last executing test programs: 33.200846727s ago: executing program 0 (id=1705): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x11e, 0xc0, [0x0, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x11e}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x138) 33.123354613s ago: executing program 0 (id=1706): syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000140), 0xfe, 0x1103, &(0x7f0000002240)="$eJzs2T+L1EAYBvBnkvUPNpFcHwQtLOS4Y/0CVyhsa6uNyFVedVsp+m38OHqV/XG9Fgv2kbibXZEVwV0V5PeDkDcPeWcy5UwCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg0nyqSQHVdKOWZWkJF13MbtK0o357fd1lZInp7P5o/Pp43mS+tvr5WlShq6hLe3x3ZvttJ22x+3Dg5N7H+avXr98fnZ2er4apqTL5WKvq7g1zl3vdVgAAAD4P/Q7a/7x/AAAAMCv7O0gAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA39c2mbseiSlKSrruYXSXptvRd+0vfBwAAAOyupMqzZlu+PAbYeJCPTVnnw/1LGeqjvNvSDwAAAPxUf2NVfP9/vVzf7MfvZ7Lelw/ZnUxyeLh8frvKP58kdZKjHwa/XLx5MV6lr//0WgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvrIDxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAYK8AAAD//+0M1yg=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000006c0)='.\x00', 0x1a4243c, &(0x7f0000000580)=ANY=[@ANYRES16, @ANYRESDEC, @ANYRES8, @ANYRESOCT, @ANYBLOB="b1f1563f8cf9b3df43707e277e3870d9bbeca08c7c9e5ebdd62801631c9f6ff697c8ea4da0047f1529a0c7", @ANYRESOCT, @ANYRESDEC, @ANYRES8, @ANYRES64, @ANYRES8], 0x0, 0x0, &(0x7f0000000080)) (fail_nth: 10) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x40000}}, './file1\x00'}) 32.048379321s ago: executing program 0 (id=1709): r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c636865636b706f696e743d64697361626c652c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313236322c61636c2c6e6f61636c2c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c636f6d70726573735f63616368652c6661756c745f747970653d30303030303030303030303030303030303030342c008d73b6efef8bf6f516d60904182d07bca0e749cc80891d95a64e7017e017d72450a7d42539b57fb9c48865a0e2adbf3b690b6e666283ce3274281626e6b683df1e10a4b3b952294895df65e4a6b94f5c5a650e35a010e04bce2a92891fec6ae51521e10eeb1224f2905d434d7558325f47edf48ce3a8ad4664164f"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, 0x0, &(0x7f0000000080)) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x3000000, &(0x7f0000000340)={0x0, 0x1ff, 0x9, 0x1009}, &(0x7f0000000380)=0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'ipvlan0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x3c, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x5}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x2e2}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xf384}, @TCA_FQ_CODEL_QUANTUM={0x7, 0x6, 0x7fffffff}, @TCA_FQ_CODEL_FLOWS={0x8}, @TCA_FQ_CODEL_ECN={0x8, 0x4, 0x1}, @TCA_FQ_CODEL_ECN={0x8}]}}, @TCA_EGRESS_BLOCK={0x0, 0xe, 0x12101497}]}, 0x78}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0}, 0x18) 30.661846184s ago: executing program 0 (id=1715): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e21, 0x1f0268bc, @empty, 0x8}}, 0x0, 0x0, 0x400003fc, 0x1, 0x12, 0x4}, 0x9c) bind$inet6(r0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000001000)='Z', 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0xfffffffc, @loopback}, 0x1c) socket$inet6_sctp(0xa, 0x1, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='contention_end\x00'}, 0x10) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r4 = io_uring_setup(0x560e, &(0x7f0000000a40)={0x0, 0xb589, 0x2, 0x0, 0x3bd}) close_range(r4, 0xffffffffffffffff, 0x0) 27.795745597s ago: executing program 0 (id=1730): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe2000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, &(0x7f00000000c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x800000c}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x7, 0x9, 0x4, 0x0, 0x7, 0x1, 0x7f, 0x8, 0xf1, 0x1, 0xc5, 0x4, 0x0, 0x8, 0xd, 0x96, 0x11, 0x27, 0x8, '\x00', 0x4, 0x7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 26.636582912s ago: executing program 0 (id=1723): syz_io_uring_setup(0x504f, 0x0, 0x0, 0x0) (async) creat(0x0, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x40020) (async) r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, 0x0, 0x0) (async, rerun: 32) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async, rerun: 32) syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x41000004, 0x0) (async) dup3(r2, r3, 0x80000) (async) write$char_usb(r3, 0x0, 0x0) (async) syz_usb_disconnect(r1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) 10.56100235s ago: executing program 32 (id=1723): syz_io_uring_setup(0x504f, 0x0, 0x0, 0x0) (async) creat(0x0, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x40020) (async) r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, 0x0, 0x0) (async, rerun: 32) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async, rerun: 32) syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x41000004, 0x0) (async) dup3(r2, r3, 0x80000) (async) write$char_usb(r3, 0x0, 0x0) (async) syz_usb_disconnect(r1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) 3.015042755s ago: executing program 4 (id=1957): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0xe2, 0x0, 0x0, 0x8000}, 0x28) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, 0x0}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x1000, @dev={0xfe, 0x80, '\x00', 0xf}, 0x2}]}, &(0x7f0000000180)=0x10) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.840695509s ago: executing program 4 (id=1960): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000300)="440f20c03505000000440f22c0f23dcece0f38f17a64b805000000b9e10d00000f01d9d8dd0f01728eb8010000000f01d94c0fc31d000000003ef245dbed410fc7f7", 0x42}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0xc2, 0x5e, 0x5, 0x0, 0x9, 0x0, 0x7f, 0x85, 0x8, 0x83, 0x1, 0xc, 0x0, 0x1, 0x10000, 0x7, 0x5, 0xb1, 0xe3, '\x00', 0x7, 0x10}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.58449038s ago: executing program 4 (id=1964): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x1ff) r0 = socket(0xa, 0x5, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={0x0, 0xfffffaa6, 0x8, 0x4}, 0x10) 2.473916238s ago: executing program 4 (id=1966): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0xe1, 0x0, 0x1000000000010}]}) 2.353212529s ago: executing program 5 (id=1968): prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) r0 = io_uring_setup(0x5bc9, &(0x7f0000000100)) io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x0}, 0x20) 2.21113223s ago: executing program 4 (id=1970): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x3}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) rseq(&(0x7f0000000000)={0x0, 0x0, 0x0, 0x2}, 0x8c, 0x20000000, 0x0) 2.036673054s ago: executing program 5 (id=1971): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101302, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x4) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000000c0)) 1.999589797s ago: executing program 2 (id=1972): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$inet6(r1, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x8, 0x32, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 1.832535741s ago: executing program 5 (id=1974): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x7f}, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.056600524s ago: executing program 1 (id=1977): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x800, 0x20) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000180)=@v1={0x0, @adiantum, 0x4, @desc3}) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "5e44e4b3b5d2c132ce1595c85ab82fbe15703a2653b2b7d783bc965fac88b3a91f3f10317d1c67420063311f04765f02b4e1ccf07323402fc495c817dc2b8aca", 0x2d}, 0x48, 0xfffffffffffffffd) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000003b80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4008054}, 0x3e80}, {{&(0x7f00000000c0)=@file={0x1, './file0/file3\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40080}}], 0x2, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file3\x00', 0x40802, 0x0) 1.056379664s ago: executing program 5 (id=1978): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20) r1 = accept$alg(r0, 0x0, 0x0) readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000440)=""/120, 0x78}, {&(0x7f0000000600)=""/222, 0xde}], 0x2) sendmmsg$alg(r1, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001700)="4038f34a6c437151531729eaa3c31203d7b08c4ac14f6c116547f602d8c0c293ce1e74c4f6c1a4c5cfda57ef19a62fbebcf69c137985b8bd58decfe4c36ab4821337f61e98a90dddd6fecea58c39d13f449b1e2891f53d8293db21c8cc9ee3c3ff3d52a62f14f57c7f3e5263fa68bab58fa5f7d64fe0fb8c053772c8f6ca656d463834288a728467d18206850a3ad97875d321de3b7c35e95adaaf8e13618e8fde0c7b49d7681603e3a07fec41cf2fb45c2182c9abb66d3fd4d6b9f96a5dd928de5bfe391b635a859e82e6b52fd492d80b82a6bc5fbf19546d25dce55bb974e1e5ba55fd30dea85ee7ae884e2aca8c48ad46070d702f4a13575c4fa4a17a9009e44b4c420b853ed78353206704be1d9d7446c11ac9d79f4dacce8b4908debb2ecc2f20226c47c17e3eddfa0240ff53556d06f355d14e613d18996c44f915e2de0903e09fc80f516282ef29c6c59f1e2778fee3ecc479", 0x156}], 0x1, &(0x7f0000000500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2000c000}], 0x1, 0x44081) 1.020018237s ago: executing program 1 (id=1979): syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x5, 0x6}) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x1, 0x1, 0x2, 0x7fff800000000}) syz_clone(0xe200, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x3, 0x1, 0x6, 0xffffd666, 0xffffffff, 0x3, 0x2154, 0x6}, 0x0) 888.282188ms ago: executing program 4 (id=1980): set_mempolicy(0x8000, 0x0, 0x1) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) open(0x0, 0x143bc2, 0x1c0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x200, 0x2}, 0x0) 788.614326ms ago: executing program 3 (id=1981): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f00000002c0)="0f236566bad104b036ee64f010052300000066baf80cb8b127b686ef66bafc0cb000ee0fc77a050f0f268ec4e18162a50000000066ba420066ed0fc75ffef30f09", 0x41}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 671.610105ms ago: executing program 2 (id=1982): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') pread64(r0, &(0x7f0000000540)=""/4116, 0x1014, 0x4b) 611.91285ms ago: executing program 1 (id=1983): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000008003000000", 0x58}], 0x1) 528.660077ms ago: executing program 2 (id=1984): r0 = socket(0x10, 0x3, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000002100)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7400000002090101"], 0x74}, 0x1, 0x0, 0x0, 0x4048000}, 0x40000) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000015c0)=0xe, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001200"], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) recvmmsg(r0, &(0x7f0000001540)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=""/234, 0xea}, 0x7}], 0x1, 0x40012020, 0x0) 528.422597ms ago: executing program 5 (id=1985): r0 = socket$inet_sctp(0x2, 0x5, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) r5 = dup(r0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000300)={r4, 0x2ef8}, &(0x7f0000000640)=0x8) 472.935001ms ago: executing program 3 (id=1986): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, 0x100010, r0, 0x2c034000) 463.957632ms ago: executing program 1 (id=1987): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000004000000000000000300000784"], 0x0, 0x5, 0x0, 0x0, 0x41100, 0x9}, 0x94) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000001200b7a325bd7000fddbdf25200f07074e214e22030000002f00000001ffffffc300000006000000000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="de00fbffa611195cc93f034708000000080003"], 0x54}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000) 420.682276ms ago: executing program 2 (id=1988): prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) fdatasync(r0) 363.857031ms ago: executing program 3 (id=1989): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22c81, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000480)='fd/3\x00') fsetxattr$system_posix_acl(r0, &(0x7f0000000280)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) 362.369331ms ago: executing program 2 (id=1990): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg(r0, &(0x7f0000006500)=[{{&(0x7f0000002ac0)=@l2tp6={0xa, 0x0, 0xf279, @loopback, 0x9, 0x3}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002b40)="04", 0x1}], 0x1, &(0x7f00000002c0)=[{0x10, 0x111, 0xb7f6}, {0x10, 0x84, 0x7}], 0x20}}], 0x1, 0x0) 337.116322ms ago: executing program 1 (id=1991): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000200)={0x2, {{0x2, 0x4e23, @multicast1}}, {{0x2, 0x4e21, @private=0xa010100}}}, 0x108) 292.595486ms ago: executing program 5 (id=1992): madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x9) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) timer_create(0x1, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) accept(0xffffffffffffffff, 0x0, 0x0) 251.54705ms ago: executing program 3 (id=1993): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000000)={0x4, {{0x2, 0x4e1e, @empty=0xe0009eff}}, {{0x2, 0x4c22, @multicast1}}}, 0x108) 165.219816ms ago: executing program 2 (id=1994): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000240)=[@in6={0xa, 0x4e22, 0x7089, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3a}}}], 0x1c) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000003cc0)={'batadv_slave_1\x00'}) 88.721043ms ago: executing program 3 (id=1995): mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000140)=' ', 0x2e) 31.390278ms ago: executing program 1 (id=1996): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x4370, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) msync(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000) 0s ago: executing program 3 (id=1997): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"1c13d2e231343fc1634b4d0da3078818d31e1756c6ab1346c7ab0c1f70139f66266c3d8734c3e50d40639916e52d4444a05ef3e0d5cf4bc6b33f637ebe71de7839018d2795b83de90e3d509e6561bd0878fcf80a6fba1a60d6ac89dabbaf16eaae28d5a0651d8d2bd510e54804d552d313f0a7e3deaa8b6455ceb92eaaa01874b7dbd637f2f68a771a587ae4888ae2fa6d962dbda15e5861fc281833c8e82f4b55acf89d92fc3a0154be8763209d48d8d411132231ade002e330cd826612a983f42bba75d3e295aa7508f8e5f0c5cf46dd8ae602c5243d415e320f9e3ed53b12bb755213f28b5ccdee9f54ff9abbc679c397255b45fc1d258be287a0c87dc91048cfcee9aa7d602e1df9afadab861de2b3b2a0583cf1f381579a29e04df1010ee16844f9c603b1585c4f10158026a9a1344a9a569dff84a77d39adda8f995a3431ab12e49edcc0717eb61cdf560a26d2cc9f2aadbb8dd77b067b1c0ad04326f213dcd3e2bb596bfe13741284e37f6889f3ffef7ee5013a217b6ad7c6a509ca9df4fa1be6704b29ba6e721227f9568536b6a1b80ac6a871d7361b772b9492dcd46a5f439ac2bb8ef988204e1943d1eb71a25eb7106f2cd15221d976c7674a8818b618120e25f535f4fe68d2133ad0d3304cf25c519a821dcebee26d4e868863e0b7352ef77eabfd5a1c5474f41b1dcf507af5dcc262942a17a21b612de6e29171f9665cf611f45b6c1effca779792ed262215fc1a1b4bf2608e4186a0bbf5b645e25e830835535092453c86ff891568cb6538bb3d879e23883873cd96019219ae09c6e12f3295781ce7c46738e18e8a2543a351c62e0faffca46025023ff25a43e59e825be2fb4f3bc75389c011595bfa102b329a8ecea033a91f94829783e58ff630862341ca0f7b851581bcf3ea4d6afce7dbf1b6bc12ddfad2f0d198d7cebe3743c84ec204917f1586b9dc8c529a55d0626ab254dd1b64b612fa09c859bb999a77fe1c2efd58a66207227b9db91d9bcd5dfcf1b9b05a8bc2b8967db452458b0b22294f4925fa372638c6f5d86882c677e4f2cf56d60dfa8234883ddd4a6824fc73926ebe9d967fd6297f82cb2fba65830c888da3f1f63e9deb8231894116e151dd8bcffcb1f66769862676668b3c93d0c861492c7395afc554dac4d5c5272441b84baec9e36c11288d736752c70bdc462e22272c4fbb04ff6e6530b6ab9fd3f4118dfb8e3dccf5540dd088cbd40df686f6be4dd57ca6d6f134d6b113673d635424f99d3f27fc82ba3514a8412419da91872323c6718db532f011554d1e7f150ecc79cd762d909316b146dbbfaa9a5e61f184dc997f98fb32918a20b345ae32a444250cbfdb2ed9c896de8931e3ae9989f5e31e691fd31139cdc88468571196e9446d3ce26bc8fdd5e090d33989fb2cc42ceff8b9fd31539e635b88b53cec00"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): ======== END STATUS ================== [ 728.179158][ T4228] usb 1-1: USB disconnect, device number 30 [ 729.223905][T10801] loop6: detected capacity change from 0 to 524287999 [ 729.238679][T10796] vivid-008: ================= START STATUS ================= [ 729.257092][T10796] vivid-008: Enable Output Cropping: true [ 729.263278][T10796] vivid-008: Enable Output Composing: true [ 729.269471][T10796] vivid-008: Enable Output Scaler: true [ 729.275319][T10796] vivid-008: Tx RGB Quantization Range: Automatic [ 729.282026][T10796] vivid-008: Transmit Mode: HDMI [ 729.287214][T10796] vivid-008: Display Present: true inactive [ 729.293342][T10796] vivid-008: Hotplug Present: 0x00000001 [ 729.299516][T10796] vivid-008: RxSense Present: 0x00000001 [ 729.306139][T10796] vivid-008: EDID Present: 0x00000001 [ 729.311783][T10796] vivid-008: ================== END STATUS ================== [ 729.449087][ C0] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 729.520620][ C0] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 729.532319][ C0] Buffer I/O error on dev loop6, logical block 65535968, async page read [ 730.925864][T10807] vivid-008: ================= START STATUS ================= [ 730.933557][T10807] vivid-008: Enable Output Cropping: true [ 730.939306][T10807] vivid-008: Enable Output Composing: true [ 730.945108][T10807] vivid-008: Enable Output Scaler: true [ 730.950820][T10807] vivid-008: Tx RGB Quantization Range: Automatic [ 730.957299][T10807] vivid-008: Transmit Mode: HDMI [ 730.962229][T10807] vivid-008: Display Present: true inactive [ 730.968188][T10807] vivid-008: Hotplug Present: 0x00000001 [ 730.973825][T10807] vivid-008: RxSense Present: 0x00000001 [ 730.979474][T10807] vivid-008: EDID Present: 0x00000001 [ 730.984847][T10807] vivid-008: ================== END STATUS ================== [ 730.993259][T10809] vivid-008: ================= START STATUS ================= [ 731.001042][T10809] vivid-008: Enable Output Cropping: true [ 731.006894][T10809] vivid-008: Enable Output Composing: true [ 731.012765][T10809] vivid-008: Enable Output Scaler: true [ 731.018436][T10809] vivid-008: Tx RGB Quantization Range: Automatic [ 731.024916][T10809] vivid-008: Transmit Mode: HDMI [ 731.029997][T10809] vivid-008: Display Present: true inactive [ 731.035983][T10809] vivid-008: Hotplug Present: 0x00000001 [ 731.041768][T10809] vivid-008: RxSense Present: 0x00000001 [ 731.047870][T10809] vivid-008: EDID Present: 0x00000001 [ 731.053312][T10809] vivid-008: ================== END STATUS ================== [ 735.253561][T10825] FAULT_INJECTION: forcing a failure. [ 735.253561][T10825] name failslab, interval 1, probability 0, space 0, times 1 [ 735.278163][T10825] CPU: 1 PID: 10825 Comm: syz.0.1545 Not tainted 5.15.189-syzkaller #0 [ 735.286444][T10825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 735.296605][T10825] Call Trace: [ 735.298565][T10829] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 735.299887][T10825] [ 735.306393][T10829] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 735.309299][T10825] dump_stack_lvl+0x168/0x230 [ 735.321575][T10825] ? show_regs_print_info+0x20/0x20 [ 735.326781][T10825] ? load_image+0x3b0/0x3b0 [ 735.331308][T10825] ? __might_sleep+0xf0/0xf0 [ 735.335905][T10825] ? __lock_acquire+0x7c60/0x7c60 [ 735.340943][T10825] should_fail+0x38c/0x4c0 [ 735.345373][T10825] should_failslab+0x5/0x20 [ 735.349883][T10825] slab_pre_alloc_hook+0x51/0xc0 [ 735.354831][T10825] kmem_cache_alloc_trace+0x47/0x2a0 [ 735.360125][T10825] ? snd_pcm_oss_change_params_locked+0x1ab/0x3e00 [ 735.366639][T10825] snd_pcm_oss_change_params_locked+0x1ab/0x3e00 [ 735.372982][T10825] ? rcu_lock_release+0x20/0x20 [ 735.377849][T10825] ? snd_pcm_oss_write+0x283/0x1120 [ 735.383052][T10825] ? snd_pcm_oss_write+0x283/0x1120 [ 735.388251][T10825] ? __mutex_lock_common+0x431/0x2390 [ 735.393643][T10825] ? rcu_lock_release+0x5/0x20 [ 735.396809][T10829] vhci_hcd vhci_hcd.0: Device attached [ 735.398413][T10825] ? snd_pcm_oss_read2+0x3c0/0x3c0 [ 735.398451][T10825] snd_pcm_oss_write+0x2ef/0x1120 [ 735.413999][T10825] ? snd_pcm_oss_read+0x8b0/0x8b0 [ 735.419033][T10825] ? end_current_label_crit_section+0x14b/0x170 [ 735.425288][T10825] ? common_file_perm+0x171/0x1c0 [ 735.430326][T10825] ? fsnotify_perm+0x5d/0x560 [ 735.435011][T10825] ? security_file_permission+0x75/0xa0 [ 735.440567][T10825] do_iter_write+0x3e4/0x7b0 [ 735.445164][T10825] do_writev+0x254/0x410 [ 735.449409][T10825] ? do_readv+0x3e0/0x3e0 [ 735.453743][T10825] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 735.459718][T10825] ? lock_chain_count+0x20/0x20 [ 735.464558][T10825] ? vtime_user_exit+0x2dc/0x400 [ 735.469486][T10825] ? lockdep_hardirqs_on+0x94/0x140 [ 735.474671][T10825] do_syscall_64+0x4c/0xa0 [ 735.479072][T10825] ? clear_bhb_loop+0x30/0x80 [ 735.483735][T10825] ? clear_bhb_loop+0x30/0x80 [ 735.488393][T10825] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 735.494281][T10825] RIP: 0033:0x7f7644462b69 [ 735.498680][T10825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.518283][T10825] RSP: 002b:00007f76422ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 735.526685][T10825] RAX: ffffffffffffffda RBX: 00007f7644689fa0 RCX: 00007f7644462b69 [ 735.534642][T10825] RDX: 0000000000000003 RSI: 0000200000000000 RDI: 0000000000000003 [ 735.542599][T10825] RBP: 00007f76422ca090 R08: 0000000000000000 R09: 0000000000000000 [ 735.550555][T10825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 735.558507][T10825] R13: 0000000000000000 R14: 00007f7644689fa0 R15: 00007ffc3ab9b578 [ 735.566483][T10825] [ 735.926673][ T4782] usb 38-1: SetAddress Request (2) to port 0 [ 735.933236][ T4782] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 736.001108][T10853] sch_tbf: peakrate 2 is lower than or equals to rate 2 ! [ 736.578453][ T9629] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 736.693242][T10852] loop0: detected capacity change from 0 to 32768 [ 736.816609][ T9629] usb 3-1: Using ep0 maxpacket: 32 [ 736.829384][T10863] vivid-008: ================= START STATUS ================= [ 736.837159][T10863] vivid-008: Enable Output Cropping: true [ 736.843042][T10863] vivid-008: Enable Output Composing: true [ 736.849075][T10863] vivid-008: Enable Output Scaler: true [ 736.854710][T10863] vivid-008: Tx RGB Quantization Range: Automatic [ 736.861333][T10863] vivid-008: Transmit Mode: HDMI [ 736.866426][T10863] vivid-008: Display Present: true inactive [ 736.872674][T10863] vivid-008: Hotplug Present: 0x00000001 [ 736.878548][T10863] vivid-008: RxSense Present: 0x00000001 [ 736.878646][T10863] vivid-008: EDID Present: 0x00000001 [ 736.878705][T10863] vivid-008: ================== END STATUS ================== [ 737.151187][T10852] XFS (loop0): Mounting V5 Filesystem [ 737.284438][T10852] XFS (loop0): Internal error !uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid) at line 261 of file fs/xfs/xfs_log_recover.c. Caller xlog_header_check_mount+0x87/0xd0 [ 737.301748][T10852] CPU: 1 PID: 10852 Comm: syz.0.1553 Not tainted 5.15.189-syzkaller #0 [ 737.310003][T10852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 737.320064][T10852] Call Trace: [ 737.323361][T10852] [ 737.326292][T10852] dump_stack_lvl+0x168/0x230 [ 737.330986][T10852] ? show_regs_print_info+0x20/0x20 [ 737.336198][T10852] ? lockdep_hardirqs_on+0x94/0x140 [ 737.341415][T10852] xfs_corruption_error+0x117/0x170 [ 737.346632][T10852] ? xlog_header_check_mount+0x87/0xd0 [ 737.352099][T10852] xlog_header_check_mount+0xb6/0xd0 [ 737.357390][T10852] ? xlog_header_check_mount+0x87/0xd0 [ 737.362853][T10852] xlog_find_verify_log_record+0x328/0x550 [ 737.368847][T10852] xlog_find_zeroed+0x379/0x460 [ 737.373716][T10852] xlog_find_head+0x60/0x780 [ 737.378401][T10852] ? _raw_spin_unlock_irqrestore+0xa5/0x100 [ 737.384304][T10852] xlog_find_tail+0x3e/0x9f0 [ 737.388916][T10852] ? try_to_wake_up+0x701/0x1050 [ 737.393885][T10852] xlog_recover+0x48/0x420 [ 737.398312][T10852] xfs_log_mount+0x393/0x6b0 [ 737.402923][T10852] xfs_mountfs+0xb27/0x1b10 [ 737.407526][T10852] ? xfs_default_resblks+0x70/0x70 [ 737.412658][T10852] ? rcu_is_watching+0x11/0xa0 [ 737.417579][T10852] ? trace_xfs_inode_timestamp_range+0x84/0x1d0 [ 737.423849][T10852] xfs_fs_fill_super+0x11a4/0x13f0 [ 737.428990][T10852] get_tree_bdev+0x3f1/0x610 [ 737.433678][T10852] ? xfs_fs_warn_deprecated+0x190/0x190 [ 737.439233][T10852] vfs_get_tree+0x88/0x270 [ 737.443659][T10852] do_new_mount+0x24a/0xa40 [ 737.448172][T10852] __se_sys_mount+0x2d6/0x3c0 [ 737.452866][T10852] ? __x64_sys_mount+0xc0/0xc0 [ 737.457649][T10852] ? lockdep_hardirqs_on+0x94/0x140 [ 737.462857][T10852] ? __x64_sys_mount+0x1c/0xc0 [ 737.467630][T10852] do_syscall_64+0x4c/0xa0 [ 737.472054][T10852] ? clear_bhb_loop+0x30/0x80 [ 737.476734][T10852] ? clear_bhb_loop+0x30/0x80 [ 737.481417][T10852] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 737.487400][T10852] RIP: 0033:0x7f764446430a [ 737.491829][T10852] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.511441][T10852] RSP: 002b:00007f76422c9e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 737.519875][T10852] RAX: ffffffffffffffda RBX: 00007f76422c9ef0 RCX: 00007f764446430a [ 737.527851][T10852] RDX: 0000200000009600 RSI: 0000200000000000 RDI: 00007f76422c9eb0 [ 737.535828][T10852] RBP: 0000200000009600 R08: 00007f76422c9ef0 R09: 0000000000a00c40 [ 737.543822][T10852] R10: 0000000000a00c40 R11: 0000000000000246 R12: 0000200000000000 [ 737.551814][T10852] R13: 00007f76422c9eb0 R14: 00000000000096b9 R15: 0000200000000040 [ 737.559813][T10852] [ 737.563740][T10852] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 737.571570][T10852] XFS (loop0): log has mismatched uuid - can't recover [ 737.579541][T10852] XFS (loop0): empty log check failed [ 737.584998][T10852] XFS (loop0): log mount/recovery failed: error -117 [ 737.620555][T10831] loop4: detected capacity change from 0 to 32768 [ 737.638236][T10831] capability: warning: `syz.4.1548' uses deprecated v2 capabilities in a way that may be insecure [ 737.686910][ T9629] usb 3-1: config 1 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 127, changing to 10 [ 737.703854][ T9629] usb 3-1: config 1 interface 0 altsetting 13 endpoint 0x2 has an invalid bInterval 88, changing to 10 [ 737.715326][ T9629] usb 3-1: config 1 interface 0 has no altsetting 0 [ 737.747488][T10852] XFS (loop0): log mount failed [ 737.916716][ T9629] usb 3-1: New USB device found, idVendor=0925, idProduct=0005, bcdDevice= 0.40 [ 737.956391][ T9629] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.026569][ T9629] usb 3-1: Product: syz [ 738.030831][ T9629] usb 3-1: Manufacturer: syz [ 738.079376][T10888] process 'syz.3.1558' launched '/dev/fd/4' with NULL argv: empty string added [ 738.090129][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1553'. [ 738.114156][ T9629] usb 3-1: SerialNumber: syz [ 738.119040][T10889] loop6: detected capacity change from 0 to 524287999 [ 738.239837][T10885] loop1: detected capacity change from 0 to 4096 [ 738.306219][T10830] vhci_hcd: connection reset by peer [ 738.366929][ T156] vhci_hcd: stop threads [ 738.371223][ T156] vhci_hcd: release socket [ 738.434600][ T156] vhci_hcd: disconnect device [ 738.456717][ T9629] usb 3-1: can't set config #1, error -71 [ 738.465952][ T9629] usb 3-1: USB disconnect, device number 13 [ 738.518110][T10894] vivid-008: ================= START STATUS ================= [ 738.526087][T10894] vivid-008: Enable Output Cropping: true [ 738.531917][T10894] vivid-008: Enable Output Composing: true [ 738.537748][T10894] vivid-008: Enable Output Scaler: true [ 738.543285][T10894] vivid-008: Tx RGB Quantization Range: Automatic [ 738.550103][T10894] vivid-008: Transmit Mode: HDMI [ 738.555301][T10894] vivid-008: Display Present: true inactive [ 738.561402][T10894] vivid-008: Hotplug Present: 0x00000001 [ 738.567189][T10894] vivid-008: RxSense Present: 0x00000001 [ 738.572820][T10894] vivid-008: EDID Present: 0x00000001 [ 738.578641][T10894] vivid-008: ================== END STATUS ================== [ 738.767796][ C0] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 738.826759][ C0] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 738.838501][ C0] Buffer I/O error on dev loop6, logical block 65535968, async page read [ 739.206702][ T4228] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 739.466644][ T4228] usb 1-1: Using ep0 maxpacket: 8 [ 739.626844][ T4228] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 739.691241][T10911] loop3: detected capacity change from 0 to 8192 [ 739.746421][T10914] loop1: detected capacity change from 0 to 256 [ 739.841681][T10896] loop2: detected capacity change from 0 to 32768 [ 739.861921][ T4228] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 739.871459][ T4228] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 739.885097][ T4228] usb 1-1: Product: syz [ 739.890406][ T4228] usb 1-1: Manufacturer: syz [ 739.895003][ T4228] usb 1-1: SerialNumber: syz [ 739.940494][T10911] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 739.987561][T10914] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3ec, utbl_chksum : 0xe619d30d) [ 740.039582][T10911] REISERFS (device loop3): using ordered data mode [ 740.074046][T10911] reiserfs: using flush barriers [ 740.106586][T10911] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 740.158131][T10911] REISERFS (device loop3): checking transaction log (loop3) [ 740.195056][T10911] REISERFS (device loop3): Using r5 hash to sort names [ 740.206456][T10911] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 740.235328][T10896] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 740.244734][ T4228] usb 1-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 740.251929][T10919] loop4: detected capacity change from 0 to 128 [ 740.254746][ T4228] usb 1-1: Handspring Visor / Palm OS: Number of ports: 1 [ 740.276899][T10896] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 740.294036][T10896] BTRFS info (device loop2): turning off barriers [ 740.398416][T10896] BTRFS info (device loop2): doing ref verification [ 740.436812][T10911] 9pnet: Insufficient options for proto=fd [ 740.456738][ T4228] visor 1-1:1.0: Handspring Visor / Palm OS converter detected [ 740.479749][ T4228] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 740.501675][T10896] BTRFS info (device loop2): enabling ssd optimizations [ 740.515716][T10896] BTRFS info (device loop2): max_inline at 898 [ 740.582664][T10896] BTRFS info (device loop2): using free space tree [ 740.941054][T10896] BTRFS info (device loop2): has skinny extents [ 740.993988][ T5578] usb 1-1: USB disconnect, device number 31 [ 741.063425][ T5578] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 741.198060][T10896] BTRFS info (device loop2): checking UUID tree [ 741.211287][ T5578] visor 1-1:1.0: device disconnected [ 741.572526][ T144] BTRFS info (device loop2): space_info 5 has 1966080 free, is not full [ 741.581191][ T144] BTRFS info (device loop2): space_info total=3276800, used=53248, pinned=0, reserved=16384, may_use=1241088, readonly=0 zone_unusable=0 [ 741.595810][ T144] BTRFS info (device loop2): global_block_rsv: size 851968 reserved 851968 [ 741.604916][ T144] BTRFS info (device loop2): trans_block_rsv: size 0 reserved 0 [ 741.612646][ T144] BTRFS info (device loop2): chunk_block_rsv: size 0 reserved 0 [ 741.616703][ T4782] usb 38-1: device descriptor read/8, error -110 [ 741.620440][ T144] BTRFS info (device loop2): delayed_block_rsv: size 0 reserved 0 [ 741.634618][ T144] BTRFS info (device loop2): delayed_refs_rsv: size 524288 reserved 389120 [ 741.863568][T10914] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1564'. [ 742.004907][T10955] vivid-008: ================= START STATUS ================= [ 742.016529][ T4867] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 742.044486][T10955] vivid-008: Enable Output Cropping: true [ 742.072576][T10955] vivid-008: Enable Output Composing: true [ 742.076939][ T4782] usb usb38-port1: Cannot enable. Maybe the USB cable is bad? [ 742.123002][T10955] vivid-008: Enable Output Scaler: true [ 742.139346][T10955] vivid-008: Tx RGB Quantization Range: Automatic [ 742.184798][T10955] vivid-008: Transmit Mode: HDMI [ 742.225877][T10955] vivid-008: Display Present: true inactive [ 742.245661][T10955] vivid-008: Hotplug Present: 0x00000001 [ 742.286673][ T4867] usb 1-1: Using ep0 maxpacket: 32 [ 742.306095][T10955] vivid-008: RxSense Present: 0x00000001 [ 742.310167][ T4782] usb usb38-port1: attempt power cycle [ 742.326395][T10955] vivid-008: EDID Present: 0x00000001 [ 742.345765][T10955] vivid-008: ================== END STATUS ================== [ 742.411386][ T4867] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 742.426538][ T4867] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 742.476721][ T1108] usb 4-1: new low-speed USB device number 30 using dummy_hcd [ 742.631671][ T4867] usb 1-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0 [ 742.679774][ T4867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 742.696540][ T4867] usb 1-1: Product: syz [ 742.700742][ T4867] usb 1-1: Manufacturer: syz [ 742.705346][ T4867] usb 1-1: SerialNumber: syz [ 742.731684][ T4782] usb usb38-port1: Cannot enable. Maybe the USB cable is bad? [ 742.735952][ T4867] usb 1-1: config 0 descriptor?? [ 742.801344][T10960] loop4: detected capacity change from 0 to 128 [ 742.819653][ T4867] qmi_wwan 1-1:0.0: bogus CDC Union: master=101, slave=0 [ 742.835245][ T4867] qmi_wwan: probe of 1-1:0.0 failed with error -22 [ 742.856998][ T1108] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 742.869723][ T1108] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 742.882045][ T1108] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 742.907295][ T1108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.036701][ T4782] usb usb38-port1: Cannot enable. Maybe the USB cable is bad? [ 743.042614][ T4867] usb 1-1: USB disconnect, device number 32 [ 743.625784][ T1108] usb 4-1: config 0 descriptor?? [ 743.631046][ T4782] usb usb38-port1: unable to enumerate USB device [ 743.932059][T10973] loop2: detected capacity change from 0 to 128 [ 744.064326][T10973] FAULT_INJECTION: forcing a failure. [ 744.064326][T10973] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 744.077503][T10973] CPU: 1 PID: 10973 Comm: syz.2.1570 Not tainted 5.15.189-syzkaller #0 [ 744.085746][T10973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 744.095804][T10973] Call Trace: [ 744.099089][T10973] [ 744.102016][T10973] dump_stack_lvl+0x168/0x230 [ 744.106706][T10973] ? show_regs_print_info+0x20/0x20 [ 744.111904][T10973] ? load_image+0x3b0/0x3b0 [ 744.116415][T10973] ? __lock_acquire+0x7c60/0x7c60 [ 744.121571][T10973] should_fail+0x38c/0x4c0 [ 744.125997][T10973] _copy_from_iter+0x22a/0x1150 [ 744.130859][T10973] ? __lock_acquire+0x7c60/0x7c60 [ 744.134117][ T1108] steelseries_srws1 0003:1038:1410.0005: unbalanced delimiter at end of report description [ 744.135892][T10973] ? copy_mc_pipe_to_iter+0x7d0/0x7d0 [ 744.135923][T10973] ? __virt_addr_valid+0x3c6/0x470 [ 744.156323][T10973] ? __phys_addr+0xb6/0x170 [ 744.160835][T10973] ? __phys_addr_symbol+0x2b/0x70 [ 744.165861][T10973] ? __check_object_size+0x30c/0x410 [ 744.171157][T10973] netlink_sendmsg+0x749/0xbc0 [ 744.175934][T10973] ? netlink_getsockopt+0x560/0x560 [ 744.181210][T10973] ? aa_sock_msg_perm+0x94/0x150 [ 744.186154][T10973] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 744.191441][T10973] ? security_socket_sendmsg+0x7c/0xa0 [ 744.196934][T10973] ? netlink_getsockopt+0x560/0x560 [ 744.202140][T10973] ____sys_sendmsg+0x5a2/0x8c0 [ 744.206913][T10973] ? memset+0x1e/0x40 [ 744.210989][T10973] ? __sys_sendmsg_sock+0x30/0x30 [ 744.216026][T10973] ? import_iovec+0x6f/0xa0 [ 744.220546][T10973] ___sys_sendmsg+0x1f0/0x260 [ 744.225238][T10973] ? __sys_sendmsg+0x250/0x250 [ 744.230031][T10973] ? __fdget+0x18b/0x210 [ 744.234276][T10973] __se_sys_sendmsg+0x190/0x250 [ 744.239131][T10973] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 744.244768][T10973] ? __x64_sys_sendmsg+0x80/0x80 [ 744.249719][T10973] ? syscall_enter_from_user_mode+0x2a/0x70 [ 744.255621][T10973] do_syscall_64+0x4c/0xa0 [ 744.260043][T10973] ? clear_bhb_loop+0x30/0x80 [ 744.264717][T10973] ? clear_bhb_loop+0x30/0x80 [ 744.269392][T10973] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 744.275295][T10973] RIP: 0033:0x7fdc810c6b69 [ 744.279713][T10973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 744.299318][T10973] RSP: 002b:00007fdc7ef0d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 744.307736][T10973] RAX: ffffffffffffffda RBX: 00007fdc812ee080 RCX: 00007fdc810c6b69 [ 744.315714][T10973] RDX: 0000000000000030 RSI: 0000200000000140 RDI: 0000000000000009 [ 744.323693][T10973] RBP: 00007fdc7ef0d090 R08: 0000000000000000 R09: 0000000000000000 [ 744.331748][T10973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 744.339718][T10973] R13: 0000000000000000 R14: 00007fdc812ee080 R15: 00007ffe4ba0bc48 [ 744.347704][T10973] [ 744.350925][ C1] vkms_vblank_simulate: vblank timer overrun [ 744.689216][T10953] udc-core: couldn't find an available UDC or it's busy [ 744.696191][T10953] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 744.704504][ T1108] steelseries_srws1 0003:1038:1410.0005: parse failed [ 744.712731][ T1108] steelseries_srws1: probe of 0003:1038:1410.0005 failed with error -22 [ 744.777529][ T1108] usb 4-1: USB disconnect, device number 30 [ 744.824735][T10978] loop6: detected capacity change from 0 to 524287999 [ 745.426847][ T5578] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 745.661155][ C1] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 745.706776][ C1] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 745.718456][ C1] Buffer I/O error on dev loop6, logical block 65535968, async page read [ 745.729881][T10991] loop4: detected capacity change from 0 to 1024 [ 745.775171][ C1] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 745.786839][ C1] Buffer I/O error on dev loop6, logical block 65535968, async page read [ 745.849606][T10993] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 745.906837][ T5578] usb 1-1: config index 0 descriptor too short (expected 1051, got 27) [ 745.915132][ T5578] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 745.946782][ T5578] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 745.966448][ T5578] usb 1-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 149 [ 746.155689][ T6671] hfsplus: b-tree write err: -5, ino 4 [ 746.937048][T10996] loop3: detected capacity change from 0 to 32768 [ 747.071770][T10996] JBD2: Ignoring recovery information on journal [ 747.084245][T10996] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 747.094243][T10996] JBD2: bad block at offset 32 [ 747.141764][T10996] (syz.3.1581,10996,0):ocfs2_load_local_alloc:311 ERROR: Invalid local alloc inode, 75 [ 747.154981][T10996] (syz.3.1581,10996,0):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 747.163475][T10996] (syz.3.1581,10996,0):ocfs2_check_volume:2465 ERROR: status = -22 [ 747.171531][T10996] (syz.3.1581,10996,0):ocfs2_check_volume:2493 ERROR: status = -22 [ 747.179503][T10996] (syz.3.1581,10996,0):ocfs2_mount_volume:1824 ERROR: status = -22 [ 747.188531][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.199489][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.247739][T10996] (syz.3.1581,10996,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 747.554975][ T5578] usb 1-1: config 0 interface 0 has no altsetting 0 [ 747.674485][T11004] vivid-008: ================= START STATUS ================= [ 747.682439][T11004] vivid-008: Enable Output Cropping: true [ 747.688729][T11004] vivid-008: Enable Output Composing: true [ 747.694736][T11004] vivid-008: Enable Output Scaler: true [ 747.700873][T11004] vivid-008: Tx RGB Quantization Range: Automatic [ 747.707458][T11004] vivid-008: Transmit Mode: HDMI [ 747.712513][T11004] vivid-008: Display Present: true inactive [ 747.718592][T11004] vivid-008: Hotplug Present: 0x00000001 [ 747.740068][T11004] vivid-008: RxSense Present: 0x00000001 [ 747.745976][T11004] vivid-008: EDID Present: 0x00000001 [ 747.751701][T11004] vivid-008: ================== END STATUS ================== [ 747.759784][ T5578] usb 1-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=d9.c3 [ 748.415459][ T5578] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 748.516702][ T5578] usb 1-1: Product: syz [ 748.520913][ T5578] usb 1-1: Manufacturer: syz [ 748.525506][ T5578] usb 1-1: SerialNumber: syz [ 748.619423][T11011] loop4: detected capacity change from 0 to 16 [ 748.637783][ T5578] usb 1-1: config 0 descriptor?? [ 748.683288][T11011] erofs: (device loop4): mounted with root inode @ nid 36. [ 748.701658][ T5578] usb 1-1: can't set config #0, error -71 [ 748.737088][ T5578] usb 1-1: USB disconnect, device number 33 [ 748.913854][T11011] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress 1929 in[58, 4038] out[2639] [ 749.036666][T11011] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117] [ 749.162639][T11007] loop3: detected capacity change from 0 to 32768 [ 749.175286][T11017] MPTCP: kernel_bind error, err=-22 [ 749.242712][T11007] JBD2: Ignoring recovery information on journal [ 749.274083][T11007] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 749.347078][T11007] JBD2: bad block at offset 32 [ 749.379637][T11021] vivid-008: ================= START STATUS ================= [ 749.387477][T11021] vivid-008: Enable Output Cropping: true [ 749.393360][T11021] vivid-008: Enable Output Composing: true [ 749.399384][T11021] vivid-008: Enable Output Scaler: true [ 749.405055][T11021] vivid-008: Tx RGB Quantization Range: Automatic [ 749.411644][T11021] vivid-008: Transmit Mode: HDMI [ 749.416753][T11021] vivid-008: Display Present: true inactive [ 749.422829][T11021] vivid-008: Hotplug Present: 0x00000001 [ 749.428577][T11021] vivid-008: RxSense Present: 0x00000001 [ 749.450297][T11021] vivid-008: EDID Present: 0x00000001 [ 749.455811][T11021] vivid-008: ================== END STATUS ================== [ 750.219512][T11007] (syz.3.1584,11007,0):ocfs2_load_local_alloc:311 ERROR: Invalid local alloc inode, 75 [ 750.259369][T11007] (syz.3.1584,11007,0):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 750.268682][T11007] (syz.3.1584,11007,0):ocfs2_check_volume:2465 ERROR: status = -22 [ 750.279063][T11007] (syz.3.1584,11007,0):ocfs2_check_volume:2493 ERROR: status = -22 [ 750.289466][T11007] (syz.3.1584,11007,0):ocfs2_mount_volume:1824 ERROR: status = -22 [ 750.325808][T11007] (syz.3.1584,11007,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 750.429187][T11010] loop0: detected capacity change from 0 to 32768 [ 752.059675][T11030] vivid-008: ================= START STATUS ================= [ 752.089945][T11034] loop1: detected capacity change from 0 to 8192 [ 752.222446][T11030] vivid-008: Enable Output Cropping: true [ 752.248621][T11046] 9p: Unknown Cache mode readahead [ 752.279556][T11030] vivid-008: Enable Output Composing: true [ 752.285535][T11030] vivid-008: Enable Output Scaler: true [ 752.328480][T11034] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 752.372169][T11034] REISERFS (device loop1): using ordered data mode [ 752.427271][T11030] vivid-008: Tx RGB Quantization Range: Automatic [ 752.433741][T11030] vivid-008: Transmit Mode: HDMI [ 752.436703][T11034] reiserfs: using flush barriers [ 752.464091][T11034] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 752.474217][T11030] vivid-008: Display Present: true inactive [ 752.526854][T11030] vivid-008: Hotplug Present: 0x00000001 [ 752.532551][T11030] vivid-008: RxSense Present: 0x00000001 [ 752.576594][T11030] vivid-008: EDID Present: 0x00000001 [ 752.602462][T11030] vivid-008: ================== END STATUS ================== [ 752.708887][T11056] usb usb8: usbfs: process 11056 (syz.4.1598) did not claim interface 0 before use [ 752.738118][T11034] REISERFS (device loop1): checking transaction log (loop1) [ 752.779023][T11034] REISERFS (device loop1): Using r5 hash to sort names [ 752.853617][T11034] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 752.866568][ T1333] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 752.914410][T11063] loop4: detected capacity change from 0 to 256 [ 753.139933][ T1333] usb 4-1: Using ep0 maxpacket: 32 [ 753.391944][T11063] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 753.456734][ T1333] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 753.484204][ T1333] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.524717][ T1333] usb 4-1: config 0 descriptor?? [ 753.608653][ T1333] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 753.761805][T11072] vivid-008: ================= START STATUS ================= [ 753.769678][T11072] vivid-008: Enable Output Cropping: true [ 753.775534][T11072] vivid-008: Enable Output Composing: true [ 753.782151][T11072] vivid-008: Enable Output Scaler: true [ 753.788160][T11072] vivid-008: Tx RGB Quantization Range: Automatic [ 753.794706][T11072] vivid-008: Transmit Mode: HDMI [ 753.799910][T11072] vivid-008: Display Present: true inactive [ 753.806018][T11072] vivid-008: Hotplug Present: 0x00000001 [ 753.850069][T11072] vivid-008: RxSense Present: 0x00000001 [ 753.856072][T11072] vivid-008: EDID Present: 0x00000001 [ 753.861799][T11072] vivid-008: ================== END STATUS ================== [ 754.549479][T11071] loop4: detected capacity change from 0 to 2364 [ 754.810960][T11081] x_tables: duplicate underflow at hook 4 [ 754.924156][T11084] vivid-008: ================= START STATUS ================= [ 754.932061][T11084] vivid-008: Enable Output Cropping: true [ 754.938535][T11084] vivid-008: Enable Output Composing: true [ 754.950126][T11084] vivid-008: Enable Output Scaler: true [ 754.955776][T11084] vivid-008: Tx RGB Quantization Range: Automatic [ 754.962467][T11084] vivid-008: Transmit Mode: HDMI [ 754.969687][T11084] vivid-008: Display Present: true inactive [ 754.995429][T11084] vivid-008: Hotplug Present: 0x00000001 [ 755.001426][T11084] vivid-008: RxSense Present: 0x00000001 [ 755.007856][T11084] vivid-008: EDID Present: 0x00000001 [ 755.013523][T11084] vivid-008: ================== END STATUS ================== [ 755.126574][ T1108] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 755.337075][ T1333] gspca_vc032x: reg_w err -71 [ 755.342153][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.410199][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.504695][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.582008][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.662920][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.742773][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.769733][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.775057][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.798810][T11092] loop1: detected capacity change from 0 to 1024 [ 755.816035][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.851994][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.869953][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.875274][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.921620][ T1108] usb 5-1: Using ep0 maxpacket: 32 [ 755.924137][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.934066][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.939047][T11092] hfsplus: trying to free free bnode 0(1) [ 755.940837][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.954352][T11098] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 755.966713][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.972120][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.978054][ T1333] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.983416][ T1333] gspca_vc032x: Unknown sensor... [ 756.028379][ T1333] vc032x: probe of 4-1:0.0 failed with error -22 [ 756.052327][ T1333] usb 4-1: USB disconnect, device number 31 [ 756.062679][T11105] netlink: 'syz.0.1607': attribute type 12 has an invalid length. [ 756.092584][T11102] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1608'. [ 756.105203][T11105] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 756.131766][T11106] loop0: detected capacity change from 0 to 512 [ 756.133027][T11105] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1607'. [ 756.149532][ T144] hfsplus: b-tree write err: -5, ino 4 [ 756.176395][T11105] netlink: 51 bytes leftover after parsing attributes in process `syz.0.1607'. [ 756.187486][T11104] netlink: 'syz.3.1609': attribute type 4 has an invalid length. [ 756.195251][T11104] netlink: 'syz.3.1609': attribute type 1 has an invalid length. [ 756.227354][T11104] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.1609'. [ 756.251802][T11106] EXT4-fs (loop0): Ignoring removed nobh option [ 756.265417][ T1108] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 756.304735][ T1108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.319748][ T1108] usb 5-1: Product: syz [ 756.336343][ T1108] usb 5-1: Manufacturer: syz [ 756.365372][T11106] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.1607: iget: bad i_size value: 38620345925642 [ 756.394366][T11106] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.1607: couldn't read orphan inode 15 (err -117) [ 756.416160][T11106] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 756.530473][ T1108] usb 5-1: SerialNumber: syz [ 756.536997][ T1108] usb 5-1: config 0 descriptor?? [ 756.648884][T11126] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1612'. [ 756.658978][T11126] openvswitch: netlink: ct_state flags 00030000 unsupported [ 757.237622][T11081] udc-core: couldn't find an available UDC or it's busy [ 757.244601][T11081] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 757.307275][T11131] fuse: Unknown parameter 'fd0x0000000000000003' [ 757.336779][ T1108] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 757.354465][ T1108] peak_usb 5-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 757.428896][ T1108] peak_usb: probe of 5-1:0.0 failed with error -71 [ 757.500901][T11132] Zero length message leads to an empty skb [ 758.164923][ T1108] usb 5-1: USB disconnect, device number 29 [ 758.254326][T11135] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1618'. [ 758.330811][T11139] fuse: Unknown parameter 'rooKm/de' [ 758.356262][T11142] vivid-008: ================= START STATUS ================= [ 758.364137][T11142] vivid-008: Enable Output Cropping: true [ 758.370485][T11142] vivid-008: Enable Output Composing: true [ 758.376423][T11142] vivid-008: Enable Output Scaler: true [ 758.382207][T11142] vivid-008: Tx RGB Quantization Range: Automatic [ 758.389259][T11142] vivid-008: Transmit Mode: HDMI [ 758.394629][T11142] vivid-008: Display Present: true inactive [ 758.400852][T11142] vivid-008: Hotplug Present: 0x00000001 [ 758.423293][T11142] vivid-008: RxSense Present: 0x00000001 [ 758.429185][T11142] vivid-008: EDID Present: 0x00000001 [ 758.434691][T11142] vivid-008: ================== END STATUS ================== [ 758.485359][T11145] loop6: detected capacity change from 0 to 524287999 [ 759.663898][T11153] loop1: detected capacity change from 0 to 128 [ 759.732186][T11159] loop3: detected capacity change from 0 to 2048 [ 759.949325][T11155] loop4: detected capacity change from 0 to 32768 [ 760.035386][T11159] UDF-fs: warning (device loop3): udf_fill_super: No fileset found [ 760.066442][T11153] attempt to access beyond end of device [ 760.066442][T11153] loop1: rw=0, want=6491538, limit=128 [ 760.080281][T11157] loop2: detected capacity change from 0 to 32768 [ 760.108436][T11153] Buffer I/O error on dev loop1, logical block 3245768, async page read [ 760.117020][T11155] XFS (loop4): Mounting V5 Filesystem [ 760.289113][T11157] JBD2: Ignoring recovery information on journal [ 760.297132][T11157] jbd2_journal_bmap: journal block not found at offset 32 on loop2-75 [ 760.305551][T11157] JBD2: bad block at offset 32 [ 760.369379][T11181] FAULT_INJECTION: forcing a failure. [ 760.369379][T11181] name failslab, interval 1, probability 0, space 0, times 0 [ 760.382149][T11181] CPU: 0 PID: 11181 Comm: syz.0.1627 Not tainted 5.15.189-syzkaller #0 [ 760.390396][T11181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 760.400449][T11181] Call Trace: [ 760.403736][T11181] [ 760.406663][T11181] dump_stack_lvl+0x168/0x230 [ 760.411367][T11181] ? show_regs_print_info+0x20/0x20 [ 760.416561][T11181] ? load_image+0x3b0/0x3b0 [ 760.421062][T11181] ? __might_sleep+0xf0/0xf0 [ 760.425650][T11181] ? __lock_acquire+0x7c60/0x7c60 [ 760.430670][T11181] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 760.436661][T11181] should_fail+0x38c/0x4c0 [ 760.441099][T11181] should_failslab+0x5/0x20 [ 760.445602][T11181] slab_pre_alloc_hook+0x51/0xc0 [ 760.450536][T11181] kmem_cache_alloc_node_trace+0x4a/0x300 [ 760.456268][T11181] ? __get_vm_area_node+0x119/0x2d0 [ 760.461477][T11181] __get_vm_area_node+0x119/0x2d0 [ 760.466518][T11181] __vmalloc_node_range+0xef/0x8b0 [ 760.471629][T11181] ? netlink_sendmsg+0x5dd/0xbc0 [ 760.476564][T11181] ? netlink_data_ready+0x10/0x10 [ 760.481593][T11181] ? netlink_sendmsg+0x5dd/0xbc0 [ 760.486618][T11181] vmalloc+0x75/0x80 [ 760.490647][T11181] ? netlink_sendmsg+0x5dd/0xbc0 [ 760.495696][T11181] netlink_sendmsg+0x5dd/0xbc0 [ 760.500477][T11181] ? netlink_getsockopt+0x560/0x560 [ 760.505680][T11181] ? aa_sock_msg_perm+0x94/0x150 [ 760.510625][T11181] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 760.515910][T11181] ? security_socket_sendmsg+0x7c/0xa0 [ 760.521369][T11181] ? netlink_getsockopt+0x560/0x560 [ 760.526664][T11181] ____sys_sendmsg+0x5a2/0x8c0 [ 760.531480][T11181] ? memset+0x1e/0x40 [ 760.535476][T11181] ? __sys_sendmsg_sock+0x30/0x30 [ 760.540597][T11181] ? import_iovec+0x6f/0xa0 [ 760.545102][T11181] ___sys_sendmsg+0x1f0/0x260 [ 760.549791][T11181] ? __sys_sendmsg+0x250/0x250 [ 760.554582][T11181] ? __fdget+0x18b/0x210 [ 760.558822][T11181] __se_sys_sendmsg+0x190/0x250 [ 760.563673][T11181] ? preempt_schedule_common+0xd0/0xd0 [ 760.569138][T11181] ? __x64_sys_sendmsg+0x80/0x80 [ 760.574072][T11181] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 760.580118][T11181] ? trace_sys_enter+0x1f/0x80 [ 760.584887][T11181] do_syscall_64+0x4c/0xa0 [ 760.589301][T11181] ? clear_bhb_loop+0x30/0x80 [ 760.594061][T11181] ? clear_bhb_loop+0x30/0x80 [ 760.598746][T11181] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 760.604638][T11181] RIP: 0033:0x7f7644462b69 [ 760.609049][T11181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.628741][T11181] RSP: 002b:00007f7642288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 760.629144][T11155] XFS (loop4): Internal error !uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid) at line 261 of file fs/xfs/xfs_log_recover.c. Caller xlog_header_check_mount+0x87/0xd0 [ 760.637201][T11181] RAX: ffffffffffffffda RBX: 00007f764468a160 RCX: 00007f7644462b69 [ 760.637220][T11181] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 760.637229][T11181] RBP: 00007f7642288090 R08: 0000000000000000 R09: 0000000000000000 [ 760.637238][T11181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 760.637247][T11181] R13: 0000000000000000 R14: 00007f764468a160 R15: 00007ffc3ab9b578 [ 760.637270][T11181] [ 760.638456][T11181] syz.0.1627: vmalloc error: size 4480, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null) [ 760.654501][T11155] CPU: 1 PID: 11155 Comm: syz.4.1623 Not tainted 5.15.189-syzkaller #0 [ 760.662107][T11181] ,cpuset= [ 760.670046][T11155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 760.670059][T11155] Call Trace: [ 760.670068][T11155] [ 760.670077][T11155] dump_stack_lvl+0x168/0x230 [ 760.678371][T11181] syz0 [ 760.686089][T11155] ? show_regs_print_info+0x20/0x20 [ 760.686113][T11155] ? kmem_cache_free+0x14c/0x210 [ 760.686141][T11155] xfs_corruption_error+0x117/0x170 [ 760.694464][T11181] ,mems_allowed=0-1 [ 760.697456][T11155] ? xlog_header_check_mount+0x87/0xd0 [ 760.697485][T11155] xlog_header_check_mount+0xb6/0xd0 [ 760.709114][T11181] [ 760.717309][T11155] ? xlog_header_check_mount+0x87/0xd0 [ 760.717332][T11155] xlog_find_verify_log_record+0x328/0x550 [ 760.787615][T11155] xlog_find_zeroed+0x379/0x460 [ 760.792471][T11155] xlog_find_head+0x60/0x780 [ 760.797052][T11155] ? _raw_spin_unlock_irqrestore+0xa5/0x100 [ 760.802943][T11155] xlog_find_tail+0x3e/0x9f0 [ 760.807527][T11155] ? try_to_wake_up+0x701/0x1050 [ 760.812459][T11155] xlog_recover+0x48/0x420 [ 760.816871][T11155] xfs_log_mount+0x393/0x6b0 [ 760.821460][T11155] xfs_mountfs+0xb27/0x1b10 [ 760.825965][T11155] ? xfs_default_resblks+0x70/0x70 [ 760.831075][T11155] ? rcu_is_watching+0x11/0xa0 [ 760.835829][T11155] ? trace_xfs_inode_timestamp_range+0x84/0x1d0 [ 760.842067][T11155] xfs_fs_fill_super+0x11a4/0x13f0 [ 760.847179][T11155] get_tree_bdev+0x3f1/0x610 [ 760.851773][T11155] ? xfs_fs_warn_deprecated+0x190/0x190 [ 760.857335][T11155] vfs_get_tree+0x88/0x270 [ 760.861855][T11155] do_new_mount+0x24a/0xa40 [ 760.866361][T11155] __se_sys_mount+0x2d6/0x3c0 [ 760.871314][T11155] ? __x64_sys_mount+0xc0/0xc0 [ 760.876249][T11155] ? lockdep_hardirqs_on+0x94/0x140 [ 760.881445][T11155] ? __x64_sys_mount+0x1c/0xc0 [ 760.886203][T11155] do_syscall_64+0x4c/0xa0 [ 760.890620][T11155] ? clear_bhb_loop+0x30/0x80 [ 760.895285][T11155] ? clear_bhb_loop+0x30/0x80 [ 760.899946][T11155] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 760.905829][T11155] RIP: 0033:0x7fb0d0afe30a [ 760.910233][T11155] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.929834][T11155] RSP: 002b:00007fb0ce963e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 760.938250][T11155] RAX: ffffffffffffffda RBX: 00007fb0ce963ef0 RCX: 00007fb0d0afe30a [ 760.946212][T11155] RDX: 0000200000009600 RSI: 0000200000000000 RDI: 00007fb0ce963eb0 [ 760.954174][T11155] RBP: 0000200000009600 R08: 00007fb0ce963ef0 R09: 0000000000a00c40 [ 760.962137][T11155] R10: 0000000000a00c40 R11: 0000000000000246 R12: 0000200000000000 [ 760.970220][T11155] R13: 00007fb0ce963eb0 R14: 00000000000096b9 R15: 0000200000000040 [ 760.978199][T11155] [ 760.981208][T11181] CPU: 0 PID: 11181 Comm: syz.0.1627 Not tainted 5.15.189-syzkaller #0 [ 760.983276][T11155] XFS (loop4): Corruption detected. Unmount and run xfs_repair [ 760.989543][T11181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 760.989555][T11181] Call Trace: [ 760.989562][T11181] [ 760.989569][T11181] dump_stack_lvl+0x168/0x230 [ 760.989591][T11181] ? rcu_lock_release+0x5/0x20 [ 760.997158][T11155] XFS (loop4): log has mismatched uuid - can't recover [ 761.007165][T11181] ? show_regs_print_info+0x20/0x20 [ 761.007187][T11181] ? load_image+0x3b0/0x3b0 [ 761.007213][T11181] warn_alloc+0x20e/0x2f0 [ 761.010702][T11155] XFS (loop4): empty log check failed [ 761.013428][T11181] ? zone_watermark_ok_safe+0x240/0x240 [ 761.018118][T11155] XFS (loop4): log mount/recovery failed: error -117 [ 761.022814][T11181] ? kmem_cache_alloc_node_trace+0x16c/0x300 [ 761.067153][T11181] ? __get_vm_area_node+0x119/0x2d0 [ 761.072375][T11181] __vmalloc_node_range+0x2b1/0x8b0 [ 761.077601][T11181] ? netlink_data_ready+0x10/0x10 [ 761.082653][T11181] ? netlink_sendmsg+0x5dd/0xbc0 [ 761.087607][T11181] vmalloc+0x75/0x80 [ 761.091519][T11181] ? netlink_sendmsg+0x5dd/0xbc0 [ 761.096471][T11181] netlink_sendmsg+0x5dd/0xbc0 [ 761.101257][T11181] ? netlink_getsockopt+0x560/0x560 [ 761.106488][T11181] ? aa_sock_msg_perm+0x94/0x150 [ 761.111437][T11181] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 761.116734][T11181] ? security_socket_sendmsg+0x7c/0xa0 [ 761.120090][T11157] (syz.2.1624,11157,1):ocfs2_load_local_alloc:311 ERROR: Invalid local alloc inode, 75 [ 761.122198][T11181] ? netlink_getsockopt+0x560/0x560 [ 761.122226][T11181] ____sys_sendmsg+0x5a2/0x8c0 [ 761.141797][T11181] ? memset+0x1e/0x40 [ 761.145794][T11181] ? __sys_sendmsg_sock+0x30/0x30 [ 761.146653][T11157] (syz.2.1624,11157,1):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 761.150854][T11181] ? import_iovec+0x6f/0xa0 [ 761.150884][T11181] ___sys_sendmsg+0x1f0/0x260 [ 761.150907][T11181] ? __sys_sendmsg+0x250/0x250 [ 761.150946][T11181] ? __fdget+0x18b/0x210 [ 761.150964][T11181] __se_sys_sendmsg+0x190/0x250 [ 761.150979][T11181] ? preempt_schedule_common+0xd0/0xd0 [ 761.150998][T11181] ? __x64_sys_sendmsg+0x80/0x80 [ 761.151012][T11181] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 761.151043][T11181] ? trace_sys_enter+0x1f/0x80 [ 761.151063][T11181] do_syscall_64+0x4c/0xa0 [ 761.151082][T11181] ? clear_bhb_loop+0x30/0x80 [ 761.151096][T11181] ? clear_bhb_loop+0x30/0x80 [ 761.151112][T11181] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 761.151132][T11181] RIP: 0033:0x7f7644462b69 [ 761.151150][T11181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.151165][T11181] RSP: 002b:00007f7642288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 761.151182][T11181] RAX: ffffffffffffffda RBX: 00007f764468a160 RCX: 00007f7644462b69 [ 761.151195][T11181] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 761.151206][T11181] RBP: 00007f7642288090 R08: 0000000000000000 R09: 0000000000000000 [ 761.151217][T11181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 761.151227][T11181] R13: 0000000000000000 R14: 00007f764468a160 R15: 00007ffc3ab9b578 [ 761.151251][T11181] [ 761.299388][T11181] Mem-Info: [ 761.302518][T11181] active_anon:508 inactive_anon:16555 isolated_anon:0 [ 761.302518][T11181] active_file:10223 inactive_file:36895 isolated_file:0 [ 761.302518][T11181] unevictable:768 dirty:265 writeback:0 [ 761.302518][T11181] slab_reclaimable:20871 slab_unreclaimable:95698 [ 761.302518][T11181] mapped:33121 shmem:12708 pagetables:742 bounce:0 [ 761.302518][T11181] kernel_misc_reclaimable:0 [ 761.302518][T11181] free:1368591 free_pcp:2424 free_cma:0 [ 761.306600][ T9623] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 761.344364][T11181] Node 0 active_anon:2000kB inactive_anon:65712kB active_file:40692kB inactive_file:147580kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132484kB dirty:1056kB writeback:0kB shmem:48756kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:12608kB pagetables:2968kB all_unreclaimable? no [ 761.344414][T11181] Node 1 active_anon:32kB inactive_anon:508kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no [ 761.344461][T11181] Node 0 DMA free:15328kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 761.344507][T11181] lowmem_reserve[]: 0 2541 2542 2542 [ 761.423790][T11157] (syz.2.1624,11157,0):ocfs2_check_volume:2465 ERROR: status = -22 [ 761.438508][T11181] 2542 [ 761.438529][T11181] Node 0 DMA32 free:1532096kB min:34800kB low:43500kB high:52200kB reserved_highatomic:0KB active_anon:2000kB inactive_anon:65612kB active_file:40992kB inactive_file:147380kB unevictable:1536kB writepending:1056kB present:3129332kB managed:2609004kB mlocked:0kB bounce:0kB free_pcp:9132kB local_pcp:2112kB free_cma:0kB [ 761.484310][T11181] lowmem_reserve[]: 0 0 0 0 0 [ 761.489074][T11181] Node 0 Normal free:12kB min:12kB low:12kB high:12kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:916kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB [ 761.501304][T11157] (syz.2.1624,11157,0):ocfs2_check_volume:2493 ERROR: status = -22 [ 761.515194][T11181] lowmem_reserve[]: 0 0 0 0 0 [ 761.515236][T11181] Node 1 Normal free:3926928kB min:55088kB low:68860kB high:82632kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:300kB local_pcp:0kB free_cma:0kB [ 761.515280][T11181] lowmem_reserve[]: 0 0 0 0 0 [ 761.515314][T11181] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB [ 761.556453][T11157] (syz.2.1624,11157,0):ocfs2_mount_volume:1824 ERROR: status = -22 [ 761.571878][T11181] 1*2048kB (M) 3*4096kB (M) = 15328kB [ 761.571921][T11181] Node 0 DMA32: 408*4kB (UE) 76*8kB (UM) 92*16kB (UE) 244*32kB (UM) 343*64kB (UME) 144*128kB (UME) 46*256kB (UME) 16*512kB (UM) 6*1024kB (UME) 6*2048kB (UME) 352*4096kB (M) = 1532096kB [ 761.603502][T11181] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 761.615850][T11181] Node 1 Normal: 172*4kB (UME) 48*8kB (UME) 28*16kB (UME) 193*32kB (UME) 74*64kB (UME) 28*128kB (UE) 9*256kB (UM) 6*512kB (U) 2*1024kB (UE) 2*2048kB (UM) 952*4096kB (M) = 3926928kB [ 761.633885][T11181] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 761.643466][T11181] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 761.652809][T11181] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 761.662394][T11181] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 761.671756][T11181] 59833 total pagecache pages [ 761.676453][T11181] 0 pages in swap cache [ 761.680662][T11181] Swap cache stats: add 0, delete 0, find 0/0 [ 761.686617][T11157] (syz.2.1624,11157,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 761.686775][T11181] Free swap = 124996kB [ 761.698649][T11181] Total swap = 124996kB [ 761.702817][T11181] 2097051 pages RAM [ 761.706722][T11181] 0 pages HighMem/MovableOnly [ 761.711775][T11181] 410813 pages reserved [ 761.715958][T11181] 0 pages cma reserved [ 761.792353][T11155] XFS (loop4): log mount failed [ 761.850996][ T9623] usb 2-1: Using ep0 maxpacket: 32 [ 761.979047][T11189] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.1628'. [ 761.988530][T11189] openvswitch: netlink: ct_state flags 00030000 unsupported [ 762.396719][ T4228] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 762.536396][ T4182] sysv_free_block: flc_count > flc_size [ 762.628072][ T4228] usb 1-1: device descriptor read/64, error -71 [ 762.636945][ T4182] sysv_free_block: flc_count > flc_size [ 762.642527][ T4182] sysv_free_block: flc_count > flc_size [ 762.667007][ T9623] usb 2-1: unable to read config index 0 descriptor/all [ 762.674109][ T9623] usb 2-1: can't read configurations, error -71 [ 762.683665][ T4182] sysv_free_block: flc_count > flc_size [ 762.698889][T11191] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 762.700047][ T4182] sysv_free_block: flc_count > flc_size [ 762.722363][ T4182] sysv_free_block: flc_count > flc_size [ 762.728413][ T4182] sysv_free_block: flc_count > flc_size [ 762.734069][ T4182] sysv_free_block: flc_count > flc_size [ 762.740138][ T4182] sysv_free_block: flc_count > flc_size [ 762.745780][ T4182] sysv_free_block: flc_count > flc_size [ 762.752424][ T4182] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 762.895958][T11199] vivid-008: ================= START STATUS ================= [ 762.912574][ T4228] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 763.046555][ T4782] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 763.386569][ T4228] usb 1-1: device descriptor read/64, error -71 [ 764.383883][T11199] vivid-008: Enable Output Cropping: true [ 764.396752][T11199] vivid-008: Enable Output Composing: true [ 764.411933][T11199] vivid-008: Enable Output Scaler: true [ 764.423342][T11199] vivid-008: Tx RGB Quantization Range: Automatic [ 764.430684][T11199] vivid-008: Transmit Mode: HDMI [ 764.435876][T11199] vivid-008: Display Present: true inactive [ 764.442465][T11199] vivid-008: Hotplug Present: 0x00000001 [ 764.448319][T11199] vivid-008: RxSense Present: 0x00000001 [ 764.454879][T11199] vivid-008: EDID Present: 0x00000001 [ 764.462836][T11199] vivid-008: ================== END STATUS ================== [ 764.506760][ T4228] usb usb1-port1: attempt power cycle [ 764.966761][ T4782] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 764.987142][T11211] mmap: syz.1.1637 (11211) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 765.012431][ T4782] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.020752][T11217] loop2: detected capacity change from 0 to 2048 [ 765.166277][T11217] UDF-fs: warning (device loop2): udf_fill_super: No fileset found [ 765.421286][T11223] loop3: detected capacity change from 0 to 64 [ 765.487024][ T4782] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 765.494709][T11212] loop0: detected capacity change from 0 to 32768 [ 765.505497][T11223] hfs: unable to parse mount options [ 765.522063][ T4782] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.592117][T11212] JBD2: Ignoring recovery information on journal [ 765.604898][ T4782] usb 5-1: Product: syz [ 765.647901][ T4782] usb 5-1: Manufacturer: syz [ 765.658758][T11229] FAULT_INJECTION: forcing a failure. [ 765.658758][T11229] name failslab, interval 1, probability 0, space 0, times 0 [ 765.672541][T11229] CPU: 1 PID: 11229 Comm: syz.2.1641 Not tainted 5.15.189-syzkaller #0 [ 765.672840][ T4782] usb 5-1: SerialNumber: syz [ 765.680805][T11229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 765.680820][T11229] Call Trace: [ 765.680828][T11229] [ 765.680836][T11229] dump_stack_lvl+0x168/0x230 [ 765.680862][T11229] ? show_regs_print_info+0x20/0x20 [ 765.680877][T11229] ? load_image+0x3b0/0x3b0 [ 765.680896][T11229] ? __might_sleep+0xf0/0xf0 [ 765.680911][T11229] ? __lock_acquire+0x7c60/0x7c60 [ 765.680929][T11229] should_fail+0x38c/0x4c0 [ 765.680950][T11229] should_failslab+0x5/0x20 [ 765.680964][T11229] slab_pre_alloc_hook+0x51/0xc0 [ 765.680982][T11229] __kmalloc_node_track_caller+0x68/0x3a0 [ 765.680996][T11229] ? netlink_sendmsg+0x645/0xbc0 [ 765.681015][T11229] ? kmem_cache_alloc_node+0x162/0x2d0 [ 765.681029][T11229] ? __alloc_skb+0xf4/0x750 [ 765.681045][T11229] ? netlink_sendmsg+0x645/0xbc0 [ 765.681062][T11229] __alloc_skb+0x22c/0x750 [ 765.681080][T11229] netlink_sendmsg+0x645/0xbc0 [ 765.681102][T11229] ? netlink_getsockopt+0x560/0x560 [ 765.681119][T11229] ? aa_sock_msg_perm+0x94/0x150 [ 765.681135][T11229] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 765.681150][T11229] ? security_socket_sendmsg+0x7c/0xa0 [ 765.681166][T11229] ? netlink_getsockopt+0x560/0x560 [ 765.681183][T11229] ____sys_sendmsg+0x5a2/0x8c0 [ 765.681203][T11229] ? memset+0x1e/0x40 [ 765.681219][T11229] ? __sys_sendmsg_sock+0x30/0x30 [ 765.681239][T11229] ? import_iovec+0x6f/0xa0 [ 765.681268][T11229] ___sys_sendmsg+0x1f0/0x260 [ 765.681287][T11229] ? __sys_sendmsg+0x250/0x250 [ 765.681310][T11229] ? vfs_write+0x84d/0xd00 [ 765.681336][T11229] ? __fdget+0x18b/0x210 [ 765.681351][T11229] __se_sys_sendmsg+0x190/0x250 [ 765.681367][T11229] ? __x64_sys_sendmsg+0x80/0x80 [ 765.681380][T11229] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 765.681406][T11229] ? lockdep_hardirqs_on+0x94/0x140 [ 765.681424][T11229] do_syscall_64+0x4c/0xa0 [ 765.681438][T11229] ? clear_bhb_loop+0x30/0x80 [ 765.681452][T11229] ? clear_bhb_loop+0x30/0x80 [ 765.681465][T11229] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 765.681482][T11229] RIP: 0033:0x7fdc810c6b69 [ 765.681499][T11229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 765.681512][T11229] RSP: 002b:00007fdc7ef2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 765.681531][T11229] RAX: ffffffffffffffda RBX: 00007fdc812edfa0 RCX: 00007fdc810c6b69 [ 765.681541][T11229] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 765.681550][T11229] RBP: 00007fdc7ef2e090 R08: 0000000000000000 R09: 0000000000000000 [ 765.681559][T11229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 765.681567][T11229] R13: 0000000000000000 R14: 00007fdc812edfa0 R15: 00007ffe4ba0bc48 [ 765.681587][T11229] [ 766.039593][T11212] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 766.049385][ T4782] usb 5-1: can't set config #1, error -71 [ 766.081428][ T4782] usb 5-1: USB disconnect, device number 30 [ 766.086723][ T1333] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 766.300879][T11212] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #17056 has bad parent pointer (312, expected 74) [ 766.736259][T11212] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 766.981861][T11212] OCFS2: File system is now read-only. [ 767.106626][T11237] loop4: detected capacity change from 0 to 32768 [ 767.122433][T11212] (syz.0.1636,11212,1):_ocfs2_free_suballoc_bits:2479 ERROR: status = -30 [ 767.131171][ T1333] usb 4-1: Using ep0 maxpacket: 16 [ 767.146976][T11212] (syz.0.1636,11212,1):ocfs2_remove_inode:699 ERROR: status = -30 [ 767.155052][T11212] (syz.0.1636,11212,1):ocfs2_wipe_inode:821 ERROR: status = -30 [ 767.244396][T11212] (syz.0.1636,11212,1):ocfs2_delete_inode:1082 ERROR: status = -30 [ 767.255758][T11237] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 767.297078][T11237] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 767.407246][ T1333] usb 4-1: unable to get BOS descriptor or descriptor too short [ 767.547586][ T1333] usb 4-1: config 248 interface 0 has no altsetting 0 [ 767.827049][ T1333] usb 4-1: New USB device found, idVendor=0711, idProduct=0901, bcdDevice=73.78 [ 767.939524][ T1333] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.964740][ T1333] usb 4-1: Product: syz [ 768.001460][ T1333] usb 4-1: Manufacturer: syz [ 768.006099][ T1333] usb 4-1: SerialNumber: syz [ 768.064771][ T4181] ocfs2: Unmounting device (7,0) on (node local) [ 768.102998][T11251] loop2: detected capacity change from 0 to 1024 [ 768.105096][ T4184] (syz-executor,4184,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 768.140476][ T4184] ocfs2: Unmounting device (7,4) on (node local) [ 768.175710][T11232] loop1: detected capacity change from 0 to 32768 [ 768.267791][ T1333] sisusb 4-1:248.0: Invalid USB2VGA device [ 768.273657][ T1333] sisusb: probe of 4-1:248.0 failed with error -22 [ 768.299138][T11232] JBD2: Ignoring recovery information on journal [ 768.312378][T11232] jbd2_journal_bmap: journal block not found at offset 32 on loop1-75 [ 768.330842][T11232] JBD2: bad block at offset 32 [ 768.331629][ T1333] usb 4-1: USB disconnect, device number 32 [ 768.386715][T11232] (syz.1.1643,11232,0):ocfs2_load_local_alloc:311 ERROR: Invalid local alloc inode, 75 [ 768.430645][T11232] (syz.1.1643,11232,1):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 768.439517][T11232] (syz.1.1643,11232,1):ocfs2_check_volume:2465 ERROR: status = -22 [ 768.455462][T11232] (syz.1.1643,11232,1):ocfs2_check_volume:2493 ERROR: status = -22 [ 768.476709][T11232] (syz.1.1643,11232,1):ocfs2_mount_volume:1824 ERROR: status = -22 [ 768.510182][T11232] (syz.1.1643,11232,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 768.660156][T11262] vivid-008: ================= START STATUS ================= [ 768.668073][T11262] vivid-008: Enable Output Cropping: true [ 768.673899][T11262] vivid-008: Enable Output Composing: true [ 768.680173][T11262] vivid-008: Enable Output Scaler: true [ 768.685837][T11262] vivid-008: Tx RGB Quantization Range: Automatic [ 768.692514][T11262] vivid-008: Transmit Mode: HDMI [ 768.697625][T11262] vivid-008: Display Present: true inactive [ 768.703719][T11262] vivid-008: Hotplug Present: 0x00000001 [ 768.709500][T11262] vivid-008: RxSense Present: 0x00000001 [ 768.735840][T11262] vivid-008: EDID Present: 0x00000001 [ 768.741530][T11262] vivid-008: ================== END STATUS ================== [ 769.529032][T11266] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1651'. [ 769.613361][T11270] loop2: detected capacity change from 0 to 512 [ 769.618912][T11266] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1651'. [ 769.631177][T11268] loop0: detected capacity change from 0 to 2048 [ 769.694102][T11270] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 769.730757][T11268] UDF-fs: warning (device loop0): udf_fill_super: No fileset found [ 769.784990][T11270] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:163: inode #17: comm syz.2.1653: inline data xattr refers to an external xattr inode [ 769.807127][T11270] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.1653: couldn't read orphan inode 17 (err -117) [ 769.812101][T11276] loop4: detected capacity change from 0 to 512 [ 769.855694][T11276] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 769.931100][T11270] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=ignore,jqfmt=vfsv0,nouid32,inode_readahead_blks=0x0000000000010000,resuid=0x0000000000000000,norecovery,quota,,errors=continue. Quota mode: writeback. [ 769.962160][T11276] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c118, mo2=0002] [ 769.986704][ T1333] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 770.005168][T11276] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2228: inode #15: comm syz.4.1655: corrupted in-inode xattr [ 770.025086][T11276] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.1655: couldn't read orphan inode 15 (err -117) [ 770.072658][T11276] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,max_batch_time=0x0000000000000001,debug,noload,jqfmt=vfsv1,noblock_validity,init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000002,usrjquota=,,errors=continue. Quota mode: none. [ 770.225984][T11276] overlayfs: './file0' not a directory [ 770.323402][T11289] loop0: detected capacity change from 0 to 190 [ 770.356772][ T1333] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 770.374486][ T1333] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 770.461033][T11291] FAULT_INJECTION: forcing a failure. [ 770.461033][T11291] name failslab, interval 1, probability 0, space 0, times 0 [ 770.480435][T11291] CPU: 1 PID: 11291 Comm: syz.3.1659 Not tainted 5.15.189-syzkaller #0 [ 770.489071][T11291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 770.499129][T11291] Call Trace: [ 770.502419][T11291] [ 770.505360][T11291] dump_stack_lvl+0x168/0x230 [ 770.510177][T11291] ? show_regs_print_info+0x20/0x20 [ 770.515397][T11291] ? load_image+0x3b0/0x3b0 [ 770.519908][T11291] ? __might_sleep+0xf0/0xf0 [ 770.524519][T11291] ? __lock_acquire+0x7c60/0x7c60 [ 770.529549][T11291] should_fail+0x38c/0x4c0 [ 770.533986][T11291] should_failslab+0x5/0x20 [ 770.538487][T11291] slab_pre_alloc_hook+0x51/0xc0 [ 770.543442][T11291] __kmalloc_node_track_caller+0x68/0x3a0 [ 770.549160][T11291] ? netlink_sendmsg+0x645/0xbc0 [ 770.554101][T11291] ? kmem_cache_alloc_node+0x162/0x2d0 [ 770.559558][T11291] ? __alloc_skb+0xf4/0x750 [ 770.564063][T11291] ? netlink_sendmsg+0x645/0xbc0 [ 770.569011][T11291] __alloc_skb+0x22c/0x750 [ 770.573442][T11291] netlink_sendmsg+0x645/0xbc0 [ 770.578230][T11291] ? netlink_getsockopt+0x560/0x560 [ 770.583516][T11291] ? aa_sock_msg_perm+0x94/0x150 [ 770.588487][T11291] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 770.593795][T11291] ? security_socket_sendmsg+0x7c/0xa0 [ 770.599245][T11291] ? netlink_getsockopt+0x560/0x560 [ 770.604432][T11291] ____sys_sendmsg+0x5a2/0x8c0 [ 770.609187][T11291] ? memset+0x1e/0x40 [ 770.613153][T11291] ? __sys_sendmsg_sock+0x30/0x30 [ 770.618178][T11291] ? import_iovec+0x6f/0xa0 [ 770.622671][T11291] ___sys_sendmsg+0x1f0/0x260 [ 770.627336][T11291] ? __sys_sendmsg+0x250/0x250 [ 770.632189][T11291] ? vfs_write+0x84d/0xd00 [ 770.636610][T11291] ? __fdget+0x18b/0x210 [ 770.640923][T11291] __se_sys_sendmsg+0x190/0x250 [ 770.645771][T11291] ? __x64_sys_sendmsg+0x80/0x80 [ 770.650714][T11291] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 770.656688][T11291] ? lockdep_hardirqs_on+0x94/0x140 [ 770.661874][T11291] do_syscall_64+0x4c/0xa0 [ 770.666280][T11291] ? clear_bhb_loop+0x30/0x80 [ 770.670956][T11291] ? clear_bhb_loop+0x30/0x80 [ 770.675642][T11291] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 770.681562][T11291] RIP: 0033:0x7fa3748fcb69 [ 770.685967][T11291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 770.705650][T11291] RSP: 002b:00007fa372764038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 770.714065][T11291] RAX: ffffffffffffffda RBX: 00007fa374b23fa0 RCX: 00007fa3748fcb69 [ 770.722051][T11291] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000005 [ 770.730009][T11291] RBP: 00007fa372764090 R08: 0000000000000000 R09: 0000000000000000 [ 770.737969][T11291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 770.745932][T11291] R13: 0000000000000000 R14: 00007fa374b23fa0 R15: 00007ffddc384f18 [ 770.753992][T11291] [ 770.851179][ T1333] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 770.873813][ T1333] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.909224][ T1333] usb 2-1: Product: syz [ 770.913614][ T1333] usb 2-1: Manufacturer: syz [ 770.919732][ T1333] usb 2-1: SerialNumber: syz [ 770.957142][T11295] capability: warning: `syz.4.1658' uses 32-bit capabilities (legacy support in use) [ 771.194950][T11306] loop4: detected capacity change from 0 to 4096 [ 771.265374][T11306] ntfs3: Unknown parameter '' [ 771.267587][T11310] loop2: detected capacity change from 0 to 64 [ 771.296209][ T1333] usb 2-1: 0:2 : does not exist [ 771.306726][ T1333] usb 2-1: unit 6 not found! [ 771.342925][T11313] vivid-008: ================= START STATUS ================= [ 771.350759][T11313] vivid-008: Enable Output Cropping: true [ 771.357262][T11313] vivid-008: Enable Output Composing: true [ 771.363352][T11313] vivid-008: Enable Output Scaler: true [ 771.369088][T11313] vivid-008: Tx RGB Quantization Range: Automatic [ 771.375793][T11313] vivid-008: Transmit Mode: HDMI [ 771.380879][T11313] vivid-008: Display Present: true inactive [ 771.387011][T11313] vivid-008: Hotplug Present: 0x00000001 [ 771.392959][T11313] vivid-008: RxSense Present: 0x00000001 [ 771.404447][T11313] vivid-008: EDID Present: 0x00000001 [ 771.410567][T11313] vivid-008: ================== END STATUS ================== [ 772.219531][T11310] hfs: unable to parse mount options [ 772.244816][T11306] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1663'. [ 772.245403][ T1333] usb 2-1: USB disconnect, device number 27 [ 772.420410][T11321] FAULT_INJECTION: forcing a failure. [ 772.420410][T11321] name failslab, interval 1, probability 0, space 0, times 0 [ 772.438320][T11321] CPU: 0 PID: 11321 Comm: syz.0.1668 Not tainted 5.15.189-syzkaller #0 [ 772.447046][T11321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 772.457896][T11321] Call Trace: [ 772.461190][T11321] [ 772.464133][T11321] dump_stack_lvl+0x168/0x230 [ 772.469610][T11321] ? show_regs_print_info+0x20/0x20 [ 772.470054][T11319] loop1: detected capacity change from 0 to 8192 [ 772.474925][T11321] ? load_image+0x3b0/0x3b0 [ 772.474948][T11321] ? __might_sleep+0xf0/0xf0 [ 772.474964][T11321] ? __lock_acquire+0x7c60/0x7c60 [ 772.474981][T11321] ? crypto_alg_lookup+0x186/0x1d0 [ 772.474998][T11321] should_fail+0x38c/0x4c0 [ 772.475019][T11321] should_failslab+0x5/0x20 [ 772.509439][T11321] slab_pre_alloc_hook+0x51/0xc0 [ 772.514394][T11321] __kmalloc_node+0x6e/0x3b0 [ 772.518996][T11321] ? crypto_create_tfm_node+0x72/0x340 [ 772.524473][T11321] crypto_create_tfm_node+0x72/0x340 [ 772.529768][T11321] ? crypto_alg_mod_lookup+0x47f/0x6d0 [ 772.535231][T11321] crypto_alloc_tfm_node+0x172/0x330 [ 772.540534][T11321] kdf_alloc+0x1f/0x170 [ 772.544706][T11321] __keyctl_dh_compute+0x496/0xd30 [ 772.549851][T11321] ? keyctl_get_persistent+0x750/0x750 [ 772.555353][T11321] ? __might_fault+0xb3/0x110 [ 772.560046][T11321] ? _copy_from_user+0x111/0x170 [ 772.561967][ T8075] udevd[8075]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 772.564991][T11321] keyctl_dh_compute+0x106/0x160 [ 772.565019][T11321] ? keyctl_dh_compute_kdf+0x580/0x580 [ 772.565043][T11321] ? __lock_acquire+0x7c60/0x7c60 [ 772.596079][T11321] __se_sys_keyctl+0x57b/0x960 [ 772.600831][T11321] ? __x64_sys_keyctl+0xc0/0xc0 [ 772.605666][T11321] ? __context_tracking_exit+0x4c/0x80 [ 772.611115][T11321] ? __lock_acquire+0x7c60/0x7c60 [ 772.616147][T11321] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 772.622115][T11321] ? lock_chain_count+0x20/0x20 [ 772.626948][T11321] ? vtime_user_exit+0x2dc/0x400 [ 772.631886][T11321] ? lockdep_hardirqs_on+0x94/0x140 [ 772.637163][T11321] ? __x64_sys_keyctl+0x1c/0xc0 [ 772.642011][T11321] do_syscall_64+0x4c/0xa0 [ 772.646421][T11321] ? clear_bhb_loop+0x30/0x80 [ 772.651092][T11321] ? clear_bhb_loop+0x30/0x80 [ 772.655791][T11321] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 772.661687][T11321] RIP: 0033:0x7f7644462b69 [ 772.666096][T11321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 772.685709][T11321] RSP: 002b:00007f76422ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 772.694111][T11321] RAX: ffffffffffffffda RBX: 00007f7644689fa0 RCX: 00007f7644462b69 [ 772.702071][T11321] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000017 [ 772.710048][T11321] RBP: 00007f76422ca090 R08: 0000200000000180 R09: 0000000000000000 [ 772.718002][T11321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 772.725961][T11321] R13: 0000000000000000 R14: 00007f7644689fa0 R15: 00007ffc3ab9b578 [ 772.733924][T11321] [ 772.736943][ C0] vkms_vblank_simulate: vblank timer overrun [ 772.746675][T11321] could not allocate digest TFM handle sha3-512-generic [ 772.750053][ T5107] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 772.761343][ T4864] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 772.894572][T11330] loop4: detected capacity change from 0 to 512 [ 772.916593][T11319] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 773.148015][T11330] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 773.350549][T11319] REISERFS (device loop1): using ordered data mode [ 773.455518][T11319] reiserfs: using flush barriers [ 773.476937][T11319] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 773.545928][T11319] REISERFS (device loop1): checking transaction log (loop1) [ 773.571449][T11319] REISERFS (device loop1): Using r5 hash to sort names [ 773.585124][T11319] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 773.632086][T11336] loop4: detected capacity change from 0 to 512 [ 773.664850][T11334] loop0: detected capacity change from 0 to 4096 [ 773.676373][T11336] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 773.701694][ T4864] usb 3-1: Using ep0 maxpacket: 16 [ 773.732039][T11334] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 773.771965][T11336] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 773.776414][ T5107] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 773.793803][T11334] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 773.831250][T11336] EXT4-fs (loop4): 1 truncate cleaned up [ 773.836022][T11334] ntfs: volume version 3.1. [ 773.836927][T11336] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,sysvgroups,,errors=continue. Quota mode: none. [ 773.862977][T11334] ntfs: (device loop0): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 773.883594][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.904655][T11334] ntfs: (device loop0): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 773.915416][ T5107] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 773.925317][ T5107] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.065551][ T4864] usb 3-1: unable to get BOS descriptor or descriptor too short [ 774.079845][T11334] ntfs: (device loop0): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 774.093228][ T5107] usb 4-1: config 0 interface 0 has no altsetting 0 [ 774.376114][ T5107] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.376186][ T4864] usb 3-1: config 248 interface 0 has no altsetting 0 [ 774.392737][ T5107] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.404147][ T5107] usb 4-1: config 0 interface 0 has no altsetting 0 [ 774.631989][ T4864] usb 3-1: string descriptor 0 read error: -71 [ 774.638598][ T5107] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.648210][ T4864] usb 3-1: New USB device found, idVendor=0711, idProduct=0901, bcdDevice=73.78 [ 774.680397][ T5107] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.719384][ T4864] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.759634][ T5107] usb 4-1: config 0 interface 0 has no altsetting 0 [ 774.793282][ T4864] usb 3-1: can't set config #248, error -71 [ 774.813679][ T4864] usb 3-1: USB disconnect, device number 14 [ 774.856102][ T5107] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.865537][ T5107] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.901336][ T5107] usb 4-1: config 0 interface 0 has no altsetting 0 [ 775.027429][ T5107] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 775.048059][ T5107] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 775.082816][ T5107] usb 4-1: config 0 interface 0 has no altsetting 0 [ 775.179819][T11359] vivid-008: ================= START STATUS ================= [ 775.187901][T11359] vivid-008: Enable Output Cropping: true [ 775.193861][T11359] vivid-008: Enable Output Composing: true [ 775.199956][T11359] vivid-008: Enable Output Scaler: true [ 775.205718][T11359] vivid-008: Tx RGB Quantization Range: Automatic [ 775.212332][T11359] vivid-008: Transmit Mode: HDMI [ 775.217545][T11359] vivid-008: Display Present: true inactive [ 775.223593][T11359] vivid-008: Hotplug Present: 0x00000001 [ 775.229368][T11359] vivid-008: RxSense Present: 0x00000001 [ 775.253505][T11359] vivid-008: EDID Present: 0x00000001 [ 775.259067][T11359] vivid-008: ================== END STATUS ================== [ 775.444111][ T5107] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 776.048658][ T5107] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 776.096394][ T5107] usb 4-1: config 0 interface 0 has no altsetting 0 [ 776.126789][T11334] loop0: detected capacity change from 0 to 32768 [ 776.180525][T11334] read_mapping_page failed! [ 776.199714][T11334] jfs_mount: diMount(ipaimap) failed w/rc = -5 [ 776.206500][ T5107] usb 4-1: unable to read config index 6 descriptor/start: -71 [ 776.208270][T11345] loop1: detected capacity change from 0 to 32768 [ 776.221887][ T5107] usb 4-1: can't read configurations, error -71 [ 776.230900][T11334] Mount JFS Failure: -5 [ 776.243814][T11345] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1674 (11345) [ 776.249239][T11368] FAULT_INJECTION: forcing a failure. [ 776.249239][T11368] name failslab, interval 1, probability 0, space 0, times 0 [ 776.275703][T11334] jfs_mount failed w/return code = -5 [ 776.293661][T11368] CPU: 0 PID: 11368 Comm: syz.3.1681 Not tainted 5.15.189-syzkaller #0 [ 776.301955][T11368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 776.312181][T11368] Call Trace: [ 776.315467][T11368] [ 776.318395][T11368] dump_stack_lvl+0x168/0x230 [ 776.323078][T11368] ? show_regs_print_info+0x20/0x20 [ 776.328281][T11368] ? load_image+0x3b0/0x3b0 [ 776.332779][T11368] ? __might_sleep+0xf0/0xf0 [ 776.337367][T11368] ? __lock_acquire+0x7c60/0x7c60 [ 776.342394][T11368] should_fail+0x38c/0x4c0 [ 776.346822][T11368] should_failslab+0x5/0x20 [ 776.351354][T11368] slab_pre_alloc_hook+0x51/0xc0 [ 776.356322][T11368] kmem_cache_alloc_node+0x47/0x2d0 [ 776.361511][T11368] ? __alloc_skb+0xf4/0x750 [ 776.366006][T11368] __alloc_skb+0xf4/0x750 [ 776.370419][T11368] ? iov_iter_init+0x170/0x170 [ 776.375186][T11368] netlink_dump+0x1d3/0xcd0 [ 776.379702][T11368] ? __phys_addr+0xb6/0x170 [ 776.384201][T11368] ? __phys_addr_symbol+0x2b/0x70 [ 776.389220][T11368] ? __check_object_size+0x30c/0x410 [ 776.394504][T11368] ? netlink_lookup+0x1d0/0x1d0 [ 776.399355][T11368] ? refcount_dec_and_test+0x4f/0x70 [ 776.404634][T11368] netlink_recvmsg+0x653/0xdb0 [ 776.409397][T11368] ? netlink_sendmsg+0xbc0/0xbc0 [ 776.414333][T11368] ? aa_sk_perm+0x7b4/0x8f0 [ 776.418823][T11368] ? aa_af_perm+0x2b0/0x2b0 [ 776.423487][T11368] ? bpf_lsm_socket_recvmsg+0x5/0x10 [ 776.428777][T11368] ? security_socket_recvmsg+0x85/0xb0 [ 776.434259][T11368] ? netlink_sendmsg+0xbc0/0xbc0 [ 776.439231][T11368] ____sys_recvmsg+0x291/0x580 [ 776.443992][T11368] ? __might_fault+0xb3/0x110 [ 776.448667][T11368] ? __sys_recvmsg_sock+0x40/0x40 [ 776.453695][T11368] ? import_iovec+0x6f/0xa0 [ 776.458191][T11368] ___sys_recvmsg+0x1af/0x4f0 [ 776.462901][T11368] ? __sys_recvmsg+0x250/0x250 [ 776.467669][T11368] ? __fdget+0x18b/0x210 [ 776.471893][T11368] ? do_recvmmsg+0x164/0x7a0 [ 776.476467][T11368] do_recvmmsg+0x344/0x7a0 [ 776.480969][T11368] ? __sys_recvmmsg+0x280/0x280 [ 776.485814][T11368] ? __lock_acquire+0x7c60/0x7c60 [ 776.490829][T11368] __x64_sys_recvmmsg+0x18d/0x240 [ 776.495882][T11368] ? do_recvmmsg+0x7a0/0x7a0 [ 776.500546][T11368] ? lockdep_hardirqs_on+0x94/0x140 [ 776.505732][T11368] do_syscall_64+0x4c/0xa0 [ 776.510134][T11368] ? clear_bhb_loop+0x30/0x80 [ 776.514794][T11368] ? clear_bhb_loop+0x30/0x80 [ 776.519456][T11368] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 776.525338][T11368] RIP: 0033:0x7fa3748fcb69 [ 776.529752][T11368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 776.549606][T11368] RSP: 002b:00007fa372764038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 776.558008][T11368] RAX: ffffffffffffffda RBX: 00007fa374b23fa0 RCX: 00007fa3748fcb69 [ 776.565988][T11368] RDX: 0000000000000001 RSI: 0000200000000900 RDI: 0000000000000003 [ 776.573967][T11368] RBP: 00007fa372764090 R08: 0000000000000000 R09: 0000000000000000 [ 776.581933][T11368] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 776.589915][T11368] R13: 0000000000000000 R14: 00007fa374b23fa0 R15: 00007ffddc384f18 [ 776.597979][T11368] [ 776.612083][T11345] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 776.627515][T11345] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 776.704295][T11345] BTRFS info (device loop1): turning off barriers [ 776.791008][T11345] BTRFS info (device loop1): doing ref verification [ 776.797697][T11345] BTRFS info (device loop1): enabling ssd optimizations [ 776.886030][T11345] BTRFS info (device loop1): max_inline at 898 [ 776.925165][T11345] BTRFS info (device loop1): using free space tree [ 776.994316][T11345] BTRFS info (device loop1): has skinny extents [ 777.334742][T11392] IPVS: stopping backup sync thread 11390 ... [ 777.342890][T11390] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 777.406334][T11387] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1684'. [ 777.436591][T11387] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1684'. [ 777.567918][T11345] BTRFS info (device loop1): checking UUID tree [ 778.056723][T11370] vivid-008: ================= START STATUS ================= [ 778.064805][T11370] vivid-008: Enable Output Cropping: true [ 778.070762][T11370] vivid-008: Enable Output Composing: true [ 778.076789][T11370] vivid-008: Enable Output Scaler: true [ 778.082442][T11370] vivid-008: Tx RGB Quantization Range: Automatic [ 778.089478][T11370] vivid-008: Transmit Mode: HDMI [ 778.094809][T11370] vivid-008: Display Present: true inactive [ 778.101025][T11370] vivid-008: Hotplug Present: 0x00000001 [ 778.107020][T11370] vivid-008: RxSense Present: 0x00000001 [ 778.112999][T11370] vivid-008: EDID Present: 0x00000001 [ 778.118496][T11370] vivid-008: ================== END STATUS ================== [ 778.341411][T11407] loop0: detected capacity change from 0 to 64 [ 778.385636][T11407] hfs: unable to parse mount options [ 778.494881][T11402] genirq: Flags mismatch irq 5. 00000000 (comedi_parport) vs. 00000000 (pcl816) [ 778.573427][T11416] vivid-008: ================= START STATUS ================= [ 778.581465][T11416] vivid-008: Enable Output Cropping: true [ 778.587607][T11416] vivid-008: Enable Output Composing: true [ 778.593523][T11416] vivid-008: Enable Output Scaler: true [ 778.599440][T11416] vivid-008: Tx RGB Quantization Range: Automatic [ 778.606013][T11416] vivid-008: Transmit Mode: HDMI [ 778.611198][T11416] vivid-008: Display Present: true inactive [ 778.617259][T11416] vivid-008: Hotplug Present: 0x00000001 [ 778.623085][T11416] vivid-008: RxSense Present: 0x00000001 [ 778.644477][T11416] vivid-008: EDID Present: 0x00000001 [ 778.649970][T11416] vivid-008: ================== END STATUS ================== [ 779.395397][T11413] loop4: detected capacity change from 0 to 128 [ 779.492024][T11413] hpfs: bad mount options. [ 779.856092][T11427] loop4: detected capacity change from 0 to 512 [ 780.016966][T11427] EXT4-fs (loop4): Mount option "journal_ioprio=0x0000000000000005" incompatible with ext2 [ 780.094639][T11430] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 780.327026][T11427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1694'. [ 780.361717][T11430] usb 1-1: Using ep0 maxpacket: 16 [ 780.422488][T11432] syz.2.1695 uses obsolete (PF_INET,SOCK_PACKET) [ 780.526051][T11439] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1696'. [ 780.532863][T11430] usb 1-1: unable to get BOS descriptor or descriptor too short [ 780.569269][ T26] audit: type=1326 audit(1754183781.237:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 780.618417][ T26] audit: type=1326 audit(1754183781.265:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 780.734377][ T26] audit: type=1326 audit(1754183781.265:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 780.756701][ C1] vkms_vblank_simulate: vblank timer overrun [ 780.775014][T11430] usb 1-1: config 248 interface 0 has no altsetting 0 [ 780.782789][T11446] vivid-008: ================= START STATUS ================= [ 780.790746][T11446] vivid-008: Enable Output Cropping: true [ 780.796649][T11446] vivid-008: Enable Output Composing: true [ 780.802677][T11446] vivid-008: Enable Output Scaler: true [ 780.808343][T11446] vivid-008: Tx RGB Quantization Range: Automatic [ 780.814934][T11446] vivid-008: Transmit Mode: HDMI [ 780.819993][T11446] vivid-008: Display Present: true inactive [ 780.826066][T11446] vivid-008: Hotplug Present: 0x00000001 [ 780.832030][T11446] vivid-008: RxSense Present: 0x00000001 [ 780.864641][T11446] vivid-008: EDID Present: 0x00000001 [ 780.870214][T11446] vivid-008: ================== END STATUS ================== [ 780.928518][ T4249] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 781.429477][ T26] audit: type=1326 audit(1754183781.265:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 781.452294][ C1] vkms_vblank_simulate: vblank timer overrun [ 781.726488][ T26] audit: type=1326 audit(1754183781.265:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 781.749211][ T26] audit: type=1326 audit(1754183781.265:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 781.750881][ T4249] usb 3-1: Using ep0 maxpacket: 16 [ 781.771603][ T26] audit: type=1326 audit(1754183781.265:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 781.794218][T11430] usb 1-1: string descriptor 0 read error: -71 [ 781.818876][T11430] usb 1-1: New USB device found, idVendor=0711, idProduct=0901, bcdDevice=73.78 [ 781.833989][T11430] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.866300][ T26] audit: type=1326 audit(1754183781.265:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 781.911774][T11454] vivid-008: ================= START STATUS ================= [ 781.919986][T11454] vivid-008: Enable Output Cropping: true [ 781.926029][T11454] vivid-008: Enable Output Composing: true [ 781.932135][T11454] vivid-008: Enable Output Scaler: true [ 781.937869][T11454] vivid-008: Tx RGB Quantization Range: Automatic [ 781.944489][T11454] vivid-008: Transmit Mode: HDMI [ 781.949555][T11454] vivid-008: Display Present: true inactive [ 781.955770][T11454] vivid-008: Hotplug Present: 0x00000001 [ 781.961917][T11454] vivid-008: RxSense Present: 0x00000001 [ 781.983350][T11454] vivid-008: EDID Present: 0x00000001 [ 781.989198][T11454] vivid-008: ================== END STATUS ================== [ 782.009345][ T26] audit: type=1326 audit(1754183781.265:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 782.050788][ T4249] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 782.084431][ T4249] usb 3-1: config 0 has no interface number 0 [ 782.125934][T11430] usb 1-1: can't set config #248, error -71 [ 782.172684][ T4249] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 782.208184][T11430] usb 1-1: USB disconnect, device number 37 [ 782.342077][ T4249] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 782.398356][ T26] audit: type=1326 audit(1754183781.265:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11440 comm="syz.1.1698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ffc0000 [ 782.795968][T11459] vivid-008: ================= START STATUS ================= [ 782.803940][T11459] vivid-008: Enable Output Cropping: true [ 782.809990][T11459] vivid-008: Enable Output Composing: true [ 782.816142][T11459] vivid-008: Enable Output Scaler: true [ 782.821866][T11459] vivid-008: Tx RGB Quantization Range: Automatic [ 782.828442][T11459] vivid-008: Transmit Mode: HDMI [ 782.833564][T11459] vivid-008: Display Present: true inactive [ 782.839621][T11459] vivid-008: Hotplug Present: 0x00000001 [ 782.845464][T11459] vivid-008: RxSense Present: 0x00000001 [ 782.868522][T11459] vivid-008: EDID Present: 0x00000001 [ 782.874216][T11459] vivid-008: ================== END STATUS ================== [ 782.906544][ T4249] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 782.924321][ T4249] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 782.954791][ T4249] usb 3-1: Product: syz [ 782.979302][ T4249] usb 3-1: SerialNumber: syz [ 783.042046][ T4249] usb 3-1: config 0 descriptor?? [ 783.047718][ T5835] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 783.124343][ T4249] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 783.162392][ T4249] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input45 [ 783.254420][T11468] loop0: detected capacity change from 0 to 8192 [ 783.263279][T11464] loop1: detected capacity change from 0 to 16 [ 783.312283][ T5835] usb 5-1: Using ep0 maxpacket: 8 [ 783.324050][T11464] erofs: Unknown parameter '' [ 783.338056][T11468] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 783.356082][T11468] REISERFS (device loop0): using ordered data mode [ 783.363075][T11468] reiserfs: using flush barriers [ 783.387205][T11468] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 783.414121][T11436] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1695'. [ 783.434620][T11468] REISERFS (device loop0): checking transaction log (loop0) [ 783.451346][ T5835] usb 5-1: config 0 has an invalid interface number: 143 but max is 0 [ 783.461859][ T5835] usb 5-1: config 0 has no interface number 0 [ 783.469346][ T5835] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 783.482810][T11475] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1695'. [ 783.497699][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.504142][T11468] REISERFS (device loop0): Using r5 hash to sort names [ 783.510050][ T5835] usb 5-1: config 0 descriptor?? [ 783.548833][T11468] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 783.577580][ T4249] usb 3-1: USB disconnect, device number 15 [ 783.583874][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 783.584466][ C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 783.640472][ T4249] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 783.671197][T11480] FAULT_INJECTION: forcing a failure. [ 783.671197][T11480] name failslab, interval 1, probability 0, space 0, times 0 [ 783.718522][ T5835] viperboard 5-1:0.143: version 0.00 found at bus 005 address 031 [ 783.770011][T11480] CPU: 1 PID: 11480 Comm: syz.0.1706 Not tainted 5.15.189-syzkaller #0 [ 783.778298][T11480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 783.788367][T11480] Call Trace: [ 783.791655][T11480] [ 783.794597][T11480] dump_stack_lvl+0x168/0x230 [ 783.799291][T11480] ? show_regs_print_info+0x20/0x20 [ 783.804516][T11480] ? load_image+0x3b0/0x3b0 [ 783.809038][T11480] ? __might_sleep+0xf0/0xf0 [ 783.813639][T11480] ? __lock_acquire+0x7c60/0x7c60 [ 783.818686][T11480] should_fail+0x38c/0x4c0 [ 783.823121][T11480] should_failslab+0x5/0x20 [ 783.827632][T11480] slab_pre_alloc_hook+0x51/0xc0 [ 783.832590][T11480] __kmalloc+0x6b/0x330 [ 783.836764][T11480] ? tomoyo_realpath_from_path+0x118/0x610 [ 783.842605][T11480] tomoyo_realpath_from_path+0x118/0x610 [ 783.848267][T11480] tomoyo_mount_permission+0x33c/0x900 [ 783.853754][T11480] ? kasan_set_track+0x62/0x70 [ 783.858529][T11480] ? kmem_cache_free+0x8f/0x210 [ 783.863396][T11480] ? tomoyo_get_name+0x510/0x510 [ 783.868385][T11480] ? lockdep_hardirqs_on+0x94/0x140 [ 783.873609][T11480] security_sb_mount+0x83/0xb0 [ 783.878394][T11480] path_mount+0xb8/0x1020 [ 783.882747][T11480] ? user_path_at_empty+0x13e/0x190 [ 783.887962][T11480] __se_sys_mount+0x2d6/0x3c0 [ 783.892664][T11480] ? __x64_sys_mount+0xc0/0xc0 [ 783.897448][T11480] ? lockdep_hardirqs_on+0x94/0x140 [ 783.902663][T11480] ? __x64_sys_mount+0x1c/0xc0 [ 783.907443][T11480] do_syscall_64+0x4c/0xa0 [ 783.911879][T11480] ? clear_bhb_loop+0x30/0x80 [ 783.916566][T11480] ? clear_bhb_loop+0x30/0x80 [ 783.921260][T11480] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 783.927179][T11480] RIP: 0033:0x7f764446430a [ 783.931609][T11480] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 783.951251][T11480] RSP: 002b:00007f76422a8e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 783.959662][T11480] RAX: ffffffffffffffda RBX: 00007f76422a8ef0 RCX: 00007f764446430a [ 783.967624][T11480] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 [ 783.975594][T11480] RBP: 0000200000000180 R08: 00007f76422a8ef0 R09: 0000000001a4243c [ 783.983554][T11480] R10: 0000000001a4243c R11: 0000000000000246 R12: 00002000000006c0 [ 783.991518][T11480] R13: 00007f76422a8eb0 R14: 0000000000000000 R15: 0000200000000580 [ 783.999516][T11480] [ 784.009423][ T5835] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 784.020795][T11452] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1701'. [ 784.029675][T11480] ERROR: Out of memory at tomoyo_realpath_from_path. [ 784.033569][ T5835] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5 [ 784.044957][T11452] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1701'. [ 784.288507][T11482] loop3: detected capacity change from 0 to 2048 [ 784.332112][T11457] netlink: 'syz.4.1701': attribute type 21 has an invalid length. [ 784.349314][T11457] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1701'. [ 784.405961][T11457] netlink: 'syz.4.1701': attribute type 6 has an invalid length. [ 784.435838][T11482] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 784.466865][T11457] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1701'. [ 784.485772][T11477] loop1: detected capacity change from 0 to 32768 [ 784.504627][T11430] usb 5-1: USB disconnect, device number 31 [ 784.751915][T11486] loop0: detected capacity change from 0 to 40427 [ 784.812382][T11486] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff [ 784.820952][T11486] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x4 [ 784.830843][T11486] F2FS-fs (loop0): invalid crc value [ 784.872744][T11486] F2FS-fs (loop0): Found nat_bits in checkpoint [ 784.910915][T11486] F2FS-fs (loop0): Start checkpoint disabled! [ 784.929552][T11486] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 785.246004][T11497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1709'. [ 785.255521][T11497] netlink: 'syz.0.1709': attribute type 6 has an invalid length. [ 785.628328][T11484] loop2: detected capacity change from 0 to 32768 [ 785.728648][T11506] loop3: detected capacity change from 0 to 512 [ 785.782942][T11506] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 785.841289][T11484] XFS (loop2): Mounting V5 Filesystem [ 785.900682][T11484] XFS (loop2): Ending clean mount [ 785.941481][T11506] EXT4-fs (loop3): 1 truncate cleaned up [ 785.962464][T11484] XFS (loop2): Quotacheck needed: Please wait. [ 785.991223][T11506] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,sysvgroups,,errors=continue. Quota mode: none. [ 786.177007][T11523] vivid-008: ================= START STATUS ================= [ 786.185349][T11523] vivid-008: Enable Output Cropping: true [ 786.191381][T11523] vivid-008: Enable Output Composing: true [ 786.197342][T11523] vivid-008: Enable Output Scaler: true [ 786.203048][T11523] vivid-008: Tx RGB Quantization Range: Automatic [ 786.209655][T11523] vivid-008: Transmit Mode: HDMI [ 786.214712][T11523] vivid-008: Display Present: true inactive [ 786.220847][T11523] vivid-008: Hotplug Present: 0x00000001 [ 786.226664][T11523] vivid-008: RxSense Present: 0x00000001 [ 786.249458][T11523] vivid-008: EDID Present: 0x00000001 [ 786.255116][T11523] vivid-008: ================== END STATUS ================== [ 786.424477][T11484] XFS (loop2): Quotacheck: Done. [ 787.463320][T11529] vivid-008: ================= START STATUS ================= [ 787.471055][T11529] vivid-008: Enable Output Cropping: true [ 787.476883][T11529] vivid-008: Enable Output Composing: true [ 787.482716][T11529] vivid-008: Enable Output Scaler: true [ 787.488257][T11529] vivid-008: Tx RGB Quantization Range: Automatic [ 787.494692][T11529] vivid-008: Transmit Mode: HDMI [ 787.499999][T11529] vivid-008: Display Present: true inactive [ 787.505919][T11529] vivid-008: Hotplug Present: 0x00000001 [ 787.511569][T11529] vivid-008: RxSense Present: 0x00000001 [ 787.517247][T11529] vivid-008: EDID Present: 0x00000001 [ 787.522743][T11529] vivid-008: ================== END STATUS ================== [ 787.747833][ T4194] XFS (loop2): Unmounting Filesystem [ 788.141114][T11508] 9pnet: Insufficient options for proto=fd [ 788.340264][T11532] loop1: detected capacity change from 0 to 32768 [ 788.386893][T11532] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1718 (11532) [ 788.445619][T11532] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 788.454768][T11532] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 788.467815][T11532] BTRFS info (device loop1): turning off barriers [ 788.474812][T11532] BTRFS info (device loop1): doing ref verification [ 788.481948][T11532] BTRFS info (device loop1): enabling ssd optimizations [ 788.490615][T11532] BTRFS info (device loop1): max_inline at 898 [ 788.496832][T11532] BTRFS info (device loop1): using free space tree [ 788.503868][T11532] BTRFS info (device loop1): has skinny extents [ 788.658039][T11562] loop3: detected capacity change from 0 to 512 [ 788.714845][T11562] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 788.746106][T11546] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 788.782851][T11546] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 788.873570][T11566] vivid-008: ================= START STATUS ================= [ 788.881441][T11566] vivid-008: Enable Output Cropping: true [ 788.887637][T11566] vivid-008: Enable Output Composing: true [ 788.893624][T11566] vivid-008: Enable Output Scaler: true [ 788.899298][T11566] vivid-008: Tx RGB Quantization Range: Automatic [ 788.906024][T11566] vivid-008: Transmit Mode: HDMI [ 788.911130][T11566] vivid-008: Display Present: true inactive [ 788.917222][T11566] vivid-008: Hotplug Present: 0x00000001 [ 788.923463][T11566] vivid-008: RxSense Present: 0x00000001 [ 788.929525][T11566] vivid-008: EDID Present: 0x00000001 [ 788.935032][T11566] vivid-008: ================== END STATUS ================== [ 789.024954][T11562] EXT4-fs (loop3): 1 truncate cleaned up [ 789.094853][T11532] BTRFS info (device loop1): checking UUID tree [ 789.157344][T11562] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,sysvgroups,,errors=continue. Quota mode: none. [ 790.807182][ T5802] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop1 scanned by udevd (5802) [ 790.812298][T11552] loop2: detected capacity change from 0 to 32768 [ 790.820409][T11583] loop4: detected capacity change from 0 to 1024 [ 790.875147][T11430] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 791.019220][T11583] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1725'. [ 791.428065][T11430] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 791.565154][T11430] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 791.795597][T11430] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 791.914174][T11430] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 791.950921][T11430] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 792.173417][T11430] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 792.196104][T11430] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 792.204167][T11430] usb 1-1: Product: syz [ 792.216999][T11430] usb 1-1: Manufacturer: syz [ 792.261317][T11430] cdc_wdm 1-1:1.0: skipping garbage [ 792.271177][T11430] cdc_wdm 1-1:1.0: skipping garbage [ 792.308898][T11430] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 792.345774][T11430] cdc_wdm 1-1:1.0: Unknown control protocol [ 793.794762][T11657] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 793.848694][T11657] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 793.870603][T11661] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 793.895225][T11653] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 793.918971][T11653] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 794.754844][T11683] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 794.793191][T11683] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 795.654549][T11705] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1766'. [ 796.565444][T11719] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 796.579797][T11719] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 797.137122][T11734] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 797.167226][T11734] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 797.283482][T11746] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 797.321999][T11746] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 797.962389][T11765] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 797.986057][T11765] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 798.226290][T11774] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1789'. [ 798.256024][T11773] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1789'. [ 798.289201][T11773] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1789'. [ 800.559678][T11810] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1800'. [ 800.670491][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 800.670505][ T26] audit: type=1326 audit(1754183800.029:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11811 comm="syz.3.1801" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa3748fcb69 code=0x0 [ 801.782292][T11832] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 801.807034][T11832] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 804.650217][T11919] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 804.677253][T11919] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 805.257407][T11941] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 805.302815][T11941] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 805.323457][T11939] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 805.353714][T11939] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 805.569586][ T26] audit: type=1326 audit(1754183804.613:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 805.642574][ T26] audit: type=1326 audit(1754183804.650:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 805.679508][ T26] audit: type=1326 audit(1754183804.650:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 805.742320][ T26] audit: type=1326 audit(1754183804.650:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 805.805271][ T26] audit: type=1326 audit(1754183804.650:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 805.907460][ T26] audit: type=1326 audit(1754183804.650:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 805.976292][ T26] audit: type=1326 audit(1754183804.650:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 805.978174][T11954] kvm [11953]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x300000080 [ 806.017007][T11954] kvm [11953]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 806.029601][T11954] kvm [11953]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xe00000000 [ 806.044227][ T26] audit: type=1326 audit(1754183804.650:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 806.046181][T11954] kvm [11953]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xa00000080 [ 806.096280][ T26] audit: type=1326 audit(1754183804.650:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f784164476b code=0x7ff00000 [ 806.140377][ T26] audit: type=1326 audit(1754183804.650:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.257012][ T26] audit: type=1326 audit(1754183804.650:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.376319][ T26] audit: type=1326 audit(1754183804.650:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.443632][T11973] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 806.457728][T11973] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 806.482834][ T26] audit: type=1326 audit(1754183804.650:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.538775][T11969] chnl_net:caif_netlink_parms(): no params data found [ 806.558217][ T26] audit: type=1326 audit(1754183804.650:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.602821][ T26] audit: type=1326 audit(1754183804.650:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.671866][ T26] audit: type=1326 audit(1754183804.650:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.695329][ T26] audit: type=1326 audit(1754183804.650:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11946 comm="syz.1.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7841644b69 code=0x7ff00000 [ 806.801846][T11969] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.808949][T11969] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.865734][T11969] device bridge_slave_0 entered promiscuous mode [ 806.874627][T11969] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.882094][T11969] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.979564][T11969] device bridge_slave_1 entered promiscuous mode [ 807.189308][T11969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 807.226668][T11969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 807.256663][T12008] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 807.278573][T11969] team0: Port device team_slave_0 added [ 807.305646][T12008] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 807.324177][T11969] team0: Port device team_slave_1 added [ 807.471635][T11969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 807.500587][T11969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 807.578862][T11969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 807.634408][T11969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 807.641928][T11969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 807.679590][T11969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 807.786749][T12042] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 807.820510][T12042] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 807.834398][T12039] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 807.843281][T11969] device hsr_slave_0 entered promiscuous mode [ 807.851438][T11969] device hsr_slave_1 entered promiscuous mode [ 807.869710][T11969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 807.884049][T12039] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 807.900659][T11969] Cannot create hsr debugfs directory [ 808.320636][T11969] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 808.332529][T12069] sctp: [Deprecated]: syz.2.1884 (pid 12069) Use of int in max_burst socket option. [ 808.332529][T12069] Use struct sctp_assoc_value instead [ 808.347918][T11430] Bluetooth: hci5: command 0x0409 tx timeout [ 808.357951][T11969] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 808.379612][T11969] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 808.401657][T11969] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 808.616418][T12072] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 808.658844][T12072] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 808.759714][T11969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.785616][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 808.800924][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.812154][T11969] 8021q: adding VLAN 0 to HW filter on device team0 [ 808.826808][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 808.836410][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 808.847432][ T4808] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.854574][ T4808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 808.905017][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 808.913791][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 808.942183][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 808.956926][ T4808] bridge0: port 2(bridge_slave_1) entered blocking state [ 808.964210][ T4808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 808.972720][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 808.992208][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 809.018379][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 809.071636][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 809.100324][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 809.121299][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 809.192603][T11969] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 809.211296][T11969] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 809.225935][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 809.241551][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 809.265011][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 809.277199][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 809.306695][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 809.352655][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 809.528107][T12112] APIC base relocation is unsupported by KVM [ 809.765499][ T9227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 809.815925][ T9227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 809.884579][T11969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 810.117669][T12159] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1910'. [ 810.144271][T12159] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1910'. [ 810.166208][T12154] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1910'. [ 810.489719][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 810.531326][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 810.579712][ T5835] Bluetooth: hci5: command 0x041b tx timeout [ 810.613455][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 810.647051][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 810.702392][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 810.710706][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 810.768803][T11969] device veth0_vlan entered promiscuous mode [ 810.818027][T11969] device veth1_vlan entered promiscuous mode [ 810.864890][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 810.969628][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 810.984675][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 811.041319][T11969] device veth0_macvtap entered promiscuous mode [ 811.082650][T11969] device veth1_macvtap entered promiscuous mode [ 811.159901][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 811.174082][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 811.180423][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.225408][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.295672][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 811.341303][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.362507][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 811.390770][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.415301][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 811.426274][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.460557][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 811.461121][T12221] trusted_key: encrypted_key: key user:syz not found [ 811.483385][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.547521][T11969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 811.554869][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 811.574344][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 811.632684][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 811.704079][ T5213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 811.732377][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 811.763160][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.803153][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 811.856180][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.872067][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 811.920957][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.944101][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 811.966355][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 812.010277][T11969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 812.040086][T11969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 812.054295][T11969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 812.080428][ T9351] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 812.125103][ T9351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 812.167924][T11969] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.230260][T11969] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.270316][T11969] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.301081][T11969] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.350108][T12251] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 812.533298][ T5213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.571751][ T5213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.628747][ T9351] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 812.636169][ T4808] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.659380][ T4808] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.705685][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 812.786797][ T5835] Bluetooth: hci5: command 0x040f tx timeout [ 813.047951][T12270] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 813.072954][T12270] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 813.218329][T12275] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 813.254004][T12275] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 813.497136][ T26] kauditd_printk_skb: 59 callbacks suppressed [ 813.497149][ T26] audit: type=1326 audit(1754183812.031:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.5.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 813.580882][ T26] audit: type=1326 audit(1754183812.068:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.5.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 813.677626][ T26] audit: type=1326 audit(1754183812.068:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.5.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 813.751213][ T26] audit: type=1326 audit(1754183812.068:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.5.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 813.840632][ T26] audit: type=1326 audit(1754183812.068:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.5.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 813.946383][ T26] audit: type=1326 audit(1754183812.068:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.5.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 814.075915][ T26] audit: type=1326 audit(1754183812.068:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.5.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 814.163920][ T26] audit: type=1326 audit(1754183812.611:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12313 comm="syz.5.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 814.293425][ T26] audit: type=1326 audit(1754183812.611:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12313 comm="syz.5.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 814.396108][ T26] audit: type=1326 audit(1754183812.611:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12313 comm="syz.5.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faba221db69 code=0x7ffc0000 [ 815.009978][ T4249] Bluetooth: hci5: command 0x0419 tx timeout [ 815.718662][T12354] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 815.738187][T12354] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 816.518083][T12394] ------------[ cut here ]------------ [ 816.523590][T12394] WARNING: CPU: 0 PID: 12394 at arch/x86/kvm/x86.c:10351 kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 816.602712][T12394] Modules linked in: [ 816.606650][T12394] CPU: 0 PID: 12394 Comm: syz.3.1997 Not tainted 5.15.189-syzkaller #0 [ 816.666837][T12394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 816.752045][T12394] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 816.798370][T12394] Code: e8 81 37 ad 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 66 37 ad 00 e9 c8 ed ff ff e8 4c d4 68 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c [ 816.905021][T12394] RSP: 0018:ffffc9000354fc30 EFLAGS: 00010287 [ 816.924788][T12394] RAX: ffffffff810eefd4 RBX: ffff88804fab8000 RCX: 0000000000080000 [ 816.974942][T12394] RDX: ffffc90006531000 RSI: 0000000000000423 RDI: 0000000000000424 [ 817.009025][T12394] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ad2dd6 [ 817.038804][T12394] R10: fffffbfff1ad2dd6 R11: 1ffffffff1ad2dd5 R12: ffff88807eff5001 [ 817.057085][T12394] R13: 1ffff11009f5701e R14: ffff88804fab80f0 R15: ffff88807eff5000 [ 817.100339][T12394] FS: 00007fa3727646c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 817.140738][T12394] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 817.168301][T12394] CR2: 00007faba0064d58 CR3: 000000004e9ee000 CR4: 00000000003526f0 [ 817.208969][T12394] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 817.243684][T12394] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 817.282041][T12394] Call Trace: [ 817.285539][T12394] [ 817.315758][T12394] ? __lock_acquire+0x7c60/0x7c60 [ 817.326758][T12394] kvm_vcpu_ioctl+0x887/0xb80 [ 817.346529][T12394] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 817.381653][T12394] ? bpf_lsm_file_ioctl+0x5/0x10 [ 817.398635][T12394] ? security_file_ioctl+0x7c/0xa0 [ 817.403803][T12394] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 817.452254][T12394] __se_sys_ioctl+0xfa/0x170 [ 817.456906][T12394] do_syscall_64+0x4c/0xa0 [ 817.486053][T12394] ? clear_bhb_loop+0x30/0x80 [ 817.504417][T12394] ? clear_bhb_loop+0x30/0x80 [ 817.525208][T12394] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 817.542164][T12394] RIP: 0033:0x7fa3748fcb69 [ 817.559174][T12394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 817.635401][T12394] RSP: 002b:00007fa372764038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 817.670193][T12394] RAX: ffffffffffffffda RBX: 00007fa374b23fa0 RCX: 00007fa3748fcb69 [ 817.707158][T12394] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 817.734148][T12394] RBP: 00007fa37497fdf1 R08: 0000000000000000 R09: 0000000000000000 [ 817.771279][T12394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.805434][T12394] R13: 0000000000000000 R14: 00007fa374b23fa0 R15: 00007ffddc384f18 [ 817.832031][T12394] [ 817.845615][T12394] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 817.852937][T12394] CPU: 0 PID: 12394 Comm: syz.3.1997 Not tainted 5.15.189-syzkaller #0 [ 817.861188][T12394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 817.871261][T12394] Call Trace: [ 817.874548][T12394] [ 817.877549][T12394] dump_stack_lvl+0x168/0x230 [ 817.882250][T12394] ? show_regs_print_info+0x20/0x20 [ 817.887465][T12394] ? load_image+0x3b0/0x3b0 [ 817.891987][T12394] panic+0x2c9/0x7f0 [ 817.895894][T12394] ? bpf_jit_dump+0xd0/0xd0 [ 817.900415][T12394] ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 817.906288][T12394] __warn+0x248/0x2b0 [ 817.910283][T12394] ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 817.916104][T12394] report_bug+0x1b7/0x2e0 [ 817.920457][T12394] handle_bug+0x3a/0x70 [ 817.924616][T12394] exc_invalid_op+0x16/0x40 [ 817.929136][T12394] asm_exc_invalid_op+0x16/0x20 [ 817.933996][T12394] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 817.940430][T12394] Code: e8 81 37 ad 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 66 37 ad 00 e9 c8 ed ff ff e8 4c d4 68 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c [ 817.960051][T12394] RSP: 0018:ffffc9000354fc30 EFLAGS: 00010287 [ 817.966139][T12394] RAX: ffffffff810eefd4 RBX: ffff88804fab8000 RCX: 0000000000080000 [ 817.974142][T12394] RDX: ffffc90006531000 RSI: 0000000000000423 RDI: 0000000000000424 [ 817.982133][T12394] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ad2dd6 [ 817.990120][T12394] R10: fffffbfff1ad2dd6 R11: 1ffffffff1ad2dd5 R12: ffff88807eff5001 [ 817.998108][T12394] R13: 1ffff11009f5701e R14: ffff88804fab80f0 R15: ffff88807eff5000 [ 818.006106][T12394] ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 818.011946][T12394] ? __lock_acquire+0x7c60/0x7c60 [ 818.017111][T12394] kvm_vcpu_ioctl+0x887/0xb80 [ 818.021824][T12394] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 818.027503][T12394] ? bpf_lsm_file_ioctl+0x5/0x10 [ 818.032457][T12394] ? security_file_ioctl+0x7c/0xa0 [ 818.037594][T12394] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 818.043247][T12394] __se_sys_ioctl+0xfa/0x170 [ 818.047855][T12394] do_syscall_64+0x4c/0xa0 [ 818.052280][T12394] ? clear_bhb_loop+0x30/0x80 [ 818.056963][T12394] ? clear_bhb_loop+0x30/0x80 [ 818.061653][T12394] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 818.067810][T12394] RIP: 0033:0x7fa3748fcb69 [ 818.072254][T12394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.091869][T12394] RSP: 002b:00007fa372764038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.100296][T12394] RAX: ffffffffffffffda RBX: 00007fa374b23fa0 RCX: 00007fa3748fcb69 [ 818.108277][T12394] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 818.116258][T12394] RBP: 00007fa37497fdf1 R08: 0000000000000000 R09: 0000000000000000 [ 818.124243][T12394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 818.132374][T12394] R13: 0000000000000000 R14: 00007fa374b23fa0 R15: 00007ffddc384f18 [ 818.140442][T12394] [ 818.143821][T12394] Kernel Offset: disabled [ 818.148523][T12394] Rebooting in 86400 seconds..