2fa/0x390 [ 184.141237][ T8618] ret_from_fork+0x48/0x80 [ 184.147811][ T8618] ret_from_fork_asm+0x11/0x20 [ 184.154733][ T8618] IN-SOFTIRQ-W at: [ 184.158958][ T8618] lock_acquire+0x19e/0x420 [ 184.165619][ T8618] _raw_spin_lock_irqsave+0xb4/0x100 [ 184.173062][ T8618] input_inject_event+0xab/0x320 [ 184.180166][ T8618] led_trigger_event+0x133/0x210 [ 184.187353][ T8618] kbd_bh+0x1c0/0x2d0 [ 184.193594][ T8618] tasklet_action_common+0x302/0x4d0 [ 184.201044][ T8618] handle_softirqs+0x280/0x820 [ 184.208406][ T8618] __irq_exit_rcu+0xd3/0x190 [ 184.215156][ T8618] irq_exit_rcu+0x9/0x20 [ 184.221558][ T8618] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 184.229434][ T8618] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 184.237858][ T8618] finish_task_switch+0x26a/0x8f0 [ 184.245138][ T8618] __schedule+0x155b/0x45a0 [ 184.251807][ T8618] schedule+0xbd/0x170 [ 184.258038][ T8618] smpboot_thread_fn+0x710/0xa00 [ 184.265138][ T8618] kthread+0x2fa/0x390 [ 184.271367][ T8618] ret_from_fork+0x48/0x80 [ 184.277946][ T8618] ret_from_fork_asm+0x11/0x20 [ 184.284872][ T8618] INITIAL USE at: [ 184.289012][ T8618] lock_acquire+0x19e/0x420 [ 184.295584][ T8618] _raw_spin_lock_irqsave+0xb4/0x100 [ 184.303034][ T8618] input_inject_event+0xab/0x320 [ 184.310040][ T8618] led_trigger_event+0x133/0x210 [ 184.317070][ T8618] kbd_led_trigger_activate+0xbd/0x100 [ 184.324609][ T8618] led_trigger_set+0x52c/0x950 [ 184.331448][ T8618] led_trigger_set_default+0x1a0/0x1e0 [ 184.338975][ T8618] led_classdev_register_ext+0x733/0x9b0 [ 184.346795][ T8618] input_leds_connect+0x4eb/0x6b0 [ 184.353899][ T8618] input_register_device+0xcdc/0x1070 [ 184.361350][ T8618] atkbd_connect+0x70a/0x9b0 [ 184.368013][ T8618] serio_driver_probe+0x7a/0xa0 [ 184.374933][ T8618] really_probe+0x25b/0xb20 [ 184.381509][ T8618] __driver_probe_device+0x18c/0x330 [ 184.388865][ T8618] driver_probe_device+0x4f/0x420 [ 184.396049][ T8618] __driver_attach+0x44e/0x6e0 [ 184.402908][ T8618] bus_for_each_dev+0x235/0x2b0 [ 184.409831][ T8618] serio_handle_event+0x1a2/0x860 [ 184.416928][ T8618] process_scheduled_works+0xa5d/0x15d0 [ 184.424543][ T8618] worker_thread+0xa55/0xfc0 [ 184.431201][ T8618] kthread+0x2fa/0x390 [ 184.437335][ T8618] ret_from_fork+0x48/0x80 [ 184.443823][ T8618] ret_from_fork_asm+0x11/0x20 [ 184.450660][ T8618] } [ 184.453404][ T8618] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 184.462703][ T8618] -> (&client->buffer_lock){....}-{2:2} { [ 184.468596][ T8618] INITIAL USE at: [ 184.472645][ T8618] lock_acquire+0x19e/0x420 [ 184.479043][ T8618] _raw_spin_lock+0x2e/0x40 [ 184.485469][ T8618] evdev_pass_values+0xcb/0xab0 [ 184.492213][ T8618] evdev_events+0x1d8/0x330 [ 184.498609][ T8618] input_pass_values+0x905/0x12f0 [ 184.505530][ T8618] input_event_dispose+0x346/0x6c0 [ 184.512534][ T8618] input_inject_event+0x1f9/0x320 [ 184.519459][ T8618] evdev_write+0x35f/0x490 [ 184.525769][ T8618] vfs_write+0x296/0x990 [ 184.531995][ T8618] ksys_write+0x150/0x260 [ 184.538220][ T8618] do_syscall_64+0x55/0xa0 [ 184.544530][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.552317][ T8618] } [ 184.554971][ T8618] ... key at: [] evdev_open.__key.28+0x0/0x20 [ 184.563280][ T8618] ... acquired at: [ 184.567238][ T8618] _raw_spin_lock+0x2e/0x40 [ 184.571897][ T8618] evdev_pass_values+0xcb/0xab0 [ 184.576906][ T8618] evdev_events+0x1d8/0x330 [ 184.581564][ T8618] input_pass_values+0x905/0x12f0 [ 184.586748][ T8618] input_event_dispose+0x346/0x6c0 [ 184.592017][ T8618] input_inject_event+0x1f9/0x320 [ 184.597195][ T8618] evdev_write+0x35f/0x490 [ 184.601766][ T8618] vfs_write+0x296/0x990 [ 184.606185][ T8618] ksys_write+0x150/0x260 [ 184.610675][ T8618] do_syscall_64+0x55/0xa0 [ 184.615303][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.621358][ T8618] [ 184.623665][ T8618] -> (&new->fa_lock){....}-{2:2} { [ 184.628857][ T8618] INITIAL USE at: [ 184.632914][ T8618] lock_acquire+0x19e/0x420 [ 184.639142][ T8618] _raw_write_lock_irq+0xaf/0xf0 [ 184.645800][ T8618] fasync_remove_entry+0xf4/0x1c0 [ 184.652545][ T8618] lease_modify+0x1a6/0x390 [ 184.658768][ T8618] locks_remove_file+0x548/0xee0 [ 184.665427][ T8618] __fput+0x18f/0x970 [ 184.671162][ T8618] task_work_run+0x1d4/0x260 [ 184.677498][ T8618] exit_to_user_mode_loop+0xe6/0x110 [ 184.684539][ T8618] exit_to_user_mode_prepare+0xee/0x180 [ 184.691831][ T8618] syscall_exit_to_user_mode+0x1a/0x50 [ 184.699102][ T8618] do_syscall_64+0x61/0xa0 [ 184.705362][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.712978][ T8618] INITIAL READ USE at: [ 184.717380][ T8618] lock_acquire+0x19e/0x420 [ 184.724051][ T8618] _raw_read_lock_irqsave+0xbc/0x100 [ 184.731489][ T8618] kill_fasync+0x192/0x4b0 [ 184.738060][ T8618] evdev_pass_values+0x54b/0xab0 [ 184.745173][ T8618] evdev_events+0x1d8/0x330 [ 184.751833][ T8618] input_pass_values+0x905/0x12f0 [ 184.759026][ T8618] input_event_dispose+0x346/0x6c0 [ 184.766296][ T8618] input_inject_event+0x1f9/0x320 [ 184.773478][ T8618] evdev_write+0x35f/0x490 [ 184.780185][ T8618] vfs_write+0x296/0x990 [ 184.786586][ T8618] ksys_write+0x150/0x260 [ 184.793086][ T8618] do_syscall_64+0x55/0xa0 [ 184.799669][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.807752][ T8618] } [ 184.810319][ T8618] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 184.819067][ T8618] ... acquired at: [ 184.822936][ T8618] _raw_read_lock_irqsave+0xbc/0x100 [ 184.828378][ T8618] kill_fasync+0x192/0x4b0 [ 184.832955][ T8618] evdev_pass_values+0x54b/0xab0 [ 184.838047][ T8618] evdev_events+0x1d8/0x330 [ 184.842704][ T8618] input_pass_values+0x905/0x12f0 [ 184.847886][ T8618] input_event_dispose+0x346/0x6c0 [ 184.853157][ T8618] input_inject_event+0x1f9/0x320 [ 184.858340][ T8618] evdev_write+0x35f/0x490 [ 184.862926][ T8618] vfs_write+0x296/0x990 [ 184.867441][ T8618] ksys_write+0x150/0x260 [ 184.871939][ T8618] do_syscall_64+0x55/0xa0 [ 184.876529][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.882584][ T8618] [ 184.884901][ T8618] -> (&f->f_owner.lock){....}-{2:2} { [ 184.890370][ T8618] INITIAL USE at: [ 184.894251][ T8618] lock_acquire+0x19e/0x420 [ 184.900308][ T8618] _raw_write_lock_irq+0xaf/0xf0 [ 184.906796][ T8618] __f_setown+0x3b/0x330 [ 184.912588][ T8618] generic_setlease+0xe58/0x1290 [ 184.919074][ T8618] fcntl_setlease+0x26c/0x340 [ 184.925299][ T8618] do_fcntl+0x1db/0x1490 [ 184.931088][ T8618] __se_sys_fcntl+0xc9/0x1a0 [ 184.937227][ T8618] do_syscall_64+0x55/0xa0 [ 184.943199][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.950733][ T8618] INITIAL READ USE at: [ 184.955042][ T8618] lock_acquire+0x19e/0x420 [ 184.961634][ T8618] _raw_read_lock_irqsave+0xbc/0x100 [ 184.968899][ T8618] send_sigio+0x33/0x360 [ 184.975130][ T8618] dnotify_handle_event+0x153/0x420 [ 184.982313][ T8618] fsnotify+0x1353/0x17c0 [ 184.988626][ T8618] __fsnotify_parent+0x655/0x7c0 [ 184.995551][ T8618] vfs_read+0x7d8/0x970 [ 185.001697][ T8618] ksys_read+0x150/0x260 [ 185.007926][ T8618] do_syscall_64+0x55/0xa0 [ 185.014332][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.022211][ T8618] } [ 185.024693][ T8618] ... key at: [] init_file.__key+0x0/0x20 [ 185.032488][ T8618] ... acquired at: [ 185.036270][ T8618] _raw_read_lock_irqsave+0xbc/0x100 [ 185.041715][ T8618] send_sigio+0x33/0x360 [ 185.046160][ T8618] kill_fasync+0x228/0x4b0 [ 185.050763][ T8618] evdev_pass_values+0x54b/0xab0 [ 185.055858][ T8618] evdev_events+0x1d8/0x330 [ 185.060517][ T8618] input_pass_values+0x905/0x12f0 [ 185.065707][ T8618] input_event_dispose+0x346/0x6c0 [ 185.070979][ T8618] input_inject_event+0x1f9/0x320 [ 185.076171][ T8618] evdev_write+0x35f/0x490 [ 185.080780][ T8618] vfs_write+0x296/0x990 [ 185.085185][ T8618] ksys_write+0x150/0x260 [ 185.089675][ T8618] do_syscall_64+0x55/0xa0 [ 185.094256][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.100745][ T8618] [ 185.103054][ T8618] [ 185.103054][ T8618] the dependencies between the lock to be acquired [ 185.103062][ T8618] and HARDIRQ-irq-unsafe lock: [ 185.116542][ T8618] -> (tasklist_lock){.+.+}-{2:2} { [ 185.121651][ T8618] HARDIRQ-ON-R at: [ 185.125612][ T8618] lock_acquire+0x19e/0x420 [ 185.131754][ T8618] _raw_read_lock+0x36/0x50 [ 185.137893][ T8618] do_wait+0x294/0xae0 [ 185.143598][ T8618] kernel_wait+0xd7/0x1c0 [ 185.149564][ T8618] call_usermodehelper_exec_work+0xb9/0x220 [ 185.157093][ T8618] process_scheduled_works+0xa5d/0x15d0 [ 185.164276][ T8618] worker_thread+0xa55/0xfc0 [ 185.170498][ T8618] kthread+0x2fa/0x390 [ 185.176199][ T8618] ret_from_fork+0x48/0x80 [ 185.182294][ T8618] ret_from_fork_asm+0x11/0x20 [ 185.188708][ T8618] SOFTIRQ-ON-R at: [ 185.192678][ T8618] lock_acquire+0x19e/0x420 [ 185.198823][ T8618] _raw_read_lock+0x36/0x50 [ 185.204966][ T8618] do_wait+0x294/0xae0 [ 185.210680][ T8618] kernel_wait+0xd7/0x1c0 [ 185.216648][ T8618] call_usermodehelper_exec_work+0xb9/0x220 [ 185.224182][ T8618] process_scheduled_works+0xa5d/0x15d0 [ 185.231362][ T8618] worker_thread+0xa55/0xfc0 [ 185.237589][ T8618] kthread+0x2fa/0x390 [ 185.243291][ T8618] ret_from_fork+0x48/0x80 [ 185.249344][ T8618] ret_from_fork_asm+0x11/0x20 [ 185.255752][ T8618] INITIAL USE at: [ 185.259632][ T8618] lock_acquire+0x19e/0x420 [ 185.265691][ T8618] _raw_write_lock_irq+0xaf/0xf0 [ 185.272180][ T8618] copy_process+0x2275/0x3d80 [ 185.278404][ T8618] kernel_clone+0x24b/0x8a0 [ 185.284542][ T8618] user_mode_thread+0x111/0x180 [ 185.290940][ T8618] rest_init+0x27/0x300 [ 185.296645][ T8618] arch_call_rest_init+0xe/0x10 [ 185.303048][ T8618] start_kernel+0x459/0x4e0 [ 185.309132][ T8618] x86_64_start_reservations+0x2a/0x30 [ 185.316144][ T8618] copy_bootdata+0x0/0xe0 [ 185.322024][ T8618] secondary_startup_64_no_verify+0x179/0x17b [ 185.329644][ T8618] INITIAL READ USE at: [ 185.333956][ T8618] lock_acquire+0x19e/0x420 [ 185.340444][ T8618] _raw_read_lock+0x36/0x50 [ 185.346930][ T8618] do_wait+0x294/0xae0 [ 185.352991][ T8618] kernel_wait+0xd7/0x1c0 [ 185.359308][ T8618] call_usermodehelper_exec_work+0xb9/0x220 [ 185.367294][ T8618] process_scheduled_works+0xa5d/0x15d0 [ 185.374865][ T8618] worker_thread+0xa55/0xfc0 [ 185.381453][ T8618] kthread+0x2fa/0x390 [ 185.387504][ T8618] ret_from_fork+0x48/0x80 [ 185.393921][ T8618] ret_from_fork_asm+0x11/0x20 [ 185.400694][ T8618] } [ 185.403234][ T8618] ... key at: [] tasklist_lock+0x18/0x40 [ 185.410971][ T8618] ... acquired at: [ 185.414788][ T8618] _raw_read_lock+0x36/0x50 [ 185.419472][ T8618] send_sigio+0xf9/0x360 [ 185.423886][ T8618] kill_fasync+0x228/0x4b0 [ 185.428473][ T8618] lease_break_callback+0x26/0x30 [ 185.433659][ T8618] __break_lease+0x4a5/0x12b0 [ 185.438507][ T8618] do_dentry_open+0x823/0x1500 [ 185.443451][ T8618] path_openat+0x27f1/0x3230 [ 185.448299][ T8618] do_filp_open+0x1f5/0x430 [ 185.452972][ T8618] do_sys_openat2+0x134/0x1d0 [ 185.457813][ T8618] __x64_sys_open+0x11f/0x140 [ 185.462656][ T8618] do_syscall_64+0x55/0xa0 [ 185.467235][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.473285][ T8618] [ 185.475593][ T8618] [ 185.475593][ T8618] stack backtrace: [ 185.481478][ T8618] CPU: 0 PID: 8618 Comm: syz.1.826 Not tainted syzkaller #0 [ 185.488743][ T8618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 185.498797][ T8618] Call Trace: [ 185.502067][ T8618] [ 185.504988][ T8618] dump_stack_lvl+0x18c/0x250 [ 185.509685][ T8618] ? load_image+0x400/0x400 [ 185.514193][ T8618] ? show_regs_print_info+0x20/0x20 [ 185.519390][ T8618] ? load_image+0x400/0x400 [ 185.523884][ T8618] ? print_shortest_lock_dependencies+0xf4/0x160 [ 185.530228][ T8618] __lock_acquire+0x6851/0x7d40 [ 185.535086][ T8618] ? verify_lock_unused+0x140/0x140 [ 185.540286][ T8618] lock_acquire+0x19e/0x420 [ 185.544795][ T8618] ? send_sigio+0xf9/0x360 [ 185.549204][ T8618] ? read_lock_is_recursive+0x20/0x20 [ 185.554578][ T8618] ? do_raw_read_lock+0x3d/0x90 [ 185.559417][ T8618] ? _raw_read_lock_irqsave+0xc8/0x100 [ 185.564868][ T8618] ? _raw_read_lock+0x50/0x50 [ 185.569545][ T8618] ? _raw_read_lock_irqsave+0xc8/0x100 [ 185.575003][ T8618] _raw_read_lock+0x36/0x50 [ 185.579582][ T8618] ? send_sigio+0xf9/0x360 [ 185.583986][ T8618] send_sigio+0xf9/0x360 [ 185.588221][ T8618] kill_fasync+0x228/0x4b0 [ 185.592624][ T8618] ? kill_fasync+0x53/0x4b0 [ 185.597273][ T8618] lease_break_callback+0x26/0x30 [ 185.602301][ T8618] __break_lease+0x4a5/0x12b0 [ 185.606972][ T8618] ? lease_modify+0x390/0x390 [ 185.611636][ T8618] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 185.617264][ T8618] ? __rwlock_init+0x150/0x150 [ 185.622032][ T8618] ? capable_wrt_inode_uidgid+0x1e6/0x280 [ 185.627741][ T8618] ? fsnotify_perm+0x271/0x5e0 [ 185.632606][ T8618] do_dentry_open+0x823/0x1500 [ 185.637388][ T8618] path_openat+0x27f1/0x3230 [ 185.641988][ T8618] ? do_sys_openat2+0xda/0x1d0 [ 185.646755][ T8618] ? verify_lock_unused+0x140/0x140 [ 185.651953][ T8618] ? do_filp_open+0x430/0x430 [ 185.656640][ T8618] ? __virt_addr_valid+0x18c/0x540 [ 185.661760][ T8618] do_filp_open+0x1f5/0x430 [ 185.666269][ T8618] ? vfs_tmpfile+0x490/0x490 [ 185.670885][ T8618] ? _raw_spin_unlock+0x28/0x40 [ 185.675741][ T8618] ? alloc_fd+0x58f/0x630 [ 185.680070][ T8618] do_sys_openat2+0x134/0x1d0 [ 185.684755][ T8618] ? do_sys_open+0xe0/0xe0 [ 185.689174][ T8618] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 185.695150][ T8618] ? lock_chain_count+0x20/0x20 [ 185.700002][ T8618] __x64_sys_open+0x11f/0x140 [ 185.704675][ T8618] do_syscall_64+0x55/0xa0 [ 185.709092][ T8618] ? clear_bhb_loop+0x40/0x90 [ 185.713760][ T8618] ? clear_bhb_loop+0x40/0x90 [ 185.718430][ T8618] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.724832][ T8618] RIP: 0033:0x7fd6cd79c629 [ 185.729335][ T8618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.748930][ T8618] RSP: 002b:00007fd6ce696028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 185.757334][ T8618] RAX: ffffffffffffffda RBX: 00007fd6cda15fa0 RCX: 00007fd6cd79c629 [ 185.765303][ T8618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 185.773269][ T8618] RBP: 00007fd6cd832b39 R08: 0000000000000000 R09: 0000000000000000 [ 185.781310][ T8618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.789295][ T8618] R13: 00007fd6cda16038 R14: 00007fd6cda15fa0 R15: 00007ffef46b44b8 [ 185.797266][ T8618] [ 185.808241][ T8604] F2FS-fs (loop2): heap/no_heap options were deprecated [ 185.868546][ T8604] F2FS-fs (loop2): invalid crc value [ 185.874108][ T8604] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-4)