last executing test programs: 2m57.045268115s ago: executing program 0 (id=358): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0x1, 0x2000c851, &(0x7f0000000700)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000004c0)='./file0\x00', 0x80c406, &(0x7f0000000500)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES16], 0xff, 0x2b1, &(0x7f0000000100)="$eJzs3E1rE0EYwPEn2TabVvpyEvTig170stR4VKFRWhADStoV9SBs6VZDYlJ2gyYimLOnfo7i0ZsgfoHe/QDeiiA99eRKk826iemLISY1/f8g7Mw8O5uZnQSeCWx2H2+9LG741oZTlWRaJSnSkH2ReSlIWyI8pprlVNQutzPSkGsLr/berzx5ej+byy3lVZezqzcyqjp76fPrtx8uf6mee/Rx1jRlZ/7Z7o/Mt53zOxd2f66+KPha8LVcqaqja5VK1Vkrubpe8IuW6sOS6/iuFsq+63XEN0qVzc26OuX1melNz/V9dcp1TUpdqxVNh6Mqq2VZOjN9UE7LGZL66x72dj7vZHuGztSdG2+el3UMEZn6Y03t7dGMCAAAjNLh+X8yOqed/ye783+RY/L/d+FZs58Gnv8bEuX/RbeZ/1e9ujrPnUI8/8eR7MXO/H/xRL2S/25A6FeiEavc6Qh5XnaqdyfyfwAAAAAAAAAAAAAAAAAAAAAA/gf7QTAXBMHcwTEpIkFYN0XEiNV7dOUJ8TEQX/8g9jLDBT5i/TEGYg/upUW+N2p2zU40j6348r3c0oI2xR7826vVbCOKX2/FtTM+KdNhPNMznpKrV1rxg9jdB7l4fKtmT8l611iNjlpjkLcBAAAAAICxZmlkPmpMS7S/tyw1pTve3L83CxMi0v59oGt/PyEXJ4Y4EQAAAAAAcCi//qbolEquN5yCMcT36rsg0l/3m4E5kGEYIhJrMcOlip+TXxEZ3JRTcuyU9UQXNMVtj3a4C/c123f39Cn51J2wcGtgFwwSIq2WyXDNur4FAAAAAMbL7/3AqEcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDZNYy/Lhv1HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDT4lcAAAD//4aMsuk=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000580), &(0x7f00000001c0)=0x8) 2m56.731182317s ago: executing program 0 (id=362): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x441, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000)) fcntl$lock(0xffffffffffffffff, 0x8, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x6) 2m55.974009313s ago: executing program 0 (id=370): rt_sigaction(0xd, &(0x7f0000000080)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0xb74]}}, 0x0, 0x8, &(0x7f00000000c0)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0xc, 0x0, &(0x7f0000000000)=[@free_buffer], 0x0, 0x0, 0x0}) 2m55.674172894s ago: executing program 0 (id=375): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x120c40a, &(0x7f0000000a00)={[{@noblock_validity}, {@dioread_lock}, {@nobh}, {@errors_remount}, {@inlinecrypt}, {@usrjquota, 0x2e}, {@sb={'sb', 0x3d, 0x7}}, {@nodiscard}, {@jqfmt_vfsv0}, {@noload}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@test_dummy_encryption}], [], 0x2c}, 0x81, 0x463, &(0x7f0000000480)="$eJzs3EtvG0UcAPD/bpK+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRqiIBoXJE/QTAEYlPwAkuCDiBuMIdIVWoF1oOaNHaa9c4dmrHTp3Gv5+02ZndtWf+3h17dsZOAH1rNP+TROyKiN8iYjgiBuoPGC2vbly/PHPz+uWZJLLszb+S/GHx9/XLM5VDk2K9s8iMpRHpJ0kcaFDuwsVLZ6fn5mYvFPmJxXPvTSxcvPTcmXPTp2dPz56fOnbs6JHJF1+Yer4rce7O67r/w/mD+46/ffX1mRNX3/nx67y+u4r9tXGUjXRc5miMVl+Tek92/Owby+5i3SxeNqa8rQ9GxFCp/Q/HQClXNhyvfdzTygHrKsuybOuKrdUewHIGbGJJ9LoGQG9UPujz+9/Kcge7Hz137eXyDVAe941iKe8ZjLQ4Zqjm/rbbRiPixPI/n+dLNByHAADorm/z/s+zjfp/aTxQc9w9xdzQSETcGxF7IuK+iNgbEfdHlI59MCIearP80br8yv7PL9vXFFiL8v7fS8Xc1v/7f5XeX4wMFLndpfiHklNn5mYPF6/JWAxtzfOTq5Tx3au/ftZsX23/L1/y8it9waIefw7WDdCdnF6c7iTmWtc+Ko0BLq2MP6nOBCQRsS8i9q/h+bdFxJmnvzrYbP/t41/F4BoqVCf7MuKp8vlfjrr4K5LV5ycntsXc7OGJylWx0k8/X3mjWfkdxd8F+fnf0fD6r8Y/ktTO1y60X8aV3z9tek+z1ut/S/JWKb2l2PbB9OLihcmILcnyyu1Ttx5byVeOz+MfO9Qg/ptZ/h737xfF4w5ERH4RPxwRj0TEo0XdH4uIxyPiUIPYsqXy+odXnnh37fGvrzz+k22d//YTA2e//6ZZ+a2d/6Ol1FixpZX3v1Yr2MlrBwAAAHeLtPQd+CQdr6bTdHy8/B3+vbEjnZtfWHzm1Pz750+Wvys/EkNpZaRruGY8dLIYG67kp+ryR0rjxlmWZdtL+fGZ+bn1mlMHWrOzSfvP/THQ69oB666teTS/8IJNpQvz6MBdSvuH/qX9Q//S/qF/NWr/SxE3elAV4A67zef/rf8SAGw6+v/Qv7R/6F/aP/SlTn7Xv1piz/H1eubNlhjYGNVoOxHphqhGS4mh4mqvbkk3SMVKia0R0erBS3GnKtbjNyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu+S8AAP//28vuNQ==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1887008, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) 2m54.960650525s ago: executing program 0 (id=382): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) 2m54.137979668s ago: executing program 0 (id=388): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000}) 2m53.609043391s ago: executing program 32 (id=388): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000}) 1m46.26105814s ago: executing program 2 (id=1047): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$usbfs(&(0x7f0000000040), 0x206, 0x3601) 1m45.972297789s ago: executing program 2 (id=1050): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x40d00, 0x0) r4 = dup(r3) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xc9) 1m45.726183144s ago: executing program 2 (id=1054): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_VDPA_GET_CONFIG(r3, 0x8008af73, 0x0) 1m45.402149706s ago: executing program 2 (id=1058): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000380), 0xfd, 0x269, &(0x7f0000000a00)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000280)) mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x185641, 0x0) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0xf000, 0x3, &(0x7f0000009000/0xf000)=nil) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./bus\x00', 0x84902, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r1, 0x0) write$FUSE_ATTR(r0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x53a, 0x2000000, 0x0, {0xffffffffff7ffffe, 0x1, 0xffffffffbfffffff, 0x10, 0xffffffffffff592c, 0x6, 0x4, 0x6288f666, 0x0, 0xc000}}}, 0x78) rmdir(&(0x7f0000000040)='./control\x00') 1m45.072770679s ago: executing program 2 (id=1064): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000040)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') 1m44.449683842s ago: executing program 2 (id=1072): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r2, 0xe1bd4000) mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) 1m44.094625528s ago: executing program 33 (id=1072): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r2, 0xe1bd4000) mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) 4.617028484s ago: executing program 3 (id=1959): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000cc0)={'syz1\x00', {}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f9, 0x100, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x8, 0x7f, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x71, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000005, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10000, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd, 0x400, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) readv(r0, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x4) fcntl$setsig(r1, 0xa, 0x13) fcntl$setlease(r1, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000140)='./file0\x00', 0x0) 3.634437893s ago: executing program 3 (id=1973): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x4, 0x5, 0x7, 0x401, 0x25, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x80, 0x5}}) 3.572974809s ago: executing program 5 (id=1974): open_tree(0xffffffffffffffff, 0x0, 0x89901) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000200), 0xfea7) copy_file_range(r1, 0x0, r0, 0x0, 0xffffffffa003e459, 0x700000000000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) 3.352810221s ago: executing program 3 (id=1976): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r4) 3.118262945s ago: executing program 4 (id=1978): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0) 3.025283955s ago: executing program 5 (id=1979): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x24200, 0x0) 3.020557315s ago: executing program 3 (id=1980): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) r1 = epoll_create1(0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x7ff) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x208) shutdown(r0, 0x1) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000180), 0x4) 1.572278151s ago: executing program 4 (id=1982): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x33, 0x40000000788, 0x80000000002, 0x183, 0x400000004, 0x0, 0xee, 0x0, 0x100000000, 0x1000045, 0x6, 0x3b9, 0xf, 0xfffffffffffffffd, 0x0, 0x8], 0x8000000, 0xa46dec12b9992f6}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.571928391s ago: executing program 1 (id=1983): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r4, &(0x7f0000003480)={0x2020}, 0x2020) 1.571427311s ago: executing program 5 (id=1984): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "268435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xf3d8}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[], 0x0) 1.570682651s ago: executing program 5 (id=1986): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r4, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) 1.570300941s ago: executing program 1 (id=1987): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') read$FUSE(r4, 0x0, 0x0) 1.569516012s ago: executing program 4 (id=1989): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r4 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c) 1.566996182s ago: executing program 1 (id=1990): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000040)="c7"}) 1.564039382s ago: executing program 5 (id=1992): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = getpid() syz_open_procfs(r4, &(0x7f0000000100)='net/vlan/config\x00') 1.563888432s ago: executing program 1 (id=1993): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) 1.559425752s ago: executing program 3 (id=1995): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x20000, 0x0) ioctl$SNAPSHOT_ATOMIC_RESTORE(r4, 0x3304) 1.559179462s ago: executing program 4 (id=1996): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x40000082, 0x0, 0x6}]}) 1.38218319s ago: executing program 3 (id=1997): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x14000, 0x30}, 0xc) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40810, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000011}, 0x4000000) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000001c0)={0x0, 0xffff}, 0x8) sendmmsg$inet6(r0, &(0x7f0000005e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)='@', 0x1}], 0x1}}], 0x1, 0x4000091) 1.38133318s ago: executing program 5 (id=2007): ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x4, 0x0, @loopback}, {0x2, 0x0, @remote}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x10, 0x0, 0x4, 0xff, 0x0, 0x0, 0x6, 0x2200}}, 0x1c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, 0x0, 0x0) fanotify_init(0x1, 0x40000) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x70bd26, 0x0, {0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2900}}, 0x1c}}, 0x8c0) 1.319405166s ago: executing program 1 (id=1998): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000080)=ANY=[], 0x6a) 1.314036187s ago: executing program 4 (id=1999): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) ioctl$COMEDI_DEVINFO(r3, 0x80b06401, 0x0) 1.232107265s ago: executing program 6 (id=2000): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000480)={{0x24, 0x0, 0xfffc, 0x805}, 'syz0\x00', 0x40}) ioctl$UI_DEV_CREATE(r2, 0x5501) writev(r2, &(0x7f00000004c0)=[{&(0x7f0000000140)="0f16e055c113099e688177c628341c0dfe132c5fe6cc99f8", 0x18}], 0x1) 1.158456673s ago: executing program 1 (id=2001): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)={0x28, r4, 0x101, 0x0, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x8800) 1.08218838s ago: executing program 4 (id=2002): r0 = syz_usb_connect(0x5, 0x35, &(0x7f0000000500)=ANY=[@ANYBLOB="120100004aaf36207205a5580a27010203010902230001000000000904010901a37d7e03090500004000020401080b01"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[], 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000080)={0x0, 0x3, 0x1, "94"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, 0x0) 926.663986ms ago: executing program 6 (id=2003): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\x00\x00\x00\x00\xd4\xa2\x88\x00\xd1l,'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r3, 0x0, 0x0) 816.327627ms ago: executing program 6 (id=2004): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x1, 0x61821022, 0x0, 0xfffe, 0x6, 0x4, 0x0, 0x0, 0x4, 0x4}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1cd042, 0x0) ioctl$RNDZAPENTCNT(r4, 0x5204, 0x0) 650.022414ms ago: executing program 6 (id=2005): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0xeeee0000, 0xb, 0xba1, 0x8c5f, 0x0, [{0x46, 0x8, 0x1}, {0x2, 0x29, 0x6, '\x00', 0xf8}, {0x60, 0x3, 0x0, '\x00', 0xbd}, {0x7, 0x4, 0x9, '\x00', 0xd}, {0x5, 0x4, 0x8, '\x00', 0x5}, {0x3, 0x42, 0x71, '\x00', 0x2}, {0x7, 0x7, 0xfd, '\x00', 0x34}, {0x9, 0xc5, 0x1, '\x00', 0xfe}, {0x7, 0xfb, 0x3, '\x00', 0x2}, {0xfe, 0x1, 0xd, '\x00', 0x4}, {0x1, 0x4e, 0x0, '\x00', 0x2}, {0x9, 0x2, 0x5, '\x00', 0x3}, {0xfa, 0x0, 0x8, '\x00', 0x7}, {0x80, 0x2, 0x80, '\x00', 0x4}, {0x6, 0x8, 0x3, '\x00', 0x4}, {0x9, 0xf1, 0x8, '\x00', 0x4}, {0x2, 0x7, 0x8, '\x00', 0x3}, {0x5, 0x6, 0x9, '\x00', 0x48}, {0x90, 0x0, 0x81, '\x00', 0x6}, {0xb, 0xff, 0x5}, {0x0, 0x4, 0x3, '\x00', 0x6a}, {0x7, 0x35, 0x7a, '\x00', 0x4}, {0x4, 0x7, 0x5, '\x00', 0xf}, {0x8, 0x2, 0x62, '\x00', 0x1}]}}) 214.077838ms ago: executing program 6 (id=2006): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000100)={0x1, 0x0, [{0x80000001, 0x9, 0x2, 0x82, 0x7ff, 0x2, 0xffffffff}]}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x4, 0xc2, 0x4f, 0x40, 0x5d, 0x80, 0x1, 0x3, 0x44, 0x8, 0x0, 0x100000000009}, {0xb, 0xa6f2, 0x6, 0x8, 0x9, 0xff, 0x4, 0x87, 0xa, 0x13, 0x7, 0x6, 0x1}, {0x1ff, 0x7, 0xd, 0x10, 0x25, 0x9, 0x0, 0x6, 0x4, 0x15, 0x0, 0x2, 0x4}], 0x9}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x67a, 0x6, 0xf3b8, 0x0, 0x1000, 0x400, 0x4002004c4, 0x1000, 0x0, 0x97, 0x10, 0x0, 0x3, 0x4], 0xeeee8000, 0x400}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 6 (id=2008): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000040)={0x0, 0x3938700}, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0x2, 0xffff1000, '\x00', 0x654}) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): 7] usb 3-1: config 1 interface 138 has no altsetting 0 [ 96.054909][ T4327] usb 3-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 96.074657][ T4327] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.090766][ T4327] usb 3-1: Product: syz [ 96.095113][ T4327] usb 3-1: Manufacturer: syz [ 96.102748][ T4327] usb 3-1: SerialNumber: syz [ 96.167279][ T4727] loop1: detected capacity change from 0 to 256 [ 96.443072][ T4327] usb 3-1: USB disconnect, device number 2 [ 96.963435][ T4384] udevd[4384]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 97.157341][ T4417] gspca_stk1135: reg_w 0x200 err -71 [ 97.164753][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.191204][ T4417] gspca_stk1135: Sensor write failed [ 97.206625][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.219778][ T4417] gspca_stk1135: Sensor write failed [ 97.225159][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.255786][ T4417] gspca_stk1135: Sensor read failed [ 97.272293][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.285844][ T4417] gspca_stk1135: Sensor read failed [ 97.305859][ T4417] gspca_stk1135: Detected sensor type unknown (0x0) [ 97.322859][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.335902][ T4417] gspca_stk1135: Sensor read failed [ 97.351491][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.373640][ T4417] gspca_stk1135: Sensor read failed [ 97.400823][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.421050][ T4417] gspca_stk1135: Sensor write failed [ 97.430850][ T4741] loop4: detected capacity change from 0 to 32768 [ 97.437587][ T4417] gspca_stk1135: serial bus timeout: status=0x00 [ 97.443958][ T4417] gspca_stk1135: Sensor write failed [ 97.464181][ T4417] stk1135: probe of 1-1:0.0 failed with error -71 [ 97.488691][ T4417] usb 1-1: USB disconnect, device number 2 [ 98.674887][ T4795] block device autoloading is deprecated and will be removed. [ 100.174614][ T4341] hid (null): report_id 37388 is invalid [ 100.181541][ T4326] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 100.205577][ T4341] hid-generic 0001:0001:FFFFFFFD.0002: report_id 37388 is invalid [ 100.220013][ T4341] hid-generic 0001:0001:FFFFFFFD.0002: item 0 2 1 8 parsing failed [ 100.231196][ T4341] hid-generic: probe of 0001:0001:FFFFFFFD.0002 failed with error -22 [ 100.375999][ T4326] usb 3-1: Using ep0 maxpacket: 32 [ 100.392885][ T4326] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 100.422650][ T4326] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.448087][ T4326] usb 3-1: Product: syz [ 100.460225][ T4326] usb 3-1: Manufacturer: syz [ 100.470279][ T4326] usb 3-1: SerialNumber: syz [ 100.477585][ T4868] binder: 4867:4868 ioctl c018620c 200000000000 returned -22 [ 100.489453][ T4326] usb 3-1: config 0 descriptor?? [ 100.513188][ T4326] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 101.094359][ T4870] loop0: detected capacity change from 0 to 32768 [ 101.191574][ T4870] XFS (loop0): Mounting V5 Filesystem [ 101.225997][ T4417] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 101.305031][ T4870] XFS (loop0): Ending clean mount [ 101.408506][ T4417] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.436092][ T4417] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 200, setting to 64 [ 101.483144][ T4417] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 101.516048][ T4417] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 238, setting to 64 [ 101.547543][ T4417] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.584162][ T4417] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 101.600222][ T4417] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.626606][ T4279] XFS (loop0): Unmounting Filesystem [ 101.634568][ T4417] usb 5-1: config 0 descriptor?? [ 101.650977][ T4880] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 101.661458][ T4880] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 101.947038][ T4327] usb 5-1: USB disconnect, device number 3 [ 102.374007][ T4326] gspca_ov534_9: reg_w failed -71 [ 102.531197][ T4930] loop1: detected capacity change from 0 to 128 [ 102.696011][ T4326] gspca_ov534_9: Unknown sensor 0000 [ 102.696082][ T4326] ov534_9: probe of 3-1:0.0 failed with error -22 [ 102.741122][ T4326] usb 3-1: USB disconnect, device number 3 [ 103.394932][ T4951] loop1: detected capacity change from 0 to 2048 [ 103.593775][ T4411] udevd[4411]: incorrect nilfs2 checksum on /dev/loop1 [ 103.605940][ T2185] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 103.837811][ T2185] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.859887][ T2185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 200, setting to 64 [ 103.911685][ T2185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 103.994932][ T2185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 238, setting to 64 [ 104.085510][ T2185] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 104.158918][ T2185] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 104.213471][ T2185] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.339526][ T2185] usb 3-1: config 0 descriptor?? [ 104.345802][ T4960] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 104.353579][ T4960] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 104.674868][ T2185] usb 3-1: USB disconnect, device number 4 [ 105.061411][ T4987] loop1: detected capacity change from 0 to 8192 [ 105.781161][ T4963] Set syz1 is full, maxelem 65536 reached [ 106.102694][ T27] audit: type=1326 audit(1763339404.203:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.191941][ T27] audit: type=1326 audit(1763339404.203:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.265859][ T27] audit: type=1326 audit(1763339404.203:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.309981][ T126] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 106.332371][ T27] audit: type=1326 audit(1763339404.203:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.361173][ T27] audit: type=1326 audit(1763339404.233:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.411597][ T27] audit: type=1326 audit(1763339404.233:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.471411][ T27] audit: type=1326 audit(1763339404.233:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.546923][ T27] audit: type=1326 audit(1763339404.233:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.576888][ T126] usb 3-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 106.614174][ T126] usb 3-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 106.636670][ T126] usb 3-1: config 253 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 106.671063][ T27] audit: type=1326 audit(1763339404.233:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 106.704499][ T126] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 106.725483][ T126] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 106.745823][ T126] usb 3-1: SerialNumber: syz [ 106.763970][ T5027] loop0: detected capacity change from 0 to 2048 [ 106.955356][ T4632] udevd[4632]: incorrect nilfs2 checksum on /dev/loop0 [ 106.986336][ T126] rndis_wlan: probe of 3-1:253.0 failed with error -22 [ 107.000849][ T126] rndis_host: probe of 3-1:253.0 failed with error -22 [ 107.035340][ T126] usb 3-1: USB disconnect, device number 5 [ 107.127783][ T5041] tipc: Started in network mode [ 107.132948][ T5041] tipc: Node identity fe86388efc7f, cluster identity 4711 [ 107.146221][ T5041] tipc: Enabled bearer , priority 0 [ 107.310465][ T5041] device syzkaller0 entered promiscuous mode [ 107.346453][ T5041] tipc: Resetting bearer [ 107.417738][ T5040] tipc: Resetting bearer [ 107.714627][ T5062] binder: 5061:5062 ioctl c0306201 200000000040 returned -14 [ 108.154032][ T5079] loop2: detected capacity change from 0 to 256 [ 108.255069][ T5079] FAT-fs (loop2): Directory bread(block 64) failed [ 108.272693][ T5079] FAT-fs (loop2): Directory bread(block 65) failed [ 108.281565][ T126] tipc: Node number set to 49887374 [ 108.323974][ T5079] FAT-fs (loop2): Directory bread(block 66) failed [ 108.340772][ T5079] FAT-fs (loop2): Directory bread(block 67) failed [ 108.352135][ T5079] FAT-fs (loop2): Directory bread(block 68) failed [ 108.364204][ T5079] FAT-fs (loop2): Directory bread(block 69) failed [ 108.378131][ T5079] FAT-fs (loop2): Directory bread(block 70) failed [ 108.387141][ T5079] FAT-fs (loop2): Directory bread(block 71) failed [ 108.393938][ T5079] FAT-fs (loop2): Directory bread(block 72) failed [ 108.401886][ T5079] FAT-fs (loop2): Directory bread(block 73) failed [ 108.972403][ T5097] loop2: detected capacity change from 0 to 128 [ 110.728199][ T5040] tipc: Disabling bearer [ 111.502255][ T5141] loop4: detected capacity change from 0 to 256 [ 111.604621][ T5141] FAT-fs (loop4): Directory bread(block 64) failed [ 111.626592][ T5141] FAT-fs (loop4): Directory bread(block 65) failed [ 111.650016][ T5141] FAT-fs (loop4): Directory bread(block 66) failed [ 111.684556][ T5141] FAT-fs (loop4): Directory bread(block 67) failed [ 111.716416][ T5141] FAT-fs (loop4): Directory bread(block 68) failed [ 111.735198][ T5141] FAT-fs (loop4): Directory bread(block 69) failed [ 111.753617][ T5141] FAT-fs (loop4): Directory bread(block 70) failed [ 111.807285][ T5141] FAT-fs (loop4): Directory bread(block 71) failed [ 111.814012][ T5141] FAT-fs (loop4): Directory bread(block 72) failed [ 111.873467][ T5141] FAT-fs (loop4): Directory bread(block 73) failed [ 113.806472][ T5221] loop0: detected capacity change from 0 to 128 [ 113.825115][ T5188] loop1: detected capacity change from 0 to 32768 [ 113.986095][ T5188] XFS (loop1): Mounting V5 Filesystem [ 114.034411][ T5233] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 114.078358][ T5233] EXT4-fs (loop2): unable to read superblock [ 114.135300][ T5188] XFS (loop1): Ending clean mount [ 114.407859][ T4266] XFS (loop1): Unmounting Filesystem [ 115.113898][ T5264] loop2: detected capacity change from 0 to 128 [ 115.121209][ T5270] loop0: detected capacity change from 0 to 512 [ 115.148924][ T5270] EXT4-fs: Ignoring removed nobh option [ 115.154585][ T5270] EXT4-fs: inline encryption not supported [ 115.190296][ T5270] EXT4-fs (loop0): Test dummy encryption mode enabled [ 115.278447][ T5270] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 115.395439][ T5270] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.375: invalid indirect mapped block 2683928664 (level 1) [ 115.470195][ T5270] EXT4-fs (loop0): Remounting filesystem read-only [ 115.483458][ T5270] EXT4-fs (loop0): 1 truncate cleaned up [ 115.516018][ T5270] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 115.776800][ T4279] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 115.853052][ T4279] EXT4-fs (loop0): Remounting filesystem read-only [ 115.872007][ T4279] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz-executor: Invalid block bitmap block 3 in block_group 0 [ 115.905917][ T4279] EXT4-fs (loop0): Remounting filesystem read-only [ 115.923070][ T4279] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 115.948098][ T4279] EXT4-fs (loop0): Remounting filesystem read-only [ 115.965465][ T5273] loop4: detected capacity change from 0 to 32768 [ 115.969825][ T4279] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2196: inode #15: comm syz-executor: corrupted in-inode xattr [ 116.020358][ T4279] EXT4-fs (loop0): Remounting filesystem read-only [ 116.028795][ T4279] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2196: inode #15: comm syz-executor: corrupted in-inode xattr [ 116.052820][ T4279] EXT4-fs (loop0): Remounting filesystem read-only [ 116.062940][ T5273] XFS (loop4): Mounting V5 Filesystem [ 116.234654][ T5273] XFS (loop4): Ending clean mount [ 116.368243][ T5284] loop1: detected capacity change from 0 to 32768 [ 116.438966][ T4269] XFS (loop4): Unmounting Filesystem [ 116.484629][ T4279] EXT4-fs (loop0): unmounting filesystem. [ 116.578020][ T5284] ERROR: (device loop1): dbAdjCtl: Corrupt dmapctl page [ 116.578020][ T5284] [ 116.664550][ T4369] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.701397][ T5284] ERROR: (device loop1): remounting filesystem as read-only [ 116.750210][ T5284] ERROR: (device loop1): dbDiscardAG: -EIO [ 116.750210][ T5284] [ 116.888273][ T4369] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.093017][ T4369] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.292946][ T4369] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.125518][ T4282] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 118.136461][ T4282] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 118.145211][ T4282] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 118.196651][ T4282] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 118.207105][ T4282] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 118.214417][ T4282] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 119.593674][ T5395] binder: 5394:5395 ioctl c0306201 2000000001c0 returned -14 [ 119.608838][ T5332] chnl_net:caif_netlink_parms(): no params data found [ 120.062520][ T4369] device hsr_slave_0 left promiscuous mode [ 120.070611][ T4369] device hsr_slave_1 left promiscuous mode [ 120.078589][ T4369] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.086375][ T4369] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.129530][ T4369] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.146486][ T4369] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.165096][ T4369] device bridge_slave_1 left promiscuous mode [ 120.177511][ T4369] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.205495][ T4369] device bridge_slave_0 left promiscuous mode [ 120.215978][ T4369] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.253843][ T4369] device veth1_macvtap left promiscuous mode [ 120.261207][ T4369] device veth0_macvtap left promiscuous mode [ 120.268002][ T4369] device veth1_vlan left promiscuous mode [ 120.274628][ T4369] device veth0_vlan left promiscuous mode [ 120.286044][ T4276] Bluetooth: hci4: command 0x0409 tx timeout [ 120.430538][ T5416] binder: 5415:5416 ioctl c0306201 200000000040 returned -14 [ 120.486651][ T5420] loop1: detected capacity change from 0 to 1024 [ 121.164750][ T5439] Unsupported ieee802154 address type: 0 [ 121.390959][ T5449] loop4: detected capacity change from 0 to 1024 [ 121.430922][ T5449] EXT4-fs: inline encryption not supported [ 121.474691][ T5449] EXT4-fs: Ignoring removed orlov option [ 121.597812][ T5449] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800c018, mo2=0002] [ 121.606496][ T5449] System zones: 0-1, 3-12 [ 121.612762][ T5452] xt_hashlimit: max too large, truncated to 1048576 [ 121.617221][ T5449] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 121.654178][ T27] audit: type=1800 audit(1763339419.753:12): pid=5449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.443" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 121.977838][ T5465] binder: 5462:5465 ioctl 40046210 0 returned -14 [ 121.979634][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 122.149532][ T4369] team0 (unregistering): Port device team_slave_1 removed [ 122.243562][ T4369] team0 (unregistering): Port device team_slave_0 removed [ 122.365992][ T4276] Bluetooth: hci4: command 0x041b tx timeout [ 122.542922][ T4369] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.565909][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 122.583501][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 122.591924][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 122.601906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 122.863401][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 123.284028][ T4369] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 124.451211][ T4276] Bluetooth: hci4: command 0x040f tx timeout [ 124.948965][ T4369] bond0 (unregistering): Released all slaves [ 125.010229][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.026140][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.034526][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.042920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 125.051316][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 126.162251][ T5332] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.200136][ T5332] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.244224][ T5332] device bridge_slave_0 entered promiscuous mode [ 126.278355][ T5332] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.285521][ T5332] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.362580][ T5332] device bridge_slave_1 entered promiscuous mode [ 126.525938][ T4276] Bluetooth: hci4: command 0x0419 tx timeout [ 127.009418][ T5332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 127.123460][ T5332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.154446][ T5573] loop4: detected capacity change from 0 to 2048 [ 127.225345][ T5332] team0: Port device team_slave_0 added [ 127.318377][ T5573] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 127.324213][ T5332] team0: Port device team_slave_1 added [ 127.477225][ T5332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 127.516931][ T5332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.665220][ T5332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.711916][ T5332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.745930][ T5332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.878454][ T5332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.043561][ T5332] device hsr_slave_0 entered promiscuous mode [ 128.101257][ T5332] device hsr_slave_1 entered promiscuous mode [ 128.751569][ T5332] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 128.792436][ T5332] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 128.860134][ T5332] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 128.876217][ T5332] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 129.186263][ T5332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.260512][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 129.356836][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 129.391095][ T5332] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.433522][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 129.471015][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 129.502698][ T5576] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.509942][ T5576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.532996][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 129.555121][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 129.595064][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.616717][ T5576] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.624092][ T5576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.666390][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.693004][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.756835][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 129.789554][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 129.821440][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.840713][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.888304][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 129.926279][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.943254][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 130.006599][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 130.057109][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 130.073994][ T5332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.059554][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 131.081452][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 131.121932][ T5332] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.348277][ T5719] binder: 5717:5719 ioctl c0306201 2000000001c0 returned -14 [ 132.510972][ T5754] fuse: root generation should be zero [ 132.724589][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 132.781961][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 132.850247][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.857418][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.900627][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 132.916930][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 132.963896][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 133.021997][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 133.057746][ T5332] device veth0_vlan entered promiscuous mode [ 133.132739][ T5332] device veth1_vlan entered promiscuous mode [ 133.233874][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 133.253187][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 133.271594][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 133.321101][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 133.351411][ T5332] device veth0_macvtap entered promiscuous mode [ 133.384280][ T5332] device veth1_macvtap entered promiscuous mode [ 133.458338][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.529770][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.571690][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.623546][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.663583][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.705760][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.715669][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.775836][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.817759][ T5332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.867843][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 133.897022][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 133.911561][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 133.954457][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 133.982492][ T5806] tipc: Enabled bearer , priority 0 [ 134.007232][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.028101][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.058455][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.095753][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.166010][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.186304][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.243867][ T5332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.270780][ T5332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.299419][ T5332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.449667][ T5807] device syzkaller0 entered promiscuous mode [ 134.473211][ T5807] tipc: Resetting bearer [ 134.504398][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 134.526992][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 134.573695][ T5332] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.591083][ T5332] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.610081][ T5332] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.629354][ T5332] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.644679][ T5797] tipc: Resetting bearer [ 136.532291][ T4341] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 136.748309][ T4341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.765152][ T4341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.790884][ T4341] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 136.806313][ T4341] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 136.816080][ T4341] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.840088][ T4341] usb 2-1: config 0 descriptor?? [ 137.282078][ T4341] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 137.293236][ T4341] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 137.400912][ T4341] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 137.571555][ T4327] usb 2-1: USB disconnect, device number 4 [ 138.070171][ T5877] xt_hashlimit: max too large, truncated to 1048576 [ 138.137918][ T5877] Process accounting resumed [ 138.493226][ T5797] tipc: Disabling bearer [ 138.736895][ T4369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.745352][ T4369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.827088][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 138.827809][ T5897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.613'. [ 138.867307][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.876882][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.915858][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 139.119834][ T5905] binder: 5904:5905 unknown command 0 [ 139.125439][ T5905] binder: 5904:5905 ioctl c0306201 2000000004c0 returned -22 [ 139.278825][ T5916] binder: 5904:5916 unknown command 0 [ 139.371118][ T5916] binder: 5904:5916 ioctl c0306201 2000000001c0 returned -22 [ 140.367400][ T5931] loop4: detected capacity change from 0 to 256 [ 140.417163][ T5931] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 142.799701][ T27] audit: type=1326 audit(1763339440.903:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.4.646" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1445b8f6c9 code=0x0 [ 143.195868][ T2185] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 143.385828][ T2185] usb 2-1: Using ep0 maxpacket: 16 [ 143.396048][ T2185] usb 2-1: config 1 interface 0 altsetting 220 endpoint 0x1 has invalid wMaxPacketSize 0 [ 143.440136][ T2185] usb 2-1: config 1 interface 0 altsetting 220 bulk endpoint 0x1 has invalid maxpacket 0 [ 143.475065][ T2185] usb 2-1: config 1 interface 0 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 143.514628][ T27] audit: type=1326 audit(1763339441.613:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.2.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 143.540566][ T2185] usb 2-1: config 1 interface 0 has no altsetting 0 [ 143.571679][ T2185] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 143.610881][ T2185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.615772][ T27] audit: type=1326 audit(1763339441.643:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.2.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 143.637054][ T2185] usb 2-1: Product: syz [ 143.670510][ T2185] usb 2-1: Manufacturer: syz [ 143.675202][ T2185] usb 2-1: SerialNumber: syz [ 143.722724][ T27] audit: type=1326 audit(1763339441.643:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.2.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 143.830664][ T27] audit: type=1326 audit(1763339441.643:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.2.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 143.927649][ T6042] tipc: Started in network mode [ 143.932643][ T6042] tipc: Node identity de70b56110b3, cluster identity 4711 [ 143.952352][ T2185] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 220 proto 1 vid 0x0525 pid 0xA4A8 [ 143.975973][ T6042] tipc: Enabled bearer , priority 0 [ 144.107993][ T6044] device syzkaller0 entered promiscuous mode [ 144.143955][ T6044] tipc: Resetting bearer [ 144.219154][ T6041] tipc: Resetting bearer [ 144.705898][ T4276] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 144.716246][ T4276] CPU: 1 PID: 4276 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 144.723933][ T4276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 144.734066][ T4276] Workqueue: hci2 hci_rx_work [ 144.738857][ T4276] Call Trace: [ 144.742190][ T4276] [ 144.745161][ T4276] dump_stack_lvl+0x168/0x22e [ 144.749904][ T4276] ? show_regs_print_info+0x12/0x12 [ 144.755151][ T4276] ? load_image+0x3b0/0x3b0 [ 144.759734][ T4276] sysfs_create_dir_ns+0x252/0x280 [ 144.764903][ T4276] ? sysfs_warn_dup+0xa0/0xa0 [ 144.769651][ T4276] ? lockdep_hardirqs_on+0x94/0x140 [ 144.774912][ T4276] ? do_raw_spin_unlock+0x11d/0x230 [ 144.780202][ T4276] kobject_add_internal+0x6b8/0xc80 [ 144.785475][ T4276] kobject_add+0x152/0x210 [ 144.789953][ T4276] ? kobject_init+0x1d0/0x1d0 [ 144.794752][ T4276] ? klist_children_get+0x50/0x50 [ 144.799796][ T4276] ? get_device_parent+0x121/0x3f0 [ 144.805011][ T4276] device_add+0x483/0xfb0 [ 144.809357][ T4276] ? kmem_cache_free+0xf7/0x290 [ 144.814319][ T4276] hci_conn_add_sysfs+0xd1/0x1e0 [ 144.819277][ T4276] le_conn_complete_evt+0xfec/0x15d0 [ 144.824590][ T4276] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 144.830853][ T4276] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 144.836531][ T4276] ? skb_pull_data+0xf7/0x200 [ 144.841241][ T4276] hci_le_conn_complete_evt+0x183/0x440 [ 144.846817][ T4276] ? hci_remote_host_features_evt+0x270/0x270 [ 144.852921][ T4276] hci_event_packet+0x791/0x1210 [ 144.857887][ T4276] ? bis_list+0x280/0x280 [ 144.862246][ T4276] ? kcov_remote_start+0x27/0x7e0 [ 144.867292][ T4276] ? hci_send_to_monitor+0x9c/0x4a0 [ 144.872512][ T4276] hci_rx_work+0x3eb/0xd40 [ 144.876965][ T4276] ? _raw_spin_unlock+0x40/0x40 [ 144.881890][ T4276] ? process_one_work+0x7a1/0x1160 [ 144.887019][ T4276] process_one_work+0x898/0x1160 [ 144.891995][ T4276] ? worker_detach_from_pool+0x240/0x240 [ 144.897647][ T4276] ? _raw_spin_lock_irq+0xab/0xe0 [ 144.902694][ T4276] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 144.908096][ T4276] ? kthread_data+0x4b/0xc0 [ 144.912642][ T4276] worker_thread+0xaa2/0x1250 [ 144.917389][ T4276] kthread+0x29d/0x330 [ 144.921477][ T4276] ? worker_clr_flags+0x1a0/0x1a0 [ 144.926520][ T4276] ? kthread_blkcg+0xd0/0xd0 [ 144.931162][ T4276] ret_from_fork+0x1f/0x30 [ 144.935613][ T4276] [ 144.938668][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.953516][ T4276] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 144.967188][ T4276] Bluetooth: hci2: failed to register connection device [ 145.078808][ T2185] tipc: Node number set to 3468932449 [ 145.454869][ T6069] mmap: syz.5.666 (6069) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 145.912411][ T27] audit: type=1326 audit(1763339444.013:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 145.989839][ T27] audit: type=1326 audit(1763339444.013:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 146.060979][ T27] audit: type=1326 audit(1763339444.063:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 146.146632][ T27] audit: type=1326 audit(1763339444.063:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 146.215153][ T27] audit: type=1326 audit(1763339444.123:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 146.386753][ T6090] loop5: detected capacity change from 0 to 512 [ 146.457095][ T6090] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c02c, mo2=0002] [ 146.478211][ T6090] System zones: 1-12 [ 146.573914][ T6090] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.676: error while reading EA inode 32 err=-116 [ 146.612809][ T6090] EXT4-fs (loop5): Remounting filesystem read-only [ 146.630468][ T6090] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 146.655289][ T6090] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.676: error while reading EA inode 32 err=-116 [ 146.696309][ T6090] EXT4-fs (loop5): Remounting filesystem read-only [ 146.703271][ T6090] EXT4-fs (loop5): 1 orphan inode deleted [ 146.722358][ T6090] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 146.783034][ T6090] EXT4-fs error (device loop5): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.5.676: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 146.847273][ T6090] EXT4-fs (loop5): Remounting filesystem read-only [ 146.956218][ T5332] EXT4-fs (loop5): unmounting filesystem. [ 147.345534][ T6113] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 147.364676][ T6113] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 147.614922][ T6116] loop4: detected capacity change from 0 to 512 [ 147.635048][ T6116] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 147.647231][ T6116] System zones: 1-12 [ 147.652583][ T6116] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.686: Directory hole found for htree index block 0 [ 147.682030][ T6116] EXT4-fs (loop4): Remounting filesystem read-only [ 147.690950][ T6116] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 147.699590][ T6116] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.686: Directory hole found for htree index block 0 [ 147.712664][ T6116] EXT4-fs (loop4): Remounting filesystem read-only [ 147.734488][ T6116] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 147.748000][ T6116] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 147.772263][ T6116] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 147.823752][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 148.212840][ T6124] loop4: detected capacity change from 0 to 128 [ 149.251835][ T6021] usblp0:failed reading printer status (-110) [ 149.374228][ T4319] usb 2-1: USB disconnect, device number 5 [ 149.412879][ T4319] usblp0: removed [ 149.631217][ T6041] tipc: Disabling bearer [ 149.644582][ T6131] tipc: Enabled bearer , priority 14 [ 149.938327][ T6141] overlayfs: upper fs does not support file handles, falling back to index=off. [ 150.196633][ T6150] loop5: detected capacity change from 0 to 256 [ 150.297461][ T4411] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 150.895624][ T6179] tipc: Enabling of bearer rejected, failed to enable media [ 151.152236][ T6189] loop5: detected capacity change from 0 to 128 [ 151.332515][ T6191] usb usb8: usbfs: process 6191 (syz.4.714) did not claim interface 63 before use [ 152.552373][ T6235] loop5: detected capacity change from 0 to 512 [ 152.663715][ T6235] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.730: inode has both inline data and extents flags [ 152.737608][ T6235] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.730: couldn't read orphan inode 15 (err -117) [ 152.770770][ T6235] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 152.856037][ T4327] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 152.963051][ T5332] EXT4-fs (loop5): unmounting filesystem. [ 153.048219][ T4327] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 153.074851][ T4327] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.114315][ T4327] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.141173][ T4327] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 153.170983][ T4327] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 153.194834][ T4327] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 153.218103][ T4327] usb 2-1: Manufacturer: syz [ 153.236557][ T6261] netlink: 4 bytes leftover after parsing attributes in process `syz.3.738'. [ 153.253764][ T4327] usb 2-1: config 0 descriptor?? [ 153.678795][ T4327] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 153.694279][ T4327] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 153.722767][ T4327] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 153.757518][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 153.757534][ T27] audit: type=1800 audit(1763339451.863:26): pid=6255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.735" name="/" dev="fuse" ino=9 res=0 errno=0 [ 153.985934][ T2185] usb 2-1: USB disconnect, device number 6 [ 154.162735][ T6276] fido_id[6276]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 154.326849][ T4327] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 154.517959][ T4327] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 154.535796][ T4327] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 154.573188][ T4327] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 154.600127][ T4327] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 154.642795][ T4327] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 154.666440][ T4327] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 154.678482][ T4327] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 154.695835][ T4327] usb 5-1: Product: syz [ 154.705921][ T4327] usb 5-1: Manufacturer: syz [ 154.738411][ T4327] cdc_wdm 5-1:1.0: skipping garbage [ 154.755785][ T4327] cdc_wdm 5-1:1.0: skipping garbage [ 154.781570][ T4327] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 154.825844][ T4327] cdc_wdm 5-1:1.0: Unknown control protocol [ 154.911754][ T6301] loop2: detected capacity change from 0 to 512 [ 154.917990][ T6303] binder: 6302:6303 ioctl c0306201 200000000100 returned -14 [ 154.937029][ T6301] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 154.946894][ T6301] System zones: 1-12 [ 154.980268][ T6301] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.750: Directory hole found for htree index block 0 [ 155.162999][ T6301] EXT4-fs (loop2): Remounting filesystem read-only [ 155.175228][ T6301] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 155.220440][ T6301] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.750: Directory hole found for htree index block 0 [ 155.268451][ T6311] netlink: 12 bytes leftover after parsing attributes in process `syz.5.754'. [ 155.304513][ T6280] loop4: detected capacity change from 0 to 40427 [ 155.319640][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 155.326572][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 155.336242][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 155.340030][ T6301] EXT4-fs (loop2): Remounting filesystem read-only [ 155.342886][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 155.349350][ T4341] usb 5-1: USB disconnect, device number 4 [ 155.414304][ T6301] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 155.459257][ T6280] F2FS-fs (loop4): Found nat_bits in checkpoint [ 155.474816][ T6301] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 155.515801][ T6280] F2FS-fs (loop4): Cannot turn on quotas: -2 on 2 [ 155.525428][ T6280] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 155.622819][ T6301] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 155.791719][ T4278] EXT4-fs (loop2): unmounting filesystem. [ 156.693952][ T6351] Bluetooth: MGMT ver 1.22 [ 156.942406][ T6356] syz.4.770 uses obsolete (PF_INET,SOCK_PACKET) [ 157.142536][ T6365] loop5: detected capacity change from 0 to 8 [ 157.194475][ T6365] syz.5.774: attempt to access beyond end of device [ 157.194475][ T6365] loop5: rw=2048, sector=36028797018963960, nr_sectors = 16 limit=8 [ 157.246182][ T6365] SQUASHFS error: Failed to read block 0xfffffffffffffffc: -5 [ 157.253753][ T6365] unable to read xattr id index table [ 159.171070][ T6396] loop4: detected capacity change from 0 to 40427 [ 159.201826][ T6396] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 159.228999][ T6396] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 159.246274][ T6396] F2FS-fs (loop4): Unrecognized mount option "0x0000000000000000Ü@@" or missing value [ 159.398497][ T6416] netlink: 8 bytes leftover after parsing attributes in process `syz.4.787'. [ 160.642605][ T6432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.799'. [ 161.259015][ T6415] loop2: detected capacity change from 0 to 65536 [ 161.323883][ T6415] XFS (loop2): Mounting V5 Filesystem [ 161.498175][ T6415] XFS (loop2): Ending clean mount [ 161.508814][ T6415] XFS (loop2): Quotacheck needed: Please wait. [ 161.611086][ T6415] XFS (loop2): Quotacheck: Done. [ 161.671394][ T6455] loop1: detected capacity change from 0 to 2048 [ 161.683963][ T27] audit: type=1800 audit(1763339459.783:27): pid=6415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.792" name="file1" dev="loop2" ino=38 res=0 errno=0 [ 161.847086][ T6455] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.878716][ T4278] XFS (loop2): Unmounting Filesystem [ 163.623218][ T6387] Set syz1 is full, maxelem 65536 reached [ 164.152762][ T6489] overlayfs: failed to clone lowerpath [ 164.604896][ T6503] loop4: detected capacity change from 0 to 2048 [ 164.724781][ T6503] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 164.914839][ T6519] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 164.933182][ T6519] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 164.945841][ T6519] EXT4-fs (loop4): This should not happen!! Data will be lost [ 164.945841][ T6519] [ 164.955552][ T6519] EXT4-fs (loop4): Total free blocks count 0 [ 164.961657][ T6519] EXT4-fs (loop4): Free/Dirty block details [ 164.967684][ T6519] EXT4-fs (loop4): free_blocks=2415919504 [ 164.973507][ T6519] EXT4-fs (loop4): dirty_blocks=32 [ 164.978729][ T6519] EXT4-fs (loop4): Block reservation details [ 164.984839][ T6519] EXT4-fs (loop4): i_reserved_data_blocks=2 [ 165.119536][ T5487] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 165.758534][ T6543] loop4: detected capacity change from 0 to 128 [ 165.836601][ T6543] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 165.866438][ T6543] FAT-fs (loop4): FAT read failed (blocknr 4128) [ 172.102689][ T6740] loop4: detected capacity change from 0 to 4096 [ 172.145044][ T6740] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 172.403787][ T6740] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(261627324589040) <= P.seqno(0) <= S.SWH(261627324589114)) and (P.ackno exists or LAWL(164400955658957) <= P.ackno(164400955658958) <= S.AWH(164400955658958), sending SYNC... [ 173.186692][ T4326] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 173.395901][ T4326] usb 2-1: Using ep0 maxpacket: 32 [ 173.411028][ T4326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.450444][ T4326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.480851][ T4326] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 173.508741][ T4326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.539265][ T4326] usb 2-1: config 0 descriptor?? [ 174.002632][ T4326] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 174.351328][ T2185] usb 2-1: USB disconnect, device number 7 [ 174.410003][ T6802] fido_id[6802]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 174.785404][ T6828] 9pnet_fd: Insufficient options for proto=fd [ 175.776786][ T4341] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 175.909712][ T27] audit: type=1326 audit(1763339474.013:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 175.984598][ T27] audit: type=1326 audit(1763339474.013:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 176.006787][ C0] vkms_vblank_simulate: vblank timer overrun [ 176.020894][ T4341] usb 5-1: Using ep0 maxpacket: 32 [ 176.029663][ T4341] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 176.076956][ T4341] usb 5-1: config 0 has no interface number 0 [ 176.083487][ T4341] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 176.103068][ T4341] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 176.128970][ T27] audit: type=1326 audit(1763339474.013:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 176.156969][ T4341] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.185255][ T4341] usb 5-1: Product: syz [ 176.193047][ T4341] usb 5-1: Manufacturer: syz [ 176.205131][ T4341] usb 5-1: SerialNumber: syz [ 176.214890][ T27] audit: type=1326 audit(1763339474.013:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 176.277726][ T27] audit: type=1326 audit(1763339474.013:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 176.314187][ T27] audit: type=1326 audit(1763339474.013:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 176.354838][ T4341] usb 5-1: config 0 descriptor?? [ 176.374776][ T6859] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 176.485771][ T27] audit: type=1326 audit(1763339474.013:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 176.495465][ T6890] overlayfs: failed to clone upperpath [ 176.555776][ T27] audit: type=1326 audit(1763339474.013:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.5.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 176.624116][ T6859] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 176.943742][ T5487] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.599562][ T6929] netlink: 48 bytes leftover after parsing attributes in process `syz.5.974'. [ 178.802611][ T4341] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 178.837020][ T4341] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 178.862168][ T4341] asix: probe of 5-1:0.188 failed with error -71 [ 178.929111][ T4341] usb 5-1: USB disconnect, device number 5 [ 180.781696][ T7027] tipc: Enabling of bearer rejected, media not registered [ 181.832827][ T27] audit: type=1326 audit(1763339479.933:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 181.948795][ T27] audit: type=1326 audit(1763339479.973:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 181.972964][ T27] audit: type=1326 audit(1763339479.973:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 181.995993][ T27] audit: type=1326 audit(1763339479.973:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 182.223012][ T27] audit: type=1326 audit(1763339480.003:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 182.814207][ T27] audit: type=1326 audit(1763339480.003:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 182.876199][ T27] audit: type=1326 audit(1763339480.003:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 183.015744][ T27] audit: type=1326 audit(1763339480.003:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 183.103616][ T27] audit: type=1326 audit(1763339480.003:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 183.220252][ T27] audit: type=1326 audit(1763339480.003:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7066 comm="syz.2.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f608ad8f6c9 code=0x7ffc0000 [ 183.753445][ T7102] capability: warning: `syz.3.1032' uses deprecated v2 capabilities in a way that may be insecure [ 184.979021][ T7158] loop1: detected capacity change from 0 to 2048 [ 185.084669][ T7158] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 185.105472][ T7158] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.374757][ T7174] loop2: detected capacity change from 0 to 128 [ 185.388389][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 185.452903][ T7174] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 185.471974][ T7174] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.508483][ T7174] EXT4-fs error (device loop2): ext4_ind_map_blocks:604: inode #13: comm syz.2.1058: Can't allocate blocks for non-extent mapped inodes with bigalloc [ 185.538289][ T7174] EXT4-fs warning (device loop2): ext4_dirblock_csum_set:427: inode #2: comm syz.2.1058: No space for directory leaf checksum. Please run e2fsck -D. [ 185.656420][ T4278] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid [ 185.692012][ T4278] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid [ 185.875501][ T6233] EXT4-fs (loop2): unmounting filesystem. [ 186.437805][ T5576] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.603405][ T5576] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.733581][ T5576] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.750865][ T2185] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 186.936714][ T5576] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.947754][ T2185] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB3, skipping [ 186.974274][ T2185] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 187.024084][ T2185] usb 5-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 187.063894][ T2185] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.114229][ T2185] usb 5-1: config 0 descriptor?? [ 187.165045][ T2185] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 187.365612][ T2185] usb 5-1: USB disconnect, device number 6 [ 187.509713][ T5576] tipc: Left network mode [ 187.557425][ T4284] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 187.583774][ T4284] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 187.597986][ T4284] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 187.615076][ T4284] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 187.629924][ T4284] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 187.638053][ T4284] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 187.908845][ T7239] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1084'. [ 188.016789][ T4326] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 188.239560][ T4326] usb 2-1: Using ep0 maxpacket: 16 [ 188.249943][ T4326] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 188.273330][ T4326] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 188.317622][ T4326] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 188.335862][ T4326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.344017][ T4326] usb 2-1: Product: syz [ 188.365933][ T4326] usb 2-1: Manufacturer: syz [ 188.370622][ T4326] usb 2-1: SerialNumber: syz [ 188.592466][ T7260] loop4: detected capacity change from 0 to 512 [ 188.599589][ T4326] usb 2-1: 0:2 : does not exist [ 188.612704][ T4326] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 188.707641][ T4326] usb 2-1: USB disconnect, device number 8 [ 188.741611][ T7260] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 188.771932][ T7260] ext4 filesystem being mounted at /190/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 188.912819][ T7227] chnl_net:caif_netlink_parms(): no params data found [ 188.988921][ T4411] udevd[4411]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 189.059185][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 189.746018][ T4284] Bluetooth: hci3: command 0x0409 tx timeout [ 189.901994][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 189.902010][ T27] audit: type=1326 audit(1763339488.003:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7287 comm="syz.4.1096" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x0 [ 189.974665][ T7227] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.997850][ T7227] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.023258][ T7227] device bridge_slave_0 entered promiscuous mode [ 190.060345][ T7227] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.088052][ T7227] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.107007][ T7227] device bridge_slave_1 entered promiscuous mode [ 190.199785][ T27] audit: type=1326 audit(1763339488.303:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.289167][ T27] audit: type=1326 audit(1763339488.303:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.381861][ T27] audit: type=1326 audit(1763339488.303:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.465391][ T27] audit: type=1326 audit(1763339488.303:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.548770][ T27] audit: type=1326 audit(1763339488.303:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.603945][ T27] audit: type=1326 audit(1763339488.303:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.688409][ T27] audit: type=1326 audit(1763339488.303:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.716393][ T5576] device hsr_slave_0 left promiscuous mode [ 190.726414][ T5576] device hsr_slave_1 left promiscuous mode [ 190.743250][ T5576] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.765944][ T27] audit: type=1326 audit(1763339488.303:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.788469][ T5576] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.822577][ T5576] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 190.847654][ T5576] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 190.882922][ T27] audit: type=1326 audit(1763339488.303:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7292 comm="syz.4.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x7ffc0000 [ 190.911931][ T7314] overlayfs: failed to clone upperpath [ 190.912379][ T5576] device bridge_slave_1 left promiscuous mode [ 190.960141][ T5576] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.979632][ T5576] device bridge_slave_0 left promiscuous mode [ 190.996009][ T5576] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.232828][ T5576] device veth1_macvtap left promiscuous mode [ 191.243786][ T5576] device veth0_macvtap left promiscuous mode [ 191.265917][ T5576] device veth1_vlan left promiscuous mode [ 191.295945][ T5576] device veth0_vlan left promiscuous mode [ 191.359485][ T4257] infiniband syz1: ib_query_port failed (-19) [ 191.409534][ T7273] infiniband syz1: set down [ 191.414675][ T7273] infiniband syz1: added syz_tun [ 191.478845][ T7273] rdma_rxe: unable to create cq [ 191.484350][ T7273] infiniband syz1: Couldn't create ib_mad CQ [ 191.572883][ T7273] infiniband syz1: Couldn't open port 1 [ 191.758738][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888079d61000: rx timeout, send abort [ 191.778059][ T7273] RDS/IB: syz1: added [ 191.793523][ T7273] smc: adding ib device syz1 with port count 1 [ 191.800190][ T7273] smc: ib device syz1 port 1 has pnetid [ 191.818999][ T7273] smc: removing ib device syz1 [ 192.190444][ T7273] rdma_rxe: rxe_register_device failed with error -19 [ 192.226132][ T7273] rdma_rxe: failed to add syz_tun [ 192.258851][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888079d63800: rx timeout, send abort [ 192.268725][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888079d61000: abort rx timeout. Force session deactivation [ 192.767324][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888079d63800: abort rx timeout. Force session deactivation [ 192.925103][ T5576] team0 (unregistering): Port device team_slave_1 removed [ 193.072527][ T5576] team0 (unregistering): Port device team_slave_0 removed [ 193.174600][ T5576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.824602][ T5576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 194.273155][ T7363] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1120'. [ 194.288362][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.294716][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.550689][ T5576] bond0 (unregistering): Released all slaves [ 195.642919][ T7227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.667954][ T7227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.690114][ T7332] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1110'. [ 195.872645][ T7227] team0: Port device team_slave_0 added [ 195.882179][ T7227] team0: Port device team_slave_1 added [ 195.977405][ T7227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.984824][ T7227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.994092][ T7374] loop1: detected capacity change from 0 to 512 [ 196.011205][ T7227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.030427][ T7227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.060061][ T7227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.092017][ T7227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.111888][ T7374] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1123: inode has both inline data and extents flags [ 196.130693][ T7374] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1123: couldn't read orphan inode 15 (err -117) [ 196.145292][ T7374] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 196.207211][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 196.268902][ T7227] device hsr_slave_0 entered promiscuous mode [ 196.316264][ T7227] device hsr_slave_1 entered promiscuous mode [ 196.330216][ T7227] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.353859][ T7227] Cannot create hsr debugfs directory [ 196.935258][ T7227] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 197.021809][ T7227] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 197.058260][ T7227] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 197.103087][ T7227] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 197.246040][ T7406] loop4: detected capacity change from 0 to 512 [ 197.321620][ T7406] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.1135: inode has both inline data and extents flags [ 197.351532][ T7227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.374786][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.386709][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.395473][ T7406] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1135: couldn't read orphan inode 15 (err -117) [ 197.409130][ T7406] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 197.429608][ T7227] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.489285][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 197.539496][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.565112][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.624061][ T4369] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.631389][ T4369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.666730][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 197.681611][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.716338][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.736142][ T4369] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.743305][ T4369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.786151][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 197.836904][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.887919][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.917914][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.956937][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.987137][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.027361][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.052216][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.098648][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.113925][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.184587][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.224222][ T7227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.289919][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 199.311778][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 199.364495][ T7227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.491565][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 199.491581][ T27] audit: type=1326 audit(1763339497.593:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7491 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 199.503136][ T7493] loop4: detected capacity change from 0 to 128 [ 199.593271][ T7493] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 199.632382][ T27] audit: type=1326 audit(1763339497.633:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7491 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 199.733919][ T27] audit: type=1326 audit(1763339497.633:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7491 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 199.815761][ T27] audit: type=1326 audit(1763339497.643:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7491 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 199.848902][ T4369] kworker/u4:6: attempt to access beyond end of device [ 199.848902][ T4369] loop4: rw=1, sector=169, nr_sectors = 8 limit=128 [ 199.871810][ T7503] overlayfs: failed to clone upperpath [ 199.879950][ T27] audit: type=1326 audit(1763339497.643:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7491 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 199.880367][ T4369] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 200.035808][ T27] audit: type=1326 audit(1763339497.643:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7491 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 200.564367][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 200.584475][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 200.684075][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 200.719417][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 200.748234][ T7227] device veth0_vlan entered promiscuous mode [ 200.766552][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 200.824582][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 200.869402][ T7227] device veth1_vlan entered promiscuous mode [ 200.970226][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 200.987881][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 201.012952][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 201.043085][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 201.075248][ T7227] device veth0_macvtap entered promiscuous mode [ 201.121196][ T7227] device veth1_macvtap entered promiscuous mode [ 201.191392][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.234034][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.270072][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.296956][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.313648][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.327156][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.343239][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.355952][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.374818][ T7227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 201.384050][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 201.418352][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 201.426104][ T27] audit: type=1804 audit(1763339499.523:82): pid=7553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1176" name="/newroot/232/file0" dev="fuse" ino=1 res=1 errno=0 [ 201.456702][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 201.473021][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 201.497776][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.521638][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.544232][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.566375][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.585886][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.613049][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.623506][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.634934][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.687024][ T7227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 201.717483][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 201.736759][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 201.794773][ T7227] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.816202][ T7227] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.866132][ T7227] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.874936][ T7227] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.148015][ T5487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.168187][ T5487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.264504][ T5575] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.264646][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 202.281355][ T5575] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.371088][ T5575] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 202.879349][ T7605] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1196'. [ 203.112424][ T7605] bond0: (slave bond_slave_1): Releasing backup interface [ 205.301411][ T7681] overlayfs: failed to resolve './file1': -4 [ 205.789043][ T7729] loop6: detected capacity change from 0 to 512 [ 205.821597][ T7729] EXT4-fs: Ignoring removed orlov option [ 205.943362][ T7729] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 206.115890][ T7729] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 206.151504][ T7734] Cannot find set identified by id 0 to match [ 206.528242][ T7729] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2196: inode #15: comm syz.6.1232: corrupted in-inode xattr [ 206.557754][ T7729] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.1232: couldn't read orphan inode 15 (err -117) [ 206.616386][ T7729] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 206.813862][ T7227] EXT4-fs (loop6): unmounting filesystem. [ 207.396619][ T7766] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1242'. [ 208.065593][ T7755] loop6: detected capacity change from 0 to 32768 [ 208.178861][ T7755] XFS (loop6): Mounting V5 Filesystem [ 208.342619][ T7755] XFS (loop6): Ending clean mount [ 208.490095][ T7755] XFS (loop6): Quotacheck needed: Please wait. [ 208.594482][ T7755] XFS (loop6): Quotacheck: Done. [ 208.711189][ T27] audit: type=1800 audit(1763339506.813:83): pid=7755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1238" name="bus" dev="loop6" ino=6155 res=0 errno=0 [ 208.785803][ T27] audit: type=1800 audit(1763339506.813:84): pid=7755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1238" name="bus" dev="loop6" ino=6155 res=0 errno=0 [ 208.940712][ T27] audit: type=1800 audit(1763339507.043:85): pid=7815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1238" name="bus" dev="loop6" ino=6155 res=0 errno=0 [ 209.138476][ T27] audit: type=1800 audit(1763339507.073:86): pid=7815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1238" name="file1" dev="loop6" ino=6150 res=0 errno=0 [ 209.435794][ T2185] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 209.665896][ T2185] usb 5-1: Using ep0 maxpacket: 16 [ 209.682486][ T2185] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 209.758637][ T2185] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 209.814979][ T2185] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.866166][ T2185] usb 5-1: Product: syz [ 209.893214][ T2185] usb 5-1: Manufacturer: syz [ 209.922688][ T2185] usb 5-1: SerialNumber: syz [ 209.959729][ T2185] usb 5-1: config 0 descriptor?? [ 210.018663][ T2185] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 210.092758][ T2185] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 210.236729][ T7227] XFS (loop6): Unmounting Filesystem [ 210.645915][ T2185] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 211.113456][ T2185] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 211.144661][ T2185] em28xx 5-1:0.0: board has no eeprom [ 212.289385][ T7819] em28xx 5-1:0.0: reading from i2c device at 0x6 failed (error=-5) [ 212.355817][ T2185] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 212.396211][ T2185] em28xx 5-1:0.0: dvb set to bulk mode. [ 212.450687][ T2185] usb 5-1: USB disconnect, device number 7 [ 212.480387][ T2185] em28xx 5-1:0.0: Disconnecting em28xx [ 212.513683][ T26] em28xx 5-1:0.0: Binding DVB extension [ 212.734128][ T26] em28xx 5-1:0.0: Registering input extension [ 212.758158][ T2185] em28xx 5-1:0.0: Closing input extension [ 212.811538][ T2185] em28xx 5-1:0.0: Freeing device [ 213.507746][ T7875] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.516941][ T7875] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.081690][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.194061][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.723328][ T7910] loop4: detected capacity change from 0 to 32768 [ 214.824751][ T7910] XFS (loop4): Mounting V5 Filesystem [ 214.941682][ T7910] XFS (loop4): Ending clean mount [ 215.064909][ T7910] XFS (loop4): Quotacheck needed: Please wait. [ 215.155869][ T7910] XFS (loop4): Quotacheck: Done. [ 215.218775][ T27] audit: type=1800 audit(1763339513.323:87): pid=7910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1282" name="bus" dev="loop4" ino=6155 res=0 errno=0 [ 215.295897][ T27] audit: type=1800 audit(1763339513.323:88): pid=7910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1282" name="bus" dev="loop4" ino=6155 res=0 errno=0 [ 215.388842][ T27] audit: type=1800 audit(1763339513.423:89): pid=7944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1282" name="bus" dev="loop4" ino=6155 res=0 errno=0 [ 215.417949][ T27] audit: type=1800 audit(1763339513.433:90): pid=7944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1282" name="file1" dev="loop4" ino=6150 res=0 errno=0 [ 215.553442][ T7875] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.575759][ T7875] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.584708][ T7875] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.605717][ T7875] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.691516][ T4269] XFS (loop4): Unmounting Filesystem [ 215.891566][ T7942] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1293'. [ 216.091674][ T7943] 8021q: adding VLAN 0 to HW filter on device bond2 [ 216.114019][ T7943] bond1: (slave bond2): Enslaving as an active interface with an up link [ 216.135527][ T7945] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1293'. [ 216.165356][ T7945] 8021q: adding VLAN 0 to HW filter on device bond1 [ 217.374528][ T7968] loop6: detected capacity change from 0 to 512 [ 217.450302][ T7968] EXT4-fs: Ignoring removed nomblk_io_submit option [ 217.515754][ T7968] EXT4-fs: Ignoring removed nomblk_io_submit option [ 217.571074][ T7968] EXT4-fs: Ignoring removed i_version option [ 217.653545][ T7968] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a816c099, mo2=0002] [ 217.720936][ T7968] System zones: 1-12 [ 217.781642][ T7968] EXT4-fs error (device loop6): ext4_xattr_inode_iget:404: comm syz.6.1300: inode #1: comm syz.6.1300: iget: illegal inode # [ 217.940128][ T7968] EXT4-fs error (device loop6): ext4_xattr_inode_iget:409: comm syz.6.1300: error while reading EA inode 1 err=-117 [ 218.035668][ C1] sched: RT throttling activated [ 218.058752][ T7968] EXT4-fs (loop6): 1 orphan inode deleted [ 218.080412][ T7968] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 218.371732][ T7227] EXT4-fs (loop6): unmounting filesystem. [ 219.470722][ T8027] loop4: detected capacity change from 0 to 128 [ 219.533900][ T8027] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 219.570209][ T8027] ext4 filesystem being mounted at /239/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 219.742972][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 220.184537][ T8053] loop4: detected capacity change from 0 to 512 [ 220.220245][ T8053] EXT4-fs (loop4): Test dummy encryption mode enabled [ 220.285207][ T8053] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 220.679198][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 221.224922][ T8076] loop1: detected capacity change from 0 to 4096 [ 221.249564][ T8076] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 222.779636][ T8122] binder: 8121:8122 ioctl 40046205 0 returned -22 [ 223.208627][ T8135] loop1: detected capacity change from 0 to 512 [ 223.253728][ T8135] EXT4-fs (loop1): Test dummy encryption mode enabled [ 223.294721][ T8135] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 223.501224][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 223.701657][ T8151] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 224.226038][ T8172] loop4: detected capacity change from 0 to 512 [ 224.323810][ T8172] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 224.366013][ T8172] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.427038][ T8172] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 224.509551][ T8172] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 224.526912][ T8182] 9pnet_fd: Insufficient options for proto=fd [ 224.567027][ T8172] EXT4-fs (loop4): This should not happen!! Data will be lost [ 224.567027][ T8172] [ 224.639532][ T8172] EXT4-fs (loop4): Total free blocks count 0 [ 224.647173][ T8172] EXT4-fs (loop4): Free/Dirty block details [ 224.653940][ T8172] EXT4-fs (loop4): free_blocks=65280 [ 224.659903][ T8172] EXT4-fs (loop4): dirty_blocks=33 [ 224.665066][ T8172] EXT4-fs (loop4): Block reservation details [ 224.681559][ T8172] EXT4-fs (loop4): i_reserved_data_blocks=33 [ 224.711656][ T8186] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28 [ 226.625350][ T8189] Set syz1 is full, maxelem 65536 reached [ 226.751505][ T8212] loop1: detected capacity change from 0 to 512 [ 226.819773][ T8212] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 226.842600][ T8217] loop6: detected capacity change from 0 to 512 [ 226.856108][ T8212] ext4 filesystem being mounted at /274/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 226.891415][ T8217] EXT4-fs (loop6): Test dummy encryption mode enabled [ 226.916536][ T8217] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 226.987812][ T8212] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 227.052527][ T8212] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 227.067581][ T8212] EXT4-fs (loop1): This should not happen!! Data will be lost [ 227.067581][ T8212] [ 227.079315][ T8212] EXT4-fs (loop1): Total free blocks count 0 [ 227.085376][ T8212] EXT4-fs (loop1): Free/Dirty block details [ 227.091473][ T8212] EXT4-fs (loop1): free_blocks=65280 [ 227.097031][ T8212] EXT4-fs (loop1): dirty_blocks=33 [ 227.098477][ T7227] EXT4-fs (loop6): unmounting filesystem. [ 227.102188][ T8212] EXT4-fs (loop1): Block reservation details [ 227.114430][ T8212] EXT4-fs (loop1): i_reserved_data_blocks=33 [ 227.196717][ T8212] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28 [ 227.270965][ T8230] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 227.331251][ T8234] loop4: detected capacity change from 0 to 512 [ 227.363438][ T8234] EXT4-fs (loop4): Test dummy encryption mode enabled [ 227.394558][ T8234] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 227.472098][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 227.671859][ T8244] loop1: detected capacity change from 0 to 256 [ 228.464994][ T8271] block device autoloading is deprecated and will be removed. [ 228.777845][ T8280] loop6: detected capacity change from 0 to 512 [ 228.835631][ T8280] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 228.863133][ T8280] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.939286][ T8285] binder: 8284:8285 unknown command 0 [ 228.944738][ T8285] binder: 8284:8285 ioctl c0306201 200000000080 returned -22 [ 229.002249][ T8280] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 229.088338][ T8280] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 229.155803][ T8280] EXT4-fs (loop6): This should not happen!! Data will be lost [ 229.155803][ T8280] [ 229.196566][ T8280] EXT4-fs (loop6): Total free blocks count 0 [ 229.216388][ T8280] EXT4-fs (loop6): Free/Dirty block details [ 229.263719][ T8280] EXT4-fs (loop6): free_blocks=65280 [ 229.283150][ T8280] EXT4-fs (loop6): dirty_blocks=33 [ 229.303644][ T8280] EXT4-fs (loop6): Block reservation details [ 229.326790][ T8280] EXT4-fs (loop6): i_reserved_data_blocks=33 [ 229.375203][ T8289] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28 [ 229.824155][ T8308] loop6: detected capacity change from 0 to 256 [ 230.311205][ T8322] binder_alloc: binder_alloc_mmap_handler: 8321 2000000a0000-2000000a2000 already mapped failed -16 [ 230.593395][ T8337] overlayfs: failed to clone upperpath [ 230.946463][ T8350] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1426'. [ 233.380385][ T8247] Set syz1 is full, maxelem 65536 reached [ 233.549207][ T8388] netlink: 'syz.3.1442': attribute type 4 has an invalid length. [ 233.599516][ T8391] loop4: detected capacity change from 0 to 256 [ 233.601116][ T8388] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1442'. [ 233.772514][ T8395] loop6: detected capacity change from 0 to 512 [ 233.804909][ T8397] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1432'. [ 233.886291][ T8395] EXT4-fs error (device loop6): ext4_expand_extra_isize_ea:2769: inode #11: comm syz.6.1431: corrupted xattr block 95 [ 233.961576][ T8395] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm syz.6.1431: bg 0: block 7: invalid block bitmap [ 234.011917][ T8395] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 234.048380][ T8395] EXT4-fs error (device loop6): ext4_xattr_delete_inode:2935: inode #11: comm syz.6.1431: corrupted xattr block 95 [ 234.116038][ T8395] EXT4-fs warning (device loop6): ext4_evict_inode:299: xattr delete (err -117) [ 234.143258][ T8407] block device autoloading is deprecated and will be removed. [ 234.176222][ T8395] EXT4-fs (loop6): 1 orphan inode deleted [ 234.199729][ T8395] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 235.005081][ T7227] EXT4-fs (loop6): unmounting filesystem. [ 235.069752][ T27] audit: type=1326 audit(1763339533.173:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 235.103911][ T8424] binder_alloc: binder_alloc_mmap_handler: 8419 2000000a0000-2000000a2000 already mapped failed -16 [ 235.139387][ T27] audit: type=1326 audit(1763339533.173:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 235.483092][ T27] audit: type=1326 audit(1763339533.183:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 235.721021][ T27] audit: type=1326 audit(1763339533.183:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 235.873736][ T27] audit: type=1326 audit(1763339533.183:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 235.974283][ T27] audit: type=1326 audit(1763339533.183:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 236.065931][ T27] audit: type=1326 audit(1763339533.183:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 236.216780][ T27] audit: type=1326 audit(1763339533.183:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8421 comm="syz.3.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 236.320060][ T27] audit: type=1326 audit(1763339534.143:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 236.349325][ T8447] loop4: detected capacity change from 0 to 256 [ 236.425517][ T27] audit: type=1326 audit(1763339534.143:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 238.624497][ T8504] loop4: detected capacity change from 0 to 256 [ 239.218187][ T8527] overlayfs: failed to clone upperpath [ 241.195879][ T7896] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 241.394472][ T7896] usb 2-1: Using ep0 maxpacket: 32 [ 241.401806][ T7896] usb 2-1: config 0 has an invalid interface number: 188 but max is 0 [ 241.437424][ T7896] usb 2-1: config 0 has no interface number 0 [ 241.461143][ T7896] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 241.471862][ T8580] binder: BINDER_SET_CONTEXT_MGR already set [ 241.510011][ T7896] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 241.517123][ T8580] binder: 8578:8580 ioctl 4018620d 200000004a80 returned -16 [ 241.551760][ T7896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.580583][ T7896] usb 2-1: Product: syz [ 241.595074][ T7896] usb 2-1: Manufacturer: syz [ 241.614245][ T7896] usb 2-1: SerialNumber: syz [ 241.644498][ T7896] usb 2-1: config 0 descriptor?? [ 241.694467][ T8554] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 241.927798][ T8554] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 243.119231][ T8618] random: crng reseeded on system resumption [ 243.388329][ T7898] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 243.587941][ T7898] usb 7-1: config 0 has an invalid interface number: 133 but max is 0 [ 243.605703][ T7898] usb 7-1: config 0 has no interface number 0 [ 243.617581][ T7898] usb 7-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 243.638453][ T7898] usb 7-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 243.650656][ T7898] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.659271][ T7898] usb 7-1: Product: syz [ 243.663903][ T7898] usb 7-1: Manufacturer: syz [ 243.669055][ T7898] usb 7-1: SerialNumber: syz [ 243.700402][ T7898] usb 7-1: config 0 descriptor?? [ 243.928579][ T7898] keyspan 7-1:0.133: Keyspan 1 port adapter converter detected [ 243.944779][ T7898] keyspan 7-1:0.133: unsupported endpoint type 0 [ 243.954773][ T7898] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 81 [ 243.969647][ T7898] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 1 [ 243.979541][ T7898] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 2 [ 243.998249][ T7898] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 244.041209][ T7898] usb 7-1: USB disconnect, device number 2 [ 244.060761][ T7898] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 244.082276][ T7898] keyspan 7-1:0.133: device disconnected [ 244.195760][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 244.195776][ T27] audit: type=1326 audit(1763339542.293:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8642 comm="syz.3.1516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 244.226027][ T7896] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 244.245717][ T7896] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 244.265829][ T7896] asix: probe of 2-1:0.188 failed with error -71 [ 244.277326][ T27] audit: type=1326 audit(1763339542.343:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8642 comm="syz.3.1516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 244.316633][ T7896] usb 2-1: USB disconnect, device number 9 [ 244.363240][ T27] audit: type=1326 audit(1763339542.343:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8642 comm="syz.3.1516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 244.416923][ T27] audit: type=1326 audit(1763339542.343:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8642 comm="syz.3.1516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 244.450367][ T8647] bridge_slave_0: default FDB implementation only supports local addresses [ 244.510277][ T27] audit: type=1326 audit(1763339542.343:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8642 comm="syz.3.1516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5ff8f6c9 code=0x7ffc0000 [ 244.900103][ T8667] loop1: detected capacity change from 0 to 256 [ 244.959279][ T8667] FAT-fs (loop1): Directory bread(block 64) failed [ 244.985812][ T8667] FAT-fs (loop1): Directory bread(block 65) failed [ 244.992571][ T8667] FAT-fs (loop1): Directory bread(block 66) failed [ 245.025055][ T8667] FAT-fs (loop1): Directory bread(block 67) failed [ 245.055948][ T8667] FAT-fs (loop1): Directory bread(block 68) failed [ 245.062650][ T8667] FAT-fs (loop1): Directory bread(block 69) failed [ 245.082076][ T8667] FAT-fs (loop1): Directory bread(block 70) failed [ 245.100085][ T8667] FAT-fs (loop1): Directory bread(block 71) failed [ 245.146059][ T8667] FAT-fs (loop1): Directory bread(block 72) failed [ 245.152680][ T8667] FAT-fs (loop1): Directory bread(block 73) failed [ 245.902144][ T8688] loop1: detected capacity change from 0 to 128 [ 245.941990][ T8688] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 246.051910][ T4351] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 246.398625][ T8707] loop6: detected capacity change from 0 to 256 [ 246.461533][ T8707] FAT-fs (loop6): Directory bread(block 64) failed [ 246.489944][ T8707] FAT-fs (loop6): Directory bread(block 65) failed [ 246.504913][ T8707] FAT-fs (loop6): Directory bread(block 66) failed [ 246.522063][ T8707] FAT-fs (loop6): Directory bread(block 67) failed [ 246.542095][ T8707] FAT-fs (loop6): Directory bread(block 68) failed [ 246.553648][ T8707] FAT-fs (loop6): Directory bread(block 69) failed [ 246.571071][ T8707] FAT-fs (loop6): Directory bread(block 70) failed [ 246.580744][ T8707] FAT-fs (loop6): Directory bread(block 71) failed [ 246.630403][ T8707] FAT-fs (loop6): Directory bread(block 72) failed [ 246.638229][ T8707] FAT-fs (loop6): Directory bread(block 73) failed [ 247.147951][ T8725] can0: slcan on ttyS3. [ 247.317204][ T8733] can0 (unregistered): slcan off ttyS3. [ 247.362805][ T8738] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1556'. [ 248.290730][ T8752] binder: 8750:8752 ioctl c00c620f 2000000000c0 returned -22 [ 249.002696][ T27] audit: type=1326 audit(1763339547.103:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.081659][ T27] audit: type=1326 audit(1763339547.103:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.152725][ T27] audit: type=1326 audit(1763339547.103:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.229592][ T27] audit: type=1326 audit(1763339547.103:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.322107][ T27] audit: type=1326 audit(1763339547.103:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.430487][ T27] audit: type=1326 audit(1763339547.103:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.530164][ T27] audit: type=1326 audit(1763339547.103:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.606302][ T27] audit: type=1326 audit(1763339547.103:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.682160][ T27] audit: type=1326 audit(1763339547.103:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.755890][ T27] audit: type=1326 audit(1763339547.103:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.832205][ T27] audit: type=1326 audit(1763339547.103:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 249.976248][ T27] audit: type=1326 audit(1763339547.103:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 250.085923][ T27] audit: type=1326 audit(1763339547.103:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8780 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1ad8f8f6c9 code=0x7ffc0000 [ 252.878182][ T8905] tipc: Failed to obtain node identity [ 252.889370][ T8905] tipc: Enabling of bearer rejected, failed to enable media [ 254.167035][ T8949] tipc: Enabling of bearer rejected, failed to enable media [ 255.396169][ T9000] binder: 8999:9000 ioctl c0306201 0 returned -14 [ 255.728454][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.734875][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.372783][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 256.372799][ T27] audit: type=1326 audit(1763339554.473:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9035 comm="syz.5.1672" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ad8f8f6c9 code=0x0 [ 256.749988][ T4342] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 256.935759][ T4342] usb 7-1: Using ep0 maxpacket: 16 [ 256.942785][ T4342] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 256.953123][ T4342] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 256.964315][ T4342] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 256.973645][ T4342] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.981839][ T4342] usb 7-1: Product: syz [ 256.986115][ T4342] usb 7-1: Manufacturer: syz [ 256.990740][ T4342] usb 7-1: SerialNumber: syz [ 257.203810][ T4342] usb 7-1: 0:2 : does not exist [ 257.220824][ T4342] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 257.242353][ T4342] usb 7-1: USB disconnect, device number 3 [ 257.457841][ T4411] udevd[4411]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 258.382698][ T9076] loop6: detected capacity change from 0 to 512 [ 258.577550][ T9076] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 258.596719][ T9076] ext4 filesystem being mounted at /87/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 258.727759][ T7227] EXT4-fs (loop6): unmounting filesystem. [ 261.013850][ T9143] loop1: detected capacity change from 0 to 8 [ 261.043369][ T9143] syz.1.1712: attempt to access beyond end of device [ 261.043369][ T9143] loop1: rw=2048, sector=36028797018963960, nr_sectors = 16 limit=8 [ 261.086410][ T9143] SQUASHFS error: Failed to read block 0xfffffffffffffffc: -5 [ 261.096205][ T9143] unable to read xattr id index table [ 262.566850][ T9175] binder: 9174:9175 ioctl c0306201 200000000680 returned -14 [ 263.440572][ T9210] tmpfs: Bad value for 'mpol' [ 263.505945][ T4342] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 263.780076][ T4342] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 263.788982][ T4342] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 263.801189][ T4342] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 263.810595][ T4342] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 263.821756][ T4342] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 264.706124][ T4342] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 264.755820][ T4342] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 264.771192][ T4342] usb 7-1: Product: syz [ 264.788114][ T4342] usb 7-1: Manufacturer: syz [ 264.816711][ T4342] cdc_wdm 7-1:1.0: skipping garbage [ 264.822005][ T4342] cdc_wdm 7-1:1.0: skipping garbage [ 264.858645][ T4342] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 264.864628][ T4342] cdc_wdm 7-1:1.0: Unknown control protocol [ 265.062060][ T4342] usb 7-1: USB disconnect, device number 4 [ 265.068475][ T9198] cdc_wdm 7-1:1.0: Error submitting int urb - -19 [ 265.382794][ T9198] loop6: detected capacity change from 0 to 40427 [ 265.484178][ T9198] F2FS-fs (loop6): Found nat_bits in checkpoint [ 265.533104][ T9198] F2FS-fs (loop6): Cannot turn on quotas: -2 on 2 [ 265.542671][ T9198] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 265.986440][ T9259] loop1: detected capacity change from 0 to 128 [ 266.016205][ T9259] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 266.187110][ T33] kworker/u4:2: attempt to access beyond end of device [ 266.187110][ T33] loop1: rw=1, sector=169, nr_sectors = 8 limit=128 [ 266.206847][ T33] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 267.664350][ T9278] kvm: pic: non byte write [ 268.297268][ T9303] overlayfs: maximum fs stacking depth exceeded [ 273.335846][ T4342] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 273.525752][ T4342] usb 2-1: Using ep0 maxpacket: 32 [ 273.533052][ T4342] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 273.541729][ T4342] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 273.548508][ T9416] overlayfs: failed to resolve './file1': -4 [ 273.553260][ T4342] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 273.566365][ T4342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 273.576653][ T4342] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 273.586733][ T4342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 273.597228][ T4342] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 273.607448][ T4342] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 273.620997][ T4342] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 273.649003][ T4342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.663195][ T4342] usb 2-1: config 0 descriptor?? [ 273.889280][ T4342] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 273.930117][ T4342] usb 2-1: USB disconnect, device number 10 [ 273.941399][ T4342] usblp0: removed [ 274.315354][ T9456] input: syz1 as /devices/virtual/input/input21 [ 274.461466][ T4342] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 274.493149][ T2185] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 274.526402][ T2185] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 274.653128][ T4342] usb 2-1: Using ep0 maxpacket: 32 [ 274.667739][ T4342] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 274.692142][ T4342] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 274.722931][ T4342] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 274.745740][ T4342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 274.755483][ T4342] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 274.797626][ T4342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 274.817908][ T4342] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 274.841719][ T4342] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 274.885717][ T4342] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 274.894886][ T4342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.936677][ T4342] usb 2-1: config 0 descriptor?? [ 275.157481][ T4342] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 275.188974][ T4342] usb 2-1: USB disconnect, device number 11 [ 275.214748][ T4342] usblp0: removed [ 275.568917][ T9489] loop6: detected capacity change from 0 to 4096 [ 275.580857][ T9486] infiniband syz1: set active [ 275.602609][ T9489] ntfs3: Unknown parameter '@' [ 275.624197][ T9486] infiniband syz1: added syz_tun [ 275.787695][ T9489] infiniband syz1: set down [ 275.812938][ T9486] RDS/IB: syz1: added [ 275.817962][ T9486] smc: adding ib device syz1 with port count 1 [ 275.824301][ T9486] smc: ib device syz1 port 1 has pnetid [ 275.931433][ T5485] smc: removing ib device syz1 [ 276.232876][ T9513] set match dimension is over the limit! [ 276.253484][ T9509] loop1: detected capacity change from 0 to 2048 [ 276.339803][ T9509] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 276.348561][ T9486] rdma_rxe: rxe_register_device failed with error -19 [ 276.376121][ T9486] rdma_rxe: failed to add syz_tun [ 276.483053][ T9518] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.1860: Unrecognised inode hash code 20 [ 276.511712][ T4411] udevd[4411]: incorrect ext4 checksum on /dev/loop1 [ 276.583226][ T9518] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.1860: Corrupt directory, running e2fsck is recommended [ 276.628901][ T9518] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.1860: Unrecognised inode hash code 20 [ 276.661092][ T9518] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.1860: Corrupt directory, running e2fsck is recommended [ 276.705804][ T9518] EXT4-fs warning (device loop1): ext4_dirblock_csum_set:427: inode #2: comm syz.1.1860: No space for directory leaf checksum. Please run e2fsck -D. [ 276.734654][ T9518] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.1860: Inode bitmap for bg 0 marked uninitialized [ 276.763960][ T9518] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 276.946929][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 277.365116][ T9547] loop4: detected capacity change from 0 to 512 [ 277.411601][ T9547] EXT4-fs: Ignoring removed orlov option [ 277.434702][ T9547] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 277.493006][ T9547] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 277.535363][ T9547] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2196: inode #15: comm syz.4.1872: corrupted in-inode xattr [ 277.632490][ T9547] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1872: couldn't read orphan inode 15 (err -117) [ 277.686944][ T9547] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 277.840106][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 277.853733][ T9561] loop6: detected capacity change from 0 to 2048 [ 277.929543][ T9561] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 278.013968][ T9572] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 278.032759][ T9572] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 192 with error 28 [ 278.045405][ T9572] EXT4-fs (loop6): This should not happen!! Data will be lost [ 278.045405][ T9572] [ 278.055411][ T9572] EXT4-fs (loop6): Total free blocks count 0 [ 278.061524][ T9572] EXT4-fs (loop6): Free/Dirty block details [ 278.067603][ T9572] EXT4-fs (loop6): free_blocks=2415919504 [ 278.073374][ T9572] EXT4-fs (loop6): dirty_blocks=208 [ 278.078748][ T9572] EXT4-fs (loop6): Block reservation details [ 278.084787][ T9572] EXT4-fs (loop6): i_reserved_data_blocks=13 [ 278.723869][ T9590] input: syz1 as /devices/virtual/input/input22 [ 278.762282][ T9165] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 192 with max blocks 2048 with error 28 [ 279.025430][ T4327] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 279.069733][ T4327] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 280.517930][ T9637] loop1: detected capacity change from 0 to 512 [ 280.534597][ T9637] EXT4-fs: Ignoring removed orlov option [ 280.553975][ T9637] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 280.584028][ T9637] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 280.623726][ T9637] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2196: inode #15: comm syz.1.1907: corrupted in-inode xattr [ 280.640655][ T9637] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1907: couldn't read orphan inode 15 (err -117) [ 280.669947][ T9637] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 280.857349][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 283.909225][ T27] audit: type=1326 audit(1763339582.013:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9689 comm="syz.4.1930" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1445b8f6c9 code=0x0 [ 283.930369][ T7898] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 284.135749][ T7898] usb 7-1: Using ep0 maxpacket: 32 [ 284.143471][ T7898] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 284.152278][ T7898] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 284.161435][ T7898] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 284.175896][ T7898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 284.185609][ T7898] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 284.234211][ T7898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 284.260867][ T7898] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 284.290621][ T7898] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 284.331956][ T7898] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 284.390748][ T7898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.418072][ T7898] usb 7-1: config 0 descriptor?? [ 284.477115][ T9703] loop4: detected capacity change from 0 to 1024 [ 284.520444][ T9709] capability: warning: `syz.5.1937' uses 32-bit capabilities (legacy support in use) [ 284.532097][ T9703] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 284.563164][ T9703] ext4 filesystem being mounted at /348/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.620728][ T27] audit: type=1800 audit(1763339582.723:131): pid=9703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1936" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 284.642318][ T7898] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 284.651187][ T9703] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 3) [ 284.691513][ T7898] usb 7-1: USB disconnect, device number 5 [ 284.719063][ T9703] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 284.736312][ T7898] usblp0: removed [ 284.762135][ T9703] EXT4-fs (loop4): This should not happen!! Data will be lost [ 284.762135][ T9703] [ 284.798598][ T9716] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 284.853025][ T9703] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 8: comm syz.4.1936: lblock 8 mapped to illegal pblock 8 (length 8) [ 284.866777][ T9716] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 284.880745][ T9703] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 284.899782][ T9703] EXT4-fs (loop4): This should not happen!! Data will be lost [ 284.899782][ T9703] [ 284.914672][ T9721] binder: BINDER_SET_CONTEXT_MGR already set [ 284.921790][ T9721] binder: 9720:9721 ioctl 4018620d 200000000140 returned -16 [ 284.934577][ T9702] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 284.978913][ T9702] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 285.046203][ T9703] EXT4-fs error (device loop4): ext4_ext_remove_space:2930: inode #15: comm syz.4.1936: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 285.094489][ T9719] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 285.110157][ T9716] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 285.136909][ T9702] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 285.246147][ T7898] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 285.435847][ T7898] usb 7-1: Using ep0 maxpacket: 32 [ 285.450658][ T7898] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 285.474795][ T7898] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 285.485522][ T7898] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 285.509880][ T56] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 64 with max blocks 4 with error 117 [ 285.527905][ T7898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 285.554595][ T7898] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 285.566347][ T56] EXT4-fs (loop4): This should not happen!! Data will be lost [ 285.566347][ T56] [ 285.582675][ T7898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 285.599380][ T4269] EXT4-fs (loop4): unmounting filesystem. [ 285.606021][ T7898] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 285.633601][ T7898] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 285.661270][ T7898] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 285.681849][ T7898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.718061][ T7898] usb 7-1: config 0 descriptor?? [ 285.946485][ T7898] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 285.982880][ T7898] usb 7-1: USB disconnect, device number 6 [ 286.013626][ T7898] usblp0: removed [ 286.524876][ T9773] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1964'. [ 286.833499][ T9784] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 286.958111][ T9784] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 287.644599][ T9807] loop1: detected capacity change from 0 to 512 [ 287.710793][ T9807] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 287.783016][ T9807] UDF-fs: error (device loop1): udf_verify_fi: directory (ino 21) has entry past directory size at pos 128 [ 289.684637][ T9869] input: syz0 as /devices/virtual/input/input23 [ 289.985830][ T4342] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 290.017326][ T27] audit: type=1804 audit(1763339588.123:132): pid=9878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.2004" name="/newroot/140/file1" dev="fuse" ino=1 res=1 errno=0 [ 290.045308][ T9860] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.076871][ T27] audit: type=1800 audit(1763339588.123:133): pid=9878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2004" name="/" dev="fuse" ino=1 res=0 errno=0 [ 290.180891][ T4342] usb 5-1: Using ep0 maxpacket: 32 [ 290.190176][ T4342] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 290.206201][ T4342] usb 5-1: config 0 has no interface number 0 [ 290.212798][ T4342] usb 5-1: config 0 interface 1 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 290.233962][ T4342] usb 5-1: config 0 interface 1 has no altsetting 0 [ 290.249977][ T4342] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 290.262458][ T4342] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.277076][ T4342] usb 5-1: Product: syz [ 290.281389][ T4342] usb 5-1: Manufacturer: syz [ 290.292025][ T4342] usb 5-1: SerialNumber: syz [ 290.303578][ T4342] usb 5-1: config 0 descriptor?? [ 290.526623][ T4342] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 290.543967][ T4342] cx231xx 5-1:0.1: Failed to read PCB config [ 290.556773][ T4342] cx231xx: probe of 5-1:0.1 failed with error -71 [ 290.565003][ T4342] usb 5-1: USB disconnect, device number 8 [ 290.784208][ T9860] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.816919][ T9860] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.865856][ T9888] [ 290.868276][ T9888] ====================================================== [ 290.875325][ T9888] WARNING: possible circular locking dependency detected [ 290.882395][ T9888] syzkaller #0 Not tainted [ 290.886829][ T9888] ------------------------------------------------------ [ 290.893862][ T9888] syz.6.2008/9888 is trying to acquire lock: [ 290.900022][ T9888] ffff88807f2f88d8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x60 [ 290.909716][ T9888] [ 290.909716][ T9888] but task is already holding lock: [ 290.917098][ T9888] ffff888079f73b60 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x2e0 [ 290.928190][ T9888] [ 290.928190][ T9888] which lock already depends on the new lock. [ 290.928190][ T9888] [ 290.938710][ T9888] [ 290.938710][ T9888] the existing dependency chain (in reverse order) is: [ 290.947733][ T9888] [ 290.947733][ T9888] -> #1 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}: [ 290.956451][ T9888] down_write+0x36/0x60 [ 290.961157][ T9888] process_measurement+0x33c/0x1a10 [ 290.966903][ T9888] ima_file_mmap+0x104/0x150 [ 290.972054][ T9888] __se_sys_remap_file_pages+0x53e/0x770 [ 290.978311][ T9888] do_syscall_64+0x4c/0xa0 [ 290.983260][ T9888] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.989685][ T9888] [ 290.989685][ T9888] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 290.997388][ T9888] __lock_acquire+0x2cf8/0x7c50 [ 291.002783][ T9888] lock_acquire+0x1b4/0x490 [ 291.007824][ T9888] down_read_killable+0x4c/0x340 [ 291.013297][ T9888] mmap_read_lock_killable+0x1d/0x60 [ 291.019118][ T9888] lock_mm_and_find_vma+0x2b1/0x2f0 [ 291.024888][ T9888] do_user_addr_fault+0x2db/0xb10 [ 291.030450][ T9888] exc_page_fault+0x60/0x100 [ 291.035599][ T9888] asm_exc_page_fault+0x22/0x30 [ 291.040990][ T9888] fault_in_readable+0x13e/0x1f0 [ 291.046466][ T9888] fault_in_iov_iter_readable+0xbb/0x2e0 [ 291.052641][ T9888] generic_perform_write+0x1d2/0x560 [ 291.058466][ T9888] __generic_file_write_iter+0x172/0x430 [ 291.064646][ T9888] generic_file_write_iter+0xab/0x2e0 [ 291.070561][ T9888] vfs_write+0x44c/0x960 [ 291.075362][ T9888] ksys_write+0x143/0x240 [ 291.080267][ T9888] do_syscall_64+0x4c/0xa0 [ 291.085226][ T9888] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.091666][ T9888] [ 291.091666][ T9888] other info that might help us debug this: [ 291.091666][ T9888] [ 291.101925][ T9888] Possible unsafe locking scenario: [ 291.101925][ T9888] [ 291.109443][ T9888] CPU0 CPU1 [ 291.114819][ T9888] ---- ---- [ 291.120187][ T9888] lock(&sb->s_type->i_mutex_key#12); [ 291.125801][ T9888] lock(&mm->mmap_lock); [ 291.132657][ T9888] lock(&sb->s_type->i_mutex_key#12); [ 291.140657][ T9888] lock(&mm->mmap_lock); [ 291.145000][ T9888] [ 291.145000][ T9888] *** DEADLOCK *** [ 291.145000][ T9888] [ 291.153322][ T9888] 3 locks held by syz.6.2008/9888: [ 291.158440][ T9888] #0: ffff88807759cfe8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2ae/0x360 [ 291.167699][ T9888] #1: ffff888018f54460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x256/0x960 [ 291.176771][ T9888] #2: ffff888079f73b60 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x2e0 [ 291.188215][ T9888] [ 291.188215][ T9888] stack backtrace: [ 291.194105][ T9888] CPU: 1 PID: 9888 Comm: syz.6.2008 Not tainted syzkaller #0 [ 291.201483][ T9888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 291.211574][ T9888] Call Trace: [ 291.214865][ T9888] [ 291.217811][ T9888] dump_stack_lvl+0x168/0x22e [ 291.222526][ T9888] ? load_image+0x3b0/0x3b0 [ 291.227051][ T9888] ? show_regs_print_info+0x12/0x12 [ 291.232442][ T9888] ? print_circular_bug+0x12b/0x1a0 [ 291.237678][ T9888] check_noncircular+0x274/0x310 [ 291.242808][ T9888] ? add_chain_block+0x940/0x940 [ 291.247765][ T9888] ? lockdep_lock+0xdc/0x1e0 [ 291.252471][ T9888] ? _find_first_zero_bit+0xcf/0x100 [ 291.257777][ T9888] __lock_acquire+0x2cf8/0x7c50 [ 291.262660][ T9888] ? verify_lock_unused+0x140/0x140 [ 291.268155][ T9888] ? verify_lock_unused+0x140/0x140 [ 291.273395][ T9888] ? preempt_schedule+0xa7/0xb0 [ 291.278316][ T9888] ? verify_lock_unused+0x140/0x140 [ 291.283569][ T9888] ? preempt_schedule_common+0xa5/0xd0 [ 291.289053][ T9888] lock_acquire+0x1b4/0x490 [ 291.293583][ T9888] ? mmap_read_lock_killable+0x1d/0x60 [ 291.299059][ T9888] ? read_lock_is_recursive+0x10/0x10 [ 291.304485][ T9888] ? cmp_ex_search+0x1a/0x70 [ 291.309102][ T9888] ? bsearch+0x8a/0xb0 [ 291.313295][ T9888] ? fault_in_readable+0x13e/0x1f0 [ 291.318517][ T9888] ? search_extable+0x8c/0xd0 [ 291.323219][ T9888] ? trim_init_extable+0x3b0/0x3b0 [ 291.328422][ T9888] ? mmap_read_lock_killable+0x1d/0x60 [ 291.333890][ T9888] down_read_killable+0x4c/0x340 [ 291.338852][ T9888] ? mmap_read_lock_killable+0x1d/0x60 [ 291.344417][ T9888] mmap_read_lock_killable+0x1d/0x60 [ 291.349713][ T9888] lock_mm_and_find_vma+0x2b1/0x2f0 [ 291.355060][ T9888] do_user_addr_fault+0x2db/0xb10 [ 291.360149][ T9888] ? _raw_spin_unlock_irq+0x1f/0x40 [ 291.365414][ T9888] exc_page_fault+0x60/0x100 [ 291.370090][ T9888] asm_exc_page_fault+0x22/0x30 [ 291.374969][ T9888] RIP: 0010:fault_in_readable+0x13e/0x1f0 [ 291.380823][ T9888] Code: 48 e7 c4 ff 4d 89 f4 49 81 cc ff 0f 00 00 4d 89 f7 49 01 dc 49 81 e4 00 f0 ff ff 4d 39 e6 77 44 e8 27 e7 c4 ff 4d 39 e7 74 47 <41> 8a 07 88 44 24 07 49 81 c7 00 10 00 00 4d 39 e7 74 07 e8 0a e7 [ 291.400726][ T9888] RSP: 0018:ffffc9000cacfa90 EFLAGS: 00050287 [ 291.406826][ T9888] RAX: ffffffff81bbef39 RBX: 0000000000001000 RCX: 0000000000080000 [ 291.415022][ T9888] RDX: ffffc900137c4000 RSI: 000000000004a74e RDI: 000000000004a74f [ 291.423023][ T9888] RBP: 0000000000000000 R08: ffff888052478000 R09: 0000000000000002 [ 291.431008][ T9888] R10: 0000000000000006 R11: 0000000000000002 R12: 00002000002be000 [ 291.439079][ T9888] R13: dffffc0000000000 R14: 00002000002bd000 R15: 00002000002bd000 [ 291.447153][ T9888] ? fault_in_readable+0x139/0x1f0 [ 291.452292][ T9888] fault_in_iov_iter_readable+0xbb/0x2e0 [ 291.457952][ T9888] generic_perform_write+0x1d2/0x560 [ 291.463273][ T9888] ? atime_needs_update+0x780/0x780 [ 291.468498][ T9888] ? generic_file_direct_write+0x660/0x660 [ 291.474331][ T9888] ? __file_remove_privs+0x5b0/0x5b0 [ 291.479651][ T9888] ? preempt_count_add+0x8d/0x190 [ 291.484688][ T9888] ? rwsem_write_trylock+0x12f/0x1b0 [ 291.489992][ T9888] ? clear_nonspinnable+0x60/0x60 [ 291.495041][ T9888] ? generic_write_checks_count+0x3d9/0x4c0 [ 291.500993][ T9888] __generic_file_write_iter+0x172/0x430 [ 291.506649][ T9888] generic_file_write_iter+0xab/0x2e0 [ 291.512049][ T9888] vfs_write+0x44c/0x960 [ 291.516314][ T9888] ? file_end_write+0x250/0x250 [ 291.521181][ T9888] ? __fget_files+0x44a/0x4d0 [ 291.525880][ T9888] ? __fdget_pos+0x2ae/0x360 [ 291.530489][ T9888] ? ksys_write+0x71/0x240 [ 291.534928][ T9888] ksys_write+0x143/0x240 [ 291.539360][ T9888] ? __ia32_sys_read+0x80/0x80 [ 291.544139][ T9888] ? lockdep_hardirqs_on+0x94/0x140 [ 291.549362][ T9888] do_syscall_64+0x4c/0xa0 [ 291.553789][ T9888] ? clear_bhb_loop+0x60/0xb0 [ 291.558478][ T9888] ? clear_bhb_loop+0x60/0xb0 [ 291.563255][ T9888] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.569268][ T9888] RIP: 0033:0x7f7c43f8f6c9 [ 291.573724][ T9888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.593452][ T9888] RSP: 002b:00007f7c44d99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 291.601881][ T9888] RAX: ffffffffffffffda RBX: 00007f7c441e5fa0 RCX: 00007f7c43f8f6c9 [ 291.609882][ T9888] RDX: 000000000208e24b RSI: 0000200000000000 RDI: 0000000000000005 [ 291.617960][ T9888] RBP: 00007f7c44011f91 R08: 0000000000000000 R09: 0000000000000000 [ 291.625983][ T9888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.633974][ T9888] R13: 00007f7c441e6038 R14: 00007f7c441e5fa0 R15: 00007ffd26f2e118 [ 291.642052][ T9888] [ 291.907684][ T4342] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 292.099426][ T9860] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.108723][ T4342] usb 5-1: Using ep0 maxpacket: 32 [ 292.108952][ T9860] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.116711][ T4342] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 292.128056][ T9860] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.131661][ T4342] usb 5-1: config 0 has no interface number 0 [ 292.146974][ T4342] usb 5-1: config 0 interface 1 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 292.157831][ T9860] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.167361][ T4342] usb 5-1: config 0 interface 1 has no altsetting 0 [ 292.180419][ T4342] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 292.189737][ T4342] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.198358][ T4342] usb 5-1: Product: syz [ 292.202576][ T4342] usb 5-1: Manufacturer: syz [ 292.207520][ T4342] usb 5-1: SerialNumber: syz [ 292.218351][ T4342] usb 5-1: config 0 descriptor?? [ 292.431421][ T4342] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 292.441239][ T4342] cx231xx 5-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4) [ 292.566018][ T4342] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --110 [ 292.574280][ T4342] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 292.583025][ T4342] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 292.591336][ T4342] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 292.599592][ T4342] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 292.607494][ T4342] cx231xx 5-1:0.1: Failed to set devmode to analog: error: -32 [ 292.620563][ T4342] i2c i2c-2: Added multiplexed i2c bus 4 [ 292.627951][ T4342] i2c i2c-2: Added multiplexed i2c bus 5 [ 292.633905][ T4342] cx231xx 5-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-32]! [ 292.642676][ T4342] cx231xx 5-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-32]! [ 292.659255][ T4342] cx231xx: probe of 5-1:0.1 failed with error -32 [ 293.678815][ T2185] usb 5-1: USB disconnect, device number 9