last executing test programs: 5.006546662s ago: executing program 4 (id=658): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000180)=0x7) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec778000) pipe2(0x0, 0x800) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f00009c1000/0x2000)=nil, 0x2000, &(0x7f00000000c0)='/dev/vbi#\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf, 0x8) r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f0000000340)={{0x80, 0x4}, 'port0\x00', 0x0, 0x60004, 0xffffffff, 0xffffffff, 0x1, 0xfffffffc, 0x0, 0x0, 0x3}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f0000000500)={{0x80, 0x9}, 'port0\x00', 0x57, 0x40800, 0x9, 0x10, 0x0, 0x800, 0x8, 0x0, 0x3, 0x7f}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x2}, 'port0\x00', 0x80, 0x100816, 0x4, 0x9, 0x0, 0xc, 0x200000, 0x0, 0x4875c99660ff2b2d}) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000006c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) io_submit(r4, 0x2, &(0x7f0000000380)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)) 4.980081434s ago: executing program 1 (id=659): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1) setresgid(0xee00, 0xee01, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x29d, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0xfff, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x4, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x5, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 4.673862181s ago: executing program 4 (id=661): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000280)=0x8) 4.432265779s ago: executing program 0 (id=663): syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000004, &(0x7f0000000c00)={[{@jqfmt_vfsold}, {@grpid}, {@debug}, {@grpid}, {@noauto_da_alloc}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@debug}, {@usrjquota}, {@nolazytime}, {@norecovery}]}, 0xfe, 0x477, &(0x7f0000000780)="$eJzs3M1vFOUfAPDvTLctLz9+rYgvIEgVjcSXlpYXOXjRaMJBExM9YDzVtpDKQg2tiRCi1QMeDYl3439hPOnFqBdNvOrdkBDDBdTLmtmZKUvZLVu67QL7+STTPs/M0z7Pd2ae2Wfm2d0AetZI9iOJ+F9E/B4RQ3n25gIj+a/rVy9M/X31wlQStdpbfyX1cteuXpgqi5Z/tzXP1GpFfrBJvRffjZisVmfOFvmxhdMfjM2fO//C7OnJkzMnZ85MHD166OCegSMThzsSZxbXtV0fz+3eeeydS29MHb/03k9JJfK4Y1kcnTKS792mnu50ZV22rSFd37FL9v5yI93sTKCb+iIiO1z99f4/FH2xeWnbULz2WVcbB6yrWq1WW+GqvFgD7mNJdLsFQHcUtwD1+99y2cDhR9ddeTm/Acrivl4s+ZZKpHlib/+y+9tOGomI44v/fJUtsU7PIQAAGn2XjX+ebzb+S+PhPDGQ/fh/MYcyHBEPRMT2iHgwInZExEMR9bKPRMSjq6x/+QzJreOf9PIdB9eGbPz3UjG3dfP4Ly2LDPcVuW31+PuTE7PVmQPFPtkf/YMnZpOZ8RXq+P7V375ota1x/JctWf3lWLBox+XK4Kab/mZ6cmFyTUE3uPJpxK5Ks/iTKKdxkojYGRG77rCO2WcrLbfdPv4VtP63bat9HfFMfvwXY1n8paTl/OT4i0cmDo9tiurMgbHyrLjVz79efLNV/WuKvwOy47+l6fm/FP9wsili/tz5U/X52vnV13Hxj89b3tO0d/4vZY5tK87/geTt+oqBYsNHkwsLZ8cjBpLXb10/ceO/lfmyfBb//n3N+//2uLEnHouI3RGxJyIez24Ki7Y/ERFPRsS+FeL/8ZWn3l99/BszV5rFP3274x+Nx3/1ib5TP3x7+/iza1yr43+ontpfrGnn+tduA9ey7wAAAOBekdbfA5+ko0mlSKfp6Gj+Hv4dsSWtzs0vPHdi7sMz0/l75YejPy2fdA01PA8dL54Nl/mJZfmDxXPjL/s21/OjU3PV6W4HDz1ua9n/l64Fef/P/NnX7dYB664D82jAPUr/h96l/0NvSvR/6Gn6P/SuZv3/k5alR79Z18YAG8rrP/SuNvr/Yv6r9agAuDd5/Yfepf9DT2r52fh0TR/53/DEv8X3Gd4t7bn/E5HeFc24/xOVtr/MYhWJ2lDe/7M1g03LdPvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA///T8uXN") mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 4.077574763s ago: executing program 2 (id=664): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f00000000c0)={0xc, r0}) ioctl$IOMMU_VFIO_IOAS$CLEAR(0xffffffffffffffff, 0x3b88, &(0x7f0000000140)={0xc}) socket(0x2a, 0x2, 0x1) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x94f34000) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40) recvmmsg(r1, &(0x7f0000003a00)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x1ae0}], 0x2, 0x60000100, 0x0) 3.845354338s ago: executing program 2 (id=665): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) io_setup(0x3ff, &(0x7f00000000c0)) 3.314381166s ago: executing program 0 (id=667): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c) syz_emit_ethernet(0x7e, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x48, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "88c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c28", "e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b4"}}}}}}}, 0x0) 2.91654401s ago: executing program 4 (id=669): socket$nl_netfilter(0x10, 0x3, 0xc) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0xffff}) close(0xffffffffffffffff) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) 2.793429806s ago: executing program 0 (id=671): r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r0, 0x40146f2c, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x13, 0x4}) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r0, 0x40026f34, &(0x7f0000000040)=0x1) ioctl$DVB_DEMUX_DMX_ADD_PID(r0, 0x40026f33, &(0x7f0000000140)=0xfff8) 2.731127102s ago: executing program 4 (id=672): r0 = syz_usbip_server_init(0x1) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902"], 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x40, 0x9, 0xffffffff, 0x25dfdbfd, {0x2}, [@typed={0x4, 0x11f}, @nested={0x4, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) write$usbip_server(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000300000001"], 0xff2f) 2.534453193s ago: executing program 0 (id=674): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1}) 2.377322502s ago: executing program 0 (id=675): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000005980)=ANY=[@ANYBLOB="6a71666d743d76667376312c686561702c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303032332c646973636172642c6e6f636865636b706f696e745f6d657267652c6673796e635f6d6f64653d706f7369782c6e6f696e6c696e655f78617474722c6261636b67726f756e645f67633d6f66662c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c003768c6924517a8cb86a418dbafc026c9dd971f90627ac8bb79a03b1e409b8c4d8c247165507579466481caa4f65c32219c090d30ce08d306fb62e926cac2e7e8bab2d6ea6737092f5810c13aa485b063ac135c1bd342b9eb5f1a748a3d70b24ee293bba0516e780af0997e884d0b743d24498b57e1623090bb2e38fc3eca36e360d5568d5647c2187d4768"], 0x3, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xc2042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x49) 2.377094557s ago: executing program 3 (id=676): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0) ioctl$EVIOCSCLOCKID(r1, 0x40084504, &(0x7f0000ffcffc)) 2.336163086s ago: executing program 2 (id=677): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000013c0), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000015c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000001600)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x80) 2.211945936s ago: executing program 3 (id=678): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x103, 0xfd, 0xed}}) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x107, 0x100, 0x100, 0x1, 0x4000}}) 2.149434366s ago: executing program 2 (id=679): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x80a, &(0x7f0000000000)={[{@debug}, {@lazytime}, {@inode_readahead_blks}, {@delalloc}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0xb}}, {@errors_remount}]}, 0x1, 0x7b5, &(0x7f0000000540)="$eJzs3c9rHNcdAPDvrH7ZslurUKjdi3VqDcYr21XtFgqV6aEUajC059pitRaqVlqjXRlL6BATAoEQkpgcEpJLzvnh3HINyTl/Qy4hBBsnkU0ccggbZn9IK620+mHtyrY+HxjpvZk3+953Z+fN253HbgAH1nD6JxNxIiJeTyKO1dcnEdFXTfVGjNXKPV5eyqVLEpXKf75LqmUeLS/lommf1JF65nhEfPZSxOlMa72lhcXp8UIhP1fPj5RnboyUFhbPTM2MT+Yn87MXzo2Onr/454sX9i7WH75YPHr/jX/+8aOxn1783d1XP09iLI7WtzXHsVeGY7j+nPSlT+Ea/9jryvZZst8NYFfSU7OndpbHiTgWPdUUAPA8S6//FQDggElc/wHggGl8DvBoeSnXWPb3E4nuenApIklq8Tfub9a29Nbv2R2q3gcdfJREb/2OaOzh/a7hiHj3k/99kC7RofuQABt54XZEXBsabu3/k5Y5Czt1dhtlhtfl9X/QPZ9eioi/bDT+y6yMf2Jl/LNqYINzdzeGI/qb863nf+behjv+fQ8qr4///lab25YG2jT+W5m0NtRTz/0qzZyMiKlCPu3bfh0Rp6Jv4PpUIX+uTR2nHv78cLNtzeO/7+/8//20/vT/aonMvd6BtftMjJfHnyTmZg9uR/y+d3Vu3+OW/v9Qday7/vin6660e+CTq8l//fXldzYrlsafxttYWuPvrMp7EX+IjeNvSNrOTxxJD//Z2t+N6/j4q7cGN6u/+finS1p/471AN6THf7B9/ENJ83zN0t7Wv3X8G7/++5P/VtONzuPWeLk8dy6iP/l36/rzq/s28o3yafy1SNfHn2n7+k/fCV7bZoy997/9cPfxr+jIFMs0/okdHf+dJ+4+nu7Zffzp8R+tpk7V12yn/yvk+2M7DXyS5w4AAAAAAAAAAAAAAAAAAAAAAAAAtisTEUcjyWRX0plMNlv7De/fxmCmUCyVT18vzs9ORPW3soeiL9P4qsvGdyw2vv90qLY9SfPn1+X/FBG/iYg3Bw5X89lcsTCxz7EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMORTX7/P/XNQJsdk95uNREA6IRDW5Z4mF+TrVQqlQ62BwDovK2v/63efq0DDQEAuqbN9f9wN9sBAHTPbt7/AwDPNtd/ADh4XP8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADosCuXL6dL5cflpVyan7i5MD9dvHlmIl+azs7M57K54tyN7GSxOFnIZ3PFma0er1As3hiN2flbI+V8qTxSWli8OlOcny1fnZoZn8xfzfd1JSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JnSwuL0eKGQn3suEq9ExNo1laejYU+eSOKpaMa+JL4+8+XxdmXubPEyHnsqonjGEvvdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8G34JAAD//7M8Jlw=") openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x800, 0x102) getdents(r0, 0x0, 0x0) 2.045798925s ago: executing program 3 (id=680): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='notify_on_release\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000640)=ANY=[@ANYRESHEX, @ANYRES16], 0x31) 1.820387321s ago: executing program 3 (id=681): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) readv(r0, &(0x7f0000000880)=[{&(0x7f00000001c0)=""/164, 0xa4}, {0x0}, {0x0}, {0x0}], 0x4) 1.779392444s ago: executing program 1 (id=682): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x6a6, 0x0, 0xcc}]}) 1.643488437s ago: executing program 1 (id=683): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0003b8000000b803"]}, 0x0) syz_usb_connect(0x0, 0x132, &(0x7f0000000740)={{0x12, 0x1, 0x201, 0xcb, 0x6b, 0xd6, 0x8, 0x2001, 0x3701, 0x9e2b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x1, 0x5, 0x9, 0x90, 0x5, "", [{{0x9, 0x4, 0xa3, 0xff, 0x5, 0xa2, 0x3b, 0xf6, 0x1, [@hid_hid={0x9, 0x21, 0x600, 0xea, 0x1, {0x22, 0x303}}], [{{0x9, 0x5, 0xb, 0x0, 0x3ff, 0x3, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x4, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0x7, 0x9}]}}, {{0x9, 0x5, 0x4, 0x8, 0x8, 0x9, 0x6f, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0xc, 0x4}, @generic={0xb, 0x1, "3d814ea69ce0d84718"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x22, 0xf0, 0x8}}, {{0x9, 0x5, 0x7, 0x15, 0x200, 0xdd, 0x7d, 0x47}}, {{0x9, 0x5, 0xd, 0x8, 0x3ff, 0x0, 0xc1, 0x1, [@generic={0x47, 0xa, "0fa7b043312394e48991f1d22fa149383840a72a87eb58e4b77b7b45445d3522740002f55cdbbef6d8ac8c21b0c8ce57294071983b6fda6f4f48c7ffe2f95bfae1325982a9"}, @generic={0x71, 0x2, "cf6a1da452200a904d944326321d3c618cf958bb1b07d371ca757dc45bdd0ec273496cd5e44f8eebe8d8cf646ba39ff144cf58e7ecce855e394d02c57ecb21896bcdad632b588d61e9e70d2ea6423abeb50213cf1922a42d29b714bbceb2853116b28f7bbcabb9747e331c47e6ff18"}]}}]}}]}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) 1.640143648s ago: executing program 2 (id=684): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x106f) r6 = socket$rds(0x15, 0x5, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0xffffffffffffff2d, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x38, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xffe0, 0xfff3}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xfff2, 0x9}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r6, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) syz_io_uring_setup(0x2, &(0x7f0000000180)={0x0, 0x289b, 0x10000, 0x1, 0x323}, &(0x7f0000000000), &(0x7f00000003c0), &(0x7f0000000000)) sendmsg$rds(r6, &(0x7f0000000600)={&(0x7f0000000200)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000040}, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x24, 0x0, "43cad7244bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) close_range(r0, 0xffffffffffffffff, 0x0) 1.473091108s ago: executing program 3 (id=685): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0) getpeername$packet(r0, 0x0, 0x0) 1.133973386s ago: executing program 4 (id=686): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0501ffffffff0a0000002e00000008000300", @ANYRES32=r2, @ANYBLOB="06003400c5f3000008004a000bec0f001800490004ac0f0009ac0f0001ac0f"], 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4004050) 964.882929ms ago: executing program 1 (id=687): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000080)={[{@quota}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x37]}}]}) read$FUSE(r0, &(0x7f0000003480)={0x2020}, 0x2020) 842.233699ms ago: executing program 4 (id=688): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100002eab5a40401c3405cc6d010203010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000240)={0x20, 0x10e13d85218772ae, 0x4, "66b2a8bf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) 620.685666ms ago: executing program 1 (id=689): syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x3810744, &(0x7f0000000300)={[{@noauto_da_alloc}, {@nobh}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {}, {@nodiscard}, {@sysvgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@noauto_da_alloc}, {@init_itable}]}, 0x1, 0x479, &(0x7f0000000480)="$eJzs3M9vFFUcAPDvTLdAEGlF/AGiVtHY+IPSgsrBi0YTD5qY6AGPtS0EKdTQmgghshqDR0PinRhP/guePBnjycSrXo0hIUpM+HFxzezMwO52t9KyZdvu55Ms+97Oe/Pmy5u3+2YeQwB9ayT7I4nYFhG/RcRQnm0uMJK/Xbtydur6lbNTSdRq7/6V1MtdvXJ2qixa1runyIymEekXSdFIs/nTZ45Pzs7OnCryYwsnPhqbP33mhWMnJo/OHJ05OXHo0MED4y+/NPFiV+LMjunq7k/n9ux68/0Lb08dvvDBlqbtjXF0y0gW+N+1utZtT3e7sR77t3YrzqTS66Phdg1ERNZdg/XxPxQDcavzhuKNz3t6cMCqyr6z/2j9cPBmqloDNrAkVlQtVlYNWDvKH/rs+rd83cXpR89dfjW/AMrivla88i2VSIu/oMFVbH8kIg5Xb1zMXtFyH6LW5r4BAMCd+iGb/zy/eP6XRMSDDeWSYm1oOCLui4gdEXF/ROyMiAeKsg9FxMPLbL91aWjx/DO9tMLQbks2/3ulWNtqnv+lZZHhgSJ3bz3+weTIsdmZ/RGxPSJGY3Bzlh9vt/NyF6//+lWn9hvnf4er+XGUc8FiJ5cqmxsqnPs2f+/SpPTyZxG7K+3iT+orAUnUalnf74qI3cvb9fYycezZ7/Z0KtQc/42Li+NfQhfWmWrfRDyT9381WuIvJUuvT45tidmZ/WPlWbHYz7+cf6dT+3cUfxdk/b+1+fxvKTH0T9K4Xju//DbO//5lx2vKyv/G33L+R8T05MLkpuS9+pr1puKzTyYXFk6NR2xK3qrnmz6fuFW3zJfls/hH97Yf/zuKOln8j0REdhI/GhGPRcTjRd89ERFPRsTeJeL/6bWnPuy0bS30/3Tb77+b5/9wc/8vPzFw/MfvO7W/ZPz1b5Cs/w/Ws6NFnaz/89SWjnF1PpyyzkrPZgAAAFh/0ojYFkm672Y6Tffty/+9/M7Yms7OzS88d2Tu45PT+TMCwzGYlne6hhruh44n1WKPeX6iuFdcbj9Q3Df+urytMDU3O93DuIF8nLcb/5k/B3p9dMCq87wW9K/W8Z/26DiAu+92f/9dD8DGs9L5v3kCrH+u/6F/tRv/51ry5v6wMfn9h/5l/EP/Wjz+k+vN/z0QsFH5/Ye+dCfP9a9WorLE0/sSayUR6ao1UV0TAa7jRKULo7vHX0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd8l8AAAD//9z/+G0=") r0 = openat(0xffffffffffffff9c, &(0x7f0000002400)='.\x00', 0x0, 0x1a1) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd2f0, 0x2000, 0x2, 0xadea}) mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) 252.170922ms ago: executing program 1 (id=690): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x80, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0) 168.430887ms ago: executing program 2 (id=691): syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x10002, &(0x7f0000001f80)=ANY=[], 0x0, 0x55a, &(0x7f00000001c0)="$eJzs3V9v094ZwPHH/fOjy1g1bRNCVYFD2aQidcFJaFDExeQ5J+kBx45sB7VXqKIpqkhhAiaNXo0btknbC9jVxO1exF7C3gnaS9hPtpOS/klSSpNU8P1EcE7sY5/nJK4fOYltAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYrlV2y5Y4hm/takGc6th0Bgyv7e+u0eKIf2KWMk/WViQ69mk67/6PPta8t+KLGfPlmUhKRbk4KfXfv7wl3MzveWHBDQRb94dvNjudNqvpx3IWM0OnFPXvokC03DqWpkoUJVy2b63UYtUzXg62opi3VBuqJ04CNWqe1cVKpWS0vmtoOXXq46nexMf/LZo22X1KN/UThgF/r1H+cjdMJ5n/HraJpmdtHmQbIiPTaxi7TSU2t3rtEujwk8aFYa2sERkr9MuKjU7dJMq2sVioVAsFsrrlfUHtj3XP2E+mWAfIycWmf5Gi+m64D04cH4z3fwvnhjxpSWbok59uFKVUAJpDJjf1cv/v7mnh/bbn/97Wf7659lLkub/m9mzm4Py/4BYJvd4I+/kQF7ItnSkI215PfWIJvuoixZfjEQSiJGGOOkU1Z2ipCJlKYstT2VDahKJkpoY8URLJFsSSSw63aJcCUWLI7EEEoqSVXHlrigpSEUqUhIlWvKyJYG0xJe6VMVJ17Ire+nrXhoS42GjwlkaFYc0Gpr/18n/36HfXZUvfUMvficOnNP/e/l/sPnJRQMAAAAAAMbBSj99t9LD/BtprWY8bU87LAAAAAAAcIHSb/6XkyL9mv+GWBz/AwAAAADwrbHSc+wsEcnJray2K3tiSVv4EAAAAAAAgG9E+v3/zaTIJbVbYh1eCYXjfwAAAAAAvhF/HXmN/ah5xfrP//4VhvPW++bmr619J2nn7M9my80eX2NcW7IWuytJi/Jc95mrl63u1S8PL4L5qVvsjorDuoAA5O9yO2tzeycrd3pzsl5yNePpvBt4DwviOIszsd6M//hy708iSe9/8xuLluzuddr5Z686O2ks75O1vN/vXkDxxHUUh8TyNr3eQnrOxakjnk9PxOj2m8v6tfvHP5MtPvMFfX6QlazNSi4rc0fHv1AzP3TXctrou1EUvnLkH+RO1ubO6p2sOBGFp4v5Qe9BN4piFsU/F5MozvVanCGK0qgoSr3XYv5z918SBQBMy+6ILGTJibx7jr3cZLL7B1nN2qwupTvWuaVT9uj2qD26/ZXZ7d/zx29+dEoUhSSKpN9/HMuqH5MFPg7sN/KKlvVnkdm3+3/oTdt+3n7eflkslsr2fdteL8p8OoxuQe4BAJxi9D12Rraw7o84qv7F4U8K8vJMXklHdmQtPdsg/cXBqWvN9f0MYW3EUWuu7w4vayOO6nJ9N3o5e9vSBN4JAAAmZ2VEHj5L/l8bcdx9NJcfuUPwD8ePjvtzOQAAGA8dfrJy8V+sMDTNp4VKpeDEG1qFgftYhaZa18r4sQ7dDceva9UMgzhwAy+pPDFVHamo1WwGYaxqQaiaQWQ20zu/q+6t3yPdcPzYuFHT006klRv4sePGqmoiVzVbv/dMtKFDVQuuSNTUrqkZ14lN4KsoaIWuzisVad3X0FS1H5uaSaq+aoam4YRb6kngtRpaVXXkhqYZB2EaTa8v49eCsJGuNj/tFxsAgEvizbuDF9udTvv1GCvTHiMAADiKLA0AAAAAAAAAAAAAAAAAAAAAwOU3xtP+rPGfWXjWyn+vZqO9LPGMt2L/5HsZ6VkrP7scYZyrcqX7lzqgjTWu3qe5VwIwCT8GAAD//1LIRy8=") mount$overlay(0x0, &(0x7f0000001680)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r0, 0x0, 0x0) 16.67851ms ago: executing program 0 (id=692): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1) setresgid(0xee00, 0xee01, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x29d, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0xfff, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x4, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x5, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 0s ago: executing program 3 (id=693): r0 = socket$inet(0x2, 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10, 0x0}}], 0x1, 0x20004840) shutdown(r0, 0x1) sendmmsg$inet_sctp(r0, &(0x7f000000af80)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10890}], 0x1, 0x2004c084) kernel console output (not intermixed with test programs): 38] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.819008][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.826236][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.838265][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.845513][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.901511][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.908755][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.000063][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.051539][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.123530][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.131181][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.202286][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.209554][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.263513][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.354699][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.380953][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.420531][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.427727][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.458202][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.465508][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.491325][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.531036][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.549056][ T117] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.556380][ T117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.599814][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.607064][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.636414][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.923671][ T5838] veth0_vlan: entered promiscuous mode [ 90.000967][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.012066][ T5838] veth1_vlan: entered promiscuous mode [ 90.212421][ T5838] veth0_macvtap: entered promiscuous mode [ 90.249972][ T5838] veth1_macvtap: entered promiscuous mode [ 90.282189][ T5839] veth0_vlan: entered promiscuous mode [ 90.326170][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.342510][ T5839] veth1_vlan: entered promiscuous mode [ 90.354533][ T5841] veth0_vlan: entered promiscuous mode [ 90.368051][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.378969][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.396472][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.423986][ T153] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.433178][ T153] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.452225][ T153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.461459][ T153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.470855][ T5841] veth1_vlan: entered promiscuous mode [ 90.572360][ T5839] veth0_macvtap: entered promiscuous mode [ 90.617521][ T5839] veth1_macvtap: entered promiscuous mode [ 90.644042][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.656590][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.683243][ T5840] veth0_vlan: entered promiscuous mode [ 90.717998][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.719835][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.727663][ T5841] veth0_macvtap: entered promiscuous mode [ 90.734202][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.742040][ T5847] Bluetooth: hci0: command tx timeout [ 90.768286][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.800560][ T59] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.809608][ T59] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.819167][ T5847] Bluetooth: hci3: command tx timeout [ 90.819202][ T5847] Bluetooth: hci2: command tx timeout [ 90.819226][ T5847] Bluetooth: hci4: command tx timeout [ 90.825436][ T5853] Bluetooth: hci1: command tx timeout [ 90.849116][ T5841] veth1_macvtap: entered promiscuous mode [ 90.869711][ T5840] veth1_vlan: entered promiscuous mode [ 90.877945][ T59] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.881843][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 90.909048][ T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.959071][ T5837] veth0_vlan: entered promiscuous mode [ 91.051063][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.062148][ T5840] veth0_macvtap: entered promiscuous mode [ 92.077124][ T5840] veth1_macvtap: entered promiscuous mode [ 92.117075][ T5837] veth1_vlan: entered promiscuous mode [ 92.183465][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.257281][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.259196][ T810] cfg80211: failed to load regulatory.db [ 92.351356][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.653652][ T136] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.663525][ T136] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.703596][ T136] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.718060][ T136] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.748341][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.760485][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.770013][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.785808][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.815450][ T5847] Bluetooth: hci0: command tx timeout [ 92.816890][ T5837] veth0_macvtap: entered promiscuous mode [ 92.864980][ T136] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.880449][ T5837] veth1_macvtap: entered promiscuous mode [ 92.895551][ T5853] Bluetooth: hci4: command tx timeout [ 92.897774][ T5846] Bluetooth: hci2: command tx timeout [ 92.901041][ T5853] Bluetooth: hci3: command tx timeout [ 92.912741][ T5847] Bluetooth: hci1: command tx timeout [ 92.937588][ T136] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.020882][ T136] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.042245][ T136] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.167204][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.193771][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.208667][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.217984][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.303571][ T5970] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 93.497727][ T5970] loop1: detected capacity change from 0 to 1024 [ 93.515394][ T5970] ======================================================= [ 93.515394][ T5970] WARNING: The mand mount option has been deprecated and [ 93.515394][ T5970] and is ignored by this kernel. Remove the mand [ 93.515394][ T5970] option from the mount to silence this warning. [ 93.515394][ T5970] ======================================================= [ 93.551933][ T5970] hfsplus: Unknown parameter 'Œ' [ 93.692517][ T5970] mmap: syz.1.2 (5970) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.386588][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.396638][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.406370][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.415754][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.443087][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.451250][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.591096][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.603524][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.932228][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.952180][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.729421][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.759102][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.131238][ T5994] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.871728][ T5991] mkiss: ax0: crc mode is auto. [ 99.796100][ T1173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.887126][ T5999] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5'. [ 100.622031][ T1173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.342028][ T6012] lo speed is unknown, defaulting to 1000 [ 103.349094][ T6012] lo speed is unknown, defaulting to 1000 [ 103.357488][ T6012] lo speed is unknown, defaulting to 1000 [ 103.365926][ T6012] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 103.380806][ T6012] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 103.399009][ T6012] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 103.415216][ T6012] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 103.430234][ T6012] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 103.481582][ T6012] lo speed is unknown, defaulting to 1000 [ 103.511334][ T6012] lo speed is unknown, defaulting to 1000 [ 103.631045][ T6012] lo speed is unknown, defaulting to 1000 [ 103.691398][ T6012] lo speed is unknown, defaulting to 1000 [ 103.759132][ T6012] lo speed is unknown, defaulting to 1000 [ 105.950647][ T6026] Zero length message leads to an empty skb [ 106.216557][ T6029] loop0: detected capacity change from 0 to 1024 [ 106.285286][ T6029] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 2053)! [ 106.340916][ T6029] EXT4-fs (loop0): group descriptors corrupted! [ 107.229760][ T6033] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 107.238412][ T6033] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 107.247088][ T6033] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 107.276945][ T6039] kAFS: unable to lookup cell '\/' [ 109.146792][ T6057] loop3: detected capacity change from 0 to 512 [ 109.163699][ T6029] syz.0.13(6029): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 110.043812][ T6059] fuse: Bad value for 'user_id' [ 110.051003][ T6059] fuse: Bad value for 'user_id' [ 110.200765][ T6057] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 110.272378][ T6057] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 112.302986][ T5984] IPVS: starting estimator thread 0... [ 113.695829][ T6074] IPVS: using max 30 ests per chain, 72000 per kthread [ 115.801319][ T6082] binder: 6081:6082 ioctl c00c6211 0 returned -14 [ 115.922697][ T6086] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 117.296410][ T6090] loop0: detected capacity change from 0 to 32768 [ 117.486834][ T6090] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 117.495442][ T6090] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 117.653398][ T6090] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 117.666356][ T55] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 117.674042][ T55] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 118.738949][ T6104] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 119.668382][ T55] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1994ms [ 119.705361][ T55] gfs2: fsid=syz:syz.0: jid=0: Done [ 119.723582][ T6090] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 119.794757][ T6090] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 120.067274][ T6115] loop2: detected capacity change from 0 to 1024 [ 120.422224][ T6123] netlink: 52 bytes leftover after parsing attributes in process `syz.4.32'. [ 120.478379][ T6123] virtio-fs: tag <./cgroup> not found [ 121.344743][ T810] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 121.529519][ T810] usb 4-1: unable to get BOS descriptor or descriptor too short [ 121.542447][ T810] usb 4-1: not running at top speed; connect to a high speed hub [ 121.792901][ T6136] netlink: 12 bytes leftover after parsing attributes in process `syz.2.31'. [ 122.741916][ T810] usb 4-1: config 3 has an invalid interface number: 155 but max is 0 [ 122.765049][ T810] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 122.784297][ T6132] loop0: detected capacity change from 0 to 4096 [ 122.888483][ T810] usb 4-1: config 3 has no interface number 0 [ 122.912249][ T810] usb 4-1: config 3 interface 155 altsetting 15 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 122.950862][ T810] usb 4-1: config 3 interface 155 altsetting 15 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 122.967097][ T810] usb 4-1: config 3 interface 155 altsetting 15 endpoint 0x87 has invalid wMaxPacketSize 0 [ 123.198868][ T810] usb 4-1: config 3 interface 155 altsetting 15 has 2 endpoint descriptors, different from the interface descriptor's value: 4 [ 123.223199][ T6142] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.268233][ T810] usb 4-1: config 3 interface 155 has no altsetting 0 [ 123.341492][ T810] usb 4-1: string descriptor 0 read error: -71 [ 123.357575][ T810] usb 4-1: New USB device found, idVendor=05ac, idProduct=022b, bcdDevice=8e.39 [ 123.435657][ T810] usb 4-1: New USB device strings: Mfr=3, Product=2, SerialNumber=3 [ 123.616629][ T810] usb 4-1: can't set config #3, error -71 [ 123.688031][ T810] usb 4-1: USB disconnect, device number 2 [ 123.890974][ T6152] sctp: [Deprecated]: syz.3.41 (pid 6152) Use of struct sctp_assoc_value in delayed_ack socket option. [ 123.890974][ T6152] Use struct sctp_sack_info instead [ 124.152578][ T6152] netlink: 36 bytes leftover after parsing attributes in process `syz.3.41'. [ 126.361112][ T6178] netlink: 16 bytes leftover after parsing attributes in process `syz.3.50'. [ 126.415874][ T6171] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 126.433826][ T6145] loop2: detected capacity change from 0 to 32768 [ 126.450929][ T6145] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.37 (6145) [ 126.474720][ T5984] lo speed is unknown, defaulting to 1000 [ 126.667248][ T6145] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 126.707918][ T6145] BTRFS info (device loop2): using sha256 checksum algorithm [ 126.799900][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 126.821048][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 126.850910][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 126.861729][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 126.871265][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 126.881508][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 126.892480][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 126.902512][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 126.913591][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 126.924441][ T6145] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 126.948958][ T6145] BTRFS error (device loop2): open_ctree failed: -12 [ 127.707045][ T5984] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 128.613514][ T5984] usb 3-1: config 0 has an invalid interface number: 6 but max is 0 [ 128.700034][ T5984] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.755179][ T5984] usb 3-1: config 0 has no interface number 0 [ 128.765219][ T55] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 128.781355][ T5984] usb 3-1: config 0 interface 6 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 128.827142][ T5984] usb 3-1: config 0 interface 6 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 128.911364][ T5984] usb 3-1: New USB device found, idVendor=10cf, idProduct=8061, bcdDevice=b7.12 [ 128.959286][ T5984] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.002822][ T55] usb 4-1: too many configurations: 125, using maximum allowed: 8 [ 129.024598][ T5984] usb 3-1: Product: syz [ 129.041388][ T5984] usb 3-1: Manufacturer: syz [ 129.093530][ T5984] usb 3-1: SerialNumber: syz [ 129.095092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!! [ 129.130858][ T55] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 129.145364][ T5984] usb 3-1: config 0 descriptor?? [ 129.154784][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.166422][ T6217] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 129.195572][ T55] usb 4-1: Product: syz [ 129.215934][ T55] usb 4-1: Manufacturer: syz [ 129.225934][ T5984] vmk80xx 3-1:0.6: driver 'vmk80xx' failed to auto-configure device. [ 129.243987][ T55] usb 4-1: SerialNumber: syz [ 129.301841][ T55] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 129.326683][ T5984] vmk80xx 3-1:0.6: probe with driver vmk80xx failed with error -22 [ 129.367542][ T5844] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 129.461097][ T5984] usb 3-1: USB disconnect, device number 2 [ 129.761610][ T6238] netlink: 20 bytes leftover after parsing attributes in process `syz.4.68'. [ 129.786409][ T6238] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 129.870123][ T5957] usb 4-1: USB disconnect, device number 3 [ 130.867482][ T5847] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 130.877809][ T5847] Bluetooth: hci1: Injecting HCI hardware error event [ 130.891255][ T5847] Bluetooth: hci1: hardware error 0x00 [ 131.169926][ T5844] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 131.198597][ T5844] ath9k_htc: Failed to initialize the device [ 131.210838][ T5957] usb 4-1: ath9k_htc: USB layer deinitialized [ 131.446200][ T6268] xt_NFQUEUE: number of total queues is 0 [ 133.249122][ T5847] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 133.321528][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.329139][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.045830][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.3.89'. [ 134.185349][ T30] audit: type=1804 audit(1775102494.577:2): pid=6298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.89" name="/newroot/19/file1" dev="fuse" ino=1 res=1 errno=0 [ 134.321727][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.92'. [ 134.459439][ T30] audit: type=1804 audit(1775102494.577:3): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.89" name="/newroot/19/file1" dev="fuse" ino=1 res=1 errno=0 [ 134.919866][ T6303] nbd: socks must be embedded in a SOCK_ITEM attr [ 136.008708][ T30] audit: type=1800 audit(1775102494.577:4): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.89" name="/" dev="fuse" ino=1 res=0 errno=0 [ 136.147477][ T6307] Bluetooth: MGMT ver 1.23 [ 136.229352][ T6307] netlink: 8 bytes leftover after parsing attributes in process `syz.4.93'. [ 136.838538][ T30] audit: type=1800 audit(1775102494.577:5): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.89" name="/" dev="fuse" ino=1 res=0 errno=0 [ 138.334472][ T6323] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:0000:0001 with DS=0x1 [ 138.371125][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 138.606964][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 140.603801][ T6359] loop4: detected capacity change from 0 to 1764 [ 140.737253][ T5844] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 140.910958][ T6371] loop0: detected capacity change from 0 to 2048 [ 140.924372][ T5844] usb 4-1: Using ep0 maxpacket: 8 [ 140.958356][ T5844] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 140.990830][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.006884][ T6371] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 141.016258][ T5844] usb 4-1: Product: syz [ 141.020489][ T5844] usb 4-1: Manufacturer: syz [ 141.067727][ T5844] usb 4-1: SerialNumber: syz [ 141.566969][ T6371] UDF-fs: unknown compression code (195) [ 141.766429][ T5844] usb 4-1: config 0 descriptor?? [ 142.009164][ T5844] gspca_main: se401-2.14.0 probing 047d:5003 [ 142.636536][ T5844] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 142.693670][ T5844] se401 4-1:0.0: probe with driver se401 failed with error -71 [ 142.734098][ T5844] usb 4-1: USB disconnect, device number 4 [ 143.749523][ T6387] fuse: Bad value for 'fd' [ 144.181971][ T6397] loop0: detected capacity change from 0 to 1024 [ 144.272606][ T6397] netlink: 12 bytes leftover after parsing attributes in process `syz.0.125'. [ 144.291612][ T6397] netlink: 56 bytes leftover after parsing attributes in process `syz.0.125'. [ 145.695307][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 146.143882][ T6408] loop3: detected capacity change from 0 to 512 [ 146.850972][ T6418] loop2: detected capacity change from 0 to 512 [ 148.407878][ T6434] loop3: detected capacity change from 0 to 8 [ 148.981083][ T6446] netlink: 1216 bytes leftover after parsing attributes in process `syz.2.140'. [ 149.001984][ T6446] netlink: 4436 bytes leftover after parsing attributes in process `syz.2.140'. [ 149.328829][ T55] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 149.785990][ T55] usb 1-1: Using ep0 maxpacket: 16 [ 149.813714][ T55] usb 1-1: unable to get BOS descriptor or descriptor too short [ 149.863252][ T55] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 127, changing to 7 [ 149.946104][ T55] usb 1-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice= 0.40 [ 149.967770][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.007953][ T55] usb 1-1: Product: syz [ 150.021126][ T55] usb 1-1: Manufacturer: syz [ 150.033116][ T55] usb 1-1: SerialNumber: syz [ 150.463892][ T55] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 150.814508][ T6463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.143'. [ 150.964139][ T55] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 150.995709][ T55] usb 1-1: USB disconnect, device number 2 [ 151.103022][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 151.365198][ T5844] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 151.474724][ T6463] nbd: socks must be embedded in a SOCK_ITEM attr [ 151.483655][ T6469] netlink: 12 bytes leftover after parsing attributes in process `syz.1.149'. [ 151.498135][ T6469] netlink: 56 bytes leftover after parsing attributes in process `syz.1.149'. [ 151.701237][ T5844] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 151.716202][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.511482][ T5844] usb 4-1: Product: syz [ 152.517499][ T5844] usb 4-1: Manufacturer: syz [ 152.522347][ T5844] usb 4-1: SerialNumber: syz [ 152.574627][ T5844] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 152.620475][ T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 153.084504][ T5941] usb 4-1: USB disconnect, device number 5 [ 153.700471][ T24] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 153.826272][ T24] ath9k_htc: Failed to initialize the device [ 153.847328][ T5941] usb 4-1: ath9k_htc: USB layer deinitialized [ 154.847525][ T6512] loop3: detected capacity change from 0 to 512 [ 154.970751][ T6512] EXT4-fs (loop3): Test dummy encryption mode enabled [ 155.410325][ T6512] EXT4-fs (loop3): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.634905][ T6512] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 155.644351][ T6525] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.725950][ T6525] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.733458][ T6525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.819122][ T6530] netlink: 16 bytes leftover after parsing attributes in process `syz.4.165'. [ 156.558379][ T6512] EXT4-fs error (device loop3): ext4_add_entry:2415: inode #2: comm syz.3.161: Directory hole found for htree leaf block 0 [ 156.602155][ T6512] EXT4-fs (loop3): Remounting filesystem read-only [ 156.812655][ T5840] EXT4-fs (loop3): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 156.845135][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 156.969100][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.168'. [ 157.195847][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 157.502832][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 157.568130][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 157.631513][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 157.697087][ T6540] nbd: socks must be embedded in a SOCK_ITEM attr [ 157.718366][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 157.793763][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 157.862041][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 158.019081][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 158.599640][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 158.617031][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 159.611516][ T6570] netlink: 'syz.2.179': attribute type 1 has an invalid length. [ 159.667057][ T6573] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 160.201659][ T6581] loop0: detected capacity change from 0 to 256 [ 160.308024][ T6581] FAT-fs (loop0): Directory bread(block 64) failed [ 160.331737][ T6581] FAT-fs (loop0): Directory bread(block 65) failed [ 160.369217][ T6581] FAT-fs (loop0): Directory bread(block 66) failed [ 160.419648][ T6581] FAT-fs (loop0): Directory bread(block 67) failed [ 160.500981][ T6581] FAT-fs (loop0): Directory bread(block 68) failed [ 160.558388][ T6581] FAT-fs (loop0): Directory bread(block 69) failed [ 161.196536][ T6581] FAT-fs (loop0): Directory bread(block 70) failed [ 161.271474][ T6581] FAT-fs (loop0): Directory bread(block 71) failed [ 161.344903][ T6581] FAT-fs (loop0): Directory bread(block 72) failed [ 161.402570][ T6581] FAT-fs (loop0): Directory bread(block 73) failed [ 161.820684][ T6600] loop2: detected capacity change from 0 to 256 [ 162.921000][ T6621] __nla_validate_parse: 47 callbacks suppressed [ 162.921083][ T6621] netlink: 4 bytes leftover after parsing attributes in process `syz.2.197'. [ 163.220804][ T6621] nbd: socks must be embedded in a SOCK_ITEM attr [ 166.501940][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 166.548489][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 167.050060][ T6633] vivid-001: disconnect [ 167.058633][ T6632] vivid-001: reconnect [ 169.968682][ T6661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.210'. [ 170.575132][ T5957] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 170.815294][ T5957] usb 4-1: Using ep0 maxpacket: 8 [ 170.919933][ T5957] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 171.004232][ T5957] usb 4-1: config 0 has no interface number 0 [ 171.043851][ T5957] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 171.067075][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.094017][ T5957] usb 4-1: Product: syz [ 171.100882][ T6661] nbd: socks must be embedded in a SOCK_ITEM attr [ 171.128335][ T5957] usb 4-1: Manufacturer: syz [ 171.138560][ T5957] usb 4-1: SerialNumber: syz [ 171.143660][ T5979] block nbd64: NBD_DISCONNECT [ 171.334573][ T5957] usb 4-1: config 0 descriptor?? [ 171.901768][ T5957] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 171.949088][ T5957] uvcvideo 4-1:0.31: Failed to initialize entity for entity 32774 [ 171.984635][ T5957] uvcvideo 4-1:0.31: Failed to register entities (-22). [ 172.179930][ T5957] usb 4-1: USB disconnect, device number 6 [ 172.245761][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 172.555503][ T6685] loop4: detected capacity change from 0 to 512 [ 172.700610][ T6685] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.714925][ T6685] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.278245][ T6703] vlan0: entered promiscuous mode [ 173.707016][ T6709] netlink: 'syz.2.224': attribute type 25 has an invalid length. [ 173.765098][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 173.824102][ T6711] netlink: 12 bytes leftover after parsing attributes in process `syz.1.225'. [ 173.876183][ T6711] netlink: 48 bytes leftover after parsing attributes in process `syz.1.225'. [ 173.940784][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 173.963055][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 174.000243][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 200 [ 174.033324][ T24] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 174.045782][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.070773][ T24] usb 4-1: Product: syz [ 174.086676][ T24] usb 4-1: Manufacturer: syz [ 174.092905][ T24] usb 4-1: SerialNumber: syz [ 174.138205][ T24] usb 4-1: config 0 descriptor?? [ 174.165999][ T6707] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 174.189910][ T24] ums-isd200 4-1:0.0: USB Mass Storage device detected [ 174.300812][ T6723] capability: warning: `syz.2.230' uses 32-bit capabilities (legacy support in use) [ 174.429714][ T24] scsi host1: usb-storage 4-1:0.0 [ 174.489072][ T24] usb 4-1: USB disconnect, device number 7 [ 174.504108][ T6726] loop0: detected capacity change from 0 to 2048 [ 174.569989][ T5847] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 174.598774][ T6731] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 174.657239][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.500166][ T6760] xt_hashlimit: size too large, truncated to 1048576 [ 177.200150][ T6772] loop2: detected capacity change from 0 to 512 [ 178.863477][ T6758] loop0: detected capacity change from 0 to 32768 [ 179.054900][ T6758] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 179.833676][ T6758] XFS (loop0): Ending clean mount [ 179.983894][ T6758] XFS (loop0): Quotacheck needed: Please wait. [ 180.242309][ T6805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.253'. [ 180.682100][ T6805] nbd: socks must be embedded in a SOCK_ITEM attr [ 182.285981][ T6758] XFS (loop0): Quotacheck: Done. [ 184.045066][ T5838] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 184.115283][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 184.144276][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 184.754368][ T6836] xt_hashlimit: size too large, truncated to 1048576 [ 185.492509][ T29] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 185.952217][ T6849] loop2: detected capacity change from 0 to 512 [ 186.040413][ T29] usb 5-1: config 0 has an invalid interface number: 69 but max is 0 [ 186.099369][ T29] usb 5-1: config 0 has no interface number 0 [ 186.108431][ T6849] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.167131][ T29] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 186.235143][ T6849] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.267581][ T29] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 186.313695][ T29] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 186.330667][ T6851] loop0: detected capacity change from 0 to 4096 [ 186.339313][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.350155][ T29] usb 5-1: Product: syz [ 186.365080][ T29] usb 5-1: Manufacturer: syz [ 186.411366][ T29] usb 5-1: SerialNumber: syz [ 186.477881][ T29] usb 5-1: config 0 descriptor?? [ 186.630062][ T6851] ntfs3(loop0): ino=3, Correct links count -> 2. [ 186.692196][ T6831] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 186.710705][ T29] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 186.739731][ T29] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 187.224828][ T6854] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 187.491421][ T29] usb 5-1: USB disconnect, device number 2 [ 187.548784][ T29] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 187.576311][ T29] cyberjack 5-1:0.69: device disconnected [ 187.987180][ T6872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'. [ 188.034249][ T6875] loop3: detected capacity change from 0 to 1024 [ 188.063882][ T6875] EXT4-fs (loop3): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 188.172641][ T6872] nbd: socks must be embedded in a SOCK_ITEM attr [ 188.204765][ T6880] loop4: detected capacity change from 0 to 256 [ 188.225630][ T6875] EXT4-fs error (device loop3): ext4_map_blocks:789: inode #3: block 2: comm syz.3.276: lblock 2 mapped to illegal pblock 2 (length 1) [ 188.254343][ T6880] exfat: Deprecated parameter 'utf8' [ 188.303730][ T6880] exfat: Deprecated parameter 'namecase' [ 188.324852][ T6875] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 188.338846][ T6875] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 188.348052][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 188.348118][ C1] EXT4-fs (loop3): initial error at time 1775102548: ext4_map_blocks:789: inode 3: block 2 [ 188.348144][ C1] EXT4-fs (loop3): last error at time 1775102548: ext4_map_blocks:789: inode 3: block 2 [ 188.355318][ T6880] exfat: Deprecated parameter 'namecase' [ 188.401367][ T6875] EXT4-fs error (device loop3): ext4_map_blocks:789: inode #3: block 48: comm syz.3.276: lblock 0 mapped to illegal pblock 48 (length 1) [ 188.449939][ T6875] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 188.450345][ T6875] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 188.485386][ T6880] exfat: Deprecated parameter 'utf8' [ 188.519431][ T6875] EXT4-fs error (device loop3): ext4_acquire_dquot:7026: comm syz.3.276: Failed to acquire dquot type 0 [ 188.548739][ T6875] loop3: lost filesystem error report for type 5 error -117 [ 188.551934][ T6875] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6294: Corrupt filesystem [ 188.623606][ T6875] loop3: lost filesystem error report for type 5 error -117 [ 188.650219][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 188.655846][ T6880] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 188.659024][ T6875] EXT4-fs error (device loop3): ext4_evict_inode:265: inode #11: comm syz.3.276: mark_inode_dirty error [ 188.697780][ T6880] exFAT-fs (loop4): failed to test first cluster bit of root dir(5) [ 188.709273][ T6875] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 188.709612][ T6875] EXT4-fs warning (device loop3): ext4_evict_inode:268: couldn't mark inode dirty (err -117) [ 188.735197][ T6875] EXT4-fs (loop3): 1 orphan inode deleted [ 188.744415][ T6875] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.760862][ T13] EXT4-fs error (device loop3): ext4_map_blocks:789: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 188.779655][ T13] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 188.784110][ T13] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 188.805606][ T13] EXT4-fs error (device loop3): ext4_release_dquot:7062: comm kworker/u8:1: Failed to release dquot type 0 [ 188.960776][ T6875] EXT4-fs error (device loop3): __ext4_get_inode_loc:4800: comm syz.3.276: Invalid inode table block 1 in block_group 0 [ 189.103806][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.153478][ T5840] EXT4-fs error (device loop3): __ext4_get_inode_loc:4800: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 189.255853][ T6890] loop4: detected capacity change from 0 to 32768 [ 189.293300][ T5837] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.318553][ T5840] loop3: lost filesystem error report for type 5 error -117 [ 189.327647][ T5840] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6294: Corrupt filesystem [ 189.500240][ T5840] loop3: lost filesystem error report for type 5 error -117 [ 189.500591][ T5840] EXT4-fs error (device loop3): ext4_quota_off:7310: inode #3: comm syz-executor: mark_inode_dirty error [ 189.660468][ T5840] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 190.135142][ T5984] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 190.405028][ T5984] usb 1-1: Using ep0 maxpacket: 32 [ 190.422753][ T5984] usb 1-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 190.435566][ T5984] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.443639][ T5984] usb 1-1: Product: syz [ 190.449543][ T5984] usb 1-1: Manufacturer: syz [ 190.454247][ T5984] usb 1-1: SerialNumber: syz [ 191.231973][ T5984] usb 1-1: config 0 descriptor?? [ 191.271142][ T5984] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 191.280126][ T5984] dvb-usb: bulk message failed: -22 (4/0) [ 191.289017][ T5984] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 191.307745][ T5984] dvb-usb: bulk message failed: -22 (5/0) [ 191.344045][ T5984] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 191.406910][ T6904] loop3: detected capacity change from 0 to 1024 [ 191.411472][ T6906] loop4: detected capacity change from 0 to 164 [ 191.478984][ T5984] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 191.498120][ T6906] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 191.521299][ T6892] dvb-usb: bulk message failed: -22 (7/0) [ 191.538184][ T5984] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 191.567103][ T6892] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0) [ 191.588308][ T5984] usb 1-1: media controller created [ 191.599290][ T6098] hfsplus: b-tree write err: -5, ino 25 [ 191.600350][ T6892] ttusb2: i2c transfer failed. [ 191.633666][ T6098] hfsplus: b-tree write err: -5, ino 4 [ 191.652441][ T6098] hfsplus: b-tree write err: -5, ino 2 [ 191.680592][ T5984] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 191.830231][ T6910] loop4: detected capacity change from 0 to 256 [ 191.848520][ T6914] loop3: detected capacity change from 0 to 16 [ 191.882593][ T6910] exfat: Deprecated parameter 'utf8' [ 191.889916][ T5984] usb 1-1: selecting invalid altsetting 3 [ 191.907490][ T5984] ttusb2: set interface to alts=3 failed [ 191.918481][ T6910] exfat: Deprecated parameter 'namecase' [ 191.919102][ T6914] erofs (device loop3): mounted with root inode @ nid 36. [ 191.928200][ T6910] exfat: Deprecated parameter 'namecase' [ 192.021910][ T6910] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0x9974f712, utbl_chksum : 0xe619d30d) [ 192.074698][ T5984] DVB: Unable to find symbol tda10086_attach() [ 192.095710][ T5984] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 192.121018][ T5984] dvb-usb: bulk message failed: -22 (4/0) [ 192.133378][ T5984] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 192.179213][ T5984] dvb-usb: bulk message failed: -22 (5/0) [ 192.182243][ T6920] loop2: detected capacity change from 0 to 64 [ 192.203879][ T5984] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 192.267816][ T5984] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 192.341510][ T5984] usb 1-1: USB disconnect, device number 3 [ 193.422943][ T5984] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 194.587082][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.700952][ T6952] netlink: 4 bytes leftover after parsing attributes in process `syz.3.301'. [ 194.759395][ T6950] loop4: detected capacity change from 0 to 256 [ 194.782957][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.924340][ T6946] loop2: detected capacity change from 0 to 2048 [ 195.242644][ T6952] nbd: socks must be embedded in a SOCK_ITEM attr [ 195.507084][ T6950] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 196.858594][ T6946] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.875914][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 197.093439][ T6946] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.373259][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 198.288574][ T5837] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.302378][ T6960] loop4: detected capacity change from 0 to 1024 [ 198.392070][ T6960] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 198.409125][ T6960] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.444885][ T6960] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.304: bg 0: block 112: padding at end of block bitmap is not set [ 198.803452][ T5844] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 199.736328][ T5844] usb 1-1: Using ep0 maxpacket: 8 [ 199.779202][ T5844] usb 1-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 199.795933][ T6973] loop2: detected capacity change from 0 to 32768 [ 199.808768][ T5844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.866781][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 199.910087][ T5844] usb 1-1: config 0 descriptor?? [ 199.970589][ T5844] uvcvideo 1-1:0.0: probe with driver uvcvideo failed with error -22 [ 200.507817][ T5984] usb 1-1: USB disconnect, device number 4 [ 201.002290][ T6987] loop4: detected capacity change from 0 to 512 [ 201.029527][ T6987] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 201.113406][ T6987] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 201.188690][ T6987] EXT4-fs (loop4): 1 truncate cleaned up [ 201.206151][ T6987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.232967][ T6992] loop0: detected capacity change from 0 to 256 [ 201.262562][ T30] audit: type=1800 audit(1775102561.657:6): pid=6987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.312" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 201.289241][ T6992] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012c80, chksum : 0x8ff561f5, utbl_chksum : 0xe619d30d) [ 201.336913][ T6992] exFAT-fs (loop0): start_clu is invalid cluster(0xffffffff) [ 201.361861][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.556599][ T6999] Driver unsupported XDP return value 0 on prog (id 14) dev N/A, expect packet loss! [ 202.045903][ T7010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.319'. [ 202.723418][ T7010] nbd: socks must be embedded in a SOCK_ITEM attr [ 203.024588][ T5978] block nbd64: NBD_DISCONNECT [ 203.392970][ T7022] loop3: detected capacity change from 0 to 512 [ 203.427448][ T7014] loop2: detected capacity change from 0 to 4096 [ 203.431211][ T7022] EXT4-fs: Ignoring removed nomblk_io_submit option [ 203.487239][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 203.548916][ T7014] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 203.602890][ T7022] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.620233][ T7020] loop4: detected capacity change from 0 to 4096 [ 203.705356][ T7022] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.800679][ T7020] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 203.817864][ T7022] EXT4-fs warning (device loop3): verify_group_input:156: Last group not full [ 203.980589][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.435618][ T5957] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 204.472790][ T7032] loop2: detected capacity change from 0 to 64 [ 204.605114][ T5957] usb 4-1: Using ep0 maxpacket: 16 [ 204.622028][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.657733][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 204.680123][ T5957] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 204.697799][ T5957] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 204.714649][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.766440][ T5957] usb 4-1: config 0 descriptor?? [ 204.904389][ T7038] loop4: detected capacity change from 0 to 256 [ 204.955745][ T7038] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 205.004235][ T7037] loop2: detected capacity change from 0 to 4096 [ 205.099010][ T7041] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 205.317330][ T7045] loop4: detected capacity change from 0 to 736 [ 205.403551][ T5957] microsoft 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 205.438576][ T7047] loop2: detected capacity change from 0 to 256 [ 205.451276][ T5957] microsoft 0003:045E:07DA.0001: no inputs found [ 205.469527][ T5957] microsoft 0003:045E:07DA.0001: could not initialize ff, continuing anyway [ 205.552430][ T5957] usb 4-1: USB disconnect, device number 8 [ 205.776731][ T7048] fido_id[7048]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 205.874427][ T7050] loop4: detected capacity change from 0 to 4096 [ 205.902588][ T7050] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 206.594415][ T7040] loop0: detected capacity change from 0 to 32768 [ 206.818916][ T7040] XFS (loop0): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 206.897789][ T5857] Bluetooth: hci0: command 0x0406 tx timeout [ 206.903930][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 206.910107][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 207.007984][ T7069] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 207.195227][ T7040] XFS (loop0): Starting recovery (logdev: internal) [ 207.604680][ T7040] XFS (loop0): Ending recovery (logdev: internal) [ 209.548101][ T5838] XFS (loop0): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 209.653485][ T7083] netlink: 12 bytes leftover after parsing attributes in process `syz.1.342'. [ 209.695085][ T5846] Bluetooth: hci4: command 0x2016 tx timeout [ 210.301050][ T7085] set_capacity_and_notify: 1 callbacks suppressed [ 210.301070][ T7085] loop2: detected capacity change from 0 to 256 [ 210.779979][ T7093] loop4: detected capacity change from 0 to 256 [ 210.804756][ T7093] exfat: Deprecated parameter 'utf8' [ 211.047852][ T7093] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 211.060304][ T30] audit: type=1326 audit(1775102571.417:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 211.480756][ T30] audit: type=1326 audit(1775102571.417:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 211.701982][ T30] audit: type=1326 audit(1775102571.417:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 211.775052][ T5846] Bluetooth: hci4: command 0x2016 tx timeout [ 211.782631][ T30] audit: type=1326 audit(1775102571.427:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 211.895178][ T30] audit: type=1326 audit(1775102571.427:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 212.130003][ T30] audit: type=1326 audit(1775102571.427:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 212.137881][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 212.154768][ T30] audit: type=1326 audit(1775102571.427:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 212.192169][ T30] audit: type=1326 audit(1775102571.427:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 212.664552][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 212.742043][ T10] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 38, changing to 9 [ 212.799144][ T7108] loop4: detected capacity change from 0 to 512 [ 212.822525][ T10] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x2 has an invalid bInterval 17, changing to 8 [ 212.902803][ T30] audit: type=1326 audit(1775102571.427:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 212.968927][ T30] audit: type=1326 audit(1775102571.427:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.3.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 212.997326][ T7108] EXT4-fs: inline encryption not supported [ 213.023548][ T7108] EXT4-fs: Ignoring removed i_version option [ 213.032269][ T10] usb 4-1: config 0 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 8 [ 213.046739][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 213.053437][ T10] usb 4-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 213.063677][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.089074][ T10] usb 4-1: config 0 descriptor?? [ 213.697741][ T7108] EXT4-fs (loop4): 1 orphan inode deleted [ 213.732816][ T7108] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.965295][ T5853] Bluetooth: hci0: connection err: -111 [ 214.016652][ T7124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.356'. [ 215.230477][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.550591][ T7124] nbd: socks must be embedded in a SOCK_ITEM attr [ 216.731663][ T10] logitech 0003:046D:C50C.0002: ignoring exceeding usage max [ 218.205249][ T10] logitech 0003:046D:C50C.0002: collection stack underflow [ 218.213772][ T10] logitech 0003:046D:C50C.0002: item 0 4 0 12 parsing failed [ 218.222029][ T10] logitech 0003:046D:C50C.0002: parse failed [ 218.228385][ T10] logitech 0003:046D:C50C.0002: probe with driver logitech failed with error -22 [ 218.231679][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 218.245869][ T10] usb 4-1: USB disconnect, device number 9 [ 218.283559][ T7137] netlink: 4 bytes leftover after parsing attributes in process `syz.4.359'. [ 218.294270][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 218.294290][ T30] audit: type=1326 audit(1775102578.047:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.330961][ T7137] netlink: 4 bytes leftover after parsing attributes in process `syz.4.359'. [ 218.340781][ T30] audit: type=1326 audit(1775102578.047:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.365761][ T30] audit: type=1326 audit(1775102578.047:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.391399][ T30] audit: type=1326 audit(1775102578.047:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.410531][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 218.431036][ T30] audit: type=1326 audit(1775102578.047:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.482187][ T30] audit: type=1326 audit(1775102578.057:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.586700][ T30] audit: type=1326 audit(1775102578.057:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.654594][ T7143] loop0: detected capacity change from 0 to 24 [ 218.678770][ T30] audit: type=1326 audit(1775102578.057:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.684534][ T7143] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 218.786763][ T7143] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 218.923127][ T30] audit: type=1326 audit(1775102578.057:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 218.958959][ T30] audit: type=1326 audit(1775102578.057:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9679c819 code=0x7ffc0000 [ 219.761354][ T7156] loop3: detected capacity change from 0 to 256 [ 219.769348][ T7156] exfat: Deprecated parameter 'namecase' [ 219.788820][ T7156] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x544194fd, utbl_chksum : 0xe619d30d) [ 221.110558][ T7171] loop0: detected capacity change from 0 to 512 [ 221.187372][ T7171] EXT4-fs error (device loop0): ext4_iget_extra_inode:5043: inode #15: comm syz.0.372: corrupted in-inode xattr: invalid ea_ino [ 221.231524][ T7171] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 221.232744][ T7171] EXT4-fs (loop0): Remounting filesystem read-only [ 221.242216][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 221.242243][ C1] EXT4-fs (loop0): initial error at time 1775102581: ext4_iget_extra_inode:5043: inode 15 [ 221.242278][ C1] EXT4-fs (loop0): last error at time 1775102581: ext4_iget_extra_inode:5043: inode 15 [ 221.329344][ T7171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.555281][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.677979][ T5853] Bluetooth: hci0: connection err: -111 [ 221.767247][ T7182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.375'. [ 222.195370][ T7182] nbd: socks must be embedded in a SOCK_ITEM attr [ 225.138903][ T7190] loop3: detected capacity change from 0 to 8 [ 225.219896][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 225.272183][ T7188] loop0: detected capacity change from 0 to 4096 [ 225.332462][ T7192] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 225.367432][ T6926] udevd[6926]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 227.068442][ T7220] loop4: detected capacity change from 0 to 1024 [ 227.248317][ T5844] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 227.424741][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 227.436696][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 227.436732][ T5853] Tainted: [L]=SOFTLOCKUP [ 227.436741][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 227.436755][ T5853] Workqueue: hci3 hci_rx_work [ 227.436785][ T5853] Call Trace: [ 227.436795][ T5853] [ 227.436805][ T5853] dump_stack_lvl+0xe8/0x150 [ 227.436838][ T5853] sysfs_create_dir_ns+0x271/0x2a0 [ 227.436867][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 227.436899][ T5853] ? do_raw_spin_unlock+0xf5/0x210 [ 227.436932][ T5853] kobject_add_internal+0x62b/0xd00 [ 227.436976][ T5853] kobject_add+0x163/0x240 [ 227.437015][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 227.437048][ T5853] ? _raw_spin_unlock+0x3f/0x50 [ 227.437093][ T5853] ? get_device_parent+0x366/0x3a0 [ 227.437124][ T5853] device_add+0x408/0xb70 [ 227.437151][ T5853] hci_conn_add_sysfs+0xd5/0x210 [ 227.437188][ T5853] le_conn_complete_evt+0x10e6/0x16b0 [ 227.437229][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 227.437255][ T5853] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 227.437293][ T5853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 227.437320][ T5853] ? skb_pull_data+0xfb/0x200 [ 227.437356][ T5853] hci_le_conn_complete_evt+0x187/0x470 [ 227.437393][ T5853] hci_event_packet+0x659/0xef0 [ 227.437425][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 227.437449][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 227.437478][ T5853] ? kcov_remote_start+0x49a/0x7a0 [ 227.437508][ T5853] ? hci_send_to_monitor+0xe2/0x590 [ 227.437541][ T5853] hci_rx_work+0x3ee/0x1040 [ 227.437573][ T5853] ? process_scheduled_works+0xa70/0x1860 [ 227.437608][ T5853] process_scheduled_works+0xb5d/0x1860 [ 227.437677][ T5853] ? __pfx_process_scheduled_works+0x10/0x10 [ 227.437717][ T5853] ? assign_work+0x3d5/0x5e0 [ 227.437755][ T5853] worker_thread+0xa53/0xfc0 [ 227.437821][ T5853] kthread+0x388/0x470 [ 227.437847][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 227.437875][ T5853] ? __pfx_kthread+0x10/0x10 [ 227.437902][ T5853] ret_from_fork+0x514/0xb70 [ 227.437938][ T5853] ? __pfx_ret_from_fork+0x10/0x10 [ 227.437969][ T5853] ? __switch_to+0xc79/0x1410 [ 227.437999][ T5853] ? __pfx_kthread+0x10/0x10 [ 227.438026][ T5853] ret_from_fork_asm+0x1a/0x30 [ 227.438077][ T5853] [ 227.438316][ T5853] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 227.685504][ T5844] usb 1-1: Using ep0 maxpacket: 16 [ 227.720933][ T7227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.392'. [ 227.760205][ T5853] Bluetooth: hci3: failed to register connection device [ 227.856294][ T5844] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 227.967154][ T5844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.168582][ T7227] nbd: socks must be embedded in a SOCK_ITEM attr [ 228.655110][ T5844] usb 1-1: config 0 descriptor?? [ 228.923819][ T5996] hfsplus: b-tree write err: -5, ino 25 [ 229.097228][ T5996] hfsplus: b-tree write err: -5, ino 4 [ 229.290082][ T5996] hfsplus: b-tree write err: -5, ino 2 [ 229.407797][ T5996] hfsplus: b-tree write err: -5, ino 20 [ 229.543569][ T5844] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 229.786682][ T5846] Bluetooth: hci3: command 0x0406 tx timeout [ 230.191997][ T5844] gspca_sonixj: reg_w1 err -71 [ 230.299577][ T5844] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 230.737020][ T5844] usb 1-1: USB disconnect, device number 5 [ 230.875918][ T6926] udevd[6926]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 230.912640][ T6926] udevd[6926]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 231.097513][ T7242] random: crng reseeded on system resumption [ 231.122821][ T7244] loop0: detected capacity change from 0 to 256 [ 231.192705][ T7244] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 231.361060][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 231.361082][ T30] audit: type=1800 audit(1775102591.647:53): pid=7244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.397" name="bus" dev="loop0" ino=1048617 res=0 errno=0 [ 231.862444][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 232.061783][ T30] audit: type=1326 audit(1775102592.457:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.2.408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f4d99c819 code=0x0 [ 232.096500][ T7267] loop4: detected capacity change from 0 to 512 [ 232.118001][ T7267] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 232.135181][ T7267] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 232.143527][ T7267] System zones: 0-1, 15-15, 18-18, 34-34 [ 232.150610][ T7267] EXT4-fs (loop4): orphan cleanup on readonly fs [ 232.159580][ T7267] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 232.171983][ T7267] EXT4-fs warning (device loop4): ext4_enable_quotas:7261: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 232.188287][ T7267] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 232.198706][ T7267] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.407: bad orphan inode 16 [ 232.209373][ T7267] loop4: lost filesystem error report for type 5 error -117 [ 232.212563][ T7267] ext4_test_bit(bit=15, block=18) = 1 [ 232.220168][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 232.220192][ C0] EXT4-fs (loop4): initial error at time 1775102592: ext4_orphan_get:1423 [ 232.220218][ C0] EXT4-fs (loop4): last error at time 1775102592: ext4_orphan_get:1423 [ 232.249361][ T7267] is_bad_inode(inode)=0 [ 232.253559][ T7267] NEXT_ORPHAN(inode)=0 [ 232.257950][ T7267] max_ino=32 [ 232.261243][ T7267] i_nlink=2 [ 232.267061][ T7267] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 232.288077][ T7267] fscrypt (loop4, inode 16): Error -61 getting encryption context [ 232.326148][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.435286][ T5941] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 232.596521][ T5941] usb 4-1: Using ep0 maxpacket: 32 [ 232.615107][ T5941] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 232.636887][ T5941] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 232.650688][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 232.662135][ T5847] Bluetooth: hci4: command 0x2016 tx timeout [ 232.668800][ T5941] usb 4-1: Product: syz [ 232.668823][ T5941] usb 4-1: Manufacturer: syz [ 232.668840][ T5941] usb 4-1: SerialNumber: syz [ 232.685834][ T5941] usb 4-1: config 0 descriptor?? [ 232.710405][ T7274] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 232.732237][ T5941] hub 4-1:0.0: bad descriptor, ignoring hub [ 232.758622][ T5941] hub 4-1:0.0: probe with driver hub failed with error -5 [ 233.014136][ T5847] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 233.024035][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 233.024071][ T5847] Tainted: [L]=SOFTLOCKUP [ 233.024079][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 233.024093][ T5847] Workqueue: hci4 hci_rx_work [ 233.024122][ T5847] Call Trace: [ 233.024133][ T5847] [ 233.024142][ T5847] dump_stack_lvl+0xe8/0x150 [ 233.024180][ T5847] sysfs_create_dir_ns+0x271/0x2a0 [ 233.024213][ T5847] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 233.024245][ T5847] ? do_raw_spin_unlock+0xf5/0x210 [ 233.024277][ T5847] kobject_add_internal+0x62b/0xd00 [ 233.024321][ T5847] kobject_add+0x163/0x240 [ 233.024359][ T5847] ? __pfx_kobject_add+0x10/0x10 [ 233.024393][ T5847] ? _raw_spin_unlock+0x3f/0x50 [ 233.024423][ T5847] ? get_device_parent+0x366/0x3a0 [ 233.024453][ T5847] device_add+0x408/0xb70 [ 233.024481][ T5847] hci_conn_add_sysfs+0xd5/0x210 [ 233.024518][ T5847] le_conn_complete_evt+0x10e6/0x16b0 [ 233.024559][ T5847] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 233.024584][ T5847] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 233.024622][ T5847] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 233.024650][ T5847] ? skb_pull_data+0xfb/0x200 [ 233.024691][ T5847] hci_le_conn_complete_evt+0x187/0x470 [ 233.024727][ T5847] hci_event_packet+0x659/0xef0 [ 233.024759][ T5847] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 233.024785][ T5847] ? __pfx_hci_event_packet+0x10/0x10 [ 233.024813][ T5847] ? kcov_remote_start+0x49a/0x7a0 [ 233.024843][ T5847] ? hci_send_to_monitor+0xe2/0x590 [ 233.024876][ T5847] hci_rx_work+0x3ee/0x1040 [ 233.024902][ T5847] ? preempt_schedule_thunk+0x16/0x30 [ 233.024931][ T5847] ? process_scheduled_works+0xa70/0x1860 [ 233.024972][ T5847] process_scheduled_works+0xb5d/0x1860 [ 233.025042][ T5847] ? __pfx_process_scheduled_works+0x10/0x10 [ 233.025082][ T5847] ? assign_work+0x3d5/0x5e0 [ 233.025121][ T5847] worker_thread+0xa53/0xfc0 [ 233.025186][ T5847] kthread+0x388/0x470 [ 233.025211][ T5847] ? __pfx_worker_thread+0x10/0x10 [ 233.025240][ T5847] ? __pfx_kthread+0x10/0x10 [ 233.025267][ T5847] ret_from_fork+0x514/0xb70 [ 233.025303][ T5847] ? __pfx_ret_from_fork+0x10/0x10 [ 233.025334][ T5847] ? __switch_to+0xc79/0x1410 [ 233.025366][ T5847] ? __pfx_kthread+0x10/0x10 [ 233.025393][ T5847] ret_from_fork_asm+0x1a/0x30 [ 233.025435][ T5847] [ 233.280314][ T7288] netlink: 4 bytes leftover after parsing attributes in process `syz.4.415'. [ 233.520841][ T5847] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 233.549529][ T5847] Bluetooth: hci4: failed to register connection device [ 234.434704][ T7288] nbd: socks must be embedded in a SOCK_ITEM attr [ 234.952682][ T5844] usb 4-1: USB disconnect, device number 10 [ 235.334244][ T6925] udevd[6925]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 235.366199][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 235.775364][ T5853] Bluetooth: hci4: command 0x2016 tx timeout [ 236.983676][ T7296] loop2: detected capacity change from 0 to 32768 [ 237.251507][ T7296] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 237.276164][ T5844] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 237.548238][ T5844] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.556769][ T7296] XFS (loop2): Ending clean mount [ 237.591104][ T5844] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 237.604236][ T7296] XFS (loop2): Quotacheck needed: Please wait. [ 237.616899][ T5844] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 237.643813][ T5844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.683342][ T5844] usb 1-1: config 0 descriptor?? [ 237.712711][ T5844] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 237.736596][ T5844] dvb-usb: bulk message failed: -22 (3/0) [ 237.762795][ T7296] XFS (loop2): Quotacheck: Done. [ 237.823436][ T5844] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 237.857485][ T5844] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 237.876266][ T5844] usb 1-1: media controller created [ 237.905196][ T5844] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 237.917272][ T7320] dvb-usb: bulk message failed: -22 (2/0) [ 237.960815][ T5837] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 238.165754][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 238.178559][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 238.178595][ T5853] Tainted: [L]=SOFTLOCKUP [ 238.178608][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 238.178622][ T5853] Workqueue: hci4 hci_rx_work [ 238.178652][ T5853] Call Trace: [ 238.178661][ T5853] [ 238.178680][ T5853] dump_stack_lvl+0xe8/0x150 [ 238.178719][ T5853] sysfs_create_dir_ns+0x271/0x2a0 [ 238.178753][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 238.178784][ T5853] ? do_raw_spin_unlock+0xf5/0x210 [ 238.178817][ T5853] kobject_add_internal+0x62b/0xd00 [ 238.178861][ T5853] kobject_add+0x163/0x240 [ 238.178899][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 238.178931][ T5853] ? _raw_spin_unlock+0x3f/0x50 [ 238.178961][ T5853] ? get_device_parent+0x366/0x3a0 [ 238.178990][ T5853] device_add+0x408/0xb70 [ 238.179018][ T5853] hci_conn_add_sysfs+0xd5/0x210 [ 238.179056][ T5853] le_conn_complete_evt+0x10e6/0x16b0 [ 238.179097][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 238.179123][ T5853] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 238.179160][ T5853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 238.179188][ T5853] ? skb_pull_data+0xfb/0x200 [ 238.179224][ T5853] hci_le_conn_complete_evt+0x187/0x470 [ 238.179260][ T5853] hci_event_packet+0x659/0xef0 [ 238.179293][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 238.179318][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 238.179346][ T5853] ? kcov_remote_start+0x49a/0x7a0 [ 238.179376][ T5853] ? hci_send_to_monitor+0xe2/0x590 [ 238.179409][ T5853] hci_rx_work+0x3ee/0x1040 [ 238.179434][ T5853] ? preempt_schedule_thunk+0x16/0x30 [ 238.179464][ T5853] ? process_scheduled_works+0xa70/0x1860 [ 238.179498][ T5853] process_scheduled_works+0xb5d/0x1860 [ 238.179566][ T5853] ? __pfx_process_scheduled_works+0x10/0x10 [ 238.179607][ T5853] ? assign_work+0x3d5/0x5e0 [ 238.179645][ T5853] worker_thread+0xa53/0xfc0 [ 238.179719][ T5853] kthread+0x388/0x470 [ 238.179744][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 238.179772][ T5853] ? __pfx_kthread+0x10/0x10 [ 238.179799][ T5853] ret_from_fork+0x514/0xb70 [ 238.179835][ T5853] ? __pfx_ret_from_fork+0x10/0x10 [ 238.179866][ T5853] ? __switch_to+0xc79/0x1410 [ 238.179897][ T5853] ? __pfx_kthread+0x10/0x10 [ 238.179924][ T5853] ret_from_fork_asm+0x1a/0x30 [ 238.179967][ T5853] [ 238.180081][ T5853] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 238.469544][ T5853] Bluetooth: hci4: failed to register connection device [ 238.477196][ T5853] Bluetooth: hci4: command 0x2016 tx timeout [ 238.516793][ T5844] dvb-usb: bulk message failed: -22 (6/0) [ 238.524282][ T5844] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 238.535446][ T5844] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6 [ 238.556426][ T7345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.433'. [ 238.842222][ T7345] nbd: socks must be embedded in a SOCK_ITEM attr [ 239.930811][ T5844] dvb-usb: schedule remote query interval to 150 msecs. [ 240.136267][ T5844] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 240.502533][ T55] dvb-usb: bulk message failed: -22 (1/0) [ 240.575531][ T5853] Bluetooth: hci4: command 0x2016 tx timeout [ 240.776283][ T55] dvb-usb: error while querying for an remote control event. [ 240.826683][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 241.335064][ T5844] usb 1-1: USB disconnect, device number 6 [ 241.397466][ T55] dvb-usb: bulk message failed: -22 (1/0) [ 241.585322][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 241.596060][ T55] dvb-usb: error while querying for an remote control event. [ 241.864472][ T5844] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 242.655635][ T5853] Bluetooth: hci4: command 0x2016 tx timeout [ 242.750975][ T7354] loop0: detected capacity change from 0 to 32768 [ 242.845043][ T5844] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 243.007509][ T5844] usb 4-1: unable to get BOS descriptor or descriptor too short [ 243.110612][ T5844] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 243.184744][ T7358] loop2: detected capacity change from 0 to 40427 [ 243.217503][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.226858][ T5844] usb 4-1: Product: syz [ 243.231322][ T5844] usb 4-1: Manufacturer: syz [ 243.236728][ T5844] usb 4-1: SerialNumber: syz [ 243.320017][ T7354] JBD2: Ignoring recovery information on journal [ 243.450538][ T7358] F2FS-fs (loop2): invalid crc value [ 243.511552][ T5844] usb 4-1: unit 5 not found! [ 243.522794][ T5844] usb 4-1: unit 3 not found! [ 243.584888][ T7354] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 243.738196][ T7354] OCFS2: ERROR (device loop0): int ocfs2_xattr_find_entry(struct inode *, int, const char *, struct ocfs2_xattr_search *): corrupted xattr entries [ 243.738274][ T7354] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 243.808837][ T7354] OCFS2: File system is now read-only. [ 243.918445][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 243.928211][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 243.928247][ T5853] Tainted: [L]=SOFTLOCKUP [ 243.928255][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 243.928268][ T5853] Workqueue: hci4 hci_rx_work [ 243.928296][ T5853] Call Trace: [ 243.928307][ T5853] [ 243.928318][ T5853] dump_stack_lvl+0xe8/0x150 [ 243.928354][ T5853] sysfs_create_dir_ns+0x271/0x2a0 [ 243.928387][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 243.928421][ T5853] ? do_raw_spin_unlock+0xf5/0x210 [ 243.928451][ T5853] kobject_add_internal+0x62b/0xd00 [ 243.928494][ T5853] kobject_add+0x163/0x240 [ 243.928530][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 243.928561][ T5853] ? _raw_spin_unlock+0x28/0x50 [ 243.928589][ T5853] ? get_device_parent+0x366/0x3a0 [ 243.928616][ T5853] device_add+0x408/0xb70 [ 243.928642][ T5853] hci_conn_add_sysfs+0xd5/0x210 [ 243.928677][ T5853] le_conn_complete_evt+0x10e6/0x16b0 [ 243.928717][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 243.928743][ T5853] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 243.928780][ T5853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 243.928809][ T5853] ? skb_pull_data+0xfb/0x200 [ 243.928844][ T5853] hci_le_conn_complete_evt+0x187/0x470 [ 243.928882][ T5853] hci_event_packet+0x659/0xef0 [ 243.928914][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 243.928948][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 243.928983][ T5853] ? hci_send_to_monitor+0xe2/0x590 [ 243.929016][ T5853] hci_rx_work+0x3ee/0x1040 [ 243.929054][ T5853] ? process_scheduled_works+0xa70/0x1860 [ 243.929089][ T5853] process_scheduled_works+0xb5d/0x1860 [ 243.929156][ T5853] ? __pfx_process_scheduled_works+0x10/0x10 [ 243.929196][ T5853] ? assign_work+0x3d5/0x5e0 [ 243.929235][ T5853] worker_thread+0xa53/0xfc0 [ 243.929301][ T5853] kthread+0x388/0x470 [ 243.929328][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 243.929357][ T5853] ? __pfx_kthread+0x10/0x10 [ 243.929384][ T5853] ret_from_fork+0x514/0xb70 [ 243.929421][ T5853] ? __pfx_ret_from_fork+0x10/0x10 [ 243.929452][ T5853] ? __switch_to+0xc79/0x1410 [ 243.929483][ T5853] ? __pfx_kthread+0x10/0x10 [ 243.929510][ T5853] ret_from_fork_asm+0x1a/0x30 [ 243.929553][ T5853] [ 243.929763][ T5853] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 244.195540][ T7387] netlink: 4 bytes leftover after parsing attributes in process `syz.4.449'. [ 244.213502][ T5853] Bluetooth: hci4: failed to register connection device [ 244.753417][ T7387] nbd: socks must be embedded in a SOCK_ITEM attr [ 246.304740][ T5844] snd-usb-us122l 4-1:1.1: usb_set_interface error [ 246.464061][ T5853] Bluetooth: hci4: command 0x2016 tx timeout [ 246.485829][ T7358] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 246.495702][ T5844] snd-usb-us122l 4-1:1.1: probe with driver snd-usb-us122l failed with error -22 [ 247.002061][ T7358] F2FS-fs (loop2): Start checkpoint disabled! [ 247.409745][ T5844] usb 4-1: USB disconnect, device number 12 [ 247.585608][ T7358] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 247.602393][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 247.623523][ T5838] ocfs2: Unmounting device (7,0) on (node local) [ 247.669726][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 247.780312][ T7401] bridge_slave_1: vlans aren't supported yet for dev_uc|mc_add() [ 248.240402][ T7416] netlink: 'syz.1.460': attribute type 1 has an invalid length. [ 248.262183][ T7416] netlink: 96 bytes leftover after parsing attributes in process `syz.1.460'. [ 248.292678][ T7416] netlink: 'syz.1.460': attribute type 1 has an invalid length. [ 248.325195][ T7416] netlink: 638 bytes leftover after parsing attributes in process `syz.1.460'. [ 248.368756][ T7416] netlink: 1 bytes leftover after parsing attributes in process `syz.1.460'. [ 248.495143][ T5853] Bluetooth: hci4: command 0x2016 tx timeout [ 248.706024][ T7424] netlink: 'syz.4.462': attribute type 2 has an invalid length. [ 248.889934][ T5847] Bluetooth: hci4: unexpected event for opcode 0x1001 [ 249.421726][ T7442] loop3: detected capacity change from 0 to 512 [ 249.494706][ T5847] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 249.504548][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 249.504583][ T5847] Tainted: [L]=SOFTLOCKUP [ 249.504591][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 249.504603][ T5847] Workqueue: hci4 hci_rx_work [ 249.504632][ T5847] Call Trace: [ 249.504641][ T5847] [ 249.504649][ T5847] dump_stack_lvl+0xe8/0x150 [ 249.504685][ T5847] sysfs_create_dir_ns+0x271/0x2a0 [ 249.504714][ T5847] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 249.504747][ T5847] ? do_raw_spin_unlock+0xf5/0x210 [ 249.504778][ T5847] kobject_add_internal+0x62b/0xd00 [ 249.504818][ T5847] kobject_add+0x163/0x240 [ 249.504853][ T5847] ? __pfx_kobject_add+0x10/0x10 [ 249.504884][ T5847] ? _raw_spin_unlock+0x28/0x50 [ 249.504921][ T5847] ? get_device_parent+0x366/0x3a0 [ 249.504949][ T5847] device_add+0x408/0xb70 [ 249.504975][ T5847] hci_conn_add_sysfs+0xd5/0x210 [ 249.505012][ T5847] le_conn_complete_evt+0x10e6/0x16b0 [ 249.505051][ T5847] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 249.505076][ T5847] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 249.505113][ T5847] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 249.505140][ T5847] ? skb_pull_data+0xfb/0x200 [ 249.505177][ T5847] hci_le_conn_complete_evt+0x187/0x470 [ 249.505212][ T5847] hci_event_packet+0x659/0xef0 [ 249.505244][ T5847] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 249.505268][ T5847] ? __pfx_hci_event_packet+0x10/0x10 [ 249.505295][ T5847] ? kcov_remote_start+0x49a/0x7a0 [ 249.505324][ T5847] ? hci_send_to_monitor+0xe2/0x590 [ 249.505356][ T5847] hci_rx_work+0x3ee/0x1040 [ 249.505387][ T5847] ? process_scheduled_works+0xa70/0x1860 [ 249.505419][ T5847] process_scheduled_works+0xb5d/0x1860 [ 249.505484][ T5847] ? __pfx_process_scheduled_works+0x10/0x10 [ 249.505521][ T5847] ? assign_work+0x3d5/0x5e0 [ 249.505558][ T5847] worker_thread+0xa53/0xfc0 [ 249.505624][ T5847] kthread+0x388/0x470 [ 249.505648][ T5847] ? __pfx_worker_thread+0x10/0x10 [ 249.505675][ T5847] ? __pfx_kthread+0x10/0x10 [ 249.505700][ T5847] ret_from_fork+0x514/0xb70 [ 249.505735][ T5847] ? __pfx_ret_from_fork+0x10/0x10 [ 249.505764][ T5847] ? __switch_to+0xc79/0x1410 [ 249.505795][ T5847] ? __pfx_kthread+0x10/0x10 [ 249.505821][ T5847] ret_from_fork_asm+0x1a/0x30 [ 249.505864][ T5847] [ 249.785736][ T7443] netlink: 4 bytes leftover after parsing attributes in process `syz.4.467'. [ 250.565406][ T5847] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 250.613973][ T5847] Bluetooth: hci4: failed to register connection device [ 250.631595][ T7443] nbd: socks must be embedded in a SOCK_ITEM attr [ 250.898374][ T7442] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 252.488657][ T6925] udevd[6925]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 252.655138][ T5853] Bluetooth: hci4: command 0x2016 tx timeout [ 253.083312][ T5847] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 253.099759][ T5847] Bluetooth: hci4: Injecting HCI hardware error event [ 253.163034][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 253.166108][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.977166][ T7480] batadv0: entered promiscuous mode [ 253.985768][ T7480] macsec1: entered allmulticast mode [ 253.991151][ T7480] batadv0: entered allmulticast mode [ 254.011215][ T7480] batadv0: left allmulticast mode [ 254.016495][ T7480] batadv0: left promiscuous mode [ 254.081777][ T7484] loop4: detected capacity change from 0 to 2048 [ 254.108182][ T7484] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 254.167708][ T7484] UDF-fs: error (device loop4): udf_verify_fi: directory (ino 1408) has entry at pos 0 with incorrect tag 10a [ 254.196686][ T7484] UDF-fs: error (device loop4): udf_rename: failed to find renamed entry again in directory (ino 1408) [ 254.735488][ T5847] Bluetooth: hci4: command 0x2016 tx timeout [ 254.744250][ T5853] Bluetooth: hci4: hardware error 0x00 [ 255.265335][ T7512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.493'. [ 255.940634][ T7512] nbd: socks must be embedded in a SOCK_ITEM attr [ 256.035591][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.042083][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.989578][ T5853] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 257.425792][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 257.977965][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 258.592239][ T5844] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 259.098469][ T5844] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 259.398904][ T7533] fido_id[7533]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 259.512441][ T7541] netlink: 56 bytes leftover after parsing attributes in process `syz.4.502'. [ 259.752060][ T7538] loop3: detected capacity change from 0 to 32768 [ 261.130161][ T5853] Bluetooth: hci0: unexpected cc 0x0402 length: 61 > 1 [ 261.138052][ T5853] Bluetooth: hci0: unexpected event for opcode 0x0402 [ 261.205549][ T5844] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 261.314122][ T7569] loop0: detected capacity change from 0 to 64 [ 261.365113][ T5844] usb 5-1: Using ep0 maxpacket: 16 [ 261.377916][ T5844] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 261.394193][ T5844] usb 5-1: config 0 has no interface number 0 [ 261.402714][ T5844] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.414260][ T5844] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.446628][ T5844] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 261.487344][ T5844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.538255][ T5844] usb 5-1: config 0 descriptor?? [ 261.807125][ T5984] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 261.995152][ T5984] usb 4-1: Using ep0 maxpacket: 16 [ 262.003918][ T5984] usb 4-1: unable to get BOS descriptor or descriptor too short [ 262.024712][ T5984] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 262.054351][ T5984] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 262.064354][ T5984] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.073128][ T5984] usb 4-1: Product: syz [ 262.078678][ T5984] usb 4-1: Manufacturer: syz [ 262.083412][ T5984] usb 4-1: SerialNumber: syz [ 262.220663][ T5844] uclogic 0003:28BD:0071.0004: pen parameters not found [ 262.239569][ T5844] uclogic 0003:28BD:0071.0004: interface is invalid, ignoring [ 262.332573][ T5984] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 262.372494][ T5984] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 262.446820][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 262.503760][ T5844] usb 5-1: USB disconnect, device number 3 [ 262.616160][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 262.640011][ T24] usb 1-1: config 0 has no interfaces? [ 262.660586][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 262.679335][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.698313][ T24] usb 1-1: Product: syz [ 262.707681][ T24] usb 1-1: Manufacturer: syz [ 262.720291][ T24] usb 1-1: SerialNumber: syz [ 262.761279][ T24] usb 1-1: config 0 descriptor?? [ 262.902156][ T5984] usb 4-1: USB disconnect, device number 13 [ 263.298844][ T810] usb 1-1: USB disconnect, device number 7 [ 264.045074][ T5895] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 264.052809][ T810] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 264.097048][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 264.185203][ T5941] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 264.205067][ T5895] usb 4-1: Using ep0 maxpacket: 32 [ 264.215165][ T5895] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 264.227114][ T5895] usb 4-1: config 0 interface 0 has no altsetting 0 [ 264.237192][ T810] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 264.248602][ T5895] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 264.258922][ T810] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 264.271203][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.279411][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 264.285249][ T810] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 264.302576][ T10] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 264.312517][ T810] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.322298][ T5895] usb 4-1: config 0 descriptor?? [ 264.328247][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.340953][ T10] usb 5-1: Product: syz [ 264.354555][ T10] usb 5-1: Manufacturer: syz [ 264.356524][ T7600] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 264.359662][ T5941] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 264.376773][ T10] usb 5-1: SerialNumber: syz [ 264.381580][ T5941] usb 1-1: config 0 has no interface number 0 [ 264.393402][ T810] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 264.403786][ T5941] usb 1-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 264.417004][ T10] usb 5-1: config 0 descriptor?? [ 264.430745][ T10] ums-onetouch 5-1:0.0: USB Mass Storage device detected [ 264.443315][ T5941] usb 1-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.473698][ T5941] usb 1-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 264.492466][ T5941] usb 1-1: config 0 interface 1 has no altsetting 0 [ 264.552948][ T5941] usb 1-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 264.573870][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.598982][ T5941] usb 1-1: config 0 descriptor?? [ 264.693867][ T10] usb 5-1: USB disconnect, device number 4 [ 264.778769][ T5895] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0 [ 264.805095][ T5895] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0 [ 264.818154][ T5895] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0 [ 264.843477][ T5895] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0 [ 264.851674][ T810] usb 3-1: USB disconnect, device number 3 [ 264.861786][ T5895] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0 [ 264.902509][ T5895] corsair-cpro 0003:1B1C:0C10.0005: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.3-1/input0 [ 264.968876][ C0] usb 4-1: input irq status -75 received [ 265.176783][ T5895] corsair-cpro 0003:1B1C:0C10.0005: probe with driver corsair-cpro failed with error -71 [ 265.224162][ T5895] usb 4-1: USB disconnect, device number 14 [ 265.270004][ T5941] uclogic 0003:145F:0212.0006: pen parameters not found [ 265.309493][ T5941] uclogic 0003:145F:0212.0006: interface is invalid, ignoring [ 265.382741][ T5941] usb 1-1: USB disconnect, device number 8 [ 265.638796][ T7629] raw_sendmsg: syz.2.538 forgot to set AF_INET. Fix it! [ 267.070106][ T7636] loop2: detected capacity change from 0 to 40427 [ 267.118057][ T7636] F2FS-fs (loop2): Image doesn't support compression [ 267.140182][ T7636] F2FS-fs (loop2): build fault injection rate: 684 [ 267.171112][ T7636] F2FS-fs (loop2): build fault injection type: 0x35f7 [ 267.201738][ T7636] F2FS-fs (loop2): invalid crc value [ 267.476923][ T7636] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 267.568737][ T7640] loop0: detected capacity change from 0 to 40427 [ 267.583701][ T7636] F2FS-fs (loop2): Start checkpoint disabled! [ 267.604900][ T7640] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 267.665447][ T7636] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 267.674504][ T7640] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 267.683988][ T7636] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 267.696979][ T7654] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 267.731030][ T7640] F2FS-fs (loop0): invalid crc value [ 268.081775][ T7640] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 268.167987][ T7523] kworker/u8:13: attempt to access beyond end of device [ 268.167987][ T7523] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 268.174392][ T7640] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 268.208662][ T7640] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 268.510699][ T7523] CPU: 1 UID: 0 PID: 7523 Comm: kworker/u8:13 Tainted: G L syzkaller #0 PREEMPT(full) [ 268.510737][ T7523] Tainted: [L]=SOFTLOCKUP [ 268.510745][ T7523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 268.510757][ T7523] Workqueue: writeback wb_workfn (flush-7:2) [ 268.510793][ T7523] Call Trace: [ 268.510801][ T7523] [ 268.510810][ T7523] dump_stack_lvl+0xe8/0x150 [ 268.510846][ T7523] f2fs_stop_checkpoint+0x3c7/0x590 [ 268.510884][ T7523] f2fs_write_end_io+0x12e5/0x17a0 [ 268.510932][ T7523] __submit_merged_bio+0x256/0x6a0 [ 268.510970][ T7523] __submit_merged_write_cond+0x3c9/0x4e0 [ 268.511010][ T7523] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 268.511067][ T7523] f2fs_write_data_pages+0x287e/0x34f0 [ 268.511132][ T7523] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 268.511175][ T7523] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 268.511239][ T7523] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 268.511291][ T7523] ? __lock_acquire+0x6b5/0x2cf0 [ 268.511346][ T7523] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 268.511369][ T7523] do_writepages+0x32e/0x550 [ 268.511413][ T7523] ? reacquire_held_locks+0x104/0x190 [ 268.511433][ T7523] ? writeback_sb_inodes+0x463/0x19d0 [ 268.511467][ T7523] __writeback_single_inode+0x133/0x10e0 [ 268.511496][ T7523] ? do_raw_spin_unlock+0xf5/0x210 [ 268.511526][ T7523] writeback_sb_inodes+0x979/0x19d0 [ 268.511550][ T7523] ? __lock_acquire+0x6b5/0x2cf0 [ 268.511611][ T7523] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 268.511635][ T7523] ? do_raw_spin_lock+0x12b/0x2f0 [ 268.511706][ T7523] ? rcu_is_watching+0x15/0xb0 [ 268.511738][ T7523] wb_writeback+0x445/0xb00 [ 268.511769][ T7523] ? queue_io+0x1d1/0x470 [ 268.511804][ T7523] ? __pfx_wb_writeback+0x10/0x10 [ 268.511827][ T7523] ? do_raw_spin_lock+0x12b/0x2f0 [ 268.511870][ T7523] wb_workfn+0x3f8/0xf10 [ 268.511889][ T7523] ? __lock_acquire+0x6b5/0x2cf0 [ 268.511915][ T7523] ? look_up_lock_class+0x57/0x110 [ 268.511964][ T7523] ? __pfx_wb_workfn+0x10/0x10 [ 268.511990][ T7523] ? do_raw_spin_lock+0x12b/0x2f0 [ 268.512011][ T7523] ? lock_acquire+0x106/0x350 [ 268.512041][ T7523] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 268.512069][ T7523] ? process_scheduled_works+0xa70/0x1860 [ 268.512100][ T7523] ? process_scheduled_works+0xa70/0x1860 [ 268.512138][ T7523] ? process_scheduled_works+0xa70/0x1860 [ 268.512166][ T7523] ? process_scheduled_works+0xa70/0x1860 [ 268.512197][ T7523] process_scheduled_works+0xb5d/0x1860 [ 268.512263][ T7523] ? __pfx_process_scheduled_works+0x10/0x10 [ 268.512301][ T7523] ? assign_work+0x3d5/0x5e0 [ 268.512336][ T7523] worker_thread+0xa53/0xfc0 [ 268.512408][ T7523] kthread+0x388/0x470 [ 268.512432][ T7523] ? __pfx_worker_thread+0x10/0x10 [ 268.512459][ T7523] ? __pfx_kthread+0x10/0x10 [ 268.512484][ T7523] ret_from_fork+0x514/0xb70 [ 268.512517][ T7523] ? __pfx_ret_from_fork+0x10/0x10 [ 268.512546][ T7523] ? __switch_to+0xc79/0x1410 [ 268.512576][ T7523] ? __pfx_kthread+0x10/0x10 [ 268.512601][ T7523] ret_from_fork_asm+0x1a/0x30 [ 268.512641][ T7523] [ 268.892498][ T7523] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 268.996930][ T5844] loop2: lost filesystem error report for type 5 error -108 [ 269.461834][ T7674] loop4: detected capacity change from 0 to 32768 [ 271.523213][ T7671] loop3: detected capacity change from 0 to 32768 [ 271.590833][ T7671] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 271.816185][ T7671] XFS (loop3): Ending clean mount [ 272.049316][ T5840] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 272.740089][ T5853] Bluetooth: hci0: connection err: -111 [ 275.688357][ T7725] loop0: detected capacity change from 0 to 256 [ 275.931108][ T7726] loop4: detected capacity change from 0 to 32768 [ 276.639914][ T7731] read_mapping_page failed! [ 276.761716][ T5853] Bluetooth: hci0: connection err: -111 [ 276.918472][ T7728] netlink: 4 bytes leftover after parsing attributes in process `syz.2.571'. [ 277.148886][ T7739] loop3: detected capacity change from 0 to 1024 [ 277.159303][ T7739] EXT4-fs: Ignoring removed bh option [ 277.180981][ T7739] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 277.283197][ T7739] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 277.328226][ T7728] nbd: socks must be embedded in a SOCK_ITEM attr [ 277.489182][ T7747] loop0: detected capacity change from 0 to 64 [ 277.694118][ T7747] MINIX-fs: mounting file system with errors, running fsck is recommended [ 277.738879][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 277.995993][ T5840] EXT4-fs error (device loop3): ext4_read_inline_dir:1494: inode #12: block 7: comm syz-executor: path /95/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 278.063436][ T5840] EXT4-fs (loop3): Remounting filesystem read-only [ 278.153842][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.664508][ T7750] loop4: detected capacity change from 0 to 40427 [ 278.665057][ T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 278.688338][ T7750] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(263168) [ 278.721422][ T7750] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 278.743301][ T7750] F2FS-fs (loop4): invalid crc value [ 278.848029][ T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 278.877620][ T24] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 278.902501][ T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 278.925870][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.954438][ T7756] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 278.986989][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 279.049763][ T7750] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 279.109218][ T7750] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 279.120708][ T7750] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 279.183564][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 279.195600][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 279.195636][ T5853] Tainted: [L]=SOFTLOCKUP [ 279.195644][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 279.195658][ T5853] Workqueue: hci2 hci_rx_work [ 279.195686][ T5853] Call Trace: [ 279.195694][ T5853] [ 279.195703][ T5853] dump_stack_lvl+0xe8/0x150 [ 279.195741][ T5853] sysfs_create_dir_ns+0x271/0x2a0 [ 279.195773][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 279.195805][ T5853] ? do_raw_spin_unlock+0xf5/0x210 [ 279.195837][ T5853] kobject_add_internal+0x62b/0xd00 [ 279.195881][ T5853] kobject_add+0x163/0x240 [ 279.195916][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 279.195949][ T5853] ? _raw_spin_unlock+0x28/0x50 [ 279.195985][ T5853] ? get_device_parent+0x366/0x3a0 [ 279.196013][ T5853] device_add+0x408/0xb70 [ 279.196040][ T5853] hci_conn_add_sysfs+0xd5/0x210 [ 279.196078][ T5853] le_conn_complete_evt+0x10e6/0x16b0 [ 279.196115][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 279.196141][ T5853] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 279.196176][ T5853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 279.196202][ T5853] ? skb_pull_data+0xfb/0x200 [ 279.196233][ T5853] hci_le_conn_complete_evt+0x187/0x470 [ 279.196280][ T5853] hci_event_packet+0x659/0xef0 [ 279.196310][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 279.196335][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 279.196365][ T5853] ? kcov_remote_start+0x49a/0x7a0 [ 279.196393][ T5853] ? hci_send_to_monitor+0xe2/0x590 [ 279.196427][ T5853] hci_rx_work+0x3ee/0x1040 [ 279.196458][ T5853] ? process_scheduled_works+0xa70/0x1860 [ 279.196492][ T5853] process_scheduled_works+0xb5d/0x1860 [ 279.196558][ T5853] ? __pfx_process_scheduled_works+0x10/0x10 [ 279.196596][ T5853] ? assign_work+0x3d5/0x5e0 [ 279.196639][ T5853] worker_thread+0xa53/0xfc0 [ 279.196699][ T5853] kthread+0x388/0x470 [ 279.196722][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 279.196749][ T5853] ? __pfx_kthread+0x10/0x10 [ 279.196773][ T5853] ret_from_fork+0x514/0xb70 [ 279.196808][ T5853] ? __pfx_ret_from_fork+0x10/0x10 [ 279.196839][ T5853] ? __switch_to+0xc79/0x1410 [ 279.196868][ T5853] ? __pfx_kthread+0x10/0x10 [ 279.196891][ T5853] ret_from_fork_asm+0x1a/0x30 [ 279.196929][ T5853] [ 279.196984][ T5853] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 279.452495][ T5853] Bluetooth: hci2: failed to register connection device [ 279.634433][ T24] usb 1-1: USB disconnect, device number 9 [ 279.704041][ T5841] syz-executor: attempt to access beyond end of device [ 279.704041][ T5841] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 279.783389][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 279.783425][ T5841] Tainted: [L]=SOFTLOCKUP [ 279.783432][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 279.783444][ T5841] Call Trace: [ 279.783452][ T5841] [ 279.783461][ T5841] dump_stack_lvl+0xe8/0x150 [ 279.783499][ T5841] f2fs_stop_checkpoint+0x3c7/0x590 [ 279.783538][ T5841] f2fs_write_end_io+0x12e5/0x17a0 [ 279.783587][ T5841] __submit_merged_bio+0x256/0x6a0 [ 279.783624][ T5841] __submit_merged_write_cond+0x3c9/0x4e0 [ 279.783672][ T5841] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 279.783733][ T5841] f2fs_write_data_pages+0x287e/0x34f0 [ 279.783754][ T5841] ? __lock_acquire+0x6b5/0x2cf0 [ 279.783828][ T5841] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 279.783865][ T5841] ? unwind_next_frame+0xa6/0x2550 [ 279.783923][ T5841] ? unwind_next_frame+0xa6/0x2550 [ 279.783942][ T5841] ? rcu_is_watching+0x15/0xb0 [ 279.783959][ T5841] ? __kasan_check_byte+0x12/0x40 [ 279.783979][ T5841] ? __bfs+0x153/0x290 [ 279.784003][ T5841] ? __pfx_hlock_conflict+0x10/0x10 [ 279.784047][ T5841] ? lockdep_unlock+0x5d/0xd0 [ 279.784071][ T5841] ? __lock_acquire+0x146e/0x2cf0 [ 279.784133][ T5841] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 279.784157][ T5841] do_writepages+0x32e/0x550 [ 279.784194][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 279.784217][ T5841] filemap_fdatawrite+0x1e9/0x2f0 [ 279.784235][ T5841] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 279.784281][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 279.784298][ T5841] f2fs_sync_dirty_inodes+0x30e/0x830 [ 279.784334][ T5841] f2fs_write_checkpoint+0x9df/0x26a0 [ 279.784346][ T5841] ? __lock_acquire+0x6b5/0x2cf0 [ 279.784385][ T5841] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 279.784435][ T5841] kill_f2fs_super+0x314/0x730 [ 279.784453][ T5841] ? __pfx_kill_f2fs_super+0x10/0x10 [ 279.784475][ T5841] ? lockdep_hardirqs_on+0x7a/0x110 [ 279.784501][ T5841] deactivate_locked_super+0xbc/0x130 [ 279.784521][ T5841] cleanup_mnt+0x437/0x4d0 [ 279.784532][ T5841] ? _raw_spin_unlock_irq+0x23/0x50 [ 279.784549][ T5841] task_work_run+0x1d9/0x270 [ 279.784570][ T5841] ? __pfx_task_work_run+0x10/0x10 [ 279.784590][ T5841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.784604][ T5841] exit_to_user_mode_loop+0xed/0x480 [ 279.784619][ T5841] ? rcu_is_watching+0x15/0xb0 [ 279.784632][ T5841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.784645][ T5841] do_syscall_64+0x33e/0xf80 [ 279.784660][ T5841] ? trace_irq_disable+0x3b/0x140 [ 279.784675][ T5841] ? clear_bhb_loop+0x40/0x90 [ 279.784691][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.784703][ T5841] RIP: 0033:0x7fb26bd9da57 [ 279.784723][ T5841] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 279.784739][ T5841] RSP: 002b:00007ffcf9a54888 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 279.784762][ T5841] RAX: 0000000000000000 RBX: 00007fb26be32048 RCX: 00007fb26bd9da57 [ 279.784772][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf9a54940 [ 279.784779][ T5841] RBP: 00007ffcf9a54940 R08: 00007ffcf9a55940 R09: 00000000ffffffff [ 279.784788][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf9a559d0 [ 279.784795][ T5841] R13: 00007fb26be32048 R14: 00000000000443eb R15: 00007ffcf9a55a10 [ 279.784817][ T5841] [ 280.137065][ T5841] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 280.195174][ T10] loop4: lost filesystem error report for type 5 error -108 [ 280.501964][ T7779] loop2: detected capacity change from 0 to 32768 [ 281.910206][ T7792] TCP: tcp_parse_options: Illegal window scaling value 225 > 14 received [ 282.212251][ T5853] Bluetooth: hci0: connection err: -111 [ 282.280107][ T7795] netlink: 4 bytes leftover after parsing attributes in process `syz.2.592'. [ 282.519111][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 282.532899][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 282.532936][ T5853] Tainted: [L]=SOFTLOCKUP [ 282.532944][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 282.532958][ T5853] Workqueue: hci3 hci_rx_work [ 282.532986][ T5853] Call Trace: [ 282.532995][ T5853] [ 282.533005][ T5853] dump_stack_lvl+0xe8/0x150 [ 282.533043][ T5853] sysfs_create_dir_ns+0x271/0x2a0 [ 282.533077][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 282.533110][ T5853] ? do_raw_spin_unlock+0xf5/0x210 [ 282.533143][ T5853] kobject_add_internal+0x62b/0xd00 [ 282.533193][ T5853] kobject_add+0x163/0x240 [ 282.533231][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 282.533264][ T5853] ? _raw_spin_unlock+0x3f/0x50 [ 282.533293][ T5853] ? get_device_parent+0x366/0x3a0 [ 282.533321][ T5853] device_add+0x408/0xb70 [ 282.533349][ T5853] hci_conn_add_sysfs+0xd5/0x210 [ 282.533388][ T5853] le_conn_complete_evt+0x10e6/0x16b0 [ 282.533429][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 282.533454][ T5853] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 282.533492][ T5853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 282.533519][ T5853] ? skb_pull_data+0xfb/0x200 [ 282.533562][ T5853] hci_le_conn_complete_evt+0x187/0x470 [ 282.533601][ T5853] hci_event_packet+0x659/0xef0 [ 282.533622][ T5853] ? irqentry_exit+0x61a/0x700 [ 282.533658][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 282.533682][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 282.533716][ T5853] ? hci_rx_work+0x17b/0x1040 [ 282.533744][ T5853] hci_rx_work+0x3ee/0x1040 [ 282.533775][ T5853] ? process_scheduled_works+0xa70/0x1860 [ 282.533809][ T5853] process_scheduled_works+0xb5d/0x1860 [ 282.533879][ T5853] ? __pfx_process_scheduled_works+0x10/0x10 [ 282.533920][ T5853] ? assign_work+0x3d5/0x5e0 [ 282.533958][ T5853] worker_thread+0xa53/0xfc0 [ 282.534024][ T5853] kthread+0x388/0x470 [ 282.534050][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 282.534079][ T5853] ? __pfx_kthread+0x10/0x10 [ 282.534107][ T5853] ret_from_fork+0x514/0xb70 [ 282.534142][ T5853] ? __pfx_ret_from_fork+0x10/0x10 [ 282.534174][ T5853] ? __switch_to+0xc79/0x1410 [ 282.534220][ T5853] ? __pfx_kthread+0x10/0x10 [ 282.534249][ T5853] ret_from_fork_asm+0x1a/0x30 [ 282.534290][ T5853] [ 282.534515][ T5853] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 282.817394][ T5853] Bluetooth: hci3: failed to register connection device [ 282.956910][ T7795] nbd: socks must be embedded in a SOCK_ITEM attr [ 285.887095][ T6926] udevd[6926]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 285.957467][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 286.037069][ T7819] loop0: detected capacity change from 0 to 128 [ 286.265348][ T7820] loop4: detected capacity change from 0 to 32768 [ 286.970202][ T7826] read_mapping_page failed! [ 287.394274][ T7833] loop3: detected capacity change from 0 to 512 [ 287.477252][ T7833] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.605: inode has both inline data and extents flags [ 287.567699][ T7833] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 287.568117][ T7833] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.605: couldn't read orphan inode 15 (err -117) [ 287.577401][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 287.577428][ C1] EXT4-fs (loop3): initial error at time 1775102647: ext4_orphan_get:1397: inode 15 [ 287.577464][ C1] EXT4-fs (loop3): last error at time 1775102647: ext4_orphan_get:1397: inode 15 [ 287.661859][ T7833] loop3: lost filesystem error report for type 5 error -117 [ 287.666760][ T7833] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.980041][ T7847] loop0: detected capacity change from 0 to 512 [ 288.447526][ T5853] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 288.521389][ T7861] netlink: 4 bytes leftover after parsing attributes in process `syz.1.615'. [ 288.582849][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.891722][ T7861] nbd: socks must be embedded in a SOCK_ITEM attr [ 288.933393][ T6926] block nbd64: NBD_DISCONNECT [ 289.359363][ T5978] udevd[5978]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 289.439889][ T7879] program syz.2.619 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 289.796818][ T7884] loop3: detected capacity change from 0 to 32768 [ 289.811144][ T7884] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.621 (7884) [ 289.831925][ T7884] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 289.843708][ T7884] BTRFS info (device loop3): using crc32c checksum algorithm [ 289.851335][ T7884] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 289.959790][ T7884] BTRFS info (device loop3): rebuilding free space tree [ 290.000434][ T7884] BTRFS info (device loop3): disabling free space tree [ 290.007552][ T7884] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 290.017766][ T7884] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 290.036560][ T7884] BTRFS info (device loop3): enabling ssd optimizations [ 290.043701][ T7884] BTRFS info (device loop3): turning on async discard [ 290.050611][ T7884] BTRFS info (device loop3): enabling disk space caching [ 290.057717][ T7884] BTRFS info (device loop3): force clearing of disk cache [ 290.064867][ T7884] BTRFS info (device loop3): use zstd compression, level 3 [ 290.457967][ T7904] netlink: 24 bytes leftover after parsing attributes in process `syz.0.624'. [ 290.551530][ T7907] netlink: 24 bytes leftover after parsing attributes in process `syz.0.624'. [ 290.605428][ T5840] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 291.575515][ T7909] loop2: detected capacity change from 0 to 32768 [ 291.639117][ T7909] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.626 (7909) [ 291.758663][ T7922] loop0: detected capacity change from 0 to 2048 [ 291.823912][ T7909] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 291.841908][ T7922] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 291.861325][ T7909] BTRFS info (device loop2): using sha256 checksum algorithm [ 291.980170][ T7926] UHID_CREATE from different security context by process 360 (syz.4.633), this is not allowed. [ 292.309650][ T7909] BTRFS info (device loop2): enabling ssd optimizations [ 292.352465][ T7909] BTRFS info (device loop2): turning on async discard [ 292.425129][ T7909] BTRFS info (device loop2): enabling free space tree [ 292.510726][ T5853] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 292.672813][ T7955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'. [ 292.718261][ T7959] fuse: Bad value for 'fd' [ 292.923806][ T7961] loop4: detected capacity change from 0 to 32768 [ 293.620271][ T7968] read_mapping_page failed! [ 294.244566][ T7955] nbd: socks must be embedded in a SOCK_ITEM attr [ 296.221065][ T5837] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 297.399251][ T5979] udevd[5979]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 297.493088][ T6926] udevd[6926]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 297.637403][ T7981] loop4: detected capacity change from 0 to 2048 [ 297.779914][ T7981] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 298.002014][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.176476][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 298.245285][ T7979] loop3: detected capacity change from 0 to 32768 [ 298.262987][ T7979] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.645 (7979) [ 298.320165][ T8002] loop0: detected capacity change from 0 to 256 [ 298.345066][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 298.372992][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.374579][ T7979] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 298.418392][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 298.450354][ T7979] BTRFS info (device loop3): using sha256 checksum algorithm [ 298.450664][ T8002] FAT-fs (loop0): Directory bread(block 64) failed [ 298.478968][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 298.511254][ T8002] FAT-fs (loop0): Directory bread(block 65) failed [ 298.522703][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.544093][ T8002] FAT-fs (loop0): Directory bread(block 66) failed [ 298.570891][ T24] usb 3-1: config 0 descriptor?? [ 298.573596][ T8002] FAT-fs (loop0): Directory bread(block 67) failed [ 298.588980][ T8002] FAT-fs (loop0): Directory bread(block 68) failed [ 298.632618][ T24] hub 3-1:0.0: USB hub found [ 298.650533][ T8002] FAT-fs (loop0): Directory bread(block 69) failed [ 298.674671][ T8002] FAT-fs (loop0): Directory bread(block 70) failed [ 298.704783][ T8002] FAT-fs (loop0): Directory bread(block 71) failed [ 298.749866][ T8002] FAT-fs (loop0): Directory bread(block 72) failed [ 298.765625][ T8002] FAT-fs (loop0): Directory bread(block 73) failed [ 298.849786][ T24] hub 3-1:0.0: config failed, can't read hub descriptor (err -90) [ 298.866367][ T7979] BTRFS info (device loop3): enabling ssd optimizations [ 298.890556][ T7979] BTRFS info (device loop3): turning on async discard [ 298.915208][ T7979] BTRFS info (device loop3): enabling free space tree [ 298.992472][ T5853] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 299.072086][ T24] usbhid 3-1:0.0: can't add hid device: -71 [ 299.090893][ T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 299.170172][ T24] usb 3-1: USB disconnect, device number 4 [ 299.294676][ T5917] kernel write not supported for file /media7 (pid: 5917 comm: kworker/1:5) [ 299.332764][ T5840] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 299.445774][ T8034] loop0: detected capacity change from 0 to 512 [ 299.480053][ T5984] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 299.527604][ T8034] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 299.631558][ T8034] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002] [ 299.645343][ T5984] usb 5-1: Using ep0 maxpacket: 8 [ 299.663975][ T5984] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 299.676630][ T5984] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 299.690193][ T5984] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 299.712896][ T5984] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 299.713795][ T8034] System zones: [ 299.726814][ T5984] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 299.739978][ T5984] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.776433][ T8034] 1-12 [ 299.813043][ T8034] EXT4-fs error (device loop0): ext4_iget_extra_inode:5043: inode #15: comm syz.0.663: corrupted in-inode xattr: e_value size too large [ 299.827991][ T8034] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 299.834967][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 299.852724][ C1] EXT4-fs (loop0): initial error at time 1775102660: ext4_iget_extra_inode:5043: inode 15 [ 299.863159][ C1] EXT4-fs (loop0): last error at time 1775102660: ext4_iget_extra_inode:5043: inode 15 [ 299.915883][ T8034] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.663: couldn't read orphan inode 15 (err -117) [ 299.982667][ T8034] loop0: lost filesystem error report for type 5 error -117 [ 299.993889][ T5984] usb 5-1: GET_CAPABILITIES returned 0 [ 300.046368][ T5984] usbtmc 5-1:16.0: can't read capabilities [ 300.126630][ T8034] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 300.169377][ T8045] loop3: detected capacity change from 0 to 256 [ 300.223495][ T10] usb 5-1: USB disconnect, device number 5 [ 300.279548][ T8045] FAT-fs (loop3): Directory bread(block 64) failed [ 300.296129][ T8045] FAT-fs (loop3): Directory bread(block 65) failed [ 300.303432][ T8045] FAT-fs (loop3): Directory bread(block 66) failed [ 300.338713][ T8045] FAT-fs (loop3): Directory bread(block 67) failed [ 300.362111][ T8045] FAT-fs (loop3): Directory bread(block 68) failed [ 300.401762][ T8045] FAT-fs (loop3): Directory bread(block 69) failed [ 300.422190][ T8045] FAT-fs (loop3): Directory bread(block 70) failed [ 300.451058][ T8045] FAT-fs (loop3): Directory bread(block 71) failed [ 300.474778][ T8045] FAT-fs (loop3): Directory bread(block 72) failed [ 300.488618][ T8045] FAT-fs (loop3): Directory bread(block 73) failed [ 300.589153][ T30] audit: type=1800 audit(1775102660.987:55): pid=8045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.666" name="file1" dev="loop3" ino=1048623 res=0 errno=0 [ 300.599713][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.636952][ T8045] syz.3.666: attempt to access beyond end of device [ 300.636952][ T8045] loop3: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 300.991980][ T8054] loop3: detected capacity change from 0 to 64 [ 301.222076][ T8058] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 301.229056][ T8058] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 301.303118][ T8058] vhci_hcd vhci_hcd.0: Device attached [ 301.516218][ T5917] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 301.538879][ T5984] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 301.691644][ T8077] loop2: detected capacity change from 0 to 2048 [ 301.707707][ T5917] usb 5-1: config 0 has no interfaces? [ 301.722927][ T5917] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 301.749343][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.761533][ T8077] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842c128, mo2=0003] [ 301.792765][ T8077] System zones: 0-7 [ 301.801362][ T5917] usb 5-1: config 0 descriptor?? [ 301.832957][ T8077] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 301.909009][ T8077] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.679: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 302.007077][ T8077] EXT4-fs (loop2): Remounting filesystem read-only [ 302.072306][ T5844] usb 5-1: USB disconnect, device number 6 [ 302.079004][ T8060] usb 41-1: recv xbuf, 0 [ 302.081678][ T8087] ªªªªªª: renamed from vlan0 [ 302.121632][ T153] vhci_hcd vhci_hcd.4: stop threads [ 302.147710][ T153] vhci_hcd vhci_hcd.4: release socket [ 302.163340][ T5837] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.185251][ T153] vhci_hcd vhci_hcd.4: disconnect device [ 302.381929][ T8070] loop0: detected capacity change from 0 to 40427 [ 302.393614][ T8070] F2FS-fs: heap/no_heap options were deprecated [ 302.408695][ T8070] F2FS-fs (loop0): build fault injection rate: 19 [ 302.451066][ T8070] F2FS-fs (loop0): build fault injection type: 0x3bfe8c [ 302.510824][ T8070] F2FS-fs (loop0): invalid crc value [ 302.558981][ T8070] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 302.879007][ T8070] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410 [ 302.987884][ T8070] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 303.105704][ T8070] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 303.189584][ T8070] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060 [ 303.367242][ T5984] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 303.384460][ T8108] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_new_inode_folio+0xed/0x140 [ 303.468817][ T8109] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_new_inode_folio+0xed/0x140 [ 303.621658][ T5984] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 303.676687][ T5984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.720877][ T5984] usb 5-1: Product: syz [ 303.729903][ T5984] usb 5-1: Manufacturer: syz [ 303.767946][ T5984] usb 5-1: SerialNumber: syz [ 303.793295][ T5984] usb 5-1: config 0 descriptor?? [ 303.810894][ C1] F2FS-fs (loop0): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60 [ 303.821880][ C1] [ 303.822466][ T8113] loop2: detected capacity change from 0 to 164 [ 303.824434][ C1] ================================ [ 303.824444][ C1] WARNING: inconsistent lock state [ 303.824456][ C1] syzkaller #0 Tainted: G L [ 303.847259][ C1] -------------------------------- [ 303.852368][ C1] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 303.859318][ C1] ksoftirqd/1/23 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 303.865563][ C1] ffff888068fca498 (&sb->s_type->i_lock_key#58){+.?.}-{3:3}, at: igrab+0x2d/0x1e0 [ 303.874895][ C1] {SOFTIRQ-ON-W} state was registered at: [ 303.880637][ C1] lock_acquire+0x106/0x350 [ 303.885237][ C1] _raw_spin_lock+0x2e/0x40 [ 303.889837][ C1] iget_locked+0x397/0x6a0 [ 303.894438][ C1] f2fs_iget+0x56/0x5f30 [ 303.898780][ C1] f2fs_fill_super+0x4419/0x78f0 [ 303.903809][ C1] get_tree_bdev_flags+0x431/0x4f0 [ 303.909008][ C1] vfs_get_tree+0x92/0x2a0 [ 303.913511][ C1] do_new_mount+0x341/0xd30 [ 303.918122][ C1] __se_sys_mount+0x31d/0x420 [ 303.922915][ C1] do_syscall_64+0x15f/0xf80 [ 303.927904][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.934178][ C1] irq event stamp: 1433718 [ 303.938609][ C1] hardirqs last enabled at (1433718): [] _raw_spin_unlock_irqrestore+0x30/0x80 [ 303.949229][ C1] hardirqs last disabled at (1433717): [] _raw_spin_lock_irqsave+0x1a/0x60 [ 303.960274][ C1] softirqs last enabled at (1433696): [] run_ksoftirqd+0x36/0x60 [ 303.970676][ C1] softirqs last disabled at (1433701): [] run_ksoftirqd+0x36/0x60 [ 303.980511][ C1] [ 303.980511][ C1] other info that might help us debug this: [ 303.988605][ C1] Possible unsafe locking scenario: [ 303.988605][ C1] [ 303.996457][ C1] CPU0 [ 303.999775][ C1] ---- [ 304.003318][ C1] lock(&sb->s_type->i_lock_key#58); [ 304.008706][ C1] [ 304.012350][ C1] lock(&sb->s_type->i_lock_key#58); [ 304.017999][ C1] [ 304.017999][ C1] *** DEADLOCK *** [ 304.017999][ C1] [ 304.026597][ C1] no locks held by ksoftirqd/1/23. [ 304.031706][ C1] [ 304.031706][ C1] stack backtrace: [ 304.037705][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 304.037727][ C1] Tainted: [L]=SOFTLOCKUP [ 304.037733][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 304.037742][ C1] Call Trace: [ 304.037748][ C1] [ 304.037754][ C1] dump_stack_lvl+0xe8/0x150 [ 304.037782][ C1] print_usage_bug+0x28b/0x2e0 [ 304.037797][ C1] mark_lock_irq+0x410/0x420 [ 304.037814][ C1] mark_lock+0x115/0x190 [ 304.037837][ C1] __lock_acquire+0x689/0x2cf0 [ 304.037860][ C1] ? alloc_object+0x5b/0x300 [ 304.037875][ C1] ? lock_acquire+0x106/0x350 [ 304.037894][ C1] ? alloc_object+0x5b/0x300 [ 304.037910][ C1] ? igrab+0x2d/0x1e0 [ 304.037928][ C1] lock_acquire+0x106/0x350 [ 304.037947][ C1] ? igrab+0x2d/0x1e0 [ 304.037970][ C1] _raw_spin_lock+0x2e/0x40 [ 304.037987][ C1] ? igrab+0x2d/0x1e0 [ 304.038005][ C1] igrab+0x2d/0x1e0 [ 304.038024][ C1] fserror_report+0x3c5/0x740 [ 304.038048][ C1] ? __pfx_fserror_report+0x10/0x10 [ 304.038072][ C1] f2fs_write_end_io+0x12c1/0x17a0 [ 304.038102][ C1] blk_update_request+0x57e/0xe60 [ 304.038122][ C1] blk_mq_end_request+0x3e/0x70 [ 304.038136][ C1] blk_done_softirq+0x10a/0x160 [ 304.038156][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.038170][ C1] handle_softirqs+0x22a/0x840 [ 304.038191][ C1] ? schedule+0x90/0x360 [ 304.038206][ C1] ? run_ksoftirqd+0x36/0x60 [ 304.038222][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.038235][ C1] run_ksoftirqd+0x36/0x60 [ 304.038248][ C1] smpboot_thread_fn+0x541/0xa50 [ 304.038263][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.038279][ C1] kthread+0x388/0x470 [ 304.038294][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 304.038308][ C1] ? __pfx_kthread+0x10/0x10 [ 304.038324][ C1] ret_from_fork+0x514/0xb70 [ 304.038346][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 304.038365][ C1] ? __switch_to+0xc79/0x1410 [ 304.038383][ C1] ? __pfx_kthread+0x10/0x10 [ 304.038399][ C1] ret_from_fork_asm+0x1a/0x30 [ 304.038418][ C1] [ 304.062134][ T8113] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 304.064443][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 304.064471][ C1] Tainted: [L]=SOFTLOCKUP [ 304.064478][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 304.064488][ C1] Call Trace: [ 304.064495][ C1] [ 304.064502][ C1] dump_stack_lvl+0xe8/0x150 [ 304.064533][ C1] f2fs_stop_checkpoint+0x3c7/0x590 [ 304.064559][ C1] f2fs_write_end_io+0x12e5/0x17a0 [ 304.064584][ C1] blk_update_request+0x57e/0xe60 [ 304.064606][ C1] blk_mq_end_request+0x3e/0x70 [ 304.064622][ C1] blk_done_softirq+0x10a/0x160 [ 304.064646][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.064662][ C1] handle_softirqs+0x22a/0x840 [ 304.064687][ C1] ? schedule+0x90/0x360 [ 304.064705][ C1] ? run_ksoftirqd+0x36/0x60 [ 304.064724][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.064739][ C1] run_ksoftirqd+0x36/0x60 [ 304.064755][ C1] smpboot_thread_fn+0x541/0xa50 [ 304.064772][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.064790][ C1] kthread+0x388/0x470 [ 304.064808][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 304.064823][ C1] ? __pfx_kthread+0x10/0x10 [ 304.064842][ C1] ret_from_fork+0x514/0xb70 [ 304.064866][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 304.064887][ C1] ? __switch_to+0xc79/0x1410 [ 304.064914][ C1] ? __pfx_kthread+0x10/0x10 [ 304.064932][ C1] ret_from_fork_asm+0x1a/0x30 [ 304.064954][ C1] [ 304.064980][ C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 304.071342][ T8113] ISO 9660 Extensions: [ 304.075413][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 304.075445][ C1] Tainted: [L]=SOFTLOCKUP [ 304.075452][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 304.075463][ C1] Call Trace: [ 304.075470][ C1] [ 304.075478][ C1] dump_stack_lvl+0xe8/0x150 [ 304.075508][ C1] f2fs_stop_checkpoint+0x3c7/0x590 [ 304.075535][ C1] f2fs_write_end_io+0x12e5/0x17a0 [ 304.075561][ C1] blk_update_request+0x57e/0xe60 [ 304.075583][ C1] blk_mq_end_request+0x3e/0x70 [ 304.075599][ C1] blk_done_softirq+0x10a/0x160 [ 304.075623][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.075641][ C1] handle_softirqs+0x22a/0x840 [ 304.075665][ C1] ? schedule+0x90/0x360 [ 304.075684][ C1] ? run_ksoftirqd+0x36/0x60 [ 304.075702][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.075718][ C1] run_ksoftirqd+0x36/0x60 [ 304.075733][ C1] smpboot_thread_fn+0x541/0xa50 [ 304.075750][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.075769][ C1] kthread+0x388/0x470 [ 304.075787][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 304.075803][ C1] ? __pfx_kthread+0x10/0x10 [ 304.075820][ C1] ret_from_fork+0x514/0xb70 [ 304.075845][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 304.075867][ C1] ? __switch_to+0xc79/0x1410 [ 304.075888][ C1] ? __pfx_kthread+0x10/0x10 [ 304.075906][ C1] ret_from_fork_asm+0x1a/0x30 [ 304.075928][ C1] [ 304.075935][ C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 304.080440][ T8113] R [ 304.084980][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 304.085013][ C1] Tainted: [L]=SOFTLOCKUP [ 304.085019][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 304.085030][ C1] Call Trace: [ 304.085036][ C1] [ 304.085044][ C1] dump_stack_lvl+0xe8/0x150 [ 304.085079][ C1] f2fs_stop_checkpoint+0x3c7/0x590 [ 304.085105][ C1] f2fs_write_end_io+0x12e5/0x17a0 [ 304.085130][ C1] blk_update_request+0x57e/0xe60 [ 304.085152][ C1] blk_mq_end_request+0x3e/0x70 [ 304.085168][ C1] blk_done_softirq+0x10a/0x160 [ 304.085192][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.085208][ C1] handle_softirqs+0x22a/0x840 [ 304.085233][ C1] ? schedule+0x90/0x360 [ 304.085250][ C1] ? run_ksoftirqd+0x36/0x60 [ 304.085268][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.085284][ C1] run_ksoftirqd+0x36/0x60 [ 304.085299][ C1] smpboot_thread_fn+0x541/0xa50 [ 304.085316][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.085335][ C1] kthread+0x388/0x470 [ 304.085353][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 304.085369][ C1] ? __pfx_kthread+0x10/0x10 [ 304.085388][ C1] ret_from_fork+0x514/0xb70 [ 304.085412][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 304.085434][ C1] ? __switch_to+0xc79/0x1410 [ 304.085455][ C1] ? __pfx_kthread+0x10/0x10 [ 304.085473][ C1] ret_from_fork_asm+0x1a/0x30 [ 304.085495][ C1] [ 304.085503][ C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 304.089439][ T8113] R [ 304.094865][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 304.094898][ C1] Tainted: [L]=SOFTLOCKUP [ 304.094904][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 304.094914][ C1] Call Trace: [ 304.094920][ C1] [ 304.094928][ C1] dump_stack_lvl+0xe8/0x150 [ 304.094954][ C1] f2fs_stop_checkpoint+0x3c7/0x590 [ 304.094980][ C1] f2fs_write_end_io+0x12e5/0x17a0 [ 304.095005][ C1] blk_update_request+0x57e/0xe60 [ 304.095027][ C1] blk_mq_end_request+0x3e/0x70 [ 304.095043][ C1] blk_done_softirq+0x10a/0x160 [ 304.095066][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.095090][ C1] handle_softirqs+0x22a/0x840 [ 304.095114][ C1] ? schedule+0x90/0x360 [ 304.095132][ C1] ? run_ksoftirqd+0x36/0x60 [ 304.095150][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.095166][ C1] run_ksoftirqd+0x36/0x60 [ 304.095182][ C1] smpboot_thread_fn+0x541/0xa50 [ 304.095199][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.095218][ C1] kthread+0x388/0x470 [ 304.095236][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 304.095251][ C1] ? __pfx_kthread+0x10/0x10 [ 304.095268][ C1] ret_from_fork+0x514/0xb70 [ 304.095292][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 304.095314][ C1] ? __switch_to+0xc79/0x1410 [ 304.095334][ C1] ? __pfx_kthread+0x10/0x10 [ 304.095353][ C1] ret_from_fork_asm+0x1a/0x30 [ 304.095374][ C1] [ 304.095421][ C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 304.101047][ T8113] I [ 304.104253][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 304.104281][ C1] Tainted: [L]=SOFTLOCKUP [ 304.104287][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 304.104298][ C1] Call Trace: [ 304.104305][ C1] [ 304.104312][ C1] dump_stack_lvl+0xe8/0x150 [ 304.104340][ C1] f2fs_stop_checkpoint+0x3c7/0x590 [ 304.104366][ C1] f2fs_write_end_io+0x12e5/0x17a0 [ 304.104391][ C1] blk_update_request+0x57e/0xe60 [ 304.104413][ C1] blk_mq_end_request+0x3e/0x70 [ 304.104429][ C1] blk_done_softirq+0x10a/0x160 [ 304.104453][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.104469][ C1] handle_softirqs+0x22a/0x840 [ 304.104493][ C1] ? schedule+0x90/0x360 [ 304.104512][ C1] ? run_ksoftirqd+0x36/0x60 [ 304.104530][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.104545][ C1] run_ksoftirqd+0x36/0x60 [ 304.104561][ C1] smpboot_thread_fn+0x541/0xa50 [ 304.104578][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 304.104597][ C1] kthread+0x388/0x470 [ 304.104615][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 304.104631][ C1] ? __pfx_kthread+0x10/0x10 [ 304.104649][ C1] ret_from_fork+0x514/0xb70 [ 304.104674][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 304.104696][ C1] ? __switch_to+0xc79/0x1410 [ 304.104716][ C1] ? __pfx_kthread+0x10/0x10 [ 304.104734][ C1] ret_from_fork_asm+0x1a/0x30 [ 304.104756][ C1] [ 304.104763][ C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 304.111173][ T8113] P [ 304.131910][ T5984] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 007 [ 304.170392][ T5838] F2FS-fs (loop0): do_checkpoint failed err:-5, stop checkpoint [ 304.196303][ T8113] _1991A [ 305.261957][ T5984] i2c i2c-1: failure reading functionality [ 305.278818][ T5984] i2c i2c-1: connected i2c-tiny-usb device [ 305.293151][ T5984] usb 5-1: USB disconnect, device number 7