last executing test programs: 14.172118601s ago: executing program 3 (id=188): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000040)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@resgid={'resgid', 0x3d, 0xee01}}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000380)={'#! ', './file0', [], 0xa, "79af0e512e1e3d473448a5fe2151a1730d42cbd884a6579d5bf1e3778fe35890c89fe72e8988e7a0520606f2e6a7392a8d98f82ac83351aee62339d093ba269bf9671027f8f053d25053f1fcaae890b210816aaf148a548503147d4e76a5d674ff85d827d8b990c80195d73e17ed981d40a3ab488fe875b84a848b3f6d7bdaf9069152b897d1c3063f48ae00000000000000"}, 0x9d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) 13.296114245s ago: executing program 3 (id=193): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) r1 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r1, 0x107, 0x11, 0x0, &(0x7f0000000080)) 12.496653028s ago: executing program 3 (id=198): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48) 12.294711184s ago: executing program 3 (id=199): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x11, &(0x7f0000001a80)={[{@orlov}, {@norecovery}, {@inlinecrypt}, {@resuid}]}, 0x8, 0x617, &(0x7f0000001100)="$eJzs3c9vVNUeAPDvnf6kfe9NIS/viQtpYgwkSksLGGJMhD0h+GPnqtJCkEIJrdEiiSXBjYlx48LElQvxv1ASt/4DLty4MiTEGBZiiIy5M3PL7XSmP6admTLz+SRXz7mXOefcyXz7vXPm3JkAetZ4+p9CxMGIuJ5EFHPH+qN6cLzy7x7+cetCuiVRKr39exK3PklW8m0l1f+PVh/8dzGSdOeBvvX9Li7fvDIzPz93o1qfXLp6fXJx+ebRy1dnLs1dmrs2/er0qZMnTp6aOraj8yvkymfvvP9h8bNz73779eNk6rtfziVxOp5Ux5aeV+1jh3bUc/qcjUep4lF+f/q8ntph23vFn8XsdfJUUrsj0y0n3UUuVl+PAxHx/yhGX+5VX4xP3+zo4ICWKiWrObIE9JqkqcAf3v2BAG2WXQdk7+3rvQ9er9DKSxKgTR6cqUwAVGJ/ICKy+O+vzA3GcHluYORhsmaeJ4mInc3MVaR9/PTjuTvpFg3m4YDWWLmdzffV5v+kHJtjMVyujTwsrIn/Qm5L97/VZP+VvzFP5xzFP7TPyu2IeK6a/wdjW/E/nov/9+q2vvknaOM1dfEPAAAAAAAAzbt3JiJeqbf+r7C6/mewzvqf0Yg4vQv9b/75X+F+tZDsQndAzoMzEa/XXf+7usZ3rK9a+3d5PcBAcvHy/NyxiPhPRByJgaG0PlXTbn6F8NHPD3zVqP/8+r90S/vP1gJWW7rfX7OMYHZmaWan5w1EPLgd8Xx5/e+h6p6163/S/J/Uyf9pfF/fYh8HXrp7vtGxzeMfaJXSNxGH6+b/p5fbycbfzzFZvh6YzK4K1nvh4y++b9S/+IfOSfP/yMbxP5Tkv69ncXvtD0bE8eX+UqPjzV7/Dybv9GXtpz6aWVq6MRUxmJxdv396e2OGbpXFQxYvafwfeXHj+b/V6/9cHO6LiJUt9vm/J6O/Njom/0PnpPE/u3H+H1ub/7dfmL479kOj/s9vKf+fKOf0I9U95v8gb/33cWw1QDsyXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4xhUi4l+RFCZWy4XCxETEaET8N0YK8wuLSy9fXPjg2mx6rPz7/4Xsl36LlXqS/f7/WK4+XVM/HhH7I+LLvn3l+sSFhfnZTp88AAAAAAAAAAAAAAAAAAAA7BGj5Xv+S0O19/+nfuvr9OiAVkpjPvqrFfEOvae/6UeWhnZ1IEDbNR//wLOucfzXpveBlo8FaK/G8f/ocamsrcMB2sj1P/SuJuPfxwXQBeR/6FVbnNMbbvU4gE6Q/wEAAAAAoKvsP3Tv5yQiVl7bV95Sg9VjFvtDdyt0egBAx1jDC72rf6HTIwA6xXt8IFkt/VX3Zv/Gq/+T1gwIAAAAAAAAAAAAAFjn8EH3/0Ov2vj+f2v7oZttcP9/veD3dQHQRRr/9IfcD93Oe3zoaaXiFrK9+/8BAAAAAAAAAAAAYA8YvnllZn5+7sbi8rNXeGPXW85uh27h4Fdm9sJTt7uFJ61peSAi9sYJtrsw2PrX4WaFDv5NAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1vgnAAD//48wHak=") mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) 11.320475136s ago: executing program 3 (id=207): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)=0xfffffffc) syz_read_part_table(0x630, &(0x7f0000000000)="$eJzs3DFoXVUYB/D/Td+7770W0ipOXVJ3sdjZ1ICkj0qnSrcuVUFCxSFOFUtepEszZHBwdilClloXDR0c1CKOTqGDWnEVpKhUkR657933kigiaDoIv9+Qe853z/m+8+XejLnhf20u3aQaD3vpJDn50p9WrGe6IP1mfZLSbe9d2Fo+c7aUUqpmzcV08+Sn87eSdNot/VmaUsrabHI6N947fPt6Nepu3W2Kfr5xqAkPJscYJE8dqfvjNHsypJR9B+sd5O+Bf+fm4p2qula3s/qnh0vJBz8un98+t/HOrRfa8FryRdI8/7eb92K6+s1cPnGpMx42T/mNvXl/bhPuRnYf9yCdfWcYXVsdbi4truxMA8eHWx+/+uyvJ26nnMqXdWdueqOqM59Z5tHB9H+0efs3ryyu7AyvDmY3nnj38c+y0E7ul5JjTcnHMv7TWTiAygAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAo3F+8kGQ03k5WdYa+NLp/fPrdRJ3n+lX4bOrl316H2ejmX7jXXtawm332U7t5FVfNjHJlLd2kS+3ahPD0edKb1e4PJ4Mriys7wt8PJvWceHh9OdqX3yandcmuzzNt5rh09KBPjyfrfNdmWKEdLjv2l/6qTrA43x/Wvfl91Jg1/WI1mx5xL8lovL0+aKQ/qdu/vu20AAAAAAAAAAAAAAAAAAADAf7J85uzr99vxxX6SH96aa8alN/kv906qXJ+tXsrXvWRwOrnRTzVaSnL3xV/qr+Y3vmk/HTBKL6MkR95fv9BuqvcVnH0ioEqpH3V3/JM/AgAA//96rHlv") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) 9.588462293s ago: executing program 3 (id=214): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000)={0x2, 0x7d}, 0x2) 8.90700085s ago: executing program 32 (id=214): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000)={0x2, 0x7d}, 0x2) 6.528471212s ago: executing program 1 (id=231): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000200009500"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3, 0x25, 0x0, @val=@netfilter}, 0x40) close_range(r0, r4, 0x0) 6.13242336s ago: executing program 1 (id=234): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0xffac, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0xffa0}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x18, 0x29, 0x36}}, @ip_tos_u8={{0x38, 0x29, 0x3b}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @loopback}}}], 0x50}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xf00, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0) 5.618897007s ago: executing program 1 (id=238): syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xfe, 0x85, 0x71, 0x8, 0xb48, 0x3007, 0x4f64, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x38, 0x0, 0x0, 0x23, 0x52, 0x26}}]}}]}}, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x6) 3.756660482s ago: executing program 1 (id=246): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0x82, 0x48f, &(0x7f0000000380)="$eJzs3M1vVFUfAODfvf3gffmsigpItEqMjR8tLags3Gg0cYHRRBeoq9oWQijU0JpYQqAagxsTQ6JrdWniX+DOjVFXJiaudG9IiLIBjYsx9869Mp12mKFOZwrzPMnQc+acO+ecnnvuPfccpgH0rOHsnyRia0T8EhE7qtHlGYarP65dOTv155WzU0lUKq/+nuT5rl45O1VmLY/bUkRG0oj0g6QoZLn5xTMnJmdnZ04X8bGFk2+PzS+eeeL4ycljM8dmTk0cOnTwwPjTT0082ZZ2Zu26uufc3N7dL75+8aWpIxff+v6rrL5bi/TadqzJ4Mq3hrOG/1HJ1ac9HP//T8VtNNtqwkl/FyvCTemLiKy7BrLxX6lUztek7YgX3m9y+JZ1rh6wjrJ706ZV3i/ui0uVhpIbpgK3giS6XQOgO8r7ffb8W746OP3ousvPVh+AsnZfK17VlP5IizwDdc+37TQcEUeW/vose0U71iEAAJr4aOrTw/H4avO/NO6pybe92EMZiog7IuLOiLgrInZGxN0Red57I2JXK4XWbBDUbw2tnP+kl9beuuay+d8zxd7W8vlfOfuLob4iti1v/0By9PjszP7idzISA5uy+PgNyvjm+Z8+bpRWO//LXln55VywqMel/roFuunJhcl8UtoGl9+L2NMff1cqlbr2J1H2UhIRuyNiz8199PYycPzRL/c2ytS8/Ss+7ro27DNVvoh4pNr/S1HX/lKycn9ycNv1/cmx/8XszP6x8qxY6YcfL7zSqPzW278+sv7fvPz8L1I+XywCQ2/W7tfOR4Ody60Ny7jw64cNn2nWev4PJq/l16Ny2/XdyYWF0+MRg8nhPL7s/Ynrx5bxMn/W/pF9WUrZ/vLINL/GRdH/90XE3mK/7P6IeKCo+4MR8VBE7GvY+ojvnmucthH6f7qm/5OoP/93nav+LPt/8aYDfSe+/bpR+a31/8E8NFK8k1//mmi1gmv/zQEAAMCtI81XbpJ09N9wmo6OVv9j787YnM7OzS88dnTunVPT1RWeoRhIy5WuHTXroePJUvGJ1fhEsVZcph8o1o0/6Ys8Pjo1Nzvd5bZDr9vSYPxnfuvrdu2AdbfaPtrEKl9oA24/9eM/XR49/3InKwN0lO9rQ+9qMv7TTtUD6Dz3f+hdq43/83VxewFwe3L/h95l/EPvMv6hd9WN/774uVs1ATpoDV/nFxCYXzwT6YaoRkuB1v8exHoH3tgY1Wgh0O0rEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHv8EwAA//9gP+wr") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5) write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18}, 0xfffffdef) 2.988564351s ago: executing program 0 (id=249): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000006500)=[{{0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000000440)="859e9bf82103e4b7e88fd08f2aae461038d8bd38919a04eecf9a4999b13d24a03f7951fcfd738a9db9c208753d6b73c1b0817740037ab43a9b9c27f4ad0ea6dfa385749d4400172b2dfd9ce3e3e3d4e1d1e8d492148ab69e41de178b9e9543874d176e95d27d2fcd4b49b05341e9d8f1ca38afe380d7bdd3cdccc2e82e9cda34fb72cb89e7e0b725ae5a350fe1fc8ed6e933a2d08130fc5208d2445404571c8808baa072da368e79fcaae5e00664dceeb4bb9dedbe708c0bc937486b246b3c501f37e06c471f7f22198f24bf9ebf549541b04b0f86a976dd6f1619780b9ec2b2c7d41d8688a8c143494301ca742a2ee8f2b0b9945b0ddc44df46d1a6c20cebf88210dac72d53a3365acbba77e74e74ca520ba153f8e662958475ce0a2618826c6fb4aceb1a3b439144bd67624069d9306d666266c268002e83164c373510042cf53ee5ac73f47a32f72fd218ab3d7dbecb9b156a1338201c3a13f73ef5f759659b8f44f7c05423336b737eb1df1ff92ecceb36ab65190ab42d10a57effa36dbe8886ab4d8faa37df77dadb81dc976f825fd1af421a9bde6989671c3c843eb9ef45f838e1eaedc3133209afecbd067143b0ed95e13856c6ef811eb5246398d520092409ba932656ac0d3e6114c8b498ad756fdd1c45524f30b7942693e1caaef17002af818b6c7787fa7c0f9efbacff6a471fa70faa0aee5bb9824836d9f671bbcb676b2aebbc416343e4b333ed83a26aeed4c625a468c44fd968dfaa44469abad258236f61730e45e4fba133657ffd5a4976e8fe81cff2a2df3bcbd461f4fee16794039d137d9ec5fd1cd27a1e6000c15f4fce0bdf4a1039fad703134af95e025c6694376df7ef08ac0ba222ec3b07923d59c7d591c543f2cdb40d30ef03c039a71de7331eefb7c4773685e2e973651e40ffc6afc844e5d27c9fce899082771307d46ef34332c60c67254b0020591f8bd71a8b4c6ba18c04f14a954e82018dbf5b1e82675e682412393271f60e3c899f58b908899151fa2378d02690b0a3e8931f40f8c4fdfd77fd8beca4089070a1982413d331b187bf80593ed114f517340724e79281463984eb069f624f9bb6e4257669552a9a78c70a9b8b4fd89e29d3c1a1cf410e45248bdedefd287d6a98dcdb6a1d68a919d8517e5bfd73add22832c42e66fd70a742123be5e1053fff8fdcf19121285faaefc17d0bcec39586095882d23a16fb5e83816a04b44feb61bec3b00efdba8c1dd08c747e7a15c93a6fa87746ea45e110d55787af35174d99c9332da00a83aa9c1f1e3adac36dbbf2ee9f5a5c26ac3aa34276dc024eb77ac70d4142ae1c3e812c634e01205e6340f779bfbb1a1b114ca18fd4f77870fb746e7b2f59aa92c9e780681c5222deb0719a7bfa112504079834c93172fd545202281f254864ce83135fdc660065a8292946495fe7915df4be1f749bf189092b8f1a675be4f4b9c9cbd80c290509bbc3c6e770d7ee498023e950f024d549fd9f188c36d749317feb87609455427305910948188a4cde1a9ff316905f4bfb6b9c6e59d19279e4d676a87a959eccbe2e17df36704aa759fd4b141beb530462bf01b019297447579960bb6423d25ad3e45e9431fb789609316d1b002c15716f20ae7b4837c9f1ee2ee9c6b1037736c37a0a784198ab9bc2a3a796273ae41b57ad3d8c1bf2afffaa2a318b85b37c70b40562017325109ea84354ac781c6cfa0cc281507cff0cfc15e1f1a312e581a2ac86a0eb782eb5d77692c5e8d7372d9488a8c09ae4ff993b11ecb3cfdc199cad11cbdee2859f322c1cd3c2c64525e9cd25b0a8498366d436011caa605fab798c3b1e57ad90a826b60377212833fc1e62387bb2d20271102fa8520ab53a4b149da5708d50bc75caf7892a43e984d792e12f170d227aeab1af60b14c507ad611b98acc7f92868dd8b6607758bce1ff81a56b217eb2961a95c110ae27e58ce2f6ef90b2979fdaedeb161698a7a5dff002b158fb61c82d0dd7e3b371db87f351ab716fe3cd81a37afcf758eb9f9009c43e5d17c8ba09081e893dbcea035186e8b8f0e91a43c49674758239c026900e061e802403f1c3c037d61e9b63cf727c0590ea75218bbbbf247653e75ac30178696c31d8c3d43ab4ac5c55e1fa3c6207f6720757f664b388835af661bd27561253f69ffbc945a5f0c6e2e1495b54ef299426092c89f19fc34222ef5213684bef34a2f2fd3793c528bf02d149cd5fa291504f4040e9ec4c4dfd833533afea3e7e6bbd11f1f772b570e1be2fc50d3ea2c6ead8f7895841546cd9d1420c54706bc515c79bc2b55b9af9e172cd70294330c90a058b602fe765226d09df41349778d6b1b740ec2fcb24d6b1361c950220083a353275b7ea05aae1b75ab5fd5264f218529ca6dd0b51265235f4e1cdce941a26a790fd8c2fa8f07a53c5e23a07ff1e3ddaed1ab0ebcb5cee0bbbcc1c997c8bb3e161f164839722bf38cddf50097ecf9e9276ff0a249dd4f388156582d0217504f09f2face33c16d260471ef98891639dec11c9b494827fa6388204219348ac0a8ec3aba55dcbb9cb00648b249d07cd0b968f32ccaed96e9fcf3f38d143b77b3170d64f799d230bf4de9678630fb536dabee4d7e80083d14ce7399422e67ec7581b19ceddcfdaf855a20edb0288d384c7afb8fda832a2c4bb4010d25eb6b4cf173fa203ba1a62eb43209875449152772de76c3d061301ead7339cb2324be9d2c3ea4e5db07980879aa0a8bf47d8eba4e0cd16628dc50c7f949266ba6749a3dfc8290b27725d9dd8b42bec5459268b7519a74cfb1e0ae23e0b1014d69161ed8b0134c97dcc488ba549d921d265c43f5b7bb693b9edc64cc530961b81502b9072214904e6e3d8a5404ff0806d5021612a39434eb7f866ec44345b9d0409fcda174c55dcfbe4f75919f41bbabcc5472357b2290fe8af96218bf0a11f00eef40f84d39b800554586998921622269394452fe49da2af124dd7d8b750337773a071bd2c4cc53cce4cb40b54a6dd9a52493d911a4eba14972375cabe378457365777fd18eeb8e5869ad26606dd3063e6c702a304ba32a03b4de08bab45f1e143a333e3c77c28ad26f35f4ee75a68d0611d89683e81fc3f55232ff06859d06ecc857bb18fb8c49fbace19785865d5720fd7b569f58fc4cedccef796b926f85c7e9c5655801e32ad2b057005ab15ef560b29dac33cb974b6ad976c61577ff6b7d486cc7a90ae2b4aa4f2712d7c8b4c19d4b51da8c5bdf0e1f134fef87643d24e3ce43c88d2c940dbe7a1566798fa3ed70b081b18f23a708ce6af544724b0e8d65641d3d738141b746c47b9e1c4bd806f0a6dc4ae174a9b8b29f12c5d21a87ba4f7b40a4a2084cd4e924e63a938ff6e2d0004030ea93e167ad050cc5a43d7abfe2e9bf54820def9607263dc40cb23c2a8f53e258393a821859360087136461501a69d423314da09ab3d5e59d46942be55f0f8da0da1ac5411aea9c4ab3620ef8bb7e0e4e284574fd90e2f1b84937634d2f7a009426148b66dd15d92d5b969383428c3a7cca998937ee93eba3ab7529c3dedd013843ced5c39c02cf0473848c722a1f4fb9eae8a17242f2d1f0702003f3e90c02aac47a710b80fb07105c0e346b3637794e5d2d0e5633f8f0db32462982b74c85a56301fc55fe5c9df6277add0cf39f9941c4cbbb73dd471549d2145824e9a969d4f8dcccd083ab80cea77e03ed19a9bdfe5f81b307e63cf327b4ea216ccc659df438e6f3bc6b57f939805d5037829da1c50648639fb722a69c176fe94714651f2a8712fc6a9f694eecce1ea24b19c05c2f81f14ae75ddfdf89a87596ca896eccd27d1b78a1bf8153611249dba31f562b6075a66e8225e62b5195213bb41d5f572fe313f6be7fc83fadabc17ce6a2a6f9d22311a2d3d07a3c399b2e9cc1ffb2a67ab87db38ceccc9ca6580a934e0e021b4db01659a822d207bd7a1a118293f2b5d391faaca6c475f1e8760d26e0cc30b71b9650c46cb872928ca6b9555558b18e18a75979fc1313626c6d91cbf17c7cb1dda7562cdf06556ce8a776703dcf814bdd0d6c17164d541d3ac1d18fd56d467102efdb91671faabe68875c4f91286b844a4a2e8fd21b362c7a8bf20f052b103e1b20dcf4a23670ce62b9243ad0f8044f30e8ad41320aac6728d715ed4eab319292bbc8ca332f0b075b38a615a2e1e60b4d942baa0d767095b1a4203fe645da036eeab9e061c6a5cbf6f1093caba36f9705f4571e1b9732abcf9f1fe12e9dccb3d92dd2b9fde4bd8c3c5fe7ebfc4a84ff231cb529fc19d0f15fadfc8ea73bc3e5d7c869086762d259d33a73efe24d8ba2e55875676482cf1ccb1f8902ccf09230de1906f83d99b63e3b1fe94a466accd4ed3011b7918291afee134a4c97e1933e58a2209158800eb71dd19765aace8db505ac7d19c8e1d559d06d23e89a5d0f4b26b5bede6a192f449d5ac5d568d16ff1457d50e7226226cb1a76bbb785c8a1b9e1675884b3cb1c015eb0b574b651b0b5911d1d22e30ec476e5dd96313e708146140ca4211e892ff6493d3f3ad6f805069b6f78a94deebfc9aed93c833f4cafd45acf5733903a69985a9bc59cfc4bd3de3c55de765bb9cfdf4c445140bf4955249d4e67f6c53e4ddec33f78570593bcf73afc1a3d4967339a5a5b022305cc96b48114679c77cbe96aa9c534c71815f8a662e3310ac7f8b6436c2d1616ff3878fc189bc7078d4abe20b1fc5b4d202c47b223e21fc57805d963da0c8cdffcfd54af07fed2f5980bcecb3b1cb00c4c5a980de6d655bd7e252ca51f1864d563ace9cb651bf6254c9ae982d3fa8eb67c8d02e2dd21625592e00b07baaa71b69199888b879631cdaf9504a371d3cc11103756ca614ad14497d73d787ef08ca6e133138e6cf749ec39386bbd2e5c4dc3f0cfcc5e537013ca7e62965ab82abd04a82d6907f67700efc8f8ad1840fb18cdbb9ad0ea1e895f295ed666e4244c9adab80c89feff094a80acdc782298708f3238c398861d4a9f9a01619566b5d92cb6f237264fb303c65d6c446e8ec2f070a514ebd7d448acce6512f8519b0eda051b1cf21967811cd392d16dc4bd347569c1ca5edf8ee07fa9d2aecff68dbfc1dd89eafcd020eff69c0dba258215b3b1f8791a71ec77cbbd18cf0f690d2e7937ab573800407fc65fdecd10508f0fef92f84722ff5fdf13da736ab81bb7a4a26d0d4bb71ecde10bd4199fff591e4617a3e4c8116e7e65bba95dd3503134f2c6bc206402a365bf6c81dc39d4969e5b4a066627757ee8193aea0102de0e824c2a5244e811000ae314125e7de39da733b58df015e6081ebe85575e2351efb3c78f0cb29e966d54b251670e12f46ae7b594e9c1413c78c21b1c0c3c3d8f71436e003ea1cda2ca09ac82c16bae132167eea3f513f3bf074dc1bf3bbd143c2c0e0d580f83aff1b4b032a3afe06eaf7c80bc26c466f166f0c055cd6f833f4c914d010195b6191b1f836cdd58666f00ec9eb9bd2818d31d97e41b2cfa33d574edcfec60c5e4fe45a1267d9c2359909ae8c3a6e3ae0ec36d30b6a362f75a96b5c693eb2cf5b9f78f9bfb686aeae200a5663c69910daa2d77fed0f1d31ba981a5c8bcf8529473e1b5660d76549e9ee5df2f0c701f76b86cce9aa15c85c23f4a6f014bbd73aeebd9c45f3a4d35210f5dadb7916636a908c16523e2d8047667f15dfea561de273481bf6e93a654c7150db8569325ab5b2dc2d5ed27b60d32bba5ea21d366b61190b2844ff72f1255f87575fb2e61ca5df2928d6", 0x1000}, {&(0x7f0000001440)="ca", 0x1}], 0x2, 0x0, 0x0, 0x33374acb71cd163b}}], 0x1, 0x44081) 2.81213939s ago: executing program 4 (id=251): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = epoll_create1(0x0) r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000780)={0x10000000}) write$dsp(r0, &(0x7f00000012c0)="a528", 0x2) syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) 2.648573945s ago: executing program 0 (id=253): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000200)=0x1b) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3) 2.447633128s ago: executing program 0 (id=255): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='cdg', 0x3) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 2.227656603s ago: executing program 2 (id=256): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000003c0)='htcp', 0x4) sendto$inet(r0, &(0x7f0000000180)="c3", 0x1, 0x4000, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)="89e4192d92359cb3ee294530ae76ad6dc4ff20cc3ccc9d41018dd482ad1f395d4e38bd22b6fcae05c49fbdfdf66ae2994f191e9222effcb97205d0aaed4b29919f9e3bab7fdb276ca29501903c98de0b0cc8afca563f94fe69b6927ae594d1b53ad9f4a9f9f5c84a518d37939c84a5bd15048115ac421e9c56866ab6f91b0e8181d8999dd86c0177a971a39bf35b38eb0504bf70c02cc307c62d6f06c80b146153ca56a182831696c8cf46d2b065744e6dd4415ceff773e8d3a45aacc4fd8972cbe77878", 0xc4}], 0x1}}], 0x1, 0x40) syz_open_dev$sg(0x0, 0x0, 0x80800) sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 2.125007023s ago: executing program 1 (id=257): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000001380)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f00000000c0)={{}, {}, [{0x2, 0x6}], {0x4, 0x4}}, 0x2c, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 1.94866895s ago: executing program 2 (id=258): creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) lsetxattr$system_posix_acl(0x0, &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f0000000540)={{}, {0x1, 0x3}, [], {}, [], {0x10, 0x5}}, 0x24, 0x0) lchown(&(0x7f0000000040)='./file0\x00', 0xee00, 0x0) 1.862061017s ago: executing program 2 (id=259): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a40), r0) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x20, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x44}, 0x4000) 1.724738473s ago: executing program 2 (id=260): syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socket$can_raw(0x1d, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) pipe(&(0x7f0000000480)) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000002dc0)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 1.600664509s ago: executing program 4 (id=261): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x41, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x3}, 0x10) sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x4000) 1.516385759s ago: executing program 4 (id=262): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x400000, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) 1.434587945s ago: executing program 2 (id=263): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x94eb2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 1.408563855s ago: executing program 0 (id=264): close(0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) r1 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0x120f, 0x100, 0x5, 0x3d4}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000200)=0x1b) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000140)=0x3) 1.216497691s ago: executing program 4 (id=265): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="34000000170001000000000000000000240000800c0002000000000000000000140001"], 0x34}], 0x1}, 0x0) 1.143052928s ago: executing program 1 (id=266): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0x82, 0x48f, &(0x7f0000000380)="$eJzs3M1vVFUfAODfvf3gffmsigpItEqMjR8tLags3Gg0cYHRRBeoq9oWQijU0JpYQqAagxsTQ6JrdWniX+DOjVFXJiaudG9IiLIBjYsx9869Mp12mKFOZwrzPMnQc+acO+ecnnvuPfccpgH0rOHsnyRia0T8EhE7qtHlGYarP65dOTv155WzU0lUKq/+nuT5rl45O1VmLY/bUkRG0oj0g6QoZLn5xTMnJmdnZ04X8bGFk2+PzS+eeeL4ycljM8dmTk0cOnTwwPjTT0082ZZ2Zu26uufc3N7dL75+8aWpIxff+v6rrL5bi/TadqzJ4Mq3hrOG/1HJ1ac9HP//T8VtNNtqwkl/FyvCTemLiKy7BrLxX6lUztek7YgX3m9y+JZ1rh6wjrJ706ZV3i/ui0uVhpIbpgK3giS6XQOgO8r7ffb8W746OP3ousvPVh+AsnZfK17VlP5IizwDdc+37TQcEUeW/vose0U71iEAAJr4aOrTw/H4avO/NO6pybe92EMZiog7IuLOiLgrInZGxN0Red57I2JXK4XWbBDUbw2tnP+kl9beuuay+d8zxd7W8vlfOfuLob4iti1v/0By9PjszP7idzISA5uy+PgNyvjm+Z8+bpRWO//LXln55VywqMel/roFuunJhcl8UtoGl9+L2NMff1cqlbr2J1H2UhIRuyNiz8199PYycPzRL/c2ytS8/Ss+7ro27DNVvoh4pNr/S1HX/lKycn9ycNv1/cmx/8XszP6x8qxY6YcfL7zSqPzW278+sv7fvPz8L1I+XywCQ2/W7tfOR4Ody60Ny7jw64cNn2nWev4PJq/l16Ny2/XdyYWF0+MRg8nhPL7s/Ynrx5bxMn/W/pF9WUrZ/vLINL/GRdH/90XE3mK/7P6IeKCo+4MR8VBE7GvY+ojvnmucthH6f7qm/5OoP/93nav+LPt/8aYDfSe+/bpR+a31/8E8NFK8k1//mmi1gmv/zQEAAMCtI81XbpJ09N9wmo6OVv9j787YnM7OzS88dnTunVPT1RWeoRhIy5WuHTXroePJUvGJ1fhEsVZcph8o1o0/6Ys8Pjo1Nzvd5bZDr9vSYPxnfuvrdu2AdbfaPtrEKl9oA24/9eM/XR49/3InKwN0lO9rQ+9qMv7TTtUD6Dz3f+hdq43/83VxewFwe3L/h95l/EPvMv6hd9WN/774uVs1ATpoDV/nFxCYXzwT6YaoRkuB1v8exHoH3tgY1Wgh0O0rEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHv8EwAA//9gP+wr") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5) write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18}, 0xfffffdef) 1.131966646s ago: executing program 0 (id=267): syz_mount_image$minix(&(0x7f0000000600), &(0x7f0000000100)='./file1\x00', 0x1804002, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRESHEX=0x0, @ANYBLOB="28eab73baea79cebfbcb377495a5091fc0b79703c790e209a76c53adec0a444df808db4a70188c30fc5f9c81caa83f2882fced04170dc6602feb4f971fa7b7c3d8be7345ca210ed1a2e91f15f7cf9f851773d36f4149ae4855f777c47e1a9ffb174a9daee48821b82196b5336460ba85b4ca92c2fe9b7ae175cab7acdd2c107c335a67c1a38efd4a2a19b18fe8ca", @ANYRESOCT, @ANYRES32, @ANYRES16, @ANYRESDEC], 0x11, 0x1d6, &(0x7f0000000bc0)="$eJzs289ulFAUx/EfDANa/9S/GzddaKIbS0cT0Z19lElL66SMNtZNGxPjA/gQvoE+kQu3nUR3rsTMZToOSIVhOtDpfD9Jw71wD/fcUJjDAgFYWjckWbLUlhTH8YdXD2ytNZ0UgFq09DsGsKz0459dXlIMALjYBpstUwfsS/r28/3W8eivPVEh/M9g0zbbl5KOJ+LdkvXH4KNltvecdPzwEXSpRHz8OYl/mJn/8pTzr2TiV0rHJ+t/dD8df0XSVUnXJF2XtDp617op6VbO/NuZ+e8Od34tmQRQkaX1bD+1w9ZOLwo3xv226Xcmxqe55vjTcd8z/fWtN9H22ScPYCZ2wf3fytz/Tub+B7C4Dg6P9rpRFL7Nb3w5/VDNDbsoVdPwVO6E338VjLHPwZJnbgxf3c7khG6J/5bCMWsVZj95+Zw655O6tOlLkDQcSVXDndFKcsf0Z83Qy71e7l43Ou2J4czvYQSgVv67/r5/cHj0uNfv7oa74esnwYsg6DzvPAt8U/n7Oz1po+k0AczB3x/98jHx6jwzAgAAAAAAAAAAAAAA07ot6U6FuDj74Q8AAACAc6+OT6DGk31qdKkAAAAAAAAAAAAAAAAAAADAwvsTAAD//2QeNU0=") ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x2010004, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c756e695f786c6174653d312c696f636861727365743d63703836352c73686f72746e616d653d77696e39352c636f6465706167653d3836392c726f6469722c616c6c6f775f7574696d653d30303030303030303030303030303030303137373737372c73686f72746e616d653d6d697865642c757466383d312c636865636b3d7374726963742c73686f72746e616d653d6c6f7765722c696f636861727365743d6d61636761656c69632c009fe7a64148646d78b2352fb82c3564f8d2296b6f8512835d329176768472a65dd4d0804d842d71bb377c"], 0x25, 0x34c, &(0x7f0000001740)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@volatile}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) fdatasync(r0) 1.064720486s ago: executing program 4 (id=268): creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) lsetxattr$system_posix_acl(0x0, &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f0000000540)={{}, {0x1, 0x3}, [], {}, [], {0x10, 0x5}}, 0x24, 0x0) lchown(&(0x7f0000000040)='./file0\x00', 0xee00, 0x0) 650.425938ms ago: executing program 4 (id=269): syz_mount_image$cramfs(&(0x7f0000000040), &(0x7f00000001c0)='./file1\x00', 0x8c80, &(0x7f0000005ec0)=ANY=[], 0xfd, 0x161, &(0x7f0000000580)="$eJzsz81qGlEYxvH/6YwfrUottGAL7aaLWot1HLG7LsZSqVA7UPAK2ikVnCoWisuadRa5gAkkBJKNuMoiy8RsYqIQDMlduAtkaThzDISscgHnt5jDed9nHmY+f5xmSYOB8qntd7re34WA7269GlHTOLHwKfmd7gPgp9rsO/BbnibM+2p8mJKBlvf+R7sl73MHskAlAb+aD1VhHx7J2dPztzJbRL2ffQ2jZzLX8mxA3JmVlrkXJlRkQTNnWMBiE97IvicqJ/sugV6w/AXyue2XhgPR8NYLEgyOv03GtXzulbdqV59vJTMGDU+uhdyfFcb508JwMJtO6l/dujst2faHklW0rPLMPZnUyv/XML8k/0E8zL8bqr6LTFR2NGBFQCBgEO7nByJFhMTRuus/ju0I4E8aRO/mA0cbV64vx7txnD25CQwyEYHJLdHlKdA0TdM0TdM0TdO0e7sOAAD//1taVfs=") open(&(0x7f0000000540)='./file2\x00', 0x1c1040, 0xc1) 110.36355ms ago: executing program 0 (id=270): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="6800000010000305", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00@'], 0x68}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000140)=ANY=[@ANYRES16=r2]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYRES32=r2]) 0s ago: executing program 2 (id=271): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000003900)={0x1, [{0x1, 0x10, 0x0, &(0x7f0000000040)="4a1e"}, {0x3, 0x0, 0x8, 0x0}, {0x2, 0x0, 0x9, 0x0}, {0x1, 0x0, 0x7fffffff, 0x0}, {0x0, 0x0, 0x5b2, 0x0}, {0x3, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x5, 0x0}, {0x0, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x1, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x1, 0x0, 0x4, 0x0}, {0x3, 0x0, 0x100, 0x0}, {0x2, 0x0, 0x80000000, 0x0}, {0x1, 0x0, 0xa9c, 0x0}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000134000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. [ 80.834161][ T5829] cgroup: Unknown subsys name 'net' [ 81.023269][ T5829] cgroup: Unknown subsys name 'cpuset' [ 81.032123][ T5829] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.587090][ T5829] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.246214][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.255424][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.264557][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.281548][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.290934][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.299692][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.307929][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.312074][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.317006][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.361496][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.367151][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.380767][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.388363][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.399984][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.407282][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.407993][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.417636][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.432792][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.443364][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.453684][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.477146][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.501776][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.513660][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.524117][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.535369][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.196348][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 86.251382][ T5856] chnl_net:caif_netlink_parms(): no params data found [ 86.289816][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 86.380431][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 86.604789][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 86.617832][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.625738][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.633379][ T5851] bridge_slave_0: entered allmulticast mode [ 86.641254][ T5851] bridge_slave_0: entered promiscuous mode [ 86.650199][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.657653][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.665083][ T5844] bridge_slave_0: entered allmulticast mode [ 86.673613][ T5844] bridge_slave_0: entered promiscuous mode [ 86.716531][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.724119][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.732405][ T5851] bridge_slave_1: entered allmulticast mode [ 86.739825][ T5851] bridge_slave_1: entered promiscuous mode [ 86.765564][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.773425][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.781050][ T5844] bridge_slave_1: entered allmulticast mode [ 86.788459][ T5844] bridge_slave_1: entered promiscuous mode [ 86.864548][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.872053][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.879632][ T5856] bridge_slave_0: entered allmulticast mode [ 86.886916][ T5856] bridge_slave_0: entered promiscuous mode [ 86.916375][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.937253][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.945266][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.953933][ T5856] bridge_slave_1: entered allmulticast mode [ 86.961545][ T5856] bridge_slave_1: entered promiscuous mode [ 86.968535][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.976276][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.984181][ T5850] bridge_slave_0: entered allmulticast mode [ 86.991303][ T5850] bridge_slave_0: entered promiscuous mode [ 87.006291][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.018893][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.032097][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.054580][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.062644][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.071588][ T5850] bridge_slave_1: entered allmulticast mode [ 87.079714][ T5850] bridge_slave_1: entered promiscuous mode [ 87.188091][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.208331][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.216481][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.223968][ T5840] bridge_slave_0: entered allmulticast mode [ 87.231879][ T5840] bridge_slave_0: entered promiscuous mode [ 87.241357][ T5851] team0: Port device team_slave_0 added [ 87.249584][ T5844] team0: Port device team_slave_0 added [ 87.258583][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.271491][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.281373][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.288736][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.296817][ T5840] bridge_slave_1: entered allmulticast mode [ 87.305387][ T5840] bridge_slave_1: entered promiscuous mode [ 87.314355][ T5851] team0: Port device team_slave_1 added [ 87.322433][ T5844] team0: Port device team_slave_1 added [ 87.356116][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.370190][ T5848] Bluetooth: hci0: command tx timeout [ 87.456307][ T5848] Bluetooth: hci2: command tx timeout [ 87.456312][ T52] Bluetooth: hci1: command tx timeout [ 87.493926][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.524257][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.532584][ T52] Bluetooth: hci3: command tx timeout [ 87.538621][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.565836][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.580894][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.587895][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.614998][ T52] Bluetooth: hci4: command tx timeout [ 87.621003][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.635095][ T5856] team0: Port device team_slave_0 added [ 87.644779][ T5856] team0: Port device team_slave_1 added [ 87.653316][ T5850] team0: Port device team_slave_0 added [ 87.663608][ T5850] team0: Port device team_slave_1 added [ 87.672932][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.702549][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.709922][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.740819][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.826350][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.833963][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.863464][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.911353][ T5840] team0: Port device team_slave_0 added [ 87.941464][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.948825][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.977325][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.990802][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.998185][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.025930][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.037949][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.045029][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.072830][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.086156][ T5840] team0: Port device team_slave_1 added [ 88.114030][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.121408][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.152770][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.193137][ T5851] hsr_slave_0: entered promiscuous mode [ 88.200428][ T5851] hsr_slave_1: entered promiscuous mode [ 88.240661][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.248350][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.276333][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.305480][ T5844] hsr_slave_0: entered promiscuous mode [ 88.313745][ T5844] hsr_slave_1: entered promiscuous mode [ 88.320946][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 88.327341][ T5844] Cannot create hsr debugfs directory [ 88.384853][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.392446][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.421541][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.538921][ T5856] hsr_slave_0: entered promiscuous mode [ 88.546378][ T5856] hsr_slave_1: entered promiscuous mode [ 88.552989][ T5856] debugfs: 'hsr0' already exists in 'hsr' [ 88.558953][ T5856] Cannot create hsr debugfs directory [ 88.626000][ T5850] hsr_slave_0: entered promiscuous mode [ 88.633927][ T5850] hsr_slave_1: entered promiscuous mode [ 88.640705][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 88.646469][ T5850] Cannot create hsr debugfs directory [ 88.748153][ T5840] hsr_slave_0: entered promiscuous mode [ 88.755806][ T5840] hsr_slave_1: entered promiscuous mode [ 88.762917][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 88.768888][ T5840] Cannot create hsr debugfs directory [ 89.126398][ T5851] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.141099][ T5851] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.188839][ T5851] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.202067][ T5851] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.323476][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.335099][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.345965][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.357948][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.443322][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.449765][ T52] Bluetooth: hci0: command tx timeout [ 89.461104][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.475120][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.485890][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.530451][ T5848] Bluetooth: hci2: command tx timeout [ 89.537454][ T52] Bluetooth: hci1: command tx timeout [ 89.610464][ T52] Bluetooth: hci3: command tx timeout [ 89.614967][ T5856] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.661083][ T5856] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.675740][ T5856] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.689435][ T52] Bluetooth: hci4: command tx timeout [ 89.710543][ T5856] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.803422][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.860994][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.891409][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.904772][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.917937][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.940559][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.003981][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.012303][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.032638][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.061879][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.070221][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.086767][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.113500][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.168307][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.191829][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.200805][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.226642][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.236034][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.275844][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.285312][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.296328][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.305722][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.350263][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.472599][ T5856] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.561595][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.570908][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.607214][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.616788][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.723157][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.815363][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.902828][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.911432][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.937023][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.946196][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.096641][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.196486][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.226876][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.381982][ T5851] veth0_vlan: entered promiscuous mode [ 91.435731][ T5851] veth1_vlan: entered promiscuous mode [ 91.465172][ T5850] veth0_vlan: entered promiscuous mode [ 91.488496][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.518634][ T5850] veth1_vlan: entered promiscuous mode [ 91.531917][ T52] Bluetooth: hci0: command tx timeout [ 91.616158][ T52] Bluetooth: hci1: command tx timeout [ 91.623020][ T52] Bluetooth: hci2: command tx timeout [ 91.690574][ T5848] Bluetooth: hci3: command tx timeout [ 91.711841][ T5851] veth0_macvtap: entered promiscuous mode [ 91.753075][ T5856] veth0_vlan: entered promiscuous mode [ 91.766497][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.769656][ T5848] Bluetooth: hci4: command tx timeout [ 91.797447][ T5851] veth1_macvtap: entered promiscuous mode [ 91.810609][ T5850] veth0_macvtap: entered promiscuous mode [ 91.822912][ T5850] veth1_macvtap: entered promiscuous mode [ 91.843826][ T5856] veth1_vlan: entered promiscuous mode [ 91.873497][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.898054][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.939846][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.956197][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.997363][ T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.010728][ T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.037852][ T5844] veth0_vlan: entered promiscuous mode [ 92.056424][ T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.067228][ T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.106273][ T50] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.144943][ T50] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.155626][ T50] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.196961][ T50] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.212099][ T5844] veth1_vlan: entered promiscuous mode [ 92.220958][ T5840] veth0_vlan: entered promiscuous mode [ 92.245984][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.264016][ T5856] veth0_macvtap: entered promiscuous mode [ 92.265232][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.301814][ T5840] veth1_vlan: entered promiscuous mode [ 92.340834][ T5856] veth1_macvtap: entered promiscuous mode [ 92.406550][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.416031][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.430562][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.437197][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.450796][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.452452][ T5844] veth0_macvtap: entered promiscuous mode [ 92.492887][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.526770][ T5844] veth1_macvtap: entered promiscuous mode [ 92.560140][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.569484][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.585124][ T983] cfg80211: failed to load regulatory.db [ 92.595317][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.622654][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.646559][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.674425][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.686974][ T5840] veth0_macvtap: entered promiscuous mode [ 92.695995][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.712874][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.719962][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.796861][ T5840] veth1_macvtap: entered promiscuous mode [ 92.860436][ T50] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.863965][ T5964] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.870498][ T50] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.963638][ T50] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.989498][ T50] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.018910][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.041625][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.053084][ T5966] kAFS: No cell specified [ 93.198883][ T5964] ======================================================= [ 93.198883][ T5964] WARNING: The mand mount option has been deprecated and [ 93.198883][ T5964] and is ignored by this kernel. Remove the mand [ 93.198883][ T5964] option from the mount to silence this warning. [ 93.198883][ T5964] ======================================================= [ 93.318015][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.362596][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.377438][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.406140][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.458938][ T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.461208][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.496696][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.551790][ T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.592707][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.623790][ T5848] Bluetooth: hci0: command tx timeout [ 93.635864][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.682334][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.689806][ T52] Bluetooth: hci1: command tx timeout [ 93.697724][ T5848] Bluetooth: hci2: command tx timeout [ 93.701317][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.771738][ T5848] Bluetooth: hci3: command tx timeout [ 93.889683][ T5848] Bluetooth: hci4: command tx timeout [ 93.942967][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.977557][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.058209][ T801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.096128][ T5975] process 'syz.3.7' launched '/dev/fd/6' with NULL argv: empty string added [ 94.114416][ T801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.514973][ T5987] loop1: detected capacity change from 0 to 512 [ 94.555930][ T5987] EXT4-fs: Ignoring removed bh option [ 94.614660][ T5987] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 94.697855][ T5987] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 94.715907][ T5987] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 94.776628][ T5987] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 94.816748][ T5987] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 94.841028][ T5987] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.005475][ T5987] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.9: bg 0: block 353: padding at end of block bitmap is not set [ 95.072628][ T6000] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 3: comm syz.1.9: path /2/file0: bad entry in directory: inode out of bounds - offset=24, inode=134217739, rec_len=20, size=2048 fake=0 [ 95.155052][ T6002] loop0: detected capacity change from 0 to 512 [ 95.200215][ T6002] EXT4-fs: Ignoring removed i_version option [ 95.253740][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.291998][ T6002] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 95.297688][ T5979] loop4: detected capacity change from 0 to 32768 [ 95.475198][ T6002] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 95.548461][ T5981] loop2: detected capacity change from 0 to 32768 [ 95.606239][ T6002] EXT4-fs (loop0): 1 truncate cleaned up [ 95.631170][ T5981] jfs: Unknown parameter 'iocharset.DrQors' [ 95.661399][ T6002] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.746872][ T5996] loop3: detected capacity change from 0 to 40427 [ 95.823736][ T5996] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(3456110080) blocks(1024) [ 95.878130][ T5996] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 95.901487][ T6005] loop1: detected capacity change from 0 to 4096 [ 95.938016][ T5996] F2FS-fs (loop3): invalid crc value [ 95.962403][ T6005] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 96.026635][ T6012] loop4: detected capacity change from 0 to 512 [ 96.045935][ T5840] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.301438][ T6005] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 96.373259][ T6005] ntfs3(loop1): ino=1a, mi_enum_attr [ 96.409910][ T6005] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 96.529000][ T5996] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 96.590005][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.932589][ T5996] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 97.224331][ T5996] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 97.283560][ T6038] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.350183][ T6038] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.513160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.849912][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 97.885299][ T6022] loop2: detected capacity change from 0 to 32768 [ 97.913781][ T6022] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.15 (6022) [ 97.923948][ T6046] loop1: detected capacity change from 0 to 4096 [ 97.929996][ T5855] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 97.988589][ T6022] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.029372][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 98.037432][ T6022] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 98.081336][ T9] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d [ 98.103453][ T9] usb 5-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0 [ 98.119348][ T5855] usb 1-1: Using ep0 maxpacket: 16 [ 98.128784][ T9] usb 5-1: Product: syz [ 98.132882][ T12] ntfs3(loop1): ino=5, mi_enum_attr [ 98.136320][ T5855] usb 1-1: config index 0 descriptor too short (expected 8228, got 36) [ 98.154586][ T5855] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.180183][ T9] usb 5-1: config 0 descriptor?? [ 98.219754][ T5855] usb 1-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 98.299744][ T5855] usb 1-1: config 0 interface 0 has no altsetting 0 [ 98.314688][ T6022] BTRFS info (device loop2): enabling ssd optimizations [ 98.331394][ T5855] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00 [ 98.364803][ T6022] BTRFS info (device loop2): enabling free space tree [ 98.389163][ T5855] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.635052][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 98.651335][ T5855] usb 1-1: config 0 descriptor?? [ 98.668058][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 98.688336][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 98.711072][ T9] usb 5-1: media controller created [ 98.720211][ T30] audit: type=1800 audit(1759647336.411:2): pid=6071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.15" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 98.788375][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 98.904271][ T9] az6027: usb out operation failed. (-71) [ 98.921770][ T9] az6027: usb out operation failed. (-71) [ 98.938332][ T9] stb0899_attach: Driver disabled by Kconfig [ 98.956480][ T9] az6027: no front-end attached [ 98.956480][ T9] [ 98.971729][ T6075] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 98.996988][ T9] az6027: usb out operation failed. (-71) [ 99.014770][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 99.058866][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input5 [ 99.091029][ T5855] corsair 0003:1B1C:1B34.0001: item fetching failed at offset 0/5 [ 99.134300][ T5855] corsair 0003:1B1C:1B34.0001: parse failed [ 99.147596][ T5855] corsair 0003:1B1C:1B34.0001: probe with driver corsair failed with error -22 [ 99.165581][ T9] dvb-usb: schedule remote query interval to 400 msecs. [ 99.171519][ T5856] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.186067][ T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 99.264996][ T9] usb 5-1: USB disconnect, device number 2 [ 99.278786][ T5851] syz-executor: attempt to access beyond end of device [ 99.278786][ T5851] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 99.298818][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 99.298844][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 99.298861][ T5851] Call Trace: [ 99.298868][ T5851] [ 99.298880][ T5851] dump_stack_lvl+0x189/0x250 [ 99.298915][ T5851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.298937][ T5851] ? __pfx_queue_work_on+0x10/0x10 [ 99.298953][ T5851] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 99.298974][ T5851] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 99.299004][ T5851] f2fs_handle_critical_error+0x37c/0x540 [ 99.299033][ T5851] f2fs_write_end_io+0x886/0xb60 [ 99.299075][ T5851] __submit_merged_bio+0x27a/0x6a0 [ 99.299099][ T5851] __submit_merged_write_cond+0x255/0x530 [ 99.299124][ T5851] f2fs_write_data_pages+0x261d/0x3000 [ 99.299178][ T5851] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 99.299274][ T5851] ? __lock_acquire+0xab9/0xd20 [ 99.299306][ T5851] ? do_raw_spin_lock+0x121/0x290 [ 99.299337][ T5851] ? do_raw_spin_unlock+0x122/0x240 [ 99.299357][ T5851] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 99.299378][ T5851] do_writepages+0x32e/0x550 [ 99.299408][ T5851] ? do_raw_spin_unlock+0x122/0x240 [ 99.299432][ T5851] filemap_fdatawrite+0x199/0x240 [ 99.299452][ T5851] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 99.299520][ T5851] ? do_raw_spin_unlock+0x122/0x240 [ 99.299545][ T5851] f2fs_sync_dirty_inodes+0x31f/0x830 [ 99.299584][ T5851] f2fs_write_checkpoint+0x93e/0x2440 [ 99.299607][ T5851] ? __lock_acquire+0xab9/0xd20 [ 99.299664][ T5851] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 99.299743][ T5851] kill_f2fs_super+0x2cc/0x6d0 [ 99.299773][ T5851] ? __pfx_kill_f2fs_super+0x10/0x10 [ 99.299815][ T5851] ? shrinker_free+0x2ce/0x3e0 [ 99.299842][ T5851] deactivate_locked_super+0xbc/0x130 [ 99.299864][ T5851] cleanup_mnt+0x425/0x4c0 [ 99.299889][ T5851] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.299912][ T5851] task_work_run+0x1d4/0x260 [ 99.299937][ T5851] ? __pfx_task_work_run+0x10/0x10 [ 99.299956][ T5851] ? __x64_sys_umount+0x122/0x160 [ 99.299979][ T5851] ? exit_to_user_mode_loop+0x40/0x130 [ 99.300008][ T5851] exit_to_user_mode_loop+0xe9/0x130 [ 99.300031][ T5851] do_syscall_64+0x2bd/0xfa0 [ 99.300050][ T5851] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.300069][ T5851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.300086][ T5851] ? clear_bhb_loop+0x60/0xb0 [ 99.300108][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.300125][ T5851] RIP: 0033:0x7f2d591901f7 [ 99.300147][ T5851] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 99.300161][ T5851] RSP: 002b:00007ffc442c6de8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 99.300181][ T5851] RAX: 0000000000000000 RBX: 00007f2d59211d7d RCX: 00007f2d591901f7 [ 99.300192][ T5851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc442c6ea0 [ 99.300203][ T5851] RBP: 00007ffc442c6ea0 R08: 0000000000000000 R09: 0000000000000000 [ 99.300213][ T5851] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc442c7f30 [ 99.300224][ T5851] R13: 00007f2d59211d7d R14: 0000000000017f5d R15: 00007ffc442c7f70 [ 99.300256][ T5851] [ 99.621021][ C0] vkms_vblank_simulate: vblank timer overrun [ 99.641858][ T5851] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 99.995906][ T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 100.069506][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.289532][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.319543][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.328896][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.060992][ T9] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 101.130544][ T983] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 101.440734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.451499][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.461687][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.471865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.601948][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 48: 120, using maximum allowed: 30 [ 101.621569][ T9] usb 5-1: config 0 interface 0 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 101.637381][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 101.645081][ T983] usb 2-1: Using ep0 maxpacket: 16 [ 101.653947][ T9] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 101.665022][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.665127][ T983] usb 2-1: config 8 has an invalid interface number: 39 but max is 0 [ 101.682559][ T983] usb 2-1: config 8 has no interface number 0 [ 101.688739][ T983] usb 2-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 101.705294][ T9] usb 5-1: config 0 descriptor?? [ 101.729264][ T5922] usb 1-1: USB disconnect, device number 2 [ 101.761345][ T983] usb 2-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 101.814087][ T983] usb 2-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0 [ 101.846684][ T983] usb 2-1: config 8 interface 39 has no altsetting 0 [ 101.872817][ T983] usb 2-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 101.889350][ T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.908015][ T983] usb 2-1: Product: syz [ 101.928622][ T983] usb 2-1: Manufacturer: syz [ 101.933627][ T983] usb 2-1: SerialNumber: syz [ 101.978173][ T9] usb 5-1: string descriptor 0 read error: -71 [ 101.989953][ T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 102.029858][ T9] asix 5-1:0.0: probe with driver asix failed with error -71 [ 102.061511][ T9] usb 5-1: USB disconnect, device number 3 [ 102.099696][ T5922] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 102.137272][ T6094] loop3: detected capacity change from 0 to 1024 [ 102.198126][ T6094] hfsplus: failed to load extents file [ 102.215380][ T6084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.250572][ T6084] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.274154][ T5922] usb 1-1: Using ep0 maxpacket: 32 [ 102.292499][ T5922] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d [ 102.316008][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0 [ 102.335598][ T5922] usb 1-1: Product: syz [ 102.364893][ T5922] usb 1-1: config 0 descriptor?? [ 102.434465][ T6096] netlink: 'syz.1.26': attribute type 5 has an invalid length. [ 102.501222][ T6096] ip6erspan0: entered promiscuous mode [ 102.519756][ T6090] loop2: detected capacity change from 0 to 65536 [ 102.594535][ T5922] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 102.624271][ T6090] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 102.637290][ T5922] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 102.664063][ T5922] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 102.679221][ T5922] usb 1-1: media controller created [ 102.724313][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 102.752912][ T6084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.774592][ T6090] XFS (loop2): Ending clean mount [ 102.799637][ T5922] az6027: usb out operation failed. (-71) [ 102.801323][ T6084] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.814461][ T5922] az6027: usb out operation failed. (-71) [ 102.825456][ T5922] stb0899_attach: Driver disabled by Kconfig [ 102.832298][ T5922] az6027: no front-end attached [ 102.832298][ T5922] [ 102.844990][ T5922] az6027: usb out operation failed. (-71) [ 102.852540][ T5922] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 102.864163][ T5922] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6 [ 102.879853][ T5922] dvb-usb: schedule remote query interval to 400 msecs. [ 102.888001][ T5922] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 102.904503][ T5922] usb 1-1: USB disconnect, device number 3 [ 102.929271][ T6090] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 [ 102.969577][ T6090] XFS (loop2): Unmount and run xfs_repair [ 102.982291][ T6090] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 103.029850][ T6090] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 103.056956][ T6090] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 103.084670][ T6090] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 103.095626][ T6090] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 103.106188][ T6090] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 103.116810][ T5922] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 103.145820][ T6090] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 103.157235][ T6084] netlink: 240 bytes leftover after parsing attributes in process `syz.1.26'. [ 103.180184][ T6084] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 103.209460][ T6090] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 103.219001][ T6090] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 103.228929][ T6090] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74 [ 103.258200][ T983] ipheth 2-1:8.39: ipheth_get_macaddr: usb_control_msg: -71 [ 103.276606][ T983] ipheth 2-1:8.39: probe with driver ipheth failed with error -71 [ 103.279644][ T43] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 103.307292][ T5856] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 103.314365][ T983] usb 2-1: USB disconnect, device number 2 [ 103.361586][ T5856] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair. [ 103.394064][ T6098] loop3: detected capacity change from 0 to 32768 [ 103.470644][ T6098] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 103.483209][ T43] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 103.504618][ T43] usb 5-1: config 0 has no interface number 0 [ 103.549600][ T43] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 103.582643][ T6098] XFS (loop3): Ending clean mount [ 103.639249][ T43] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 103.679159][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.698674][ T43] usb 5-1: Product: syz [ 103.706953][ T43] usb 5-1: Manufacturer: syz [ 103.719419][ T43] usb 5-1: SerialNumber: syz [ 103.737078][ T43] usb 5-1: config 0 descriptor?? [ 103.760478][ T6098] netlink: 'syz.3.29': attribute type 10 has an invalid length. [ 103.791779][ T6098] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.801535][ T6098] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.866732][ T6098] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.875699][ T6098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.884500][ T6098] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.892353][ T6098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.938934][ T6098] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 104.064470][ T5851] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 104.889305][ T983] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 105.011255][ T6127] loop0: detected capacity change from 0 to 32768 [ 105.028040][ T6127] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.34 (6127) [ 105.051165][ T6137] netlink: 56 bytes leftover after parsing attributes in process `syz.3.36'. [ 105.066866][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.36'. [ 105.079658][ T983] usb 2-1: Using ep0 maxpacket: 32 [ 105.086915][ T6127] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 105.088158][ T983] usb 2-1: New USB device found, idVendor=04cb, idProduct=013d, bcdDevice=b4.42 [ 105.111762][ T6131] loop2: detected capacity change from 0 to 32768 [ 105.120339][ T6127] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 105.137644][ T983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.139552][ T6127] BTRFS error (device loop0): ignoresuperflags must be used with ro mount option [ 105.166024][ T6131] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.32 (6131) [ 105.199722][ T6127] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 105.215275][ T983] usb 2-1: config 0 descriptor?? [ 105.218144][ T6127] BTRFS error (device loop0): open_ctree failed: -22 [ 105.281505][ T983] gspca_main: finepix-2.14.0 probing 04cb:013d [ 105.288812][ T6131] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 105.288910][ T6131] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.426802][ T60] BTRFS warning (device loop2): checksum verify failed on logical 1052672 mirror 1 wanted 0xdff074e1be93285e found 0x8b9074c4c7016c95 level 0 [ 105.510528][ T6131] BTRFS error (device loop2): failed to read chunk root [ 105.567346][ T6131] BTRFS error (device loop2): open_ctree failed: -5 [ 106.263795][ T6160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.276832][ T6160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 106.620148][ T43] usbtouchscreen 5-1:0.214: Failed to read FW rev: -71 [ 108.100253][ T43] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 109.996221][ T5845] usb 2-1: USB disconnect, device number 3 [ 110.353326][ T43] usb 5-1: USB disconnect, device number 4 [ 110.510415][ T6180] loop1: detected capacity change from 0 to 128 [ 111.386290][ T6194] loop0: detected capacity change from 0 to 128 [ 111.435036][ T6194] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.508013][ T6194] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 111.564391][ T6194] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 111.721940][ T6201] veth0_vlan: entered allmulticast mode [ 111.797613][ T5840] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.749340][ T6209] syz.1.51 uses obsolete (PF_INET,SOCK_PACKET) [ 112.780556][ T6212] loop2: detected capacity change from 0 to 32768 [ 112.806099][ T6212] (syz.2.48,6212,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 112.829540][ T6212] (syz.2.48,6212,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 112.939481][ T6212] JBD2: Ignoring recovery information on journal [ 112.997724][ T6212] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 113.118516][ T6183] loop3: detected capacity change from 0 to 65536 [ 113.165893][ T6209] loop1: detected capacity change from 0 to 4096 [ 113.185845][ T6183] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 113.309880][ T5922] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 113.356760][ T6183] XFS (loop3): Ending clean mount [ 113.491312][ T6183] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 [ 113.529167][ T6183] XFS (loop3): Unmount and run xfs_repair [ 113.535554][ T6183] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 113.547063][ T5856] ocfs2: Unmounting device (7,2) on (node local) [ 113.568019][ T5922] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 113.600067][ T5922] usb 5-1: config 0 has no interface number 0 [ 113.615120][ T6183] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 113.639841][ T5922] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 113.649230][ T6183] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 113.660271][ T5845] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 113.670898][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.693217][ T6183] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 113.700224][ T5922] usb 5-1: Product: syz [ 113.706621][ T6215] loop0: detected capacity change from 0 to 32768 [ 113.709679][ T5922] usb 5-1: Manufacturer: syz [ 113.731651][ T6183] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 113.754867][ T5922] usb 5-1: SerialNumber: syz [ 113.760600][ T6215] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.53 (6215) [ 113.785532][ T6183] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 113.804101][ T6215] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 113.817856][ T5922] usb 5-1: config 0 descriptor?? [ 113.829358][ T6215] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 113.849336][ T5845] usb 2-1: device descriptor read/64, error -71 [ 113.861277][ T6183] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 113.887401][ T6183] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 113.919699][ T6183] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 113.935727][ T6183] XFS (loop3): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74 [ 113.978963][ T6183] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 113.979013][ T6183] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 114.033951][ T5851] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 114.068264][ T6215] BTRFS info (device loop0): enabling ssd optimizations [ 114.068289][ T6215] BTRFS info (device loop0): enabling free space tree [ 114.117357][ T5845] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 114.269265][ T5845] usb 2-1: device descriptor read/64, error -71 [ 115.320846][ T5845] usb usb2-port1: attempt power cycle [ 115.376376][ T6218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.472480][ T5922] usb 5-1: Firmware version (0.0) predates our first public release. [ 116.439022][ T5922] usb 5-1: Please update to version 0.2 or newer [ 116.509668][ T6218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 116.694278][ T6248] loop2: detected capacity change from 0 to 262144 [ 116.752864][ T6248] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.56 (6248) [ 116.812349][ T6248] BTRFS info (device loop2): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 116.829939][ T6248] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 117.029023][ T5922] usb 5-1: USB disconnect, device number 5 [ 117.135166][ T5840] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 117.237517][ T6248] BTRFS info (device loop2): enabling ssd optimizations [ 117.247865][ T6248] BTRFS info (device loop2): enabling free space tree [ 117.304848][ T6248] BTRFS error (device loop2): balance: invalid convert data profile raid5 [ 117.419575][ T5856] BTRFS info (device loop2): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 117.649184][ T5922] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 118.329576][ T5922] usb 5-1: Using ep0 maxpacket: 32 [ 118.354854][ T5922] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d [ 118.410512][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0 [ 118.433014][ T5922] usb 5-1: Product: syz [ 118.487138][ T5922] usb 5-1: config 0 descriptor?? [ 118.729254][ T983] usb 2-1: new low-speed USB device number 7 using dummy_hcd [ 118.747599][ T5922] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 118.815211][ T5922] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 118.843942][ T5922] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 118.891800][ T5922] usb 5-1: media controller created [ 118.919701][ T983] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 118.949194][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 119.010691][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 119.011058][ T983] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 119.080278][ T5922] az6027: usb out operation failed. (-71) [ 119.098073][ T5922] az6027: usb out operation failed. (-71) [ 119.099286][ T5845] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 119.117311][ T5922] stb0899_attach: Driver disabled by Kconfig [ 119.119126][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 119.142443][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 119.170025][ T5922] az6027: no front-end attached [ 119.170025][ T5922] [ 119.186308][ T5922] az6027: usb out operation failed. (-71) [ 119.199209][ T5922] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 119.215551][ T983] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 119.228884][ T5922] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input8 [ 119.239309][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 119.286052][ T5922] dvb-usb: schedule remote query interval to 400 msecs. [ 119.295122][ T983] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 119.319284][ T5922] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 119.319288][ T5845] usb 3-1: Using ep0 maxpacket: 8 [ 119.349503][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 119.397276][ T5922] usb 5-1: USB disconnect, device number 6 [ 119.406943][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 119.471172][ T983] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 119.480074][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 119.499756][ T983] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 119.537971][ T5845] usb 3-1: unable to get BOS descriptor or descriptor too short [ 119.549526][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 119.592137][ T5845] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 119.639311][ T983] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 119.653275][ T5845] usb 3-1: can't read configurations, error -71 [ 119.690749][ T983] usb 2-1: string descriptor 0 read error: -22 [ 119.714947][ T983] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 119.760511][ T5922] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 119.761310][ T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.800910][ T6302] loop4: detected capacity change from 0 to 16 [ 119.845184][ T6302] erofs (device loop4): mounted with root inode @ nid 36. [ 119.861811][ T983] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 120.152855][ T6306] fuse: Bad value for 'fd' [ 120.163649][ T6297] loop3: detected capacity change from 0 to 32768 [ 120.252690][ T6287] loop1: detected capacity change from 0 to 8192 [ 120.283432][ T6297] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 120.331298][ T5845] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 120.387936][ T6316] loop4: detected capacity change from 0 to 512 [ 120.472806][ T6297] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50. [ 120.526336][ T5845] usb 3-1: config 243 has an invalid interface number: 188 but max is 0 [ 120.531238][ T5922] usb 2-1: USB disconnect, device number 7 [ 120.567952][ T5845] usb 3-1: config 243 has an invalid descriptor of length 0, skipping remainder of the config [ 120.569969][ T6297] XFS (loop3): Tail block (0x29) overwrite detected. Updated to 0x30 [ 120.626697][ T5845] usb 3-1: config 243 has no interface number 0 [ 120.669544][ T5845] usb 3-1: config 243 interface 188 has no altsetting 0 [ 120.679606][ T6297] XFS (loop3): Ending clean mount [ 120.718822][ T6297] XFS (loop3): Quotacheck needed: Please wait. [ 120.719904][ T5845] usb 3-1: config 243 has an invalid interface number: 188 but max is 0 [ 120.764974][ T13] XFS (loop3): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x1803 dinode [ 120.787506][ T6323] loop4: detected capacity change from 0 to 1024 [ 120.799185][ T5845] usb 3-1: config 243 has an invalid descriptor of length 0, skipping remainder of the config [ 120.804750][ T13] XFS (loop3): Unmount and run xfs_repair [ 120.845943][ T13] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 120.853880][ T5845] usb 3-1: config 243 has no interface number 0 [ 120.873599][ T13] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00 INA............. [ 120.879895][ T5845] usb 3-1: config 243 interface 188 has no altsetting 0 [ 120.886316][ T6284] loop0: detected capacity change from 0 to 65536 [ 120.900735][ T13] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 120.911649][ T5845] usb 3-1: config 243 has an invalid interface number: 188 but max is 0 [ 120.914198][ T13] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 e2 bf 3d 4.Xh....4.Xh...= [ 120.932071][ T13] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 20 4.Xh...=....... [ 120.943598][ T13] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 120.952912][ T5845] usb 3-1: config 243 has an invalid descriptor of length 0, skipping remainder of the config [ 120.959003][ T13] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 ca e6 3d c1 ..............=. [ 120.984855][ T6284] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 120.996465][ T5845] usb 3-1: config 243 has no interface number 0 [ 121.003566][ T5845] usb 3-1: config 243 interface 188 has no altsetting 0 [ 121.013090][ T13] 00000060: ff ff ff ff 6e d0 e3 2d 00 00 00 00 00 00 00 04 ....n..-........ [ 121.024899][ T5845] usb 3-1: config 243 has an invalid interface number: 188 but max is 0 [ 121.034336][ T5845] usb 3-1: config 243 has an invalid descriptor of length 0, skipping remainder of the config [ 121.045653][ T13] 00000070: 00 00 00 03 00 00 00 10 00 00 00 00 00 00 00 06 ................ [ 121.055529][ T5845] usb 3-1: config 243 has no interface number 0 [ 121.087086][ T6297] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 121.119188][ T5845] usb 3-1: config 243 interface 188 has no altsetting 0 [ 121.163707][ T5845] usb 3-1: config 243 has an invalid interface number: 188 but max is 0 [ 121.199037][ T6284] XFS (loop0): Ending clean mount [ 121.209490][ T5845] usb 3-1: config 243 has an invalid descriptor of length 0, skipping remainder of the config [ 121.271159][ T5845] usb 3-1: config 243 has no interface number 0 [ 121.309132][ T5845] usb 3-1: config 243 interface 188 has no altsetting 0 [ 121.345572][ T5851] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 121.352589][ T5845] usb 3-1: New USB device found, idVendor=046d, idProduct=0850, bcdDevice=54.0a [ 121.378742][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.401291][ T5851] XFS (loop3): Uncorrected metadata errors detected; please run xfs_repair. [ 121.421066][ T5840] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 121.439264][ T5845] usb 3-1: Product: syz [ 121.443494][ T5845] usb 3-1: Manufacturer: syz [ 121.448895][ T5845] usb 3-1: SerialNumber: syz [ 123.220637][ T5845] gspca_main: 046d:0850 too many config [ 123.231490][ T6336] loop4: detected capacity change from 0 to 32768 [ 123.250408][ T5845] usb 3-1: unknown interface protocol 0xc1, assuming v1 [ 123.258297][ T5845] usb 3-1: cannot find UAC_HEADER [ 123.307883][ T6336] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.69 (6336) [ 123.395833][ T6336] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 123.422266][ T6336] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 123.456769][ T5845] snd-usb-audio 3-1:243.188: probe with driver snd-usb-audio failed with error -22 [ 123.524824][ T5845] usb 3-1: USB disconnect, device number 3 [ 123.584663][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 123.609698][ T5855] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 123.622404][ T6373] loop2: detected capacity change from 0 to 128 [ 123.674675][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:243.188/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 123.694634][ T6373] EXT4-fs: mb_optimize_scan should be set to 0 or 1. [ 123.807193][ T6336] BTRFS info (device loop4): enabling ssd optimizations [ 123.825395][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 123.835540][ T5855] usb 1-1: Using ep0 maxpacket: 16 [ 123.871472][ T5855] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.894075][ T9] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d [ 123.942686][ T6336] BTRFS info (device loop4): enabling free space tree [ 123.974180][ T9] usb 4-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0 [ 123.983009][ T5855] usb 1-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.40 [ 124.020248][ T9] usb 4-1: Product: syz [ 124.024867][ T5855] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.040855][ T6367] loop1: detected capacity change from 0 to 65536 [ 124.087145][ T9] usb 4-1: config 0 descriptor?? [ 124.097910][ T5855] usb 1-1: Product: syz [ 124.108876][ T6367] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 124.352972][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 124.360641][ T5855] usb 1-1: Manufacturer: syz [ 124.368625][ T5855] usb 1-1: SerialNumber: syz [ 124.375402][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 124.388520][ T6367] XFS (loop1): Ending clean mount [ 124.395933][ T5855] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input9 [ 124.451901][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 124.848633][ T6400] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 [ 124.974976][ T6400] XFS (loop1): Unmount and run xfs_repair [ 124.999275][ T9] usb 4-1: media controller created [ 125.008255][ T6400] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 125.077766][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 125.105474][ T6358] loop0: detected capacity change from 0 to 4096 [ 125.115949][ T6400] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 125.123393][ T5844] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 125.157598][ T6358] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 125.191176][ T6400] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 125.214090][ T9] az6027: usb out operation failed. (-71) [ 125.216686][ T6358] ntfs3(loop0): ino=3, mi_enum_attr [ 125.229466][ T9] az6027: usb out operation failed. (-71) [ 125.237801][ T9] stb0899_attach: Driver disabled by Kconfig [ 125.267248][ T6400] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 125.310949][ T6400] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 125.324158][ T9] az6027: no front-end attached [ 125.324158][ T9] [ 125.354138][ T9] az6027: usb out operation failed. (-71) [ 125.363192][ T6400] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 125.397723][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 125.437667][ T6400] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 125.479982][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input10 [ 125.524515][ T6400] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 125.572604][ T9] dvb-usb: schedule remote query interval to 400 msecs. [ 125.599369][ T6400] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 125.639710][ T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 125.656382][ T980] usb 1-1: USB disconnect, device number 4 [ 125.665418][ T5197] bcm5974 1-1:1.0: could not read from device [ 125.681178][ T6400] XFS (loop1): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74 [ 125.702641][ T9] usb 4-1: USB disconnect, device number 2 [ 125.736978][ T6074] bcm5974 1-1:1.0: could not read from device [ 125.784952][ T6400] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 125.840047][ T6409] mmap: syz.4.79 (6409) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 125.898870][ T6400] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 126.040334][ T6412] loop3: detected capacity change from 0 to 256 [ 126.074416][ T5850] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 126.133808][ T6412] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xfe61a292, utbl_chksum : 0xe619d30d) [ 126.191878][ T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 126.353356][ T6416] Zero length message leads to an empty skb [ 126.633692][ T6426] loop0: detected capacity change from 0 to 512 [ 126.710771][ T6431] syzkaller0: entered promiscuous mode [ 126.779621][ T6431] syzkaller0: entered allmulticast mode [ 126.794850][ T6426] EXT4-fs warning (device loop0): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop0. [ 126.853231][ T6427] tipc: Started in network mode [ 126.868590][ T6427] tipc: Node identity 568f8341eb95, cluster identity 4711 [ 126.927120][ T6427] tipc: Enabled bearer , priority 0 [ 126.985991][ T6436] loop2: detected capacity change from 0 to 4096 [ 127.031819][ T6436] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 127.104012][ T6426] tipc: Resetting bearer [ 127.117904][ T6436] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 127.162099][ T6436] ntfs3(loop2): ino=1a, mi_enum_attr [ 127.179967][ T6436] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 127.194300][ T6426] tipc: Disabling bearer [ 127.982835][ T6442] loop4: detected capacity change from 0 to 64 [ 128.040737][ T6442] hfs: Unknown parameter '' [ 129.093226][ T6452] loop4: detected capacity change from 0 to 64 [ 129.427536][ T6454] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 130.110515][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.110515][ T13] loop4: rw=1, sector=65, nr_sectors = 1 limit=64 [ 130.177933][ T13] Buffer I/O error on dev loop4, logical block 65, lost async page write [ 130.211385][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.211385][ T13] loop4: rw=1, sector=66, nr_sectors = 1 limit=64 [ 130.258013][ T13] Buffer I/O error on dev loop4, logical block 66, lost async page write [ 130.278765][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.278765][ T13] loop4: rw=1, sector=67, nr_sectors = 1 limit=64 [ 130.305580][ T13] Buffer I/O error on dev loop4, logical block 67, lost async page write [ 130.481951][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.481951][ T13] loop4: rw=1, sector=68, nr_sectors = 1 limit=64 [ 130.497278][ T13] Buffer I/O error on dev loop4, logical block 68, lost async page write [ 130.507256][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.507256][ T13] loop4: rw=1, sector=72, nr_sectors = 1 limit=64 [ 130.521500][ T13] Buffer I/O error on dev loop4, logical block 72, lost async page write [ 130.531134][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.531134][ T13] loop4: rw=1, sector=73, nr_sectors = 1 limit=64 [ 130.545545][ T13] Buffer I/O error on dev loop4, logical block 73, lost async page write [ 130.554761][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.554761][ T13] loop4: rw=1, sector=76, nr_sectors = 1 limit=64 [ 130.568890][ T13] Buffer I/O error on dev loop4, logical block 76, lost async page write [ 130.616111][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.616111][ T13] loop4: rw=1, sector=77, nr_sectors = 1 limit=64 [ 130.632054][ T13] Buffer I/O error on dev loop4, logical block 77, lost async page write [ 130.643076][ T13] kworker/u8:1: attempt to access beyond end of device [ 130.643076][ T13] loop4: rw=1, sector=78, nr_sectors = 363 limit=64 [ 130.690193][ T980] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 131.086878][ T980] usb 1-1: not running at top speed; connect to a high speed hub [ 132.804295][ T980] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 133.615824][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.664355][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.607125][ T980] usb 1-1: config 1 interface 0 has no altsetting 0 [ 134.659481][ T980] usb 1-1: string descriptor 0 read error: -71 [ 134.669262][ T980] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 134.678951][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.699321][ T980] usb 1-1: can't set config #1, error -71 [ 134.715505][ T980] usb 1-1: USB disconnect, device number 5 [ 134.942050][ T6484] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 134.967199][ T6480] loop2: detected capacity change from 0 to 4096 [ 135.014141][ T6485] kvm: pic: level sensitive irq not supported [ 135.014374][ T6485] kvm: pic: non byte read [ 135.046750][ T6485] kvm: pic: level sensitive irq not supported [ 135.046819][ T6485] kvm: pic: non byte read [ 135.611759][ T6490] loop4: detected capacity change from 0 to 4096 [ 135.651911][ T6490] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 135.788782][ T6490] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 135.843937][ T6490] ntfs3(loop4): ino=1a, mi_enum_attr [ 135.859474][ T6490] ntfs3(loop4): Failed to initialize $Extend/$ObjId. [ 136.510578][ T6509] loop2: detected capacity change from 0 to 256 [ 136.932762][ T6518] loop2: detected capacity change from 0 to 2048 [ 136.963137][ T6518] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 137.033905][ T6497] loop1: detected capacity change from 0 to 32768 [ 137.062602][ T6519] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 137.091052][ T6497] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.104 (6497) [ 137.186616][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 137.205923][ T6497] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 137.216413][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 137.257141][ T6497] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 137.279325][ T6518] Remounting filesystem read-only [ 137.286131][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 137.370522][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 137.468760][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 137.489535][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 137.546034][ T6497] BTRFS info (device loop1): enabling ssd optimizations [ 137.559715][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 137.589302][ T6497] BTRFS info (device loop1): enabling free space tree [ 137.606141][ T6514] loop4: detected capacity change from 0 to 32768 [ 137.647703][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 137.704178][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 137.758332][ T6514] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 137.779491][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 137.923279][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 137.992395][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 138.080332][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 138.135810][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 138.786393][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 138.854179][ T5844] ocfs2: Unmounting device (7,4) on (node local) [ 138.871994][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 138.907961][ T5850] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 138.940274][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 138.953168][ T6560] comedi comedi0: Minor 512 is invalid! [ 139.022350][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 139.068408][ T6562] loop4: detected capacity change from 0 to 1024 [ 139.081518][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 139.149854][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 139.214445][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 139.240407][ T6562] hfsplus: bad catalog entry type [ 139.259229][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 139.315049][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 139.377732][ T5922] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 139.377738][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 139.388548][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 139.447972][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 139.487731][ T6571] loop4: detected capacity change from 0 to 128 [ 139.521085][ T6518] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 139.566154][ T6518] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 139.570794][ T6572] loop3: detected capacity change from 0 to 64 [ 139.615150][ T30] audit: type=1800 audit(1759647377.311:3): pid=6518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.111" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 139.789310][ T5922] usb 1-1: device not accepting address 6, error -71 [ 139.818391][ T6578] loop2: detected capacity change from 0 to 8 [ 139.832892][ T6578] squashfs: Unknown parameter 'xe pQq?>u捦.)+t-y]-2d7yޛ.ׇ&\3' [ 140.009677][ T6576] loop4: detected capacity change from 0 to 32768 [ 140.074934][ T6576] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 140.172592][ T6576] XFS (loop4): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:80). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 140.192422][ T6576] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xe0, xfs_inobt block 0x18 [ 140.208653][ T6576] XFS (loop4): Unmount and run xfs_repair [ 140.216474][ T6576] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 140.224666][ T6576] 00000000: 49 41 42 33 00 00 00 01 ff ff ff ff ff ff ff ff IAB3............ [ 140.234678][ T6576] 00000010: 00 00 00 00 00 00 00 18 00 00 00 02 00 00 00 10 ................ [ 140.244264][ T6576] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 140.254188][ T6576] 00000030: 00 00 00 00 f0 ea ad a5 00 00 11 40 00 00 40 37 ...........@..@7 [ 140.263481][ T6576] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 140.272672][ T6576] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 140.282193][ T6576] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 140.294377][ T6576] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 140.306613][ T6576] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x18 len 8 error 74 [ 140.319258][ T6576] XFS (loop4): Failed to read root inode 0x1140, error 117 [ 140.328103][ T6576] XFS (loop4): Uncorrected metadata errors detected; please run xfs_repair. [ 140.606292][ T6601] capability: warning: `syz.3.135' uses 32-bit capabilities (legacy support in use) [ 140.635550][ T6599] loop2: detected capacity change from 0 to 4096 [ 140.664935][ T6601] loop3: detected capacity change from 0 to 1024 [ 140.783671][ T6605] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 140.864592][ T6608] netlink: 24 bytes leftover after parsing attributes in process `syz.1.138'. [ 140.922619][ T6601] hfsplus: xattr searching failed [ 140.934312][ T6601] hfsplus: xattr searching failed [ 140.946614][ T6601] hfsplus: xattr searching failed [ 141.121759][ T6615] loop2: detected capacity change from 0 to 64 [ 141.169021][ T6614] loop4: detected capacity change from 0 to 1024 [ 141.183691][ T6615] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. [ 141.226338][ T6615] hfs: filesystem is marked locked, mounting read-only. [ 141.333802][ T6619] loop0: detected capacity change from 0 to 8 [ 141.472480][ T6619] SQUASHFS error: xz decompression failed, data probably corrupt [ 141.498289][ T6619] SQUASHFS error: Failed to read block 0x108: -5 [ 141.530823][ T6625] netlink: 'syz.2.145': attribute type 1 has an invalid length. [ 141.541758][ T6619] SQUASHFS error: Unable to read metadata cache entry [106] [ 141.580809][ T6619] SQUASHFS error: Unable to read inode 0x11f [ 141.803721][ T6634] bond1: (slave bridge1): making interface the new active one [ 141.855138][ T6634] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 141.920643][ T6636] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 141.942928][ T6625] macvlan2: entered promiscuous mode [ 141.948830][ T6625] macvlan2: entered allmulticast mode [ 141.956699][ T6625] bond1: entered promiscuous mode [ 141.964794][ T6625] bridge1: entered promiscuous mode [ 141.979208][ T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 141.999836][ T6625] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 142.028712][ T6625] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 142.048503][ T6647] serio: Serial port ptm0 [ 142.058512][ T6625] bond1: left promiscuous mode [ 142.064727][ T6625] bridge1: left promiscuous mode [ 142.151750][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 142.173799][ T43] usb 4-1: config 0 has an invalid interface number: 56 but max is 0 [ 142.189231][ T43] usb 4-1: config 0 has no interface number 0 [ 142.208275][ T43] usb 4-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 142.219590][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.227781][ T43] usb 4-1: Product: syz [ 142.263110][ T43] usb 4-1: Manufacturer: syz [ 142.267937][ T43] usb 4-1: SerialNumber: syz [ 142.322574][ T43] usb 4-1: config 0 descriptor?? [ 142.353390][ T43] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 142.391931][ T43] pctv452e: pctv452e_power_ctrl: 1 [ 142.391931][ T43] [ 142.412574][ T43] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 142.412574][ T43] [ 142.448313][ T43] dvb-usb: bulk message failed: -22 (5/0) [ 142.479974][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 142.542608][ T6664] netlink: 28 bytes leftover after parsing attributes in process `syz.2.161'. [ 142.552437][ T6664] netlink: 28 bytes leftover after parsing attributes in process `syz.2.161'. [ 142.558634][ T43] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600) [ 142.576457][ T6638] dvb-usb: bulk message failed: -22 (7/0) [ 142.589241][ T6638] pctv452e: I2C error -22; AA 01 00 00 00 -> aa 01 31 03 00 00 00 [ 142.595326][ T6664] bridge0: entered promiscuous mode [ 142.611172][ T43] usb 4-1: media controller created [ 142.629015][ T43] dvb-usb: bulk message failed: -22 (8/0) [ 142.637099][ T980] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 142.645734][ T43] pctv452e: I2C error -22; AA 02 A0 01 14 -> aa 02 31 04 a0 01 14 [ 142.667764][ T43] dvb-usb: MAC address reading failed. [ 142.672888][ T6664] ip6gretap0: entered promiscuous mode [ 142.722416][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 142.789270][ T980] usb 5-1: device descriptor read/64, error -71 [ 142.820295][ T43] DVB: Unable to find symbol stb0899_attach() [ 142.830268][ T43] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600' [ 142.920021][ T43] rc_core: IR keymap rc-tt-1500 not found [ 142.927569][ T43] Registered IR keymap rc-empty [ 142.936933][ T43] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 142.952606][ T43] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input11 [ 142.971035][ T43] dvb-usb: schedule remote query interval to 100 msecs. [ 142.999204][ T43] pctv452e: pctv452e_power_ctrl: 0 [ 142.999204][ T43] [ 143.018256][ T43] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected. [ 143.039993][ T43] usb 4-1: USB disconnect, device number 3 [ 143.049244][ T980] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 143.199181][ T980] usb 5-1: device descriptor read/64, error -71 [ 143.260246][ T43] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected. [ 143.323696][ T6665] loop1: detected capacity change from 0 to 32768 [ 143.331383][ T980] usb usb5-port1: attempt power cycle [ 143.381199][ T6665] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 144.115072][ T6687] loop2: detected capacity change from 0 to 1024 [ 144.124314][ T5850] ocfs2: Unmounting device (7,1) on (node local) [ 144.146767][ T6691] sctp: [Deprecated]: syz.3.169 (pid 6691) Use of int in max_burst socket option deprecated. [ 144.146767][ T6691] Use struct sctp_assoc_value instead [ 144.195873][ T6687] overlay: filesystem on ./file0 not supported [ 144.239791][ T980] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 144.269961][ T980] usb 5-1: device descriptor read/8, error -71 [ 144.387111][ T36] hfsplus: b-tree write err: -5, ino 4 [ 144.425124][ T6695] loop3: detected capacity change from 0 to 512 [ 144.474641][ T6695] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 144.656319][ T6693] loop1: detected capacity change from 0 to 32768 [ 144.675536][ T6695] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 144.677518][ T6693] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 144.694784][ T6693] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 144.747510][ T6693] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 144.806058][ T6693] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 144.916298][ T980] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 144.950311][ T980] usb 5-1: device descriptor read/8, error -71 [ 145.079561][ T980] usb usb5-port1: unable to enumerate USB device [ 145.192485][ T6709] loop2: detected capacity change from 0 to 256 [ 145.682335][ T6727] loop1: detected capacity change from 0 to 1024 [ 145.777476][ T6727] hfsplus: Unknown parameter '?-֭ƾP-@+S0xffffffffffffffff000000000000000000000001jKaf.}. [.m1`eTѢupQFE?N')' [ 146.037123][ T6726] loop4: detected capacity change from 0 to 32768 [ 146.104085][ T6726] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 146.113142][ T6726] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 146.136905][ T6727] loop1: detected capacity change from 0 to 2048 [ 146.150820][ T6727] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 146.162376][ T6726] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms [ 146.173452][ T6739] loop3: detected capacity change from 0 to 512 [ 146.177655][ T5855] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 146.188825][ T6727] NILFS (loop1): mounting unchecked fs [ 146.194439][ T5855] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 146.220457][ T6739] EXT4-fs: Ignoring removed mblk_io_submit option [ 146.240415][ T6739] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 146.256787][ T6727] NILFS (loop1): recovery complete [ 146.283404][ T6740] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.308095][ T6739] EXT4-fs (loop3): 1 truncate cleaned up [ 146.341994][ T30] audit: type=1800 audit(1759647384.041:4): pid=6727 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.185" name="file1" dev="loop1" ino=12 res=0 errno=0 [ 146.377889][ T6739] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.427143][ T5855] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 232ms [ 146.491141][ T5855] gfs2: fsid=syz:syz.0: jid=0: Done [ 146.529814][ T6726] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 146.599574][ T6748] loop0: detected capacity change from 0 to 512 [ 146.610784][ T6748] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 146.689988][ T6748] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 146.728511][ T6748] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.190: bg 0: block 248: padding at end of block bitmap is not set [ 146.730375][ T6751] process '/newroot/43/file0' started with executable stack [ 146.754982][ T6748] Quota error (device loop0): write_blk: dquota write failed [ 146.769700][ T6748] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 146.783662][ T6748] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.190: Failed to acquire dquot type 1 [ 146.800592][ T6726] gfs2: fsid=syz:syz.0: found 1 quota changes [ 146.814729][ T6748] EXT4-fs (loop0): 1 truncate cleaned up [ 146.826926][ T6748] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 146.869881][ T6748] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 146.883110][ T6748] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 146.894887][ T6748] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.190: Failed to acquire dquot type 1 [ 146.991103][ T5851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.001615][ T5840] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 147.018777][ T6035] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5 [ 147.055361][ T6035] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:9: Failed to release dquot type 1 [ 147.096632][ T6756] netlink: 20 bytes leftover after parsing attributes in process `syz.2.195'. [ 147.143252][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.195'. [ 147.323312][ T6754] loop1: detected capacity change from 0 to 32768 [ 147.334649][ T6756] bond2: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 147.368243][ T6754] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.191 (6754) [ 147.392635][ T6754] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 147.405030][ T6754] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 147.425356][ T6756] bond2 (unregistering): Released all slaves [ 147.565734][ T6754] BTRFS info (device loop1): enabling ssd optimizations [ 147.575204][ T6754] BTRFS info (device loop1): enabling free space tree [ 147.583080][ T6754] BTRFS info (device loop1): use zstd compression, level 3 [ 147.997866][ T5850] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 148.042688][ T6785] loop3: detected capacity change from 0 to 1024 [ 148.081289][ T6785] EXT4-fs: Ignoring removed orlov option [ 148.106932][ T6785] EXT4-fs: inline encryption not supported [ 148.179257][ T6785] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869) [ 148.253312][ T6788] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 148.261630][ T6785] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 148.401448][ T6785] EXT4-fs (loop3): invalid journal inode [ 148.420304][ T6785] EXT4-fs (loop3): can't get journal size [ 148.481848][ T6785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 148.795725][ T5851] EXT4-fs error (device loop3): __ext4_iget:5435: inode #15: block 1803188595: comm syz-executor: invalid block [ 148.802804][ T6779] loop0: detected capacity change from 0 to 32768 [ 148.878356][ T5851] EXT4-fs error (device loop3): __ext4_iget:5435: inode #15: block 1803188595: comm syz-executor: invalid block [ 148.934028][ T6779] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 149.023166][ T6779] XFS (loop0): Ending clean mount [ 149.036105][ T6779] XFS (loop0): Quotacheck needed: Please wait. [ 149.103686][ T6779] XFS (loop0): Quotacheck: Done. [ 149.190146][ T5855] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 149.243993][ T6817] xfs: Unknown parameter '184467440737095516150x000000000000000018446744073709551615' [ 149.264026][ T6815] loop1: detected capacity change from 0 to 32768 [ 149.277429][ T6802] "syz.2.205" (6802) uses obsolete ecb(arc4) skcipher [ 149.329854][ T6815] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 149.399686][ T5855] usb 5-1: Using ep0 maxpacket: 16 [ 149.429894][ T5855] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 149.448760][ T5855] usb 5-1: config 0 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 149.466422][ T6822] loop2: detected capacity change from 0 to 128 [ 149.524963][ T5850] ocfs2: Unmounting device (7,1) on (node local) [ 149.550463][ T5855] usb 5-1: config 0 interface 0 has no altsetting 0 [ 149.557569][ T5855] usb 5-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 149.619169][ T5855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.649453][ T5855] usb 5-1: config 0 descriptor?? [ 149.668583][ T5855] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 149.750869][ T6824] loop1: detected capacity change from 0 to 164 [ 149.928270][ T30] audit: type=1326 audit(1759647387.621:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6b98eec9 code=0x7ffc0000 [ 150.114337][ T6826] loop2: detected capacity change from 0 to 32768 [ 150.155995][ T5855] usb 5-1: USB disconnect, device number 11 [ 150.191434][ T6826] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.211 (6826) [ 150.352046][ T6826] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 150.359389][ T30] audit: type=1326 audit(1759647387.651:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6b98eec9 code=0x7ffc0000 [ 150.362637][ T6826] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 150.393952][ T6826] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 150.456505][ T30] audit: type=1326 audit(1759647387.651:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f0c6b98eec9 code=0x7ffc0000 [ 150.490775][ T5851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.562248][ T30] audit: type=1326 audit(1759647387.651:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.1.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6b98eec9 code=0x7ffc0000 [ 150.651358][ T5840] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 150.733042][ T6826] BTRFS info (device loop2): rebuilding free space tree [ 150.762916][ T6826] BTRFS info (device loop2): disabling free space tree [ 150.771236][ T6826] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 150.782878][ T6826] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 150.813156][ T6826] BTRFS info (device loop2): checking UUID tree [ 150.838509][ T6826] BTRFS info (device loop2): enabling ssd optimizations [ 150.847690][ T6826] BTRFS info (device loop2): turning off barriers [ 150.854760][ T6826] BTRFS info (device loop2): disabling tree log [ 150.861244][ T6826] BTRFS info (device loop2): turning on flush-on-commit [ 150.869143][ T6826] BTRFS info (device loop2): enabling disk space caching [ 150.876257][ T6826] BTRFS info (device loop2): force clearing of disk cache [ 150.883776][ T6826] BTRFS info (device loop2): use zstd compression, level 3 [ 150.891353][ T6826] BTRFS info (device loop2): max_inline set to 0 [ 151.191644][ T5856] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 151.667002][ T6863] loop1: detected capacity change from 0 to 128 [ 151.844766][ T6857] loop0: detected capacity change from 0 to 40427 [ 151.853848][ T6857] F2FS-fs (loop0): build fault injection rate: 690 [ 151.866605][ T6857] F2FS-fs (loop0): invalid crc value [ 151.977805][ T6857] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 151.991223][ T6857] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 152.031381][ T6857] syz.0.219: attempt to access beyond end of device [ 152.031381][ T6857] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 152.048925][ T6857] CPU: 0 UID: 0 PID: 6857 Comm: syz.0.219 Not tainted syzkaller #0 PREEMPT(full) [ 152.048954][ T6857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 152.048967][ T6857] Call Trace: [ 152.048976][ T6857] [ 152.048984][ T6857] dump_stack_lvl+0x189/0x250 [ 152.049019][ T6857] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.049047][ T6857] ? __pfx_queue_work_on+0x10/0x10 [ 152.049063][ T6857] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 152.049086][ T6857] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 152.049117][ T6857] f2fs_handle_critical_error+0x37c/0x540 [ 152.049147][ T6857] f2fs_write_end_io+0x886/0xb60 [ 152.049190][ T6857] __submit_merged_bio+0x27a/0x6a0 [ 152.049217][ T6857] __submit_merged_write_cond+0x255/0x530 [ 152.049249][ T6857] f2fs_write_data_pages+0x261d/0x3000 [ 152.049309][ T6857] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 152.049407][ T6857] ? __lock_acquire+0xab9/0xd20 [ 152.049439][ T6857] ? do_raw_spin_lock+0x121/0x290 [ 152.049483][ T6857] ? do_raw_spin_unlock+0x122/0x240 [ 152.049506][ T6857] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 152.049527][ T6857] do_writepages+0x32e/0x550 [ 152.049557][ T6857] ? do_raw_spin_unlock+0x122/0x240 [ 152.049582][ T6857] filemap_fdatawrite+0x199/0x240 [ 152.049601][ T6857] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 152.049664][ T6857] ? do_raw_spin_unlock+0x122/0x240 [ 152.049692][ T6857] f2fs_sync_dirty_inodes+0x31f/0x830 [ 152.049735][ T6857] f2fs_write_checkpoint+0x93e/0x2440 [ 152.049800][ T6857] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 152.049824][ T6857] ? lockdep_unlock+0x89/0x120 [ 152.049896][ T6857] ? down_write+0x162/0x1f0 [ 152.049921][ T6857] ? __pfx_down_write+0x10/0x10 [ 152.049957][ T6857] f2fs_issue_checkpoint+0x3b8/0x610 [ 152.049986][ T6857] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 152.050027][ T6857] ? __lock_acquire+0xab9/0xd20 [ 152.050089][ T6857] ? f2fs_sync_fs+0x200/0x3d0 [ 152.050113][ T6857] f2fs_do_sync_file+0x869/0x1860 [ 152.050149][ T6857] ? __pfx_f2fs_do_sync_file+0x10/0x10 [ 152.050216][ T6857] ? __fget_files+0x2a/0x420 [ 152.050238][ T6857] ? __fget_files+0x3a0/0x420 [ 152.050259][ T6857] ? __fget_files+0x2a/0x420 [ 152.050284][ T6857] ? f2fs_sync_file+0xe9/0x160 [ 152.050314][ T6857] __x64_sys_fsync+0x18e/0x1f0 [ 152.050345][ T6857] do_syscall_64+0xfa/0xfa0 [ 152.050367][ T6857] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.050387][ T6857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.050406][ T6857] ? clear_bhb_loop+0x60/0xb0 [ 152.050430][ T6857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.050448][ T6857] RIP: 0033:0x7f70a318eec9 [ 152.050525][ T6857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.050541][ T6857] RSP: 002b:00007f70a40fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000004a [ 152.050568][ T6857] RAX: ffffffffffffffda RBX: 00007f70a33e5fa0 RCX: 00007f70a318eec9 [ 152.050582][ T6857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 152.050593][ T6857] RBP: 00007f70a3211f91 R08: 0000000000000000 R09: 0000000000000000 [ 152.050603][ T6857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.050614][ T6857] R13: 00007f70a33e6038 R14: 00007f70a33e5fa0 R15: 00007ffd10c36988 [ 152.050649][ T6857] [ 152.421403][ T6857] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 152.433729][ T6857] CPU: 0 UID: 0 PID: 6857 Comm: syz.0.219 Not tainted syzkaller #0 PREEMPT(full) [ 152.433753][ T6857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 152.433765][ T6857] Call Trace: [ 152.433771][ T6857] [ 152.433778][ T6857] dump_stack_lvl+0x189/0x250 [ 152.433810][ T6857] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.433832][ T6857] ? __pfx_queue_work_on+0x10/0x10 [ 152.433859][ T6857] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 152.433881][ T6857] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 152.433914][ T6857] f2fs_handle_critical_error+0x37c/0x540 [ 152.433942][ T6857] f2fs_write_end_io+0x886/0xb60 [ 152.433983][ T6857] __submit_merged_bio+0x27a/0x6a0 [ 152.434013][ T6857] __submit_merged_write_cond+0x255/0x530 [ 152.434043][ T6857] f2fs_write_data_pages+0x261d/0x3000 [ 152.434102][ T6857] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 152.434195][ T6857] ? __lock_acquire+0xab9/0xd20 [ 152.434230][ T6857] ? do_raw_spin_lock+0x121/0x290 [ 152.434262][ T6857] ? do_raw_spin_unlock+0x122/0x240 [ 152.434284][ T6857] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 152.434308][ T6857] do_writepages+0x32e/0x550 [ 152.434340][ T6857] ? do_raw_spin_unlock+0x122/0x240 [ 152.434365][ T6857] filemap_fdatawrite+0x199/0x240 [ 152.434385][ T6857] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 152.434445][ T6857] ? do_raw_spin_unlock+0x122/0x240 [ 152.434471][ T6857] f2fs_sync_dirty_inodes+0x31f/0x830 [ 152.434510][ T6857] f2fs_write_checkpoint+0x93e/0x2440 [ 152.434564][ T6857] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 152.434585][ T6857] ? lockdep_unlock+0x89/0x120 [ 152.434638][ T6857] ? down_write+0x162/0x1f0 [ 152.434662][ T6857] ? __pfx_down_write+0x10/0x10 [ 152.434697][ T6857] f2fs_issue_checkpoint+0x3b8/0x610 [ 152.434738][ T6857] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 152.434779][ T6857] ? __lock_acquire+0xab9/0xd20 [ 152.434838][ T6857] ? f2fs_sync_fs+0x200/0x3d0 [ 152.434868][ T6857] f2fs_do_sync_file+0x869/0x1860 [ 152.434901][ T6857] ? __pfx_f2fs_do_sync_file+0x10/0x10 [ 152.434962][ T6857] ? __fget_files+0x2a/0x420 [ 152.434981][ T6857] ? __fget_files+0x3a0/0x420 [ 152.435007][ T6857] ? __fget_files+0x2a/0x420 [ 152.435030][ T6857] ? f2fs_sync_file+0xe9/0x160 [ 152.435054][ T6857] __x64_sys_fsync+0x18e/0x1f0 [ 152.435091][ T6857] do_syscall_64+0xfa/0xfa0 [ 152.435108][ T6857] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.435128][ T6857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.435153][ T6857] ? clear_bhb_loop+0x60/0xb0 [ 152.435176][ T6857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.435193][ T6857] RIP: 0033:0x7f70a318eec9 [ 152.435228][ T6857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.435243][ T6857] RSP: 002b:00007f70a40fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000004a [ 152.435262][ T6857] RAX: ffffffffffffffda RBX: 00007f70a33e5fa0 RCX: 00007f70a318eec9 [ 152.435276][ T6857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 152.435285][ T6857] RBP: 00007f70a3211f91 R08: 0000000000000000 R09: 0000000000000000 [ 152.435296][ T6857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.435307][ T6857] R13: 00007f70a33e6038 R14: 00007f70a33e5fa0 R15: 00007ffd10c36988 [ 152.435335][ T6857] [ 152.435342][ T6857] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 152.896939][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 152.921291][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 152.930879][ T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 152.941004][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 152.950386][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 153.448241][ T6868] loop1: detected capacity change from 0 to 32768 [ 153.858426][ T6891] loop0: detected capacity change from 0 to 2048 [ 153.885120][ T6891] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 153.985287][ T6870] chnl_net:caif_netlink_parms(): no params data found [ 153.998980][ T6898] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 154.053896][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 154.053914][ T30] audit: type=1804 audit(1759647391.731:36): pid=6899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.232" name="/newroot/55/file0" dev="tmpfs" ino=334 res=1 errno=0 [ 154.096157][ T6899] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 154.157748][ T6899] ref_ctr increment failed for inode: 0x14e offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88806226ab00 [ 154.192975][ T6891] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 3044605952 [ 154.200180][ T6902] netlink: 'syz.1.234': attribute type 39 has an invalid length. [ 154.238152][ T6891] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 154.258670][ T6891] Remounting filesystem read-only [ 154.277342][ T6891] NILFS (loop0): error -5 truncating bmap (ino=15) [ 154.379336][ T5840] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 154.432273][ T6906] loop2: detected capacity change from 0 to 8 [ 154.494841][ T6906] SQUASHFS error: xz decompression failed, data probably corrupt [ 154.510867][ T6906] SQUASHFS error: Failed to read block 0x108: -5 [ 154.562106][ T6906] SQUASHFS error: Unable to read metadata cache entry [106] [ 154.574022][ T6906] SQUASHFS error: Unable to read inode 0x11f [ 154.768094][ T6870] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.775805][ T6870] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.794414][ T6870] bridge_slave_0: entered allmulticast mode [ 154.819452][ T6870] bridge_slave_0: entered promiscuous mode [ 154.847627][ T6870] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.864836][ T6870] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.914871][ T6870] bridge_slave_1: entered allmulticast mode [ 154.923863][ T43] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 154.947059][ T6870] bridge_slave_1: entered promiscuous mode [ 155.018110][ T6870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.050079][ T52] Bluetooth: hci2: command tx timeout [ 155.086930][ T6870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.098740][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 155.112826][ T43] usb 2-1: config 0 has an invalid interface number: 56 but max is 0 [ 155.131469][ T43] usb 2-1: config 0 has no interface number 0 [ 155.172784][ T43] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 155.202841][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.244966][ T43] usb 2-1: Product: syz [ 155.251278][ T6922] loop0: detected capacity change from 0 to 40427 [ 155.261206][ T43] usb 2-1: Manufacturer: syz [ 155.281158][ T6922] F2FS-fs (loop0): build fault injection rate: 14 [ 155.287664][ T6922] F2FS-fs (loop0): build fault injection type: 0x3bfe8c [ 155.291004][ T43] usb 2-1: SerialNumber: syz [ 155.298736][ T6922] F2FS-fs (loop0): invalid crc value [ 155.317580][ C0] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 155.334438][ T6870] team0: Port device team_slave_0 added [ 155.345993][ C0] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 155.389987][ T6870] team0: Port device team_slave_1 added [ 155.417868][ T6922] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 155.422556][ T43] usb 2-1: config 0 descriptor?? [ 155.428242][ T6922] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0 [ 155.450827][ T6922] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 155.483348][ T43] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 155.506573][ T43] pctv452e: pctv452e_power_ctrl: 1 [ 155.506573][ T43] [ 155.524846][ T6870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.526422][ T43] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 155.526422][ T43] [ 155.546816][ T6870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 155.550734][ T43] dvb-usb: bulk message failed: -22 (5/0) [ 155.590125][ T6922] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40 [ 155.592431][ T6870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.609154][ T30] audit: type=1800 audit(1759647393.311:37): pid=6922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.243" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 155.642746][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 155.647460][ T6922] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_convert_inline_inode+0x6bd/0x880 [ 155.665557][ T43] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600) [ 155.686486][ T43] usb 2-1: media controller created [ 155.699189][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 155.713518][ T6870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.723844][ T43] dvb-usb: bulk message failed: -22 (8/0) [ 155.734820][ T6870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 155.768371][ T43] pctv452e: I2C error -22; AA 01 A0 01 14 -> aa 01 31 04 a0 01 14 [ 155.783799][ T43] dvb-usb: MAC address reading failed. [ 155.809230][ T6870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.823771][ T6925] loop4: detected capacity change from 0 to 32768 [ 155.833370][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 155.842799][ T6925] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.242 (6925) [ 155.860793][ T5840] syz-executor: attempt to access beyond end of device [ 155.860793][ T5840] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 155.882371][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 155.882395][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 155.882405][ T5840] Call Trace: [ 155.882412][ T5840] [ 155.882420][ T5840] dump_stack_lvl+0x189/0x250 [ 155.882449][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.882470][ T5840] ? __pfx_queue_work_on+0x10/0x10 [ 155.882484][ T5840] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 155.882505][ T5840] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 155.882535][ T5840] f2fs_handle_critical_error+0x37c/0x540 [ 155.882563][ T5840] f2fs_write_end_io+0x886/0xb60 [ 155.882603][ T5840] __submit_merged_bio+0x27a/0x6a0 [ 155.882630][ T5840] __submit_merged_write_cond+0x255/0x530 [ 155.882658][ T5840] f2fs_write_data_pages+0x261d/0x3000 [ 155.882715][ T5840] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 155.882780][ T5840] ? __mod_zone_page_state+0xd7/0x140 [ 155.882810][ T5840] ? folios_put_refs+0x58b/0x670 [ 155.882840][ T5840] ? __lock_acquire+0xab9/0xd20 [ 155.882873][ T5840] ? do_raw_spin_lock+0x121/0x290 [ 155.882905][ T5840] ? do_raw_spin_unlock+0x122/0x240 [ 155.882925][ T5840] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 155.882947][ T5840] do_writepages+0x32e/0x550 [ 155.882977][ T5840] ? do_raw_spin_unlock+0x122/0x240 [ 155.883002][ T5840] filemap_fdatawrite+0x199/0x240 [ 155.883021][ T5840] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 155.883088][ T5840] ? do_raw_spin_unlock+0x122/0x240 [ 155.883112][ T5840] f2fs_sync_dirty_inodes+0x31f/0x830 [ 155.883150][ T5840] f2fs_write_checkpoint+0x93e/0x2440 [ 155.883172][ T5840] ? __lock_acquire+0xab9/0xd20 [ 155.883223][ T5840] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 155.883305][ T5840] kill_f2fs_super+0x2cc/0x6d0 [ 155.883335][ T5840] ? __pfx_kill_f2fs_super+0x10/0x10 [ 155.883375][ T5840] ? shrinker_free+0x2ce/0x3e0 [ 155.883402][ T5840] deactivate_locked_super+0xbc/0x130 [ 155.883423][ T5840] cleanup_mnt+0x425/0x4c0 [ 155.883448][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.883471][ T5840] task_work_run+0x1d4/0x260 [ 155.883495][ T5840] ? __pfx_task_work_run+0x10/0x10 [ 155.883514][ T5840] ? __x64_sys_umount+0x122/0x160 [ 155.883537][ T5840] ? exit_to_user_mode_loop+0x40/0x130 [ 155.883564][ T5840] exit_to_user_mode_loop+0xe9/0x130 [ 155.883587][ T5840] do_syscall_64+0x2bd/0xfa0 [ 155.883605][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.883624][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.883641][ T5840] ? clear_bhb_loop+0x60/0xb0 [ 155.883662][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.883678][ T5840] RIP: 0033:0x7f70a31901f7 [ 155.883695][ T5840] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 155.883709][ T5840] RSP: 002b:00007ffd10c35c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 155.883728][ T5840] RAX: 0000000000000000 RBX: 00007f70a3211d7d RCX: 00007f70a31901f7 [ 155.883739][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10c35cd0 [ 155.883750][ T5840] RBP: 00007ffd10c35cd0 R08: 0000000000000000 R09: 0000000000000000 [ 155.883761][ T5840] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10c36d60 [ 155.883771][ T5840] R13: 00007f70a3211d7d R14: 0000000000025fe4 R15: 00007ffd10c36da0 [ 155.883803][ T5840] [ 155.883811][ T5840] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 155.890081][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 156.270433][ T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 156.279664][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.294130][ T24] usb 3-1: config 0 has no interface number 0 [ 156.300953][ T24] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 156.312401][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.328632][ T24] usb 3-1: config 0 descriptor?? [ 156.349646][ T6925] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 156.419265][ T6925] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 156.442857][ T43] DVB: Unable to find symbol stb0899_attach() [ 156.452089][ T43] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600' [ 156.497305][ T6936] loop1: detected capacity change from 0 to 512 [ 156.533544][ T6870] hsr_slave_0: entered promiscuous mode [ 156.542036][ T6870] hsr_slave_1: entered promiscuous mode [ 156.548889][ T6870] debugfs: 'hsr0' already exists in 'hsr' [ 156.556013][ T6870] Cannot create hsr debugfs directory [ 156.606575][ T5922] usb 3-1: USB disconnect, device number 4 [ 156.615868][ T6936] EXT4-fs (loop1): 1 truncate cleaned up [ 156.630271][ T43] rc_core: IR keymap rc-tt-1500 not found [ 156.645170][ T43] Registered IR keymap rc-empty [ 156.681297][ T43] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 156.731020][ T6925] BTRFS info (device loop4): enabling ssd optimizations [ 156.740880][ T6925] BTRFS info (device loop4): enabling free space tree [ 156.772237][ T43] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input12 [ 156.799024][ T6936] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.829888][ T43] dvb-usb: schedule remote query interval to 100 msecs. [ 156.847677][ T43] pctv452e: pctv452e_power_ctrl: 0 [ 156.847677][ T43] [ 156.863175][ T5844] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 156.870026][ T43] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected. [ 156.950323][ T43] usb 2-1: USB disconnect, device number 8 [ 156.958707][ T5922] dvb-usb: bulk message failed: -22 (4/0) [ 156.976181][ T5922] dvb-usb: error -22 while querying for an remote control event. [ 157.129204][ T52] Bluetooth: hci2: command tx timeout [ 157.158394][ T43] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected. [ 157.454310][ T6936] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.246: bg 0: block 465: padding at end of block bitmap is not set [ 157.539769][ T6936] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1820 with error 28 [ 157.611457][ T6936] EXT4-fs (loop1): This should not happen!! Data will be lost [ 157.611457][ T6936] [ 157.656922][ T6936] EXT4-fs (loop1): Total free blocks count 0 [ 157.680937][ T6936] EXT4-fs (loop1): Free/Dirty block details [ 157.688227][ T6936] EXT4-fs (loop1): free_blocks=0 [ 157.719384][ T6936] EXT4-fs (loop1): dirty_blocks=1820 [ 157.748031][ T6936] EXT4-fs (loop1): Block reservation details [ 157.758414][ T6973] loop2: detected capacity change from 0 to 64 [ 157.781498][ T6936] EXT4-fs (loop1): i_reserved_data_blocks=1820 [ 157.790327][ T6870] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 157.867130][ T6870] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 157.924871][ T6870] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 158.003477][ T6870] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 158.125043][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.274754][ T6870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.630433][ T6988] loop1: detected capacity change from 0 to 40427 [ 158.649920][ T6870] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.674689][ T3466] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.683995][ T3466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.713929][ T1116] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.722552][ T1116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.743946][ T6988] F2FS-fs (loop1): invalid crc value [ 158.872533][ T6988] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 158.884511][ T6988] F2FS-fs (loop1): Start checkpoint disabled! [ 158.921068][ T6988] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 158.941172][ T6988] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 158.988487][ T6870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.057326][ T1116] kworker/u8:6: attempt to access beyond end of device [ 159.057326][ T1116] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 159.164276][ T1116] CPU: 1 UID: 0 PID: 1116 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) [ 159.164313][ T1116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 159.164325][ T1116] Workqueue: writeback wb_workfn (flush-7:1) [ 159.164357][ T1116] Call Trace: [ 159.164365][ T1116] [ 159.164375][ T1116] dump_stack_lvl+0x189/0x250 [ 159.164403][ T1116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.164423][ T1116] ? __pfx_queue_work_on+0x10/0x10 [ 159.164440][ T1116] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 159.164460][ T1116] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 159.164493][ T1116] f2fs_handle_critical_error+0x37c/0x540 [ 159.164523][ T1116] f2fs_write_end_io+0x886/0xb60 [ 159.164565][ T1116] __submit_merged_bio+0x27a/0x6a0 [ 159.164594][ T1116] __submit_merged_write_cond+0x255/0x530 [ 159.164624][ T1116] f2fs_write_data_pages+0x261d/0x3000 [ 159.164692][ T1116] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 159.164711][ T1116] ? __local_bh_enable_ip+0x12d/0x1c0 [ 159.164746][ T1116] ? cfg80211_inform_single_bss_data+0x13da/0x1ac0 [ 159.164801][ T1116] ? unwind_next_frame+0xa5/0x2390 [ 159.164823][ T1116] ? unwind_next_frame+0xa5/0x2390 [ 159.164862][ T1116] ? rcu_read_lock_sched_held+0x89/0x100 [ 159.164884][ T1116] ? cpuacct_charge+0x117/0x320 [ 159.164913][ T1116] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 159.164933][ T1116] do_writepages+0x32e/0x550 [ 159.164959][ T1116] ? reacquire_held_locks+0x127/0x1d0 [ 159.164976][ T1116] ? writeback_sb_inodes+0x384/0x1010 [ 159.165007][ T1116] __writeback_single_inode+0x145/0xff0 [ 159.165028][ T1116] ? do_raw_spin_unlock+0x122/0x240 [ 159.165054][ T1116] writeback_sb_inodes+0x6c7/0x1010 [ 159.165076][ T1116] ? __lock_acquire+0xab9/0xd20 [ 159.165136][ T1116] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 159.165209][ T1116] ? rcu_is_watching+0x15/0xb0 [ 159.165233][ T1116] wb_writeback+0x43b/0xaf0 [ 159.165263][ T1116] ? queue_io+0x371/0x590 [ 159.165287][ T1116] ? __pfx_wb_writeback+0x10/0x10 [ 159.165318][ T1116] ? _raw_spin_unlock_irq+0x23/0x50 [ 159.165343][ T1116] wb_workfn+0x409/0xef0 [ 159.165388][ T1116] ? __pfx_wb_workfn+0x10/0x10 [ 159.165420][ T1116] ? __lock_acquire+0xab9/0xd20 [ 159.165457][ T1116] ? process_scheduled_works+0x9ef/0x17b0 [ 159.165490][ T1116] ? _raw_spin_unlock_irq+0x23/0x50 [ 159.165507][ T1116] ? process_scheduled_works+0x9ef/0x17b0 [ 159.165530][ T1116] ? process_scheduled_works+0x9ef/0x17b0 [ 159.165557][ T1116] process_scheduled_works+0xae1/0x17b0 [ 159.165610][ T1116] ? __pfx_process_scheduled_works+0x10/0x10 [ 159.165656][ T1116] worker_thread+0x8a0/0xda0 [ 159.165678][ T1116] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 159.165707][ T1116] ? __kthread_parkme+0x7b/0x200 [ 159.165734][ T1116] kthread+0x711/0x8a0 [ 159.165756][ T1116] ? __pfx_worker_thread+0x10/0x10 [ 159.165773][ T1116] ? __pfx_kthread+0x10/0x10 [ 159.165813][ T1116] ? _raw_spin_unlock_irq+0x23/0x50 [ 159.165848][ T1116] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.165867][ T1116] ? __pfx_kthread+0x10/0x10 [ 159.166101][ T1116] ret_from_fork+0x4bc/0x870 [ 159.166139][ T1116] ? __pfx_ret_from_fork+0x10/0x10 [ 159.166173][ T1116] ? __switch_to_asm+0x39/0x70 [ 159.166195][ T1116] ? __switch_to_asm+0x33/0x70 [ 159.166214][ T1116] ? __pfx_kthread+0x10/0x10 [ 159.166695][ T1116] ret_from_fork_asm+0x1a/0x30 [ 159.166742][ T1116] [ 159.166751][ T1116] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 159.221102][ T7010] loop0: detected capacity change from 0 to 64 [ 159.381958][ T52] Bluetooth: hci2: command tx timeout [ 159.674953][ T7010] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 159.738076][ T7015] loop4: detected capacity change from 0 to 8 [ 159.837103][ T6407] udevd[6407]: incorrect cramfs checksum on /dev/loop4 [ 159.841416][ T7015] cramfs: Error -3 while decompressing! [ 159.861128][ T6870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.862858][ T7010] overlayfs: upper fs needs to support d_type. [ 159.886873][ T7015] cramfs: ffffffff9969d928(26)->ffff88805527a000(4096) [ 159.923044][ T7010] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 159.937428][ T7010] overlayfs: failed to set xattr on upper [ 159.942773][ T6407] udevd[6407]: incorrect cramfs checksum on /dev/loop4 [ 159.944029][ T7015] cramfs: Error -3 while decompressing! [ 159.958113][ T7010] overlayfs: ...falling back to redirect_dir=nofollow. [ 159.969774][ T7010] overlayfs: ...falling back to index=off. [ 159.978516][ T7015] cramfs: ffffffff9969d942(26)->ffff88805046f000(4096) [ 159.987190][ T7010] overlayfs: ...falling back to uuid=null. [ 159.994414][ T7015] cramfs: Error -3 while decompressing! [ 160.019441][ T7015] cramfs: ffffffff9969d95c(16)->ffff8880516f6000(4096) [ 160.036912][ T7015] cramfs: Error -3 while decompressing! [ 160.047258][ T7015] cramfs: ffffffff9969d928(26)->ffff88805527a000(4096) [ 160.101925][ T30] audit: type=1800 audit(1759647397.801:38): pid=7015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.269" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 160.166235][ T5840] minix_free_inode: bit 4 already cleared [ 160.209666][ T5840] ------------[ cut here ]------------ [ 160.215903][ T5840] WARNING: fs/inode.c:417 at drop_nlink+0xc5/0x110, CPU#0: syz-executor/5840 [ 160.225023][ T5840] Modules linked in: [ 160.229366][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 160.238848][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 160.249336][ T5840] RIP: 0010:drop_nlink+0xc5/0x110 [ 160.254654][ T5840] Code: 70 07 00 00 be 08 00 00 00 e8 67 da e7 ff f0 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d e9 92 73 ff 08 cc e8 9c 32 82 ff 90 <0f> 0b 90 eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5b ff ff ff [ 160.275614][ T5840] RSP: 0018:ffffc900046dfd10 EFLAGS: 00010293 [ 160.282905][ T5840] RAX: ffffffff823d7114 RBX: ffff88806fcbc040 RCX: ffff88802de3dac0 [ 160.291777][ T5840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 160.300038][ T5840] RBP: 0000000000000000 R08: ffffffff8f5c5677 R09: 1ffffffff1eb8ace [ 160.308383][ T5840] R10: dffffc0000000000 R11: fffffbfff1eb8acf R12: 1ffff1100df97811 [ 160.316741][ T5840] R13: ffff88805c854040 R14: ffff88806fcbc088 R15: dffffc0000000000 [ 160.326201][ T5840] FS: 0000555583152500(0000) GS:ffff888126169000(0000) knlGS:0000000000000000 [ 160.337539][ T5840] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.344800][ T5840] CR2: 000055557e319808 CR3: 0000000079592000 CR4: 00000000003526f0 [ 160.353971][ T5840] Call Trace: [ 160.357531][ T5840] [ 160.360729][ T5840] minix_rmdir+0xa8/0xd0 [ 160.365223][ T5840] vfs_rmdir+0x3ba/0x520 [ 160.370693][ T5840] do_rmdir+0x25f/0x550 [ 160.376437][ T5840] ? __pfx_do_rmdir+0x10/0x10 [ 160.381480][ T5840] ? strncpy_from_user+0x150/0x290 [ 160.387631][ T5840] ? getname_flags+0x1e5/0x540 [ 160.393234][ T5840] __x64_sys_unlinkat+0xc2/0xf0 [ 160.399439][ T5840] do_syscall_64+0xfa/0xfa0 [ 160.404439][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.411597][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.418440][ T5840] ? clear_bhb_loop+0x60/0xb0 [ 160.424117][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.430578][ T5840] RIP: 0033:0x7f70a318e4a7 [ 160.435726][ T5840] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.458512][ T5840] RSP: 002b:00007ffd10c33a38 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 160.471188][ T5840] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f70a318e4a7 [ 160.480543][ T5840] RDX: 0000000000000200 RSI: 00007ffd10c34be0 RDI: 00000000ffffff9c [ 160.489901][ T5840] RBP: 00007f70a3211d7d R08: 0000000000000000 R09: 0000000000000000 [ 160.499838][ T5840] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd10c34be0 [ 160.509693][ T5840] R13: 00007f70a3211d7d R14: 00000000000270bc R15: 00007ffd10c36da0 [ 160.519360][ T5840] [ 160.522401][ T5840] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 160.530418][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 160.541561][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 160.553657][ T5840] Call Trace: [ 160.557131][ T5840] [ 160.561329][ T5840] dump_stack_lvl+0x99/0x250 [ 160.566753][ T5840] ? __asan_memcpy+0x40/0x70 [ 160.571743][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.577668][ T5840] ? __pfx__printk+0x10/0x10 [ 160.583606][ T5840] vpanic+0x237/0x6d0 [ 160.588235][ T5840] ? __pfx_vpanic+0x10/0x10 [ 160.593388][ T5840] ? is_bpf_text_address+0x26/0x2b0 [ 160.600551][ T5840] panic+0xb9/0xc0 [ 160.605656][ T5840] ? __pfx_panic+0x10/0x10 [ 160.611198][ T5840] __warn+0x334/0x4c0 [ 160.615726][ T5840] ? drop_nlink+0xc5/0x110 [ 160.620266][ T5840] ? drop_nlink+0xc5/0x110 [ 160.625304][ T5840] report_bug+0x2be/0x4f0 [ 160.629777][ T5840] ? drop_nlink+0xc5/0x110 [ 160.634384][ T5840] ? drop_nlink+0xc5/0x110 [ 160.638986][ T5840] ? drop_nlink+0xc7/0x110 [ 160.643839][ T5840] handle_bug+0x84/0x160 [ 160.649096][ T5840] exc_invalid_op+0x1a/0x50 [ 160.654237][ T5840] asm_exc_invalid_op+0x1a/0x20 [ 160.659920][ T5840] RIP: 0010:drop_nlink+0xc5/0x110 [ 160.665161][ T5840] Code: 70 07 00 00 be 08 00 00 00 e8 67 da e7 ff f0 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d e9 92 73 ff 08 cc e8 9c 32 82 ff 90 <0f> 0b 90 eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5b ff ff ff [ 160.686266][ T5840] RSP: 0018:ffffc900046dfd10 EFLAGS: 00010293 [ 160.694458][ T5840] RAX: ffffffff823d7114 RBX: ffff88806fcbc040 RCX: ffff88802de3dac0 [ 160.702974][ T5840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 160.712007][ T5840] RBP: 0000000000000000 R08: ffffffff8f5c5677 R09: 1ffffffff1eb8ace [ 160.721309][ T5840] R10: dffffc0000000000 R11: fffffbfff1eb8acf R12: 1ffff1100df97811 [ 160.730417][ T5840] R13: ffff88805c854040 R14: ffff88806fcbc088 R15: dffffc0000000000 [ 160.739289][ T5840] ? drop_nlink+0xc4/0x110 [ 160.745974][ T5840] minix_rmdir+0xa8/0xd0 [ 160.751020][ T5840] vfs_rmdir+0x3ba/0x520 [ 160.756834][ T5840] do_rmdir+0x25f/0x550 [ 160.761649][ T5840] ? __pfx_do_rmdir+0x10/0x10 [ 160.767112][ T5840] ? strncpy_from_user+0x150/0x290 [ 160.773033][ T5840] ? getname_flags+0x1e5/0x540 [ 160.779139][ T5840] __x64_sys_unlinkat+0xc2/0xf0 [ 160.784101][ T5840] do_syscall_64+0xfa/0xfa0 [ 160.788869][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.794720][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.802557][ T5840] ? clear_bhb_loop+0x60/0xb0 [ 160.809360][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.818099][ T5840] RIP: 0033:0x7f70a318e4a7 [ 160.822889][ T5840] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.846648][ T5840] RSP: 002b:00007ffd10c33a38 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 160.857198][ T5840] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f70a318e4a7 [ 160.867178][ T5840] RDX: 0000000000000200 RSI: 00007ffd10c34be0 RDI: 00000000ffffff9c [ 160.875602][ T5840] RBP: 00007f70a3211d7d R08: 0000000000000000 R09: 0000000000000000 [ 160.884292][ T5840] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd10c34be0 [ 160.892712][ T5840] R13: 00007f70a3211d7d R14: 00000000000270bc R15: 00007ffd10c36da0 [ 160.902932][ T5840] [ 160.906754][ T5840] Kernel Offset: disabled [ 160.912262][ T5840] Rebooting in 86400 seconds..