last executing test programs: 3.243709269s ago: executing program 1 (id=3504): prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) 3.038567955s ago: executing program 0 (id=3506): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03800400000001002c0012800e0001006970366772657461700000003800028141000700ff0100000000000000000000000000010a000100aa"], 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x0) 2.84983959s ago: executing program 1 (id=3508): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/kexec_crash_size', 0x149a82, 0x0) write$binfmt_script(r0, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 2.699861852s ago: executing program 0 (id=3511): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fstat(0xffffffffffffffff, 0x0) 2.648412167s ago: executing program 1 (id=3512): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@delsa={0x34, 0x11, 0x1, 0x70bd26, 0x25dfdbfb, {@in=@multicast1, 0x4d5, 0xa, 0x2b}, [@mark={0xc, 0x15, {0x35075c, 0x9}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) 2.571976832s ago: executing program 0 (id=3513): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b00010100000009041b001202060000052406"], 0x0) 2.466227291s ago: executing program 3 (id=3515): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000780)=@newlink={0x4c, 0x10, 0x401, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2000, 0x41042}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_LINK={0x8}]]}}}, @IFLA_IFNAME={0x14, 0x3, 'ip_vti0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8c5}, 0x0) 2.426585454s ago: executing program 1 (id=3516): request_key(0x0, &(0x7f0000000780)={'syz', 0x0}, &(0x7f0000000740)='lon\x00', 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005dbafc40fd0b0c01162d01020301090224000100000000090400000221efb000090502020000000000090582bd"], 0x0) 2.270595517s ago: executing program 3 (id=3518): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000500)=ANY=[@ANYBLOB="840100001900010000000000000000001d0109004d00108025b57efaa223b473fe7783bc4a506cf756740574b89d316af9b5963870ef3391f3ac176f88d6e1db9b2bb2e5c90fa4eb2f71ebaede447dc8f6f61c6615fcf740adda4853b2d23adb37"], 0x184}}, 0x0) 2.156187236s ago: executing program 3 (id=3520): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="6000000000020104000000000000000002000000240002801400018008008c000000000008000200ac1e00010c0002800500010000000000240003801400018008000100ac1414aa08000200ac1414000c0002800500010088000000040001"], 0x60}, 0x1, 0x0, 0x0, 0x40090}, 0x0) 2.006396838s ago: executing program 3 (id=3522): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@getpolicy={0x58, 0x15, 0x1, 0x0, 0x0, {{@in6=@loopback, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, [@XFRMA_IF_ID={0x8, 0x1f, 0x1}]}, 0x58}}, 0x0) 1.945825333s ago: executing program 3 (id=3524): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x75}], 0x1}, 0x0) 1.463796582s ago: executing program 3 (id=3527): syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x20400) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) 1.096284871s ago: executing program 2 (id=3532): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x38, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x38}}, 0x4800) 1.022064508s ago: executing program 2 (id=3533): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000021c0), 0x2, 0x0) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 956.523003ms ago: executing program 2 (id=3534): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x8993, &(0x7f0000000100)={'ip_vti0\x00', @ifru_map={0x0, 0x6, 0x43, 0x7, 0xf2, 0xb}}) 886.666758ms ago: executing program 2 (id=3535): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c0000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x8f) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000000212000000", &(0x7f0000000300)=""/8, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 739.901311ms ago: executing program 1 (id=3536): r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f00000000c0)={'exec ', '&\x00\b\xc4\x99\x10\tI\xc22b\xe8\r\xfa\xc1\xd6-\xe5\xd3-\xce\xeapE\xb53&\v\xa0\xd3\v#E\xc4I\x97\xfd'}, 0x2a) 732.458931ms ago: executing program 0 (id=3537): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x2d, 0x0, 0x0) 440.376115ms ago: executing program 0 (id=3538): r0 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) pwrite64(r0, &(0x7f0000000840)="e67ab166972ce298f4681ef5c755f60473b17b7887d68440dd9005bc69f6c3c5238bebfbce6236501dd64c37eeaeec2d13731c56a864da45a465e645e685887f27f84f348e4149ccee167605da33c412d53af0256fc973711375855a0a610654714099f4d540f9cba457b1813b73957a98aa2cc497c1e3ea00", 0x79, 0x1) 348.943472ms ago: executing program 1 (id=3539): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000140)={[{@userxattr}, {@redirect_dir_off}]}) 328.850614ms ago: executing program 2 (id=3540): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7d, 0x0, &(0x7f0000000080)) 110.369041ms ago: executing program 0 (id=3541): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1) 0s ago: executing program 2 (id=3542): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fcb602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9", @ANYBLOB="3db1bd3c9389ce300f92cc8091d7dfbdcfffeed8bb90e543382e29209562d6483c6fcfdf79d0b465e6bc8ea70769c266299881e362049054a683ca4394e098765d85fa3b798fc191119debc7d45cce724609d275eabc974abf88d2270db005808488efc289084aff3069b2b0a78cdfa1f780c10f7c896c51d7c9ced6ab3e8a7aa716d5ebe1e8cb6255366a32ca4b", @ANYRES8, @ANYRES64, @ANYRES16, @ANYRES8], 0x1, 0x620f, &(0x7f000000cb40)="$eJzs3cuOHFcZB/Cv+jYXE8fKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgCYsmKB8iCLTseAEs2EiirFKqZc8Y1nW73+DJdPT6/nzSu+vpUTZ/yv6svU1V9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIH/7gx2eqiLj0q3TDsYjPRT+iF7HS1GsRsbJ2LC8/iIgXYrs5no+I4VJElRufjXg9Ij4+GnH33q315qaz++zH9//yzz/85MiP/vGn4an//fVG/41py928+dv//u32o28vAAAAlKiu67pKH/OPp8/3va47BQDMRX79r5N8u3rh6s0F649arVarD2HdVk92u11ExGZ7neY9g8PxAHDIbMYnXXeBDsm/aIOIONJ1J4CFVnXdAQ7E3Xu31quUb9V+PVjbac/nguzJf7Pavb5j2nSW8XNM5vX42op+PDelPytz6sMiyfn3xvO/tNM+SssddP7zMi3/0c6lT8XJ+ffH8x/z9OTfm5h/qXL+g4fKvy9/AAAAAABYYPnv/8c6Pv679Pibsi8POv67Nqc+AAAAAAAAAMCT9rjj/+2qjP8HAAAAi6r5rN743dH7t037Lrbm9otVxDNjywOFSRfLrHbdDwAAAAAAAAAAAAAoyWDnHN6LVcQwIp5ZXa3ruvlpG68f1uOuf9iVvv1Qsq6f5AEAYMfHR8eu5a8iliPiYvquv+Hq6mpdL6+s1qv1ylJ+PztaWq5XWp9r87S5bWm0jzfEg1Hd/LLl1nptsz4vz2of/33NfY3q/j46Nh8dBg4AEbHzanTXK9JTpq6fja7f5XA4TNr/+908bHlC7P/sR9ePUwAAAODg1XVdV+nrvI+nY/69rjsFAMxFfv0fPy6gVqvVarX66avb6slut4uI2Gyv07xnMBw/ABwym/FJ112gQ/Iv2iAiXui6E8BCq7ruAAfi7r1b61XKt2q/HqTx3fO5IHvy36y218vrT5rOMn6OybweX1vRj+em9Of5OfVhkeT8e+P5X9ppH6XlDjr/eZmWf7OdxzroT9dy/v3x/Mc8Pfn3JuZfqpz/4KHy78sfAAAAAAAWWP77/7GFOv47etTNmelBx3/XDuxeAQAAAAAAAOBg3b13az1f95qP/39hwnKu/3w65fwr+Rcp598by/+rY8u1xwO+8/b9/P9z79b6H2/8+/N5ut/8l/JMlR5ZVXpEVOmeqkGaPs7WfdbWsD9q7mlY9fqDdM5PPXw3rsTV2IjTe5btpf+P++1n9rQ3PR1ut9f9nfaze9oHu+15/XN72ofpTKd6JbefjPX4eVyNd7bbm7alGdu/PKO9ntGe8+/b/4uU8x+0fpr8V1N7NTZt3Pmo95n9vj2ddD9vXfnib04f/ObMtBX93W1ra7bvpQ76s/1/cmQUv7y+ce3kzcs3blw7E2my59azkSZPWM5/mH52n/9f3mnPz/vt/fXOR6OHzn9RbMVgav4vt+ab7X1lzn3rQs5/lH5y/u+k9sn7/2HOf/r+/2oH/QEAAAAAAAAAAAAAAIAHqet6+xLRtyLifLr+p6trMwGA+cqv/3WSb59X3X/U9f+8dzu66r9aPee6WrD+zLX+tF6s/qjVh7Fuqyd7s11ExN/b6zTvGX496ZcBAIvs04j4V9edoDPyL1j+vr9meqLrzgBzdf2DD396+erVjWvXu+4JAAAAAAAAAPCo8vifa63xn0/UdX17bLk947++HWuPO/7nIM/sDjA6ZaDq/sNv04Ns9Ub9Xmu48Rdj2vjfw925B43/PZhxf8MZ7aMZ7Usz2pdntE+80KMl5/9ia7zzExFxfGz49RLGfx0f874EOf+XWo/nJv+vjC3Xzr/+/WHOv7cn/1M33v/FqesffPjalfcvv7fx3sbPzp05c/rc+fMXLlw49e6Vqxund/7tsMcHK+efx752HmhZcv45c/mXJef/pVTLvyw5/y+nWv5lyfnn93vyL0vOP3/2kX9Zcv6vpFr+Zcn5fy3V8i9Lzv/VVMu/LDn/r6da/mXJ+b+WavmXJed/MtXyL0vO/1Sq95n/ykH3i/nI+ecjXPb/suT885kN8i9Lzv9squVflpz/uVTLvyw5/9dTLf+y5Py/kWr5lyXnfz7V8i9Lzv+bqZZ/WXL+F1It/7Lk/L+VavmXJef/7VTLvyw5/zdSLf+y5Py/k2r5lyXn/91Uy78sOf/vpVr+Zcn5v5lq+Zfl/vf/mzFjxkye6fqZCQAAAAAAAAAAAAAYN4/TibveRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+D87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLe3cXIddb3Az+zb147kBgI+Tv5m7B2jDHOJrt+iV9oXUx4bXgrCaHQF2zXuzYLfsNrl0Cj2lGgRMKoqKJtuGgLCLW5qbAqLmgFKBeoVaVKpL2gN4gKlYuoCiggVaIVZKuZ8zzPzszOzqy9482Zcz4fify8M2fmnDnzzOx+bb47AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GzLm2Y/U8uyrFar5RdszLKX1Of6iY2NS17/4h4fAAAAsHq/bPz3+VvSBYdXcKOmbf7pzu9+fWFhYSH7wPCfjn5hYSFdMZFlo+uyrHFddPWHH6w1bxM8no3Xhpq+Huqx++Ee14/0uH60x/VjPa5f1+P68R7XLzkBS6zPaunOtjX+uDE/pdmt2Wjjum0dbvV4bd1Q/dyl22a1xm0WRk9kc9mpbDabbtk+37bW2P6bW+r7ensW9zXUtK/N9RXy00ePx2OohXO8rWVfi/cZ/fiN2cTPfvro8b++8NztnWbP09Byf/lx7thaP85PhUvyY61l69I5icc51HScmzs8J8Mtx1lr3K7+5/bjfH6Fxzm8eJhrqv05H8+GGn9+pnGeRmpZh/O0OVz287uyLLu8eNjt2yzZVzaUbWi5ZGjx+RnPV2T9PupL6eXZyDWt0y0rWKf1ObOtdZ22vybi878l3G5kmWNofpp+/NhY0/P+i4XrWadR/VEv91ppX4P9fq0UZQ3GdfFM40E/0XENbguP/9Hty6/BjmunwxpMj7tpDW7ttQaHxoYbx5yehFrjNotrcFfL9sONPdUa89nt3dfg1IXT56bmP/HJe+ZOHzs5e3L2zJ5du6b37Nt34MCBqRNzp2an8/9e59kuvg3ZUHoNbA3nLr4GXtu2bfNSXfjy2JL33+t9HY53eR1ubNu236/DkfYHV1ubF+TSNZ2/Nt5XP+njV4ayZV5jjedn5+pfh+lxN70OR5pehx2/p3R4HY6s4HVY3+bczpX9zDLS9L9Ox7D894LVrcGNTWuw/eeR9jXY759HirIGx8O6+P7O5b8XbA7H+8Tktf48MrxkDaaHG9576pekn/fHDzRGp3V5R/2Km8ayi/Oz5+995NiFC+d3ZWGsiVc0rZX29bqh6TFlS9br0DWv18Nzdz5xR4fLN4ZzNX5P/T/jyz5X9W323tv9uWp8d+t8Plsu3Z2F0WdrfT47fTevn8+xLPvidx578FuPfvFNy57Pet781NTqfxZPubTp/Xd0mfffmPtfyPeX7urx4dGR/PU7nM7OaMv7cetTNdJ476o19v381Mrej0fD/9b6/fjWLu/Hm9q27ff78Wj7g4vvx7Vef9uxOu3P53hYJ6emu78f17fZtPta1+RI1/fju8KshfP/upAUUi5qWjvLrdu0r5GR0fC4RuIeWtfpnpbt43qr7+up3de3Tnfcld/XcHp0i9ZqnU60bdvvdZr+7mu5dVrr9bdv16f9+RwP6+LWPd3XaX2bp/eu/r1zffxj03vnWK81ODo8Vj/m0bQIG+/32cL6uAbvzY5nZ7NT2Uzj2rHGeqo19jV538rW4Fj431q/V27qsgZ3tG3b7zWYvo8tt/ZqI0sffB+0P5/jYV08eV/3NVjf5s37+/uz645wSdqm6WfX9r9fW+7vvO5oO003aq2MhOP8zv7ufzdb3+bUgWvNmd3P093hkps6nKf21+9yr6mZbG3O06ZwnM8dWP481Y+nvs0XDq5wPR3OsuzSx+5v/H1v+PeVv7v4va+3/LtLp3/TufSx+3/y0hP/eC3HD8DgeyEfG/LvdU3/MrWSf/8HAAAABkLM/UNhJvI/AAAAlEbM/fH/FZ7I/wAAAFAaMfePhJlUJP9vevNzcy9cylIzfyGI16fT8EC+Xey4ToevJxYW1S+//6uz//0Pl1a276Esy37xwB903H7TA/G4chPhOK++pfXyJb5+z4r2ffThS2m/zf31L4X7j49npcugUwV3Osuyb97yucZ+Jj54pTGffuBoYz54+YnH69s8fzD/Ot7+2Vfk2/9FKP8ePnGs5fbPhvPwozCn39H5fMTbfe3K6zbvf//i/uLtaltvbjzsJz+U32/8PTmffzzfPp7n5Y7/W5996mv17R95TefjvzTU+fifCvf71TD/51X59s3PQf3reLtPh+OP+4u3u/cr3+54/Fc/k29/7q35dkfDjPvfEb7e9tbn5prP1yO1Yy2PK3tbvl3c//T3/rhxfby/eP/txz9+5ErL+WhfH0//W34/U23bx8vjfqK/b9t//X6a12fc/1N/dLTlPPfa/9UHn31V/X7b939323bnPrazsf/F+2v9jU1/+enPddxfPJ7Df3uu5fEcfm94HYf9P/mhsB7D9f97Nb+/9t+ucPS9re8/cfsvbbzU8niit/8s3//VN5xszHXj6zfc9JKX3nz51fVzl2XPrMvvr9f+T/7V2Zbj//Jt+fmI18eOfvv+lxP3f/7jk2fOzl+cm0ln9dFbGr8755358cTjvSW8t7Z/feTshQ/Pnp+YnpjOsony/gq96/aVMH+Sj8vdt15Y8g668+HwfN7x59/csP1fPxsv//f35ZdfeUf+feu1YbvPh8s3hufv2va/1JNbbmu8vmtPhyNcWPr7gldj87b/OrCiDcPjb/+5IK73c6/8cOM81K9rfN+Ir+tVHv8PZvL7+UY4rwvhNzNvvW1xf83bx9+NcOWh/PW+6vMX3ubi8/o34fl+14/y+4/HFR/vD8LPMd/e1Pp+F9fHNy4Ntd9/47d4XA7vJ9nl/Pq4VTzfV56/rePhxd9Dkl2+vfH1n6T7uf2aHuZy5j8xP3Vq7szFR6YuzM5fmJr/xCePnD578cyFI43f5XnkI71uv/j+tKHx/jQzu29v1ni3OpuPG+zFPv5zDx+f2T+9fWb2xLGLJy48fG72/Mnj8/PHZ2fmtx87cWL2471uPzdzaNfug3v27548OTdz6MDBg3sOTs6dOVs/jPygetg3/dHJM+ePNG4yf2jvwV333bd3evL02ZnZQ/unpycv9rp943vTZP3Wvz95fvbUsQtzp2cn5+c+OXto18F9+3b3/G2Ap8+dmJ+YOn/xzNTF+dnzU/ljmbjQuLj+va/X7Smn+f/If55tV8t/EV/2nrv3pd/PWvfVx5a9q3yTtl8g+lz4XTT//LJzB1bydcz9o2EmFcn/AAAAUAUx94+Fmcj/AAAAUBox968LM5H/AQAAoDRi7h8PM6lI/i9d/3/TpRXtX/9f/7/5fOn/V6z//1DR+v/5+4X+f3+stn+v/x/o/+v/6//r/+v/0wdF6//H3L8+yyqZ/wEAAKAKYu7fEGYi/wMAAEBpxNx/U5iJ/A8AAAClEXP/S8JMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/34P+/1RWrf7/5X4ev/6//j9LFa3/H3P/S8NMKpL/AQAAoApi7r85zET+BwAAgNKIuf+WMBP5HwAAAEoj5v6NYSYVyf/6//r/+v/6//r/nfev/z+Y9P+70//vQf/f5//r/+v/01dF6//H3P+yMJOK5H8AAACogpj7Xx5mIv8DAABA8Yxc381i7n9FmMmS/H+dOwAAAABedDH335q1FcEr8u//+v/6/8Xv/69L1+n/6/9nhez/D2f6/8Wh/9+d/n8P+v/6//r/+v/0VdH6/43cn41nrwwzqUj+BwAAgCqIuf+2MBP5HwAAAEoj5v7/F2Yi/wMAAEBpxNy/KcykIvlf/1//v/j9f5//r/9f9P6/z/8vEv3/7vT/e9D/1//X/9f/p6+K1v+Puf/2MJOK5H8AAACogpj77wgzkf8BAACgNGLu//9hJvI/AAAAlEbM/ZvDTCqS//X/C97/j81R/X/9f/1//X/9/xXR/+9O/78H/X/9f/1//X/6qmj9/5j7XxVmUpH8DwAAAFUQc/+dYSbyPwAAAJRGzP2vDjOR/wEAAKA0Yu6fCDOpSP7X/y94/z/vwY/5/H/9f/1//X/9/5XR/+9O/78H/X/9/770/xcu6f/r/5MrWv8/5v4tYSYVyf8AAABQBTH3bw0zkf8BAACgNGLuvyvMRP4HAACA0oi5f1uYSUXyv/7/QPT/M/1//X/9f/1//f+V0f/vTv+/B/1//X+f/6//T18Vrf8fc/9rwkwqkv8BAACgCmLu3x5mIv8DAABAacTc/9owE/kfAAAASiPm/h1hJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/1//X/9f/5++Klr/P+b+14WZVCT/AwAAQBXE3L8zzET+BwAAgNKIuf/uMBP5HwAAAEoj5v7JMJOK5H/9f/1//X/9f/3/zvvX/x9M+v/d6f/3oP/fr/78sP6//r/+P1kB+/8x998TZlKR/A8AAABVEHP/vWEm8j8AAACURsz9U2Em8j8AAACURsz902EmFcn/+v/6/6vu/zc9eP3/CvT/X714v/r/Of3/YtH/707/v4f+9f9Hsmr3/33+/3X3/0f1/ymVovX/Y+7fFWZSkfwPAAAAVRBz/+4wE/kfAAAASiPm/j1hJvI/AAAAlEbM/XvDTCqS//X/9f99/r/+v8//77x//f/BpP/fXf/7//Eh6v/7/H/9f5//r//PUkXr/8fcf1+YSUXyPwAAAFRBzP37wkzkfwAAACiNmPv3h5nI/wAAAFAaMfcfCDOpSP7X/9f/1//X/9f/77x//f/BpP/fXdU//39jrwPQ/9f/1//X/2eVHvrD5q+K1v+Puf9gmElF8j8AAABUQcz9rw8zkf8BAACgNGLu/5UwE/kfAAAASiPm/l8NMylL/u/RPNT/1//X/9f/1//vvH/9/8Gk/99d1fv/Pen/6//r/+v/01dF6//H3H8ozKQs+R8AAABIuf/XwkzkfwAAACiNmPvfEGYi/wMAAEBpxNx/OMykIvlf/1//X/9f/1//v/P+17r/PxbvV/9/VfT/u9P/70H/X/9f/1//n74qWv8/5v43hplUJP8DAABAFcTcf3+YifwPAAAApRFz/5vCTOR/AAAAKI2Y+98cZlKR/K//r/+v/6//r//fef8+/38w6f93txb9/2H9f/1//X/9f/1/gqL1/2Puf0uYSUXyPwAAAFRBzP1vDTOR/wEAAKA0Yu5/W5iJ/A8AAAClEXP/28NMKpL/9f/1//X/9f/1/zvvX/9/MOn/d+fz/3vQ/9f/1//X/6evitb/j7n/18NMKpL/AQAAoApi7n8gzET+BwAAgNKIuf8dYSbyPwAAAJRGzP3vDDOpSP7X/9f/1//X/9f/77x//f/BpP/f3YD1/395c7hc/z+n/1/s47/W/v9I29c3pP//w+X6/wvr2m+v/8+NULT+f8z97wozqUj+BwAAgCqIuf/dYSbyPwAAAJRGzP3vCTOR/wEAAKA0Yu7/jTCTiuR//f/6cSy2l/X/y9r/H9L/1//X/68I/f/uBqz/7/P/2+j/F/v4ff6//j9LFa3/H3P/e8NMKpL/AQAAoApi7n8wzET+BwAAgNKIuf+hMBP5HwAAAEoj5v73hZlUJP/r//v8/2r0/33+f6b/r/9fEfr/3en/96D/r/9ftP7/f+r/M9iK1v+Puf/hMJOK5H8AAACogpj73x9mIv8DAABAacTc/5thJvI/AAAAlEbM/R8IM6lI/tf/H5T+/8SA9v8f0/+/gf3/O2/Ot9P/1/9nkf5/d/r/Pej/6/8Xrf/v8/8ZcEXr/8fc/8Ewk5Xn//EVbwkAAAC8KGLu/60wk4r8+z8AAABUQcz9vx1mIv8DAABAacTc/zthJhXJ//r/N6T/3/jS5//7/P/29eHz//X/9f9vvLXr/8d3Hv1//X/9/0j/v0D9/4v6/xRD0fr/Mff/bphJRfI/AAAAVEHM/R8KM5H/AQAAYCB0+ky2djH3Hwkzkf8BAACgNGLuPxpmUpH8r/8/KJ//r/+fVa3//2db/+X733330V36//r/+v/XZE0//7/+4vf5//r/+v+J/n+B+v8+/5+CKFr/P+b+Y2EmFcn/AAAAUAUx9/9emIn8DwAAAKURc//xMBP5HwAAAEoj5v6ZMJOK5H/9f/1//f+C9v8H+PP/4/nQ/2/Vt/5/fNPV/+8o79+nVXRj+//vX+yJ6/9fa/9/rOOl+v/6/4N8/Pr/+v8sVbT+f8z9s2EmFcn/AAAAUAUh9w+dyOfiFfI/AAAAlEbM/SfDTOR/AAAAKI2Y+z8cZlKR/K//r/+v/6//7/P/O++/W/+/NuLz/4sq9e9/3nih6P+3KU7/vzP9f/3/QT5+/X/9f5YqWv8/5v65MJOK5H8AAACogpj7PxJmIv8DAABAacTc/9EwE/kfAAAASiPm/lNhJhXJ//r/+v/6//r/+v+d91/Yz//X/+9qtf17/f9A/1//X/9f/1//nz4oWv8/5v7TYSYVyf8AAABQBTH3nwkzkf8B/o+9O2myqz7vOH47SKVWwSK7LLJJVZZ5CSySdfICssgmi6QqlUVIQhIyIzKPJNjGs43B84AHMBhjGzwP4Akbz2Abz/OAJ4xNyUX38zxS3z59bnfrdvc5///ns+CJOjT3Qqkk/dT6+gAAQDNy918Vt9j/AAAA0Izc/X8at3Sy//X/+v9m+//f1P/v9fr6f/1/y/T/4/T/K+j/9f/6f/0/azW1/j93/5/FLZ3sfwAAAOhB7v4/j1vsfwAAAGhG7v6r4xb7HwAAAJqRu/8v4pZO9v9S/7+xmFj/n33tEff/+TL6/5b6f8//3/P19f/6/5Ydb/9/3ZM/8un/9f/6/6D/31f/f2avz9f/06Kp9f+5+/8ybulk/wMAAEAPcvf/Vdxi/wMAAEAzcvdfE7fY/wAAANCM3P1/Hbd0sv/X9/z/s1sf9/z/C/T/+v/l7x/6f/2//v/oef7/uJ76/6sfvPxPHr3zV+86yOvr//X/nv+v/2e9ptb/5+7/m7ilk/0PAAAAPcjd/7dxi/0PAAAAzcjd/3dxi/0PAAAAzcjd//dxSyf7f339/9E8/z/p//X/C/2//n/p30f/r/8fov8fN/X+/7Tn/+v/Z/z+9f/6f3abWv+fu/8f4pZO9j8AAAD0IHf/P8Yt9j8AAAA0I3f/tXGL/Q8AAADNyN1/Lm7pZP/r/4++/39C/6//j6v/1//r/4+e/n/c1Pv/dT7//zCvr//X/+v/9f+s19T6/9z918Utnex/AAAA6EHu/n+KW+x/AAAAaEbu/n+OW+x/AAAAaEbu/n+JWzrZ//p/z//X/+v/9f/Dr6//nyf9/zj9/wr6/0vt50/r//X/+n8udsD+//GRH7bX0v/n7v/XuKWT/Q8AAAA9yN3/b3GL/Q8AAADNyN3/73GL/Q8AAADNyN3/H3FLJ/tf/6//1//r/w/d/+/+rrdF/z9M/3889P/jJtP/b5wa/HC3/f9j22+0gf7f8//1//p/dpja8/9z9/9n3NLJ/gcAAIAe5O7/r7hlZP8f+DfzAQAAgBOVu/+/4xZf/wcAAIDZy+osd///xC2d7H/9v/5f/6//9/z/4dcf6//vuuj96f+nRf8/bjL9/x667f8XF96v/n++71//r/9nt6n1/7n7/zdu6WT/AwAAQA9y918ft9j/AAAA0Izc/f8Xt9j/AAAA0Izc/f8ft3Sy/4f7/wv/f/3//uj/d75//f/w94919f/5T9T/j/b/v+X5/33S/487/v7/jP5/5z9f/3+ETvr9N97/n131+fp/hkyt/8/df0Pc0sn+BwAAgB7k7n9K3GL/AwAAQDNy9z81brH/AQAAoBm5+58Wt3Sy/z3/X/+v/59f/7/8/P+k/992HM//Xxx7/39K/79P+v9xnv+/gv5f/6//9/x/1mpq/X/u/hvjlk72PwAAAPTgxscWW7v/6YuF/Q8AAABzdPGfHVj+A6Uhd/8z4hb7HwAAAJqRu/+ZcUsn+1//r//X/8+///f8/x76f8//3y/9/zj9/wr6/6Po50811v/ftNfnT6H/v1b/z8Ts6P/vufDxk+r/c/c/K27pZP8DAABAD3L3Pztusf8BAACgGbn7nxO32P8AAADQjNz9z41bOtn/R97/n937tfX/+n/9v/5f/6//Xzf9/zj9/wr6f8//9/x//T9rtaP/v8hJ9f+5+58Xt3Sy/wEAAKAHufufH7fY/wAAANCM3P03xS32PwAAADQjd/8L4pZO9r/n/+v/9f/6f/3/8Ovr/+dJ/z9O/7+C/l//r//X/7NWU+v/c/ffHLd0sv8BAACgB7n7b4lb7H8AAABoRu7+F8Yt9j8AAAA0I3f/i+KWTva//v9o+//8uP5f/7/Q/+v/9f/Hotv+f2PoZ6Ld9uj/7/+jc7+z8yP6f/2//l//r/9nDSbR/5+/8KvL3P0vjls62f8AAADQg9z9L4lb7H8AAABoRu7+l8Yt9j8AAAA0I3f/y+KWA+7/X17ruzo++n/P/9f/6//1/8Ovr/+fp9n1/6d3ftPz//X/+v/5vn/9v/6f3SbR/1/07dz9L49bfP0fAAAAmpG7/xVxi/0PAAAAzcjd/8q4xf4HAACAZuTuf1Xc0sn+1//r//X/+n/9//DrH7b/31wM0/8fj9n1/0v0//p//f9837/+X//PblPr/3P33xq3dLL/AQAAoAe5+18dt9j/AAAA0Izc/a+JW+x/AAAAaEbu/tfGLZ3sf/2//l//r//X/w+/vuf/z5P+f5z+f7FY3DbyBob6//Nn9P/6f/2//p9Dmlr/n7v/dXFLJ/sfAAAAepC7/7a4xf4HAACAZuTuvz1usf8BAACgGbn7Xx+3dLL/9f/6f/2//l//P/z6+v950v+P0/+v4Pn/+n/9v/6ftZpa/5+7/464pZP9DwAAAD3I3X9n3GL/AwAAQDNy978hbrH/AQAAoBm5+++KWzrZ//p//b/+X/9/JP3/Of3/Mv3/8Ti6/n+h/9f/6/9X0P/r//X/LDuu/v/x+PF+Vf+fu/+NcUsn+x8AAAB6kLv/7rjF/gcAAIBm5O5/U9xi/wMAAEAzcve/OW7pZP/r//X/+n/9v+f/D7++/n+ePP9/nP5/Bf2//l//r/9nrY6r/9+r91/+du7+t8Qtnex/AAAA6EHu/nviFvsfAAAAmpG7/964xf4HAACAZuTuf2vc0sn+1//r/3f2/4uF/l//r//fdgz9/+ZC/792+v9x+v8V9P9t9v+/tGio/z+75+fr/5miqfX/ufvfFrd0sv8BAACgB7n73x632P8AAADQjNz974hb7H8AAABoRu7+d8YtLe3/J/ZO3+bf/59Z+kT9/2KxeOgaz//X/4+8vv5/Mv1//VfV/6+P/n+c/n8F/X+b/b/n/+v/OTFT6/9z978rbmlp/wMAAEDncve/O26x/wEAAKAZufvfE7fY/wAAANCM3P3vjVs62f/z7/+XP1H/v7ik5//r/7c+oP/X/+v/Z+tS+/ubN+PnNP2//l//P9jPb+zx656F/l//r/9nwNT6/9z974tbOtn/AAAA0IPc/ffFLfY/AAAANCN3//1xi/0PAAAAzcjd//64pZP9r//X/+v/59n/b+r/9f/6/0F79vdX7O/z1/X8/yuv/O0H9P/6/xb7/zH6f/2//p9lU+v/c/d/IG7pZP8DAABAD3L3fzBusf8BAACgGbn7PxS32P8AAADQjNz9H45bOtn/u/v/04vtQnXbUP8fjZr+/yL6/53vX/8//P3D8//1//r/o3epz99fV//v+f+He//6f/3/nN//gfr/X9v9+fp/WjS1/j93/wNxy8jw2/stAQAAAFOUu/8jcUsnX/8HAACAHuTu/2jcYv8DAABAM3L3Pxi3dLL/Pf9f/6//1//r/4dfX/8/T/r/cfr/FfT/+n/P/7/qDy7T/7M+U+v/c/d/LG7ZGn6/fsUh/zUBAACACcnd//G4pZOv/wMAAEAPcvd/Im6x/wEAAKAZufs/Gbd0sv/1//p//b/+X/8//Pr6/3nS/4/T/6/QT/+/OfTBk+7nL9VJv/9m+n/P/2eNptb/5+7/VNzSyf4HAACAHuTu/3TcYv8DAABAM3L3fyZusf8BAACgGbn7H4pbOtn/+n/9f/v9/+/r/5deX/+v/2+Z/j9/Rh+m/1+hn/5/0En383N///r/sf7/4D8e0oap9f+5+x+OWzrZ/wAAANCD3P2fjVvsfwAAAGhG7v7PxS32PwAAADQjd//n45ZO9r/+v6/+f2PRY//v+f/6f/1/T+bT/99yauijnv+v/9f/z/f96/89/5/dptb/5+5/ZONUl/sfAAAA5up3f+OPH97v3/vI1l83F1+IW+x/AAAAaEbu/i/GLfY/AAAANCN3/5filk72v/6/r/6/z+f/6//1//r/nsyn/x+m/9f/6//n+/71//p/dpta/5+7/8txy0XDb/B/oAcAAACYjdz9X4lbOvn6PwAAAPQgd/9X45Zd+//8Pv9UOwAAADA1ufu/Frd08vV//f/E+//FEfX/8ffp/7fp//X/Q6+v/58n/f+4S+z/z2/o//X/I/T/+n/9P8um1v/n7r/7jkWX+x8AAAAateN3FL6+9dfNxTfiFvsfAAAAmpG7/5txi/0PAAAAzcjd/624pZP9r/+feP9/qOf/n63/y/P/O+//r98cfH39v/6/Zfr/cZ7/v4L+X/+v/9f/s1YH6P+3BulR9/+5+78dt3Sy/wEAAKAHufu/E7fY/wAAANCM3P3fjVvsfwAAAGhG7v7vxS2d7H/9/wn0/zecWSyOtP/fx/P/9f999P97vH47/f+vXH7uvt/7w9tv1f9zwXH2//l9Qf+v/9f/b9P/6//1/yyb2vP/c/d/P27pZP8DAABAD3L3Pxq32P8AAADQjNz9P4hbntz/957UuwIAAADWKXf/D+OWTr7+r/9v8fn/8+z/87/1CfT/5+bX/2dT3Hv/7/n/+v/dPP9/nP5/Bf2//l//r/9nrabW/+fu/1Hc0sn+BwAAgB7k7v9x3JL7f+PAv3UPAAAATEzu/p/ELb7+DwAAAM3I3f9Y3NLJ/tf/6/8P2/+f9fx/z//X/2/R/0+L/n+c/n8F/b/+X/+v/2etptb/5+7/adzSyf4HAACAHuTufzxusf8BAACgGbn7fxa32P8AAADQjNz9P49bOtn/+n/9/1Se/5/0/xc+T/+/Tf+v/z8I/f+4g/T/lw38ukD/r/8fo//X/+v/WTa1/j93/y8CAAD//zJLcR4=") rename(&(0x7f0000000200)='./file1\x00', &(0x7f0000001cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') kernel console output (not intermixed with test programs): fferent from the interface descriptor's value: 255 [ 181.979700][ T968] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 182.006295][ T968] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 182.032535][ T968] usb 1-1: SerialNumber: syz [ 182.066955][ T968] cdc_acm 1-1:1.0: skipping garbage [ 182.288383][ T54] usb 1-1: USB disconnect, device number 8 [ 183.015855][ T8256] loop3: detected capacity change from 0 to 4096 [ 183.209235][ T8267] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.393969][ T8256] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 183.429762][ T8262] loop1: detected capacity change from 0 to 8192 [ 183.438080][ T8256] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=12) [ 183.470096][ T8256] Remounting filesystem read-only [ 183.493032][ T8256] NILFS (loop3): error -5 truncating bmap (ino=12) [ 183.697747][ T5795] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 183.733828][ T5795] NILFS (loop3): discard dirty page: offset=0, ino=2 [ 183.766742][ T5795] NILFS (loop3): discard dirty block: blocknr=14, size=4096 [ 183.804404][ T5795] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 183.846433][ T5795] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 183.854572][ T5795] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 183.897672][ T5795] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 183.912535][ T5795] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 183.936750][ T5795] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 183.960184][ T8283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1090'. [ 184.298996][ T8285] loop1: detected capacity change from 0 to 4096 [ 184.329956][ T8285] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 184.592801][ T8289] loop3: detected capacity change from 0 to 4096 [ 184.654330][ T8289] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 184.776125][ T8289] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 184.820810][ T8289] ntfs3: loop3: Failed to load $Extend (-22). [ 184.846422][ T8289] ntfs3: loop3: Failed to initialize $Extend. [ 184.918254][ T8303] binder: 8302:8303 ioctl 40046205 0 returned -22 [ 185.078124][ T8306] : renamed from bond_slave_0 (while UP) [ 185.228211][ T8310] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1103'. [ 186.142378][ T8343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1117'. [ 187.189675][ T8376] netlink: 'syz.0.1130': attribute type 1 has an invalid length. [ 187.455524][ T8354] loop1: detected capacity change from 0 to 32768 [ 187.546838][ T8354] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 187.660081][ T8388] netlink: 'syz.3.1138': attribute type 5 has an invalid length. [ 187.690696][ T8388] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.1138'. [ 187.776821][ T8354] (syz.1.1122,8354,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=16, inode=65, rec_len=16, name_len=64 [ 187.851184][ T8354] (syz.1.1122,8354,0):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 187.886739][ T8354] (syz.1.1122,8354,0):ocfs2_mknod:298 ERROR: status = -2 [ 187.928342][ T8354] (syz.1.1122,8354,0):ocfs2_mknod:502 ERROR: status = -2 [ 187.936118][ T8354] (syz.1.1122,8354,0):ocfs2_create:676 ERROR: status = -2 [ 188.155663][ T5799] ocfs2: Unmounting device (7,1) on (node local) [ 188.600287][ T8413] netlink: 'syz.3.1149': attribute type 8 has an invalid length. [ 188.971417][ T8427] netlink: 'syz.2.1155': attribute type 16 has an invalid length. [ 189.014262][ T8428] netlink: 'syz.0.1156': attribute type 2 has an invalid length. [ 189.638779][ T8449] ieee802154 phy0 wpan0: encryption failed: -22 [ 189.692144][ T8450] bridge0: port 3(netdevsim0) entered disabled state [ 189.721412][ T8450] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 189.961150][ T8458] netlink: 'syz.1.1173': attribute type 5 has an invalid length. [ 190.454766][ T8476] loop0: detected capacity change from 0 to 512 [ 190.537177][ T8476] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 190.583465][ T8474] loop3: detected capacity change from 0 to 4096 [ 190.597700][ T8476] EXT4-fs (loop0): orphan cleanup on readonly fs [ 190.638429][ T8476] Quota error (device loop0): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6). [ 190.674026][ T8474] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 190.705502][ T8476] EXT4-fs warning (device loop0): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 190.710486][ T8480] loop1: detected capacity change from 0 to 4096 [ 190.748814][ T8474] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 190.769917][ T8476] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 190.794574][ T8476] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.1179: bg 0: block 40: padding at end of block bitmap is not set [ 190.824742][ T8480] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 190.840057][ T8474] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 190.872272][ T8476] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 190.879396][ T8480] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 190.901830][ T8474] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 190.916726][ T8476] EXT4-fs (loop0): 1 truncate cleaned up [ 190.950127][ T8474] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 190.953647][ T8476] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 191.043972][ T8474] ntfs: volume version 3.1. [ 191.054034][ T8480] ntfs: volume version 3.1. [ 191.117756][ T8474] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 191.160362][ T8474] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 191.249115][ T8476] EXT4-fs error (device loop0): ext4_get_link:104: inode #16: comm syz.0.1179: bad symlink. [ 191.389680][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.948249][ T8507] xt_TCPMSS: Only works on TCP SYN packets [ 192.327279][ T8521] netlink: 'syz.0.1201': attribute type 10 has an invalid length. [ 192.726118][ T8535] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1208'. [ 193.174483][ T8548] xt_CONNSECMARK: invalid mode: 0 [ 193.530314][ T8561] loop1: detected capacity change from 0 to 256 [ 194.231397][ T8578] loop0: detected capacity change from 0 to 4096 [ 194.351416][ T8589] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 194.470710][ T8578] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 194.535537][ T8578] Remounting filesystem read-only [ 194.936088][ T8607] PKCS8: Unsupported PKCS#8 version [ 195.479728][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.486857][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.656657][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 195.656680][ T27] audit: type=1400 audit(1754619678.012:53): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=8628 comm="syz.1.1250" [ 196.451639][ T8660] loop3: detected capacity change from 0 to 16 [ 196.459875][ T8659] netlink: 'syz.0.1263': attribute type 9 has an invalid length. [ 196.512162][ T8660] erofs: (device loop3): mounted with root inode @ nid 36. [ 196.875033][ T8670] loop3: detected capacity change from 0 to 256 [ 196.893731][ T8672] xt_SECMARK: invalid mode: 2 [ 196.933699][ T8670] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 197.107952][ T8674] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1271'. [ 197.313681][ T8678] loop3: detected capacity change from 0 to 512 [ 197.893680][ T8697] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1282'. [ 198.302864][ T8710] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1287'. [ 198.670149][ T8718] loop1: detected capacity change from 0 to 512 [ 198.734209][ T8718] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 198.771999][ T8718] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61 [ 198.781287][ T8718] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #13: comm syz.1.1292: iget: bad i_size value: 12154757448730 [ 198.789537][ T8724] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1294'. [ 198.819282][ T8726] netlink: 'syz.3.1295': attribute type 13 has an invalid length. [ 198.829862][ T8718] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.1292: couldn't read orphan inode 13 (err -117) [ 198.861278][ T8726] gretap0: refused to change device tx_queue_len [ 198.870866][ T8718] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.906132][ T8726] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 199.041050][ T8718] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 199.129414][ T5799] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.596077][ T8744] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 199.983386][ T8756] nvme_fabrics: unknown parameter or missing value 'Y' in ctrl creation request [ 200.219566][ T8761] loop1: detected capacity change from 0 to 4096 [ 200.346428][ T5861] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 200.556366][ T5861] usb 1-1: Using ep0 maxpacket: 32 [ 200.583416][ T5861] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.620798][ T5861] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.671713][ T5861] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 200.716932][ T5861] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 200.751279][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 200.772232][ T27] audit: type=1326 audit(1754619683.132:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8774 comm="syz.1.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 200.805287][ T5861] usb 1-1: Product: syz [ 200.820637][ T5861] usb 1-1: Manufacturer: syz [ 200.825526][ T5861] usb 1-1: SerialNumber: syz [ 200.849447][ T27] audit: type=1326 audit(1754619683.132:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8774 comm="syz.1.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 200.917713][ T5861] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input9 [ 200.934324][ T27] audit: type=1326 audit(1754619683.142:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8774 comm="syz.1.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 201.013076][ T27] audit: type=1326 audit(1754619683.142:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8774 comm="syz.1.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 201.088023][ T27] audit: type=1326 audit(1754619683.142:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8774 comm="syz.1.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 201.335079][ T5861] usb 1-1: USB disconnect, device number 9 [ 201.447629][ T5861] appletouch 1-1:1.0: input: appletouch disconnected [ 201.767208][ T8799] loop3: detected capacity change from 0 to 256 [ 201.801098][ T8799] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 202.314774][ T8809] loop3: detected capacity change from 0 to 4096 [ 202.356648][ T8809] ntfs3: loop3: ino=3, Correct links count -> 2. [ 202.388569][ T8811] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1337'. [ 203.586559][ T8839] netlink: 'syz.3.1351': attribute type 1 has an invalid length. [ 203.610825][ T8839] netlink: 236 bytes leftover after parsing attributes in process `syz.3.1351'. [ 203.956867][ T8831] loop0: detected capacity change from 0 to 32768 [ 203.970553][ T8831] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 11 [ 204.121846][ T8851] netlink: 448 bytes leftover after parsing attributes in process `syz.3.1357'. [ 204.184097][ T6090] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 11 [ 204.222207][ T8855] xt_CT: You must specify a L4 protocol and not use inversions on it [ 204.802076][ T8873] x_tables: unsorted entry at hook 3 [ 204.866555][ T5861] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 205.056573][ T5861] usb 4-1: Using ep0 maxpacket: 16 [ 205.079827][ T5861] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 205.106411][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid maxpacket 262, setting to 64 [ 205.133663][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.166377][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.189284][ T5861] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.227992][ T5861] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 205.246060][ T5861] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 205.265846][ T5861] usb 4-1: Manufacturer: syz [ 205.287582][ T5861] usb 4-1: config 0 descriptor?? [ 205.365827][ T8884] overlayfs: disabling nfs_export due to verity=require [ 205.426789][ T8884] overlayfs: conflicting options: userxattr,verity=require [ 205.578376][ T54] usb 4-1: USB disconnect, device number 7 [ 206.186630][ T8908] netlink: 'syz.0.1384': attribute type 1 has an invalid length. [ 206.206941][ T8909] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 206.807027][ T8929] cgroup: Name too long [ 207.135005][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.206538][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.215744][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.245488][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.263417][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.274021][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.284256][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.294397][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 207.796638][ T5806] Bluetooth: hci2: command 0x0406 tx timeout [ 207.802965][ T5801] Bluetooth: hci1: command 0x0406 tx timeout [ 207.810421][ T5808] Bluetooth: hci3: command 0x0406 tx timeout [ 209.024423][ T9010] __nla_validate_parse: 48 callbacks suppressed [ 209.024506][ T9010] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1434'. [ 209.439268][ T9020] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 209.486470][ T9020] overlayfs: missing 'lowerdir' [ 209.741908][ T9027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1442'. [ 209.932793][ T9004] loop1: detected capacity change from 0 to 32768 [ 209.981894][ T9004] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 210.082381][ T9004] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 210.318493][ T9004] OCFS2: ERROR (device loop1): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has an invalid bg_blkno of 4278207136 [ 210.364272][ T9004] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 210.375489][ T9004] OCFS2: File system is now read-only. [ 210.388804][ T9004] (syz.1.1432,9004,0):ocfs2_search_chain:1761 ERROR: status = -30 [ 210.409698][ T9004] (syz.1.1432,9004,0):ocfs2_search_chain:1871 ERROR: status = -30 [ 210.428272][ T9004] (syz.1.1432,9004,0):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30 [ 210.454589][ T9043] loop3: detected capacity change from 0 to 4096 [ 210.456354][ T9004] (syz.1.1432,9004,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30 [ 210.501203][ T9004] (syz.1.1432,9004,0):ocfs2_claim_new_inode:2216 ERROR: status = -30 [ 210.515452][ T9043] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 210.530082][ T9004] (syz.1.1432,9004,0):ocfs2_claim_new_inode:2231 ERROR: status = -30 [ 210.550792][ T9004] (syz.1.1432,9004,0):ocfs2_mknod_locked:639 ERROR: status = -30 [ 210.576500][ T9004] (syz.1.1432,9004,0):ocfs2_symlink:1944 ERROR: status = -30 [ 210.594796][ T9043] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.596518][ T9004] (syz.1.1432,9004,0):ocfs2_symlink:2068 ERROR: status = -30 [ 210.616369][ T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 210.649182][ T9004] syz.1.1432 (9004) used greatest stack depth: 19504 bytes left [ 210.741176][ T5799] ocfs2: Unmounting device (7,1) on (node local) [ 210.809270][ T9053] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1454'. [ 210.810225][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.830193][ T23] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 210.905512][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.948445][ T23] usb 3-1: config 0 descriptor?? [ 211.004487][ T23] gspca_main: spca508-2.14.0 probing 8086:0110 [ 211.381435][ T23] gspca_spca508: reg_read err -71 [ 211.393583][ T23] gspca_spca508: reg_read err -71 [ 211.407432][ T23] gspca_spca508: reg_read err -71 [ 211.433650][ T23] gspca_spca508: reg_read err -71 [ 211.439922][ T23] gspca_spca508: reg write: error -71 [ 211.451460][ T23] spca508: probe of 3-1:0.0 failed with error -71 [ 211.477776][ T23] usb 3-1: USB disconnect, device number 6 [ 211.546445][ T54] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 211.638103][ T9067] comedi comedi0: pcl711: a I/O base address must be specified [ 211.753350][ T54] usb 2-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 211.773300][ T54] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.795210][ T54] usb 2-1: Product: syz [ 211.811380][ T54] usb 2-1: Manufacturer: syz [ 211.826533][ T54] usb 2-1: SerialNumber: syz [ 211.847341][ T54] usb 2-1: config 0 descriptor?? [ 212.100400][ T9077] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 212.246458][ T23] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 212.276082][ T54] usb 2-1: f81604_write: reg: 105 data: 99 failed: -EPROTO [ 212.289217][ T54] f81604 2-1:0.0: Setting termination of CH#0 failed: -EPROTO [ 212.297575][ T54] f81604: probe of 2-1:0.0 failed with error -71 [ 212.317990][ T54] usb 2-1: USB disconnect, device number 4 [ 212.438919][ T23] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 212.456331][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 212.478388][ T23] usb 1-1: config 0 has no interface number 0 [ 212.484864][ T23] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 212.526451][ T23] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 212.587025][ T23] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 212.606350][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.629878][ T23] usb 1-1: Product: syz [ 212.635563][ T23] usb 1-1: Manufacturer: syz [ 212.639904][ T9092] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1472'. [ 212.641758][ T23] usb 1-1: SerialNumber: syz [ 212.656981][ T9092] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1472'. [ 212.677468][ T23] usb 1-1: config 0 descriptor?? [ 212.916625][ T23] usbtouchscreen: probe of 1-1:0.117 failed with error -71 [ 212.971935][ T23] usb 1-1: USB disconnect, device number 10 [ 213.020487][ T27] audit: type=1326 audit(1754619695.382:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9100 comm="syz.1.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 213.097588][ T27] audit: type=1326 audit(1754619695.412:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9100 comm="syz.1.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 213.186406][ T27] audit: type=1326 audit(1754619695.422:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9100 comm="syz.1.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 213.264910][ T27] audit: type=1326 audit(1754619695.422:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9100 comm="syz.1.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 213.345116][ T27] audit: type=1326 audit(1754619695.422:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9100 comm="syz.1.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc64518ebe9 code=0x7ffc0000 [ 214.180690][ T9131] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1492'. [ 214.217792][ T9131] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 214.498541][ T9108] loop1: detected capacity change from 0 to 40427 [ 214.536951][ T9108] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 214.544546][ T9108] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 214.566906][ T9108] F2FS-fs (loop1): build fault injection attr: rate: 17008, type: 0x7ffff [ 214.585798][ T9142] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1498'. [ 214.595633][ T9108] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x6 [ 214.652887][ T9108] F2FS-fs (loop1): invalid crc value [ 214.695039][ T9108] F2FS-fs (loop1): Found nat_bits in checkpoint [ 214.943907][ T9108] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 214.972918][ T9108] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 215.018714][ T9152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.086545][ T9108] syz.1.1480: attempt to access beyond end of device [ 215.086545][ T9108] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 215.538224][ T5799] syz-executor: attempt to access beyond end of device [ 215.538224][ T5799] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 215.590391][ T5799] F2FS-fs (loop1): Remounting filesystem read-only [ 215.898238][ T9166] netlink: 'syz.2.1508': attribute type 13 has an invalid length. [ 215.997476][ T9168] loop3: detected capacity change from 0 to 128 [ 216.059029][ T9168] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 216.161138][ T9168] syz.3.1509: attempt to access beyond end of device [ 216.161138][ T9168] loop3: rw=0, sector=6491536, nr_sectors = 2 limit=128 [ 216.226428][ T9168] buffer_io_error: 14 callbacks suppressed [ 216.226448][ T9168] Buffer I/O error on dev loop3, logical block 3245768, async page read [ 216.397550][ T5795] sysv_free_block: flc_count > flc_size [ 216.404064][ T5795] sysv_free_block: flc_count > flc_size [ 216.427448][ T5795] sysv_free_block: flc_count > flc_size [ 216.434244][ T5795] sysv_free_block: flc_count > flc_size [ 216.456465][ T5795] sysv_free_block: flc_count > flc_size [ 216.462228][ T5795] sysv_free_block: flc_count > flc_size [ 216.486753][ T5795] sysv_free_block: flc_count > flc_size [ 216.492518][ T5795] sysv_free_block: flc_count > flc_size [ 216.513046][ T5795] sysv_free_block: flc_count > flc_size [ 216.556574][ T5795] sysv_free_block: flc_count > flc_size [ 216.565565][ T5795] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 216.888534][ T9188] veth3: entered allmulticast mode [ 217.254423][ T9200] netlink: 'syz.1.1524': attribute type 10 has an invalid length. [ 217.307414][ T9200] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1524'. [ 217.344988][ T9200] batman_adv: batadv0: Adding interface: virt_wifi0 [ 217.366780][ T9200] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.457347][ T9200] batman_adv: batadv0: Interface activated: virt_wifi0 [ 218.046696][ T9228] netlink: 'syz.0.1538': attribute type 1 has an invalid length. [ 218.270436][ T9238] overlayfs: empty lowerdir [ 218.375512][ T9242] netlink: 'syz.2.1545': attribute type 21 has an invalid length. [ 218.395406][ T9242] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1545'. [ 219.165486][ T9268] netlink: 260 bytes leftover after parsing attributes in process `syz.2.1557'. [ 219.190751][ T27] audit: type=1326 audit(1754619701.552:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 219.215625][ T27] audit: type=1326 audit(1754619701.552:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 219.254320][ T27] audit: type=1326 audit(1754619701.552:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 219.316633][ T27] audit: type=1326 audit(1754619701.652:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 219.374410][ T27] audit: type=1326 audit(1754619701.652:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 219.400858][ T9276] ieee802154 phy0 wpan0: encryption failed: -22 [ 219.410949][ T9] IPVS: starting estimator thread 0... [ 219.526897][ T9277] IPVS: using max 17 ests per chain, 40800 per kthread [ 220.166355][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 220.337767][ T9309] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 220.357783][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 220.386809][ T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 220.400031][ T9] usb 3-1: config 0 has no interface number 0 [ 220.429874][ T9] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 220.455796][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.480405][ T9] usb 3-1: Product: syz [ 220.495714][ T9] usb 3-1: Manufacturer: syz [ 220.500713][ T9] usb 3-1: SerialNumber: syz [ 220.519573][ T9] usb 3-1: config 0 descriptor?? [ 220.529621][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 220.961476][ T9] gspca_spca1528: reg_w err -71 [ 221.016622][ T9] spca1528: probe of 3-1:0.1 failed with error -71 [ 221.043950][ T9] usb 3-1: USB disconnect, device number 7 [ 221.296599][ T968] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 221.322345][ T27] audit: type=1326 audit(1754619703.682:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9338 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 221.380708][ T27] audit: type=1326 audit(1754619703.712:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9338 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 221.425534][ T27] audit: type=1326 audit(1754619703.722:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9338 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 221.485606][ T27] audit: type=1326 audit(1754619703.722:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9338 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 221.519832][ T968] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 221.535359][ T968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.564716][ T968] usb 4-1: Product: syz [ 221.574658][ T968] usb 4-1: Manufacturer: syz [ 221.589700][ T968] usb 4-1: SerialNumber: syz [ 221.605169][ T968] usb 4-1: config 0 descriptor?? [ 221.888898][ T9353] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1601'. [ 221.930186][ T9356] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 222.070116][ T968] usb 4-1: f81604_write: reg: 105 data: 99 failed: -EPROTO [ 222.081354][ T9356] bond1: entered promiscuous mode [ 222.086343][ T968] f81604 4-1:0.0: Setting termination of CH#0 failed: -EPROTO [ 222.105208][ T968] f81604: probe of 4-1:0.0 failed with error -71 [ 222.109125][ T9356] bond1: entered allmulticast mode [ 222.117927][ T968] usb 4-1: USB disconnect, device number 8 [ 222.168838][ T9356] 8021q: adding VLAN 0 to HW filter on device bond1 [ 222.305149][ T9366] tc_dump_action: action bad kind [ 223.666870][ T9401] bpf: Bad value for 'mode' [ 224.092544][ T9412] loop3: detected capacity change from 0 to 256 [ 224.677307][ T9435] 9pnet: Found fid 0 not clunked [ 224.947670][ T9443] caif0: entered allmulticast mode [ 225.177409][ T42] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 225.392684][ T42] usb 1-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 225.404431][ T42] usb 1-1: New USB device strings: Mfr=24, Product=2, SerialNumber=3 [ 225.443780][ T42] usb 1-1: Product: syz [ 225.457036][ T42] usb 1-1: Manufacturer: syz [ 225.491096][ T42] usb 1-1: SerialNumber: syz [ 225.547624][ T42] usb 1-1: config 0 descriptor?? [ 226.037032][ T42] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 226.075349][ T42] asix: probe of 1-1:0.0 failed with error -71 [ 226.105116][ T42] usb 1-1: USB disconnect, device number 11 [ 226.565722][ T9492] loop3: detected capacity change from 0 to 8 [ 226.776800][ T9494] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 226.821091][ T9494] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 227.321924][ T9481] loop1: detected capacity change from 0 to 40427 [ 227.337102][ T9481] F2FS-fs (loop1): heap/no_heap options were deprecated [ 227.370029][ T9481] F2FS-fs (loop1): invalid crc value [ 227.391527][ T9481] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 227.416970][ T968] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 227.451300][ T9481] F2FS-fs (loop1): Found nat_bits in checkpoint [ 227.566973][ T9481] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 227.616531][ T968] usb 3-1: Using ep0 maxpacket: 16 [ 227.639524][ T968] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 227.670952][ T968] usb 3-1: config 0 has no interface number 0 [ 227.695383][ T968] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 227.710366][ T968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.734904][ T968] usb 3-1: Product: syz [ 227.750031][ T968] usb 3-1: Manufacturer: syz [ 227.769674][ T968] usb 3-1: SerialNumber: syz [ 227.813891][ T968] usb 3-1: config 0 descriptor?? [ 227.843388][ T968] asix: probe of 3-1:0.251 failed with error -22 [ 228.018532][ T9525] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1679'. [ 228.671354][ T42] usb 3-1: USB disconnect, device number 8 [ 228.686441][ T9] usb 4-1: new low-speed USB device number 9 using dummy_hcd [ 228.894331][ T9] usb 4-1: config 1 has an invalid interface descriptor of length 6, skipping [ 228.924267][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 228.976317][ T9] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 228.985568][ T9] usb 4-1: config 1 has no interface number 1 [ 229.051518][ T9] usb 4-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30 [ 229.065731][ T9] usb 4-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104 [ 229.082063][ T9] usb 4-1: config 1 interface 2 has no altsetting 1 [ 229.098642][ T9] usb 4-1: string descriptor 0 read error: -22 [ 229.115641][ T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 229.141110][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.175572][ T9] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 229.201939][ T9] usb 4-1: MIDIStreaming interface descriptor not found [ 229.529489][ T8] usb 4-1: USB disconnect, device number 9 [ 229.614656][ T9571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1698'. [ 230.873726][ T9605] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 230.911904][ T9607] netlink: 'syz.1.1716': attribute type 8 has an invalid length. [ 231.227874][ T9612] veth0_to_bond: entered allmulticast mode [ 231.290544][ T9612] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1718'. [ 231.347391][ T9612] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 231.667344][ T9620] xt_hashlimit: overflow, try lower: 18446744073709551614/15680 [ 232.202437][ T9630] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 232.324884][ T9639] netlink: 'syz.0.1730': attribute type 32 has an invalid length. [ 232.768651][ T9655] netlink: 'syz.2.1738': attribute type 1 has an invalid length. [ 232.807462][ T9655] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1738'. [ 232.883481][ T9658] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1741'. [ 232.900578][ T9653] loop1: detected capacity change from 0 to 4096 [ 232.916514][ T9653] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 232.939862][ T9658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1741'. [ 232.987022][ T9653] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 233.330792][ T9662] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 233.430589][ T9672] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 234.136716][ T9694] netlink: 'syz.3.1757': attribute type 10 has an invalid length. [ 234.256717][ T9694] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 234.278695][ T9697] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1759'. [ 234.288573][ T9697] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1759'. [ 234.378226][ T9701] binder: 9700:9701 ioctl c0306201 200000000240 returned -14 [ 234.743027][ T9713] capability: warning: `syz.3.1767' uses 32-bit capabilities (legacy support in use) [ 235.187151][ T9731] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1774'. [ 235.803611][ T9751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1786'. [ 236.229214][ T9763] loop3: detected capacity change from 0 to 4096 [ 236.263085][ T9763] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 236.312586][ T9763] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 236.353276][ T9763] ntfs3: loop3: Failed to load $Extend (-22). [ 236.370456][ T9763] ntfs3: loop3: Failed to initialize $Extend. [ 236.927373][ T9787] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1803'. [ 236.976354][ T9787] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1803'. [ 236.985784][ T9787] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1803'. [ 236.997839][ T9790] loop0: detected capacity change from 0 to 8 [ 237.193789][ T27] audit: type=1800 audit(1754619719.552:73): pid=9790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1805" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 237.215271][ T9794] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1807'. [ 237.254815][ T9794] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1807'. [ 237.467801][ T9803] IPVS: set_ctl: invalid protocol: 8 127.0.0.1:20004 [ 238.633184][ T27] audit: type=1326 audit(1754619720.992:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9842 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 238.704515][ T27] audit: type=1326 audit(1754619720.992:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9842 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 238.727899][ C0] vkms_vblank_simulate: vblank timer overrun [ 238.786570][ T27] audit: type=1326 audit(1754619721.062:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9842 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 238.810212][ C0] vkms_vblank_simulate: vblank timer overrun [ 238.887382][ T27] audit: type=1326 audit(1754619721.062:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9842 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 238.910420][ C0] vkms_vblank_simulate: vblank timer overrun [ 238.953495][ T9855] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1837'. [ 238.988302][ T27] audit: type=1326 audit(1754619721.062:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9842 comm="syz.0.1831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c078ebe9 code=0x7ffc0000 [ 239.011901][ C0] vkms_vblank_simulate: vblank timer overrun [ 239.179753][ T9862] tmpfs: Bad value for 'mpol' [ 239.367136][ T9867] syz.2.1843 uses obsolete (PF_INET,SOCK_PACKET) [ 240.185254][ T9895] loop1: detected capacity change from 0 to 2048 [ 240.290251][ T9895] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 240.639131][ T9908] loop1: detected capacity change from 0 to 256 [ 242.559193][ T9971] loop3: detected capacity change from 0 to 512 [ 242.606476][ T9971] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 242.724616][ T9971] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 242.742841][ T9943] loop1: detected capacity change from 0 to 32768 [ 242.836643][ T9971] ext4 filesystem being mounted at /465/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.853686][ T9943] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 242.909775][ T9971] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2983: inode #15: comm syz.3.1894: corrupted xattr block 33: invalid ea_ino [ 242.977463][ T9943] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 243.070479][ T9971] EXT4-fs (loop3): Remounting filesystem read-only [ 243.091930][ T9971] EXT4-fs warning (device loop3): ext4_evict_inode:272: xattr delete (err -117) [ 243.243301][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.283991][ T9988] loop0: detected capacity change from 0 to 256 [ 243.341142][ T5799] ocfs2: Unmounting device (7,1) on (node local) [ 243.550075][ T9992] loop3: detected capacity change from 0 to 256 [ 244.691477][T10027] loop0: detected capacity change from 0 to 256 [ 244.740337][T10027] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 246.336496][ T5861] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 246.341642][T10083] loop1: detected capacity change from 0 to 1024 [ 246.398181][T10083] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 246.418593][T10083] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 246.430901][T10083] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal [ 246.536373][ T5861] usb 4-1: Using ep0 maxpacket: 32 [ 246.552244][ T5861] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.578844][ T5861] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 246.596983][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.611835][ T5861] usb 4-1: Product: syz [ 246.616951][ T5861] usb 4-1: Manufacturer: syz [ 246.621788][ T5861] usb 4-1: SerialNumber: syz [ 246.637889][ T5861] usb 4-1: config 0 descriptor?? [ 246.661640][ T5861] usb 4-1: bad CDC descriptors [ 246.677803][ T5861] usb 4-1: unsupported MDLM descriptors [ 246.912209][ T9] usb 4-1: USB disconnect, device number 10 [ 248.006477][T10126] : renamed from bridge_slave_0 (while UP) [ 248.026383][ T5861] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 248.228047][ T5861] usb 1-1: too many configurations: 25, using maximum allowed: 8 [ 248.257307][ T5861] usb 1-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98 [ 248.289541][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.302981][T10137] __nla_validate_parse: 1 callbacks suppressed [ 248.303003][T10137] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1973'. [ 248.349062][ T5861] usb 1-1: config 0 descriptor?? [ 248.395928][ T5861] pwc: Creative Labs Webcam Pro Ex detected. [ 248.431643][ T5861] pwc: Warning: more than 1 configuration available. [ 248.636972][ T5861] pwc: Failed to set LED on/off time (-71) [ 248.673634][ T5861] pwc: send_video_command error -71 [ 248.686725][ T5861] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 248.717920][ T5861] Philips webcam: probe of 1-1:0.0 failed with error -71 [ 248.779371][ T5861] usb 1-1: USB disconnect, device number 12 [ 249.100584][T10159] xt_CT: You must specify a L4 protocol and not use inversions on it [ 249.514404][T10166] loop3: detected capacity change from 0 to 4096 [ 249.576328][T10166] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 250.998296][T10218] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2012'. [ 251.016500][T10218] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2012'. [ 251.311345][T10229] xt_l2tp: invalid flags combination: c [ 251.361336][T10228] loop1: detected capacity change from 0 to 1764 [ 251.517747][T10236] netlink: 'syz.3.2020': attribute type 21 has an invalid length. [ 251.561199][T10236] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2020'. [ 251.717699][T10241] loop1: detected capacity change from 0 to 256 [ 251.786966][T10241] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 251.846506][ T23] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 252.038813][ T23] usb 1-1: config 0 has an invalid interface number: 176 but max is 2 [ 252.058241][ T23] usb 1-1: config 0 has no interface number 1 [ 252.064995][ T23] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 252.089579][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.102437][ T23] usb 1-1: config 0 descriptor?? [ 252.193121][T10255] SET target dimension over the limit! [ 252.352426][ T23] qcserial 1-1:0.2: Qualcomm USB modem converter detected [ 252.657263][ T23] usb 1-1: USB disconnect, device number 13 [ 252.665539][ T23] qcserial 1-1:0.2: device disconnected [ 252.695345][T10267] loop3: detected capacity change from 0 to 2048 [ 252.742043][T10267] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 252.985868][T10276] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 253.598643][T10293] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2046'. [ 253.656289][T10293] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 254.255711][T10318] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 254.629618][T10331] loop1: detected capacity change from 0 to 164 [ 254.648242][T10332] IPv6: NLM_F_CREATE should be specified when creating new route [ 254.998131][T10341] nfs: Unknown parameter 'ntext' [ 255.142811][T10346] cgroup: Invalid name [ 255.639646][T10363] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2082'. [ 255.939539][T10374] loop0: detected capacity change from 0 to 16 [ 255.953307][T10374] erofs: (device loop0): mounted with root inode @ nid 36. [ 255.989688][T10374] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 256.004058][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 256.041948][T10374] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 256.206390][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 256.223885][ T9] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 256.243083][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.296644][ T9] usb 4-1: config 0 has no interface number 0 [ 256.303349][ T9] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 256.337164][ T9] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 256.369945][ T9] usb 4-1: config 0 interface 52 has no altsetting 0 [ 256.400524][ T9] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 256.416630][ T9] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 256.430876][ T9] usb 4-1: Manufacturer: syz [ 256.477876][ T9] usb 4-1: config 0 descriptor?? [ 256.505974][T10388] loop1: detected capacity change from 0 to 256 [ 256.654617][T10388] FAT-fs (loop1): Directory bread(block 64) failed [ 256.669944][T10388] FAT-fs (loop1): Directory bread(block 65) failed [ 256.694541][T10388] FAT-fs (loop1): Directory bread(block 66) failed [ 256.702180][T10388] FAT-fs (loop1): Directory bread(block 67) failed [ 256.723700][T10388] FAT-fs (loop1): Directory bread(block 68) failed [ 256.738702][T10388] FAT-fs (loop1): Directory bread(block 69) failed [ 256.738919][ T9] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input11 [ 256.749348][T10388] FAT-fs (loop1): Directory bread(block 70) failed [ 256.807631][T10388] FAT-fs (loop1): Directory bread(block 71) failed [ 256.817209][T10388] FAT-fs (loop1): Directory bread(block 72) failed [ 256.841134][T10388] FAT-fs (loop1): Directory bread(block 73) failed [ 256.862188][ T27] audit: type=1400 audit(1754619739.222:79): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=10394 comm="syz.0.2097" [ 256.922229][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.936702][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.286466][ T42] usb 4-1: USB disconnect, device number 11 [ 257.286603][ C0] synaptics_usb 4-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 258.003327][T10418] loop1: detected capacity change from 0 to 512 [ 258.055102][T10421] dlm: no locking on control device [ 258.130762][T10418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.251191][T10418] ext4 filesystem being mounted at /552/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.500467][ T5799] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.870381][T10449] netlink: 'syz.3.2121': attribute type 2 has an invalid length. [ 259.773936][T10471] loop3: detected capacity change from 0 to 4096 [ 259.956380][T10471] ntfs: (device loop3): parse_options(): NLS character set cp8ƒÓ O¥¿one_multiplier=0x0000000000000001gid=0 not found. Using previous one cp862. [ 260.041293][T10471] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 260.088277][T10471] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 260.134610][T10471] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 260.176815][T10471] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 260.236846][T10471] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 260.332735][T10471] ntfs: volume version 3.1. [ 260.340776][T10471] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 260.410697][T10471] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 260.465404][T10471] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 260.532275][T10499] tmpfs: Unknown parameter 'func' [ 260.719363][T10503] loop1: detected capacity change from 0 to 512 [ 260.772859][T10503] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 260.827247][T10503] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 260.952107][T10503] EXT4-fs (loop1): 1 truncate cleaned up [ 261.018816][T10503] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.030829][T10516] UBIFS error (pid: 10516): cannot open "./file0", error -22 [ 261.095332][T10503] EXT4-fs error (device loop1): ext4_find_extent:900: inode #15: comm syz.1.2149: inode has invalid extent depth: 25964 [ 261.172355][T10503] EXT4-fs (loop1): Remounting filesystem read-only [ 261.188647][T10521] process 'syz.3.2157' launched './file0' with NULL argv: empty string added [ 261.191645][T10503] fs-verity (loop1, inode 15): Error -117 getting verity descriptor size [ 261.445423][ T5799] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.855441][T10542] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2167'. [ 261.859285][T10540] loop3: detected capacity change from 0 to 512 [ 261.990480][T10540] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.004002][T10540] ext4 filesystem being mounted at /521/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 262.113306][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.483337][T10560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2175'. [ 262.541403][T10562] netlink: 'syz.3.2176': attribute type 9 has an invalid length. [ 262.607097][T10562] netlink: 'syz.3.2176': attribute type 7 has an invalid length. [ 262.624739][T10562] netlink: 'syz.3.2176': attribute type 8 has an invalid length. [ 262.824732][T10569] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2179'. [ 262.856442][T10569] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2179'. [ 262.880294][T10569] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2179'. [ 263.142722][T10582] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2183'. [ 263.615973][T10590] loop1: detected capacity change from 0 to 8192 [ 263.774829][T10606] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 265.346367][ T9] usb 4-1: new low-speed USB device number 12 using dummy_hcd [ 265.558336][ T9] usb 4-1: config 1 interface 0 altsetting 89 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 265.596613][ T9] usb 4-1: config 1 interface 0 altsetting 89 endpoint 0x2 has invalid maxpacket 512, setting to 8 [ 265.633284][ T9] usb 4-1: config 1 interface 0 has no altsetting 0 [ 265.660364][ T9] usb 4-1: string descriptor 0 read error: -22 [ 265.668405][ T9] usb 4-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.40 [ 265.699872][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.759914][T10650] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 265.784118][T10650] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 266.096470][ T9] usbhid 4-1:1.0: can't add hid device: -71 [ 266.126363][ T9] usbhid: probe of 4-1:1.0 failed with error -71 [ 266.157288][ T9] usb 4-1: USB disconnect, device number 12 [ 266.261346][T10678] loop1: detected capacity change from 0 to 4096 [ 266.417631][T10678] __ntfs_error: 8 callbacks suppressed [ 266.417657][T10678] ntfs: (device loop1): parse_options(): NLS character set cp8ƒÓ O¥¿one_multiplier=0x0000000000000001gid=0 not found. Using previous one cp862. [ 266.509841][T10678] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 266.546302][T10678] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 266.588970][T10678] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 266.616583][T10678] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 266.691839][T10678] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 266.753207][T10678] ntfs: volume version 3.1. [ 266.808043][T10678] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 266.856682][T10678] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 266.935863][T10678] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 266.995164][T10678] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 268.346745][T10747] netlink: 'syz.0.2246': attribute type 1 has an invalid length. [ 268.377044][T10747] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2246'. [ 268.825721][T10767] ceph: No source [ 269.161684][T10775] usb usb8: usbfs: process 10775 (syz.2.2260) did not claim interface 0 before use [ 269.440063][T10787] loop1: detected capacity change from 0 to 1024 [ 270.198765][T10813] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2278'. [ 270.624151][T10828] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2286'. [ 270.686978][T10828] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 270.725955][T10828] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 270.756424][T10828] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 270.786759][T10828] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 270.956970][T10841] loop3: detected capacity change from 0 to 1024 [ 271.220989][T10847] loop1: detected capacity change from 0 to 1024 [ 271.367878][T10847] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 271.435440][T10847] ext4 filesystem being mounted at /593/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 271.609904][ T5799] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.908596][T10863] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2302'. [ 271.954840][T10863] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 272.213568][T10875] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2308'. [ 272.665973][T10889] SET target dimension over the limit! [ 274.339749][T10939] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2339'. [ 275.647066][T10987] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2363'. [ 277.144708][T11040] loop3: detected capacity change from 0 to 512 [ 277.242420][T11040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.272132][T11040] ext4 filesystem being mounted at /574/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 277.344813][T11040] Option 'óÉ™Z³uû±›ê]ïŽ' to dns_resolver key: bad/missing value [ 277.444637][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.823435][T11066] ip6gre1: entered allmulticast mode [ 278.972927][T11106] loop0: detected capacity change from 0 to 512 [ 279.048966][T11106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 279.071361][T11106] ext4 filesystem being mounted at /595/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 279.176326][T11106] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.2417: bg 0: block 255: padding at end of block bitmap is not set [ 279.364831][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.160437][T11150] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2437'. [ 280.226904][T11150] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2437'. [ 280.337722][T11152] loop0: detected capacity change from 0 to 1024 [ 280.384165][T11154] loop1: detected capacity change from 0 to 2048 [ 280.557064][T11152] syz.0.2438: attempt to access beyond end of device [ 280.557064][T11152] loop0: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 280.601393][T11154] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=2, rec_len=59, name_len=1 [ 280.639688][T11152] Buffer I/O error on dev loop0, logical block 100663296, async page read [ 280.667589][T11152] hfsplus: unable to mark blocks free: error -5 [ 280.676527][T11152] hfsplus: can't free extent [ 280.902330][T11167] ax25_connect(): syz.1.2444 uses autobind, please contact jreuter@yaina.de [ 281.165970][T11177] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2450'. [ 281.451643][T11186] No such timeout policy "syz1" [ 281.701136][T11194] tipc: Can't bind to reserved service type 1 [ 281.736407][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 281.736429][ T27] audit: type=1326 audit(1754619764.092:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11195 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6113b8ebe9 code=0x7ffc0000 [ 281.814832][ T27] audit: type=1326 audit(1754619764.092:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11195 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6113b8ebe9 code=0x7ffc0000 [ 281.886911][ T27] audit: type=1326 audit(1754619764.132:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11195 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f6113b8ebe9 code=0x7ffc0000 [ 281.994789][ T27] audit: type=1326 audit(1754619764.132:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11195 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6113b8ebe9 code=0x7ffc0000 [ 282.075180][ T27] audit: type=1326 audit(1754619764.132:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11195 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6113b8ebe9 code=0x7ffc0000 [ 282.180208][ T27] audit: type=1326 audit(1754619764.422:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11206 comm="syz.3.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 282.254605][ T27] audit: type=1326 audit(1754619764.422:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11206 comm="syz.3.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 282.345801][ T27] audit: type=1326 audit(1754619764.422:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11206 comm="syz.3.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 282.446673][ T27] audit: type=1326 audit(1754619764.422:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11206 comm="syz.3.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 282.479724][ T27] audit: type=1326 audit(1754619764.422:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11206 comm="syz.3.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 282.857053][T11231] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 283.307780][T11249] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2486'. [ 283.378686][T11245] loop3: detected capacity change from 0 to 4096 [ 283.467816][T11245] ntfs3: loop3: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 283.467816][T11245] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 283.467816][T11245] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 283.548553][T11245] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 283.585161][T11245] ntfs3: loop3: Failed to load $BadClus (-95). [ 283.741032][T11245] loop3: detected capacity change from 0 to 256 [ 284.985523][T11299] Driver unsupported XDP return value 0 on prog (id 111) dev N/A, expect packet loss! [ 284.999256][ T1205] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 285.203689][ T1205] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 285.246440][ T1205] usb 2-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=70.54 [ 285.255957][ T1205] usb 2-1: New USB device strings: Mfr=1, Product=34, SerialNumber=7 [ 285.285232][ T1205] usb 2-1: Product: syz [ 285.306495][ T1205] usb 2-1: Manufacturer: syz [ 285.326326][ T1205] usb 2-1: SerialNumber: syz [ 285.331140][T11307] sp0: Synchronizing with TNC [ 285.352083][ T1205] usb 2-1: config 0 descriptor?? [ 285.390530][ T1205] gspca_main: conex-2.14.0 probing 0572:0041 [ 285.866554][ T1205] usb 2-1: USB disconnect, device number 5 [ 286.777420][ T1205] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 286.979310][ T1205] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.011820][ T1205] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 287.045632][ T1205] usb 3-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 287.071026][ T1205] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.121968][ T1205] usb 3-1: config 0 descriptor?? [ 287.152724][ T1205] usbhid 3-1:0.0: can't add hid device: -22 [ 287.180074][ T1205] usbhid: probe of 3-1:0.0 failed with error -22 [ 287.392500][T11366] loop3: detected capacity change from 0 to 4096 [ 287.415606][T11366] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 287.428107][ T8] usb 3-1: USB disconnect, device number 9 [ 287.534155][T11366] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 287.543315][T11372] loop1: detected capacity change from 0 to 8 [ 287.579210][T11372] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 287.650919][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop1 [ 287.653301][T11372] cramfs: Error -5 while decompressing! [ 287.725680][ T6027] udevd[6027]: incorrect cramfs checksum on /dev/loop1 [ 287.735423][T11372] cramfs: ffffffff96fdc308(26)->ffff888053f40000(4096) [ 287.766803][T11372] cramfs: Error -3 while decompressing! [ 287.767941][T11376] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2548'. [ 287.772619][T11372] cramfs: ffffffff96fdc322(26)->ffff88805c44c000(4096) [ 287.772666][T11372] cramfs: Error -3 while decompressing! [ 287.772677][T11372] cramfs: ffffffff96fdc33c(16)->ffff88805780c000(4096) [ 287.772741][T11372] cramfs: Error -5 while decompressing! [ 287.772751][T11372] cramfs: ffffffff96fdc308(26)->ffff888053f40000(4096) [ 287.777584][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 287.777598][ T27] audit: type=1800 audit(1754619770.132:95): pid=11372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2546" name="file2" dev="loop1" ino=348 res=0 errno=0 [ 288.769674][T11407] tmpfs: Bad value for 'mpol' [ 289.044178][T11416] loop3: detected capacity change from 0 to 2048 [ 289.102998][T11416] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 289.168682][T11422] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 289.187261][T11416] syz.3.2567: attempt to access beyond end of device [ 289.187261][T11416] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 289.307149][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 289.345260][T11416] NILFS error (device loop3): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=104, inode=6, rec_len=24, name_len=5 [ 289.420368][T11416] Remounting filesystem read-only [ 289.515055][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 289.523934][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 289.537369][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 289.568889][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 289.611319][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice=4f.14 [ 289.642369][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.669693][ T9] usb 2-1: Product: syz [ 289.674809][ T9] usb 2-1: Manufacturer: syz [ 289.683894][T11434] loop3: detected capacity change from 0 to 128 [ 289.701651][ T9] usb 2-1: SerialNumber: syz [ 289.722839][ T9] usb 2-1: config 0 descriptor?? [ 289.749934][T11434] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 289.754710][T11417] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 289.780409][ T9] mceusb 2-1:0.0: mceusb_dev_probe: device setup failed! [ 289.796739][ T9] mceusb: probe of 2-1:0.0 failed with error -12 [ 289.854473][T11434] ext4 filesystem being mounted at /622/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.875968][T11438] loop0: detected capacity change from 0 to 64 [ 290.050895][ T5795] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 290.096469][ T42] usb 2-1: USB disconnect, device number 6 [ 290.546361][ T9] usb 4-1: new low-speed USB device number 13 using dummy_hcd [ 290.761268][ T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 290.776858][ T9] usb 4-1: config 0 has no interface number 0 [ 290.793909][ T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 290.837879][ T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 290.871177][ T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 290.881556][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.908166][ T9] usb 4-1: config 0 descriptor?? [ 290.927297][T11442] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 290.967999][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.093284][ T9] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 291.288054][T11466] netlink: 'syz.1.2591': attribute type 39 has an invalid length. [ 291.353651][T11466] veth0_macvtap: left promiscuous mode [ 291.456492][ C1] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 291.472804][ T1205] usb 4-1: USB disconnect, device number 13 [ 291.518301][T11468] netlink: 'syz.2.2592': attribute type 21 has an invalid length. [ 291.534523][T11468] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2592'. [ 291.548839][T11468] netlink: 'syz.2.2592': attribute type 5 has an invalid length. [ 291.557986][T11468] netlink: 'syz.2.2592': attribute type 6 has an invalid length. [ 291.566933][T11468] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2592'. [ 292.357735][T11494] netlink: 'syz.2.2605': attribute type 6 has an invalid length. [ 292.683589][T11506] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 293.121413][T11524] xt_policy: too many policy elements [ 293.274110][T11527] netlink: 'syz.2.2622': attribute type 39 has an invalid length. [ 293.351862][T11527] veth0_macvtap: left promiscuous mode [ 293.362669][T11530] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2624'. [ 293.575251][T11538] netlink: 'syz.3.2627': attribute type 3 has an invalid length. [ 293.608348][T11538] netlink: 'syz.3.2627': attribute type 3 has an invalid length. [ 293.651960][T11538] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2627'. [ 294.732461][T11536] loop1: detected capacity change from 0 to 40427 [ 294.761111][T11536] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 294.786315][T11536] F2FS-fs (loop1): Image doesn't support compression [ 294.803719][T11536] F2FS-fs (loop1): Image doesn't support compression [ 294.850415][T11536] F2FS-fs (loop1): invalid crc value [ 294.857610][T11570] siw: device registration error -23 [ 294.900333][T11536] F2FS-fs (loop1): Found nat_bits in checkpoint [ 295.077790][T11536] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 295.229249][T11536] syz.1.2626: attempt to access beyond end of device [ 295.229249][T11536] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 295.418514][ T5799] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x516/0x19c0 [ 295.466054][ T5799] F2FS-fs (loop1): invalid blkaddr: 1028, type: 10, run fsck to fix. [ 295.542623][T11587] netlink: 'syz.0.2651': attribute type 10 has an invalid length. [ 295.552363][T11587] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2651'. [ 295.697090][T11587] team0: Port device geneve0 added [ 296.106926][T11595] xt_ipcomp: unknown flags 12 [ 296.354141][T11602] loop0: detected capacity change from 0 to 256 [ 296.858242][T11617] netlink: 'syz.2.2664': attribute type 1 has an invalid length. [ 297.089186][T11625] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 297.446325][ T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 297.503755][T11639] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2677'. [ 297.515436][T11639] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2677'. [ 297.655647][ T23] usb 1-1: config index 0 descriptor too short (expected 3133, got 61) [ 297.680218][ T23] usb 1-1: config 0 has an invalid interface number: 156 but max is 1 [ 297.707222][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 297.729267][ T23] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 297.752801][ T23] usb 1-1: config 0 has no interface number 0 [ 297.771912][ T23] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 297.783469][ T23] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 297.806835][ T23] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 297.836376][ T23] usb 1-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 297.896496][ T23] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 297.900792][T11652] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 297.936350][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.981879][ T23] usb 1-1: config 0 descriptor?? [ 298.001271][ T23] gspca_main: spca561-2.14.0 probing abcd:cdee [ 298.210419][ T23] spca561: probe of 1-1:0.156 failed with error -22 [ 298.241556][ T23] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 298.260875][ T23] usb 1-1: MIDIStreaming interface descriptor not found [ 298.349211][T11664] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2686'. [ 298.374614][ T23] usb 1-1: USB disconnect, device number 14 [ 298.474977][ T6027] udevd[6027]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 298.693528][T11673] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2690'. [ 299.902693][T11709] netlink: 'syz.0.2708': attribute type 12 has an invalid length. [ 300.216040][T11723] loop3: detected capacity change from 0 to 64 [ 300.863761][T11736] loop0: detected capacity change from 0 to 2048 [ 300.940268][T11736] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 301.637322][T11753] netlink: 'syz.1.2729': attribute type 12 has an invalid length. [ 302.126963][ T1205] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 302.320600][T11745] loop3: detected capacity change from 0 to 32768 [ 302.346655][ T1205] usb 3-1: Using ep0 maxpacket: 8 [ 302.368712][ T1205] usb 3-1: unable to get BOS descriptor or descriptor too short [ 302.402611][ T1205] usb 3-1: config 4 has an invalid interface number: 4 but max is 0 [ 302.416776][ T1205] usb 3-1: config 4 has no interface number 0 [ 302.465615][ T1205] usb 3-1: config 4 interface 4 has no altsetting 0 [ 302.473297][T11745] jfs_strtoUCS: char2uni returned -22. [ 302.502238][T11745] charset = cp950, char = 0xd4 [ 302.529146][ T1205] usb 3-1: New USB device found, idVendor=1199, idProduct=6893, bcdDevice=61.85 [ 302.552605][ T1205] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.581353][ T1205] usb 3-1: Product: syz [ 302.585944][ T1205] usb 3-1: Manufacturer: syz [ 302.616491][ T1205] usb 3-1: SerialNumber: syz [ 302.862891][ T1205] sierra 3-1:4.4: Sierra USB modem converter detected [ 302.917761][ T1205] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 302.973200][ T1205] usb 3-1: USB disconnect, device number 10 [ 303.034134][ T1205] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 303.093988][ T1205] sierra 3-1:4.4: device disconnected [ 303.301578][T11793] x_tables: unsorted entry at hook 2 [ 303.796618][T11809] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2758'. [ 304.079865][T11817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2762'. [ 304.111763][T11817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2762'. [ 304.544300][T11838] .: renamed from veth0_virt_wifi (while UP) [ 304.912830][T11848] loop3: detected capacity change from 0 to 256 [ 305.017968][T11848] FAT-fs (loop3): Directory bread(block 64) failed [ 305.040279][T11848] FAT-fs (loop3): Directory bread(block 65) failed [ 305.066686][T11848] FAT-fs (loop3): Directory bread(block 66) failed [ 305.094434][T11848] FAT-fs (loop3): Directory bread(block 67) failed [ 305.124198][T11848] FAT-fs (loop3): Directory bread(block 68) failed [ 305.153679][T11848] FAT-fs (loop3): Directory bread(block 69) failed [ 305.186569][T11848] FAT-fs (loop3): Directory bread(block 70) failed [ 305.193981][T11848] FAT-fs (loop3): Directory bread(block 71) failed [ 305.225114][T11848] FAT-fs (loop3): Directory bread(block 72) failed [ 305.256779][T11848] FAT-fs (loop3): Directory bread(block 73) failed [ 306.562638][T11893] loop1: detected capacity change from 0 to 4096 [ 306.591277][T11893] ntfs3: Unknown parameter 'nohide_dot_file—šANRpŒzÎs' [ 307.316722][T11915] xt_CT: You must specify a L4 protocol and not use inversions on it [ 307.348354][T11917] netlink: 'syz.1.2811': attribute type 21 has an invalid length. [ 307.393060][T11917] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2811'. [ 307.417743][T11917] netlink: 'syz.1.2811': attribute type 1 has an invalid length. [ 307.671139][T11926] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2816'. [ 307.964315][T11939] netlink: 292 bytes leftover after parsing attributes in process `syz.3.2822'. [ 308.991974][T11971] gtp0: entered promiscuous mode [ 309.042683][T11971] gtp0: entered allmulticast mode [ 309.474498][T11989] xt_CT: You must specify a L4 protocol and not use inversions on it [ 310.098950][T12012] cgroup: none used incorrectly [ 310.117793][T12010] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2856'. [ 310.166796][T12010] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 310.175142][T12010] IPv6: NLM_F_CREATE should be set when creating new route [ 310.182961][T12010] IPv6: NLM_F_CREATE should be set when creating new route [ 310.719363][T12032] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2866'. [ 311.772578][T12063] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2882'. [ 311.866004][T12023] loop3: detected capacity change from 0 to 40427 [ 311.907738][T12023] F2FS-fs (loop3): Corrupted extension count (64 + 1 > 64) [ 311.949851][T12023] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 312.046283][T12023] F2FS-fs (loop3): Found nat_bits in checkpoint [ 312.233578][T12023] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 312.256475][T12023] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 312.336549][ T42] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 312.416383][ T23] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 312.538477][ T42] usb 1-1: config 1 has too many interfaces: 235, using maximum allowed: 32 [ 312.557038][ T42] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 312.586540][ T42] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 235 [ 312.613092][ T42] usb 1-1: config 1 has no interface number 0 [ 312.621629][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 312.633364][ T42] usb 1-1: config 1 has no interface number 1 [ 312.668052][ T23] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 312.686545][ T42] usb 1-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 312.700636][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.714531][ T23] usb 2-1: Product: syz [ 312.719964][ T42] usb 1-1: config 1 interface 105 has no altsetting 0 [ 312.727643][ T23] usb 2-1: Manufacturer: syz [ 312.732669][ T23] usb 2-1: SerialNumber: syz [ 312.741488][ T42] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 312.754244][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.773049][ T23] usb 2-1: config 0 descriptor?? [ 312.778576][ T42] usb 1-1: Product: syz [ 312.782973][ T42] usb 1-1: Manufacturer: syz [ 312.789015][ T42] usb 1-1: SerialNumber: syz [ 312.797002][ T23] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 312.822335][ T23] usb 2-1: Detected FT-X [ 313.079311][ T42] aqc111: probe of 1-1:1.105 failed with error -22 [ 313.233972][ T23] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 313.296667][ T23] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 313.331113][ T23] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 313.369486][ T5861] usb 1-1: USB disconnect, device number 15 [ 313.392373][ T23] usb 2-1: USB disconnect, device number 7 [ 313.439390][ T23] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 313.505402][ T23] ftdi_sio 2-1:0.0: device disconnected [ 313.736074][T12100] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2898'. [ 313.989444][ T1205] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 314.091864][T12110] netlink: 'syz.2.2903': attribute type 10 has an invalid length. [ 314.093182][T12106] loop1: detected capacity change from 0 to 2048 [ 314.179808][T12111] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 314.196385][ T1205] usb 4-1: Using ep0 maxpacket: 32 [ 314.204282][ T1205] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 314.226578][ T1205] usb 4-1: config 0 has no interface number 0 [ 314.237613][ T1205] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 314.247279][ T1205] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.269953][ T1205] usb 4-1: Product: syz [ 314.276655][ T1205] usb 4-1: Manufacturer: syz [ 314.281809][ T1205] usb 4-1: SerialNumber: syz [ 314.332753][ T1205] usb 4-1: config 0 descriptor?? [ 314.350302][ T1205] etas_es58x 4-1:0.2: Starting syz syz (Serial Number syz) [ 314.421914][T12113] bond2: entered allmulticast mode [ 314.425621][T12106] NILFS (loop1): error -2 truncating bmap (ino=16) [ 314.439622][T12113] 8021q: adding VLAN 0 to HW filter on device bond2 [ 314.596886][ T1205] etas_es58x 4-1:0.2: could not parse product info: '424242424242' [ 314.625352][T12111] NILFS (loop1): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3) [ 314.667653][T12111] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=16) [ 314.697892][T12121] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2907'. [ 314.709920][T12111] Remounting filesystem read-only [ 314.722698][T12121] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2907'. [ 314.727343][ T12] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 314.760331][ T12] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 314.790088][ T12] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 314.821145][ T12] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 314.866878][ T12] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.912352][ T12] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 314.945724][ T12] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 314.967646][ T12] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.985457][ T12] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.003105][ T1205] usb 4-1: USB disconnect, device number 14 [ 315.010689][ T12] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.011797][ T1205] etas_es58x 4-1:0.2: Disconnecting syz syz [ 315.055513][ T5799] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 315.084229][ T5799] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 315.106497][ T5799] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 315.130134][ T5799] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.155864][ T5799] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.185109][ T5799] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.239276][ T5799] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 315.246080][ T5799] NILFS (loop1): discard dirty block: blocknr=41, size=1024 [ 315.292180][ T5799] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.320031][ T5799] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.339850][ T5799] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.595918][T12143] No such timeout policy "syz0" [ 316.093025][T12162] SET target dimension over the limit! [ 316.858454][T12190] tmpfs: Bad value for 'mpol' [ 316.975746][T12189] loop3: detected capacity change from 0 to 4096 [ 317.007952][T12189] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 317.048146][T12189] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 317.106235][T12189] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 317.143751][T12189] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 317.200426][T12189] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 317.275829][T12189] ntfs: volume version 3.1. [ 317.295264][T12189] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 317.342918][T12189] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 317.405884][T12189] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 317.436549][T12189] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 317.476652][T12189] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 317.836499][T12219] netlink: 'syz.1.2941': attribute type 1 has an invalid length. [ 318.360877][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.367920][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.041513][T12252] loop3: detected capacity change from 0 to 1024 [ 319.059442][T12254] netlink: 'syz.2.2955': attribute type 21 has an invalid length. [ 319.099644][T12254] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2955'. [ 319.146638][T12254] netlink: 'syz.2.2955': attribute type 5 has an invalid length. [ 319.154954][T12254] netlink: 'syz.2.2955': attribute type 6 has an invalid length. [ 319.216457][T12254] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2955'. [ 319.282169][ T142] hfsplus: b-tree write err: -5, ino 4 [ 319.433946][T12260] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 319.555000][T12260] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 319.735365][T12270] loop3: detected capacity change from 0 to 512 [ 320.384144][T12288] program syz.2.2973 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 320.496515][T12292] netlink: 'syz.0.2975': attribute type 1 has an invalid length. [ 320.676045][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2978'. [ 320.712913][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2978'. [ 321.123563][T12316] netlink: 'syz.1.2987': attribute type 7 has an invalid length. [ 321.137091][T12314] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2986'. [ 322.156803][T12350] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3003'. [ 322.183034][T12350] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3003'. [ 322.208918][T12350] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3003'. [ 322.235321][T12352] netlink: 'syz.1.3004': attribute type 2 has an invalid length. [ 322.412761][T12356] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3006'. [ 322.963200][T12342] loop0: detected capacity change from 0 to 32768 [ 323.005667][T12342] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.2999 (12342) [ 323.087425][T12342] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 323.117598][T12342] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 323.146417][T12342] BTRFS info (device loop0): using free space tree [ 323.260272][T12348] loop3: detected capacity change from 0 to 32768 [ 323.340642][T12348] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 11 [ 323.387741][T12342] BTRFS info (device loop0): enabling ssd optimizations [ 323.395050][T12342] BTRFS info (device loop0): auto enabling async discard [ 323.665306][ T6090] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 11 [ 323.886970][ T5790] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 324.016337][T12406] misc userio: Invalid payload size [ 324.566877][T12415] netlink: 'syz.2.3028': attribute type 1 has an invalid length. [ 324.575426][T12417] loop3: detected capacity change from 0 to 1024 [ 324.586512][T12415] netlink: 'syz.2.3028': attribute type 3 has an invalid length. [ 324.594605][T12415] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3028'. [ 324.676810][ T5802] Bluetooth: hci1: command 0x0406 tx timeout [ 324.942812][ T142] hfsplus: b-tree write err: -5, ino 4 [ 325.197533][T12425] kAFS: unable to lookup cell '' [ 325.285434][T12423] loop0: detected capacity change from 0 to 4096 [ 325.344798][T12423] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 325.412426][T12423] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 325.482598][T12423] ntfs3: loop0: Failed to load $Extend (-22). [ 325.524976][T12423] ntfs3: loop0: Failed to initialize $Extend. [ 326.787770][T12478] xt_recent: hitcount (16777216) is larger than allowed maximum (255) [ 326.982100][T12486] Unsupported ieee802154 address type: 0 [ 327.066758][T12489] xt_hashlimit: invalid interval [ 329.164622][T12566] kAFS: unparsable volume name [ 329.226332][ T1205] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 329.426260][ T1205] usb 2-1: Using ep0 maxpacket: 8 [ 329.443678][ T1205] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 329.466446][ T1205] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 329.486984][ T1205] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 329.509546][ T1205] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 329.589896][ T1205] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 329.624597][ T1205] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 329.663076][ T1205] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.685511][ T1205] usb 2-1: config 0 descriptor?? [ 329.707980][T12558] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 330.057001][T12589] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 49399 - 0 [ 330.107582][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.108224][T12589] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 49399 - 0 [ 330.115044][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.132035][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.139106][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.146343][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.153552][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.161109][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.168656][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.175791][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.182836][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.183201][T12589] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 49399 - 0 [ 330.191116][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.191221][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.217020][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.224433][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.231718][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.238881][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.248044][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.248414][T12589] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 49399 - 0 [ 330.255186][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.272379][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.279572][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.288160][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.296696][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.303772][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.311363][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.318723][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.325941][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.332976][ T23] usb 2-1: USB disconnect, device number 8 [ 330.333447][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.346857][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.354027][ T50] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 330.364277][ T5802] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 330.374976][T12589] netdevsim netdevsim3 netdevsim0: set [1, 2] type 2 family 0 port 34972 - 0 [ 330.386305][T12589] netdevsim netdevsim3 netdevsim1: set [1, 2] type 2 family 0 port 34972 - 0 [ 330.395701][T12589] netdevsim netdevsim3 netdevsim2: set [1, 2] type 2 family 0 port 34972 - 0 [ 330.405135][T12589] netdevsim netdevsim3 netdevsim3: set [1, 2] type 2 family 0 port 34972 - 0 [ 330.414921][T12589] geneve2: entered promiscuous mode [ 330.420522][T12589] geneve2: entered allmulticast mode [ 331.096648][T12613] netlink: 'syz.1.3124': attribute type 30 has an invalid length. [ 331.157485][T12615] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 331.398427][T12624] loop3: detected capacity change from 0 to 512 [ 331.421926][T12625] kAFS: unparsable volume name [ 331.473534][T12624] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.3131: iget: bad i_size value: 38620345925642 [ 331.538746][T12624] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.3131: couldn't read orphan inode 15 (err -117) [ 331.594412][T12624] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 331.629075][T12632] loop0: detected capacity change from 0 to 1024 [ 331.813773][ T142] hfsplus: b-tree write err: -5, ino 4 [ 332.016317][ T1205] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 332.140404][T12647] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3141'. [ 332.227603][ T1205] usb 4-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x98, skipping [ 332.266387][ T1205] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 47025, setting to 1024 [ 332.306325][T12651] loop0: detected capacity change from 0 to 512 [ 332.312010][ T1205] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 332.358661][ T1205] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 332.376943][ T1205] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.396089][T12624] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 332.454435][ T1205] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 332.473644][ T1205] usb 4-1: invalid MIDI in EP 0 [ 332.692511][ T1205] snd-usb-audio: probe of 4-1:27.0 failed with error -22 [ 332.730208][ T1205] usb 4-1: USB disconnect, device number 15 [ 333.345337][T12665] loop1: detected capacity change from 0 to 512 [ 333.346259][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.505876][T12665] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 333.587154][T12665] ext4 filesystem being mounted at /786/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 333.641151][ T5799] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.864075][T12677] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 333.956607][T12677] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 334.006317][T12677] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 334.044947][T12677] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 334.092422][T12677] geneve3: entered promiscuous mode [ 334.117051][T12677] geneve3: entered allmulticast mode [ 334.154175][T12677] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 334.186243][T12677] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 334.256482][T12677] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 334.266105][T12677] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 334.796692][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 334.862604][T12675] loop3: detected capacity change from 0 to 32768 [ 334.872634][T12675] XFS: ikeep mount option is deprecated. [ 334.925773][T12675] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 334.986488][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 334.996246][ T8] usb 3-1: config 0 interface 0 altsetting 67 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 335.010809][ T8] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.023993][ T8] usb 3-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 335.044458][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.104827][ T8] usb 3-1: config 0 descriptor?? [ 335.172525][T12675] XFS (loop3): Ending clean mount [ 335.210591][T12675] XFS (loop3): Quotacheck needed: Please wait. [ 335.382762][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 335.403690][ T8] usbhid: probe of 3-1:0.0 failed with error -71 [ 335.421092][ T8] usb 3-1: USB disconnect, device number 11 [ 335.439566][T12675] XFS (loop3): Quotacheck: Done. [ 335.594676][ T5795] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 335.884651][T12719] loop1: detected capacity change from 0 to 4096 [ 335.942957][T12719] NILFS (loop1): invalid segment: Checksum error in segment payload [ 335.967425][T12719] NILFS (loop1): trying rollback from an earlier position [ 336.069811][T12719] NILFS (loop1): recovery complete [ 336.107658][T12722] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 336.454605][T12728] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3176'. [ 336.996870][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 336.996891][ T27] audit: type=1400 audit(1754619819.352:96): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=12743 comm="syz.1.3184" [ 337.180143][T12751] delete_channel: no stack [ 337.377378][T12758] netlink: 'syz.1.3191': attribute type 2 has an invalid length. [ 337.416506][T12758] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3191'. [ 337.816768][T12774] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3199'. [ 338.450193][T12795] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3209'. [ 338.512104][T12797] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3210'. [ 338.586524][T12799] netlink: 'syz.0.3211': attribute type 1 has an invalid length. [ 339.286499][ T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 339.496364][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 339.504136][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 339.528054][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 339.566223][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 339.587736][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 339.634726][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 339.681297][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 339.704910][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.731563][ T9] usb 1-1: config 0 descriptor?? [ 339.738720][T12826] xt_connbytes: Forcing CT accounting to be enabled [ 339.761522][T12815] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 339.774772][T12827] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3224'. [ 340.049479][T12833] netlink: 'syz.3.3227': attribute type 16 has an invalid length. [ 340.115123][T12833] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.3227'. [ 340.140942][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.149322][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.156911][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.164099][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.171720][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.179070][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.186335][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.193318][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.200717][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.208255][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.216363][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.225824][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.233528][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.240761][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.248478][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.256061][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.266325][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.273402][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.280971][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.288345][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.295987][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.303960][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.311900][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.319115][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.327124][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.334253][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.341757][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.349315][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.351733][ T5861] usb 1-1: USB disconnect, device number 16 [ 340.357297][ T5802] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 340.374580][ T50] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 340.458257][T12843] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3232'. [ 340.726405][T12853] program syz.3.3238 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 341.259375][T12868] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3253'. [ 341.320162][T12873] xt_TCPMSS: Only works on TCP SYN packets [ 341.949941][T12895] netlink: 160 bytes leftover after parsing attributes in process `syz.3.3259'. [ 342.115210][T12900] loop1: detected capacity change from 0 to 1024 [ 342.309524][ T1088] hfsplus: b-tree write err: -5, ino 4 [ 343.171749][T12930] xt_TPROXY: Can be used only with -p tcp or -p udp [ 343.180514][T12929] loop3: detected capacity change from 0 to 512 [ 343.209202][T12929] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 343.286412][ T42] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 343.493726][ T42] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 343.529046][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.565241][ T42] usb 3-1: Product: syz [ 343.570746][ T42] usb 3-1: Manufacturer: syz [ 343.575597][ T42] usb 3-1: SerialNumber: syz [ 343.613435][ T42] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 343.652352][ T23] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 344.038292][T12950] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma? [ 344.210155][ T968] usb 3-1: USB disconnect, device number 12 [ 344.629228][T12972] ieee802154 phy0 wpan0: encryption failed: -22 [ 344.716846][T12974] netlink: 9 bytes leftover after parsing attributes in process `syz.0.3297'. [ 344.759826][ T23] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 344.776798][ T23] ath9k_htc: Failed to initialize the device [ 344.787229][T12974] gretap0: entered promiscuous mode [ 344.794605][ T968] usb 3-1: ath9k_htc: USB layer deinitialized [ 346.376571][ T8] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 346.576417][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 346.592048][ T8] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 346.611924][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.644853][ T8] usb 1-1: Product: syz [ 346.655481][ T8] usb 1-1: Manufacturer: syz [ 346.675262][ T8] usb 1-1: SerialNumber: syz [ 346.704312][ T8] usb 1-1: config 0 descriptor?? [ 346.753975][T13042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3331'. [ 346.782434][T13042] xfrm1: entered promiscuous mode [ 346.791209][T13042] xfrm1: entered allmulticast mode [ 346.937300][ T8] speedtch 1-1:0.0: speedtch_bind: data interface not found! [ 346.945062][ T8] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 347.145127][T13051] loop1: detected capacity change from 0 to 1764 [ 347.159644][ T8] usb 1-1: USB disconnect, device number 17 [ 347.227145][T13051] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 347.598269][T13066] usb usb8: usbfs: process 13066 (syz.1.3343) did not claim interface 0 before use [ 347.812995][T13072] netlink: 'syz.2.3346': attribute type 1 has an invalid length. [ 347.860871][T13072] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3346'. [ 348.039551][ T5802] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 348.563606][T13090] loop1: detected capacity change from 0 to 4096 [ 348.594664][T13090] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 348.696773][T13090] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 348.744087][T13090] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 348.798433][T13090] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 348.845381][T13090] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 348.975616][T13090] ntfs: volume version 3.1. [ 349.158453][T13114] usb usb1: usbfs: process 13114 (syz.0.3366) did not claim interface 0 before use [ 349.385910][T13120] netlink: 'syz.1.3367': attribute type 11 has an invalid length. [ 349.636455][ T5861] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 349.850551][ T5861] usb 3-1: config 0 has an invalid interface number: 90 but max is 0 [ 349.872639][ T5861] usb 3-1: config 0 has no interface number 0 [ 349.889540][ T5861] usb 3-1: config 0 interface 90 altsetting 0 endpoint 0x85 has invalid maxpacket 512, setting to 64 [ 349.911926][ T5861] usb 3-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=3a.fa [ 349.945850][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.986380][ T5861] usb 3-1: Product: syz [ 349.990768][ T5861] usb 3-1: Manufacturer: syz [ 349.995691][ T5861] usb 3-1: SerialNumber: syz [ 350.037862][ T5861] usb 3-1: config 0 descriptor?? [ 350.044364][T13118] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 350.314927][T13118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.348744][T13118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.395031][ T5861] powermate: Expected payload of 3--6 bytes, found 64 bytes! [ 350.445868][ T5861] input: Griffin PowerMate as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.90/input/input14 [ 350.514892][ C1] powermate: config urb returned -71 [ 350.521191][ C1] powermate: config urb returned -71 [ 350.527423][ C1] powermate: config urb returned -71 [ 350.533000][ C1] powermate: config urb returned -71 [ 350.561166][ C1] powermate 3-1:0.90: powermate_irq - usb_submit_urb failed with result: -19 [ 350.582290][ T5861] usb 3-1: USB disconnect, device number 13 [ 350.719653][T13158] netlink: 372 bytes leftover after parsing attributes in process `syz.0.3388'. [ 351.077613][ T23] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 351.124522][T13150] loop3: detected capacity change from 0 to 32768 [ 351.154123][T13150] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 11 [ 351.287301][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 351.302722][ T23] usb 2-1: New USB device found, idVendor=17cc, idProduct=1020, bcdDevice=16.7b [ 351.334035][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.365251][ T23] usb 2-1: Product: syz [ 351.378185][ T23] usb 2-1: Manufacturer: syz [ 351.383356][ T23] usb 2-1: SerialNumber: syz [ 351.418167][ T23] usb 2-1: config 0 descriptor?? [ 351.431756][ T6027] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 11 [ 351.660673][ T23] snd-usb-audio: probe of 2-1:0.0 failed with error -71 [ 351.696609][ T23] usb 2-1: USB disconnect, device number 9 [ 351.943466][T13185] loop0: detected capacity change from 0 to 1024 [ 351.968520][T13185] EXT4-fs: Ignoring removed bh option [ 352.039085][T13185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 352.121098][ T5802] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 352.131770][ T5802] Bluetooth: hci3: Injecting HCI hardware error event [ 352.142954][ T5802] Bluetooth: hci3: hardware error 0x00 [ 352.155023][T13185] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 353.137344][T13207] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 353.421144][T13195] loop1: detected capacity change from 0 to 32768 [ 353.435792][T13195] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 11 [ 353.511573][ T6090] blk_print_req_error: 17 callbacks suppressed [ 353.511594][ T6090] I/O error, dev loop1, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 354.166889][ T8] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 354.279852][ T5802] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 354.398453][ T8] usb 3-1: config index 0 descriptor too short (expected 3133, got 61) [ 354.416319][ T8] usb 3-1: config 0 has an invalid interface number: 156 but max is 1 [ 354.435523][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 354.466312][ T8] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 354.486574][ T8] usb 3-1: config 0 has no interface number 0 [ 354.493054][ T8] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 354.546054][ T8] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 354.564099][ T8] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 354.605786][ T8] usb 3-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 354.641044][ T8] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 354.684334][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.709652][ T8] usb 3-1: config 0 descriptor?? [ 354.719725][ T8] gspca_main: spca561-2.14.0 probing abcd:cdee [ 354.944570][ T8] spca561: probe of 3-1:0.156 failed with error -22 [ 354.963054][ T8] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 354.981710][ T8] usb 3-1: MIDIStreaming interface descriptor not found [ 355.167075][ T8] usb 3-1: USB disconnect, device number 14 [ 355.508418][T13262] bridge5: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 355.705118][T13246] loop0: detected capacity change from 0 to 32768 [ 355.746114][T13246] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 11 [ 356.049103][ T6090] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 11 [ 356.253908][ T27] audit: type=1326 audit(1754619838.612:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13281 comm="syz.3.3447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 356.343006][ T27] audit: type=1326 audit(1754619838.612:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13281 comm="syz.3.3447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 356.410663][ T27] audit: type=1326 audit(1754619838.632:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13281 comm="syz.3.3447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=453 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 356.466232][ T27] audit: type=1326 audit(1754619838.632:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13281 comm="syz.3.3447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 356.535874][ T27] audit: type=1326 audit(1754619838.632:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13281 comm="syz.3.3447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 357.092134][T13308] loop3: detected capacity change from 0 to 256 [ 357.120463][T13308] exfat: Deprecated parameter 'namecase' [ 357.150438][T13308] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 357.185515][T13310] No source specified [ 357.215313][T13308] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 357.228915][T13312] loop1: detected capacity change from 0 to 256 [ 357.261085][T13312] exfat: Deprecated parameter 'namecase' [ 357.306626][T13312] exfat: Deprecated parameter 'utf8' [ 357.393301][T13312] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 357.521745][T13312] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 357.777923][T13326] netlink: 'syz.2.3468': attribute type 1 has an invalid length. [ 357.785960][T13326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3468'. [ 358.154169][T13334] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 358.376630][T13343] loop1: detected capacity change from 0 to 256 [ 359.284614][T13328] loop3: detected capacity change from 0 to 32768 [ 359.421097][T13328] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 359.506237][T13328] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 359.694510][T13328] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 359.741864][ T5861] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 359.750244][ T23] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 359.758278][ T5861] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 359.856726][T13345] loop0: detected capacity change from 0 to 65536 [ 359.911391][ T5861] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 153ms [ 359.959523][ T23] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 359.973438][ T5861] gfs2: fsid=syz:syz.0: jid=0: Done [ 359.975614][T13345] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 359.979149][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.001528][T13328] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 360.014019][ T23] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 360.025486][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 360.038009][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 360.051000][ T23] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 360.085964][ T23] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 360.118226][ T23] usb 2-1: Product: syz [ 360.142875][ T23] usb 2-1: Manufacturer: syz [ 360.172116][T13345] XFS (loop0): Ending clean mount [ 360.179866][ T23] cdc_wdm 2-1:1.0: skipping garbage [ 360.185219][ T23] cdc_wdm 2-1:1.0: skipping garbage [ 360.236701][ T23] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 360.243858][ T23] cdc_wdm 2-1:1.0: Unknown control protocol [ 360.332235][ T5790] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 360.424288][T13377] bridge2: entered promiscuous mode [ 360.569804][T13361] cdc_wdm 2-1:1.0: Error submitting int urb - -90 [ 360.653295][ T23] usb 2-1: USB disconnect, device number 10 [ 361.015648][ T27] audit: type=1326 audit(1754619843.372:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.3.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 361.104614][ T27] audit: type=1326 audit(1754619843.402:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.3.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 361.156527][ T27] audit: type=1326 audit(1754619843.402:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.3.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 361.236731][ T27] audit: type=1326 audit(1754619843.402:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.3.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 361.327616][ T27] audit: type=1326 audit(1754619843.402:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.3.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1141b8ebe9 code=0x7ffc0000 [ 361.510955][T13388] loop3: detected capacity change from 0 to 4096 [ 362.172502][T13411] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (18446744073709551615) [ 362.225934][T13414] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3506'. [ 362.394274][T13418] netlink: 'syz.2.3509': attribute type 4 has an invalid length. [ 362.882128][T13436] netlink: 288 bytes leftover after parsing attributes in process `syz.3.3518'. [ 362.936309][ T1205] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 363.006485][ T5861] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 363.150661][ T1205] usb 1-1: config 1 has an invalid interface number: 27 but max is 0 [ 363.176274][ T1205] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 363.208812][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 363.212056][ T1205] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 1 [ 363.226241][ T5861] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 363.258843][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 363.265197][ T1205] usb 1-1: config 1 has no interface number 1 [ 363.290164][ T1205] usb 1-1: config 1 interface 27 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 363.290228][T13448] netlink: 'syz.3.3524': attribute type 10 has an invalid length. [ 363.309389][ T1205] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 363.321335][ T5861] usb 2-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 363.332237][ T1205] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 363.339884][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.342942][ T1205] usb 1-1: SerialNumber: syz [ 363.366580][ T5861] usb 2-1: Product: syz [ 363.370893][ T5861] usb 2-1: Manufacturer: syz [ 363.375726][ T5861] usb 2-1: SerialNumber: syz [ 363.377383][ T1205] usb 1-1: bad CDC descriptors [ 363.421145][T13448] batman_adv: batadv0: Adding interface: team0 [ 363.441234][ T5861] usb 2-1: config 0 descriptor?? [ 363.457590][T13448] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.483761][ C1] vkms_vblank_simulate: vblank timer overrun [ 363.495495][ T5861] kvaser_usb 2-1:0.0: Cannot get usb endpoint(s) [ 363.508228][T13448] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 363.739581][ T968] usb 1-1: USB disconnect, device number 18 [ 363.781095][ T1205] usb 2-1: USB disconnect, device number 11 [ 364.016349][ T5861] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 364.215641][ T5861] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 364.234679][ T5861] usb 4-1: config 179 has no interface number 0 [ 364.242656][ T5861] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 364.255521][ T5861] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64 [ 364.272819][ T5861] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 364.285205][ T5861] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 64 [ 364.297308][ T5861] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 364.353049][ T5861] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 364.387954][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.433436][T13456] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 364.443703][T13456] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 364.550454][ T27] audit: type=1400 audit(1754619846.912:107): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=13471 comm="syz.1.3536" [ 364.954673][T13479] overlayfs: conflicting options: userxattr,redirect_dir=on [ 365.107283][ T1205] usb 4-1: USB disconnect, device number 16 [ 365.107322][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 365.122442][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 365.132664][ C1] ================================================================== [ 365.141171][ C1] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26d/0x2c0 [ 365.149300][ C1] Read of size 4 at addr ffff88801de7c85c by task syz-executor/5790 [ 365.157501][ C1] [ 365.159873][ C1] CPU: 1 PID: 5790 Comm: syz-executor Not tainted 6.6.101-syzkaller #0 [ 365.168830][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 365.183308][ C1] Call Trace: [ 365.186717][ C1] [ 365.190101][ C1] dump_stack_lvl+0x16c/0x230 [ 365.194932][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 365.200147][ C1] ? show_regs_print_info+0x20/0x20 [ 365.205359][ C1] ? load_image+0x3b0/0x3b0 [ 365.209982][ C1] ? __virt_addr_valid+0x469/0x540 [ 365.215201][ C1] print_report+0xac/0x220 [ 365.219730][ C1] ? do_raw_spin_lock+0x26d/0x2c0 [ 365.224773][ C1] kasan_report+0x117/0x150 [ 365.229342][ C1] ? do_raw_spin_lock+0x26d/0x2c0 [ 365.234388][ C1] do_raw_spin_lock+0x26d/0x2c0 [ 365.239292][ C1] ? read_lock_is_recursive+0x20/0x20 [ 365.244681][ C1] ? __rwlock_init+0x150/0x150 [ 365.249849][ C1] _raw_spin_lock_irqsave+0xb4/0xf0 [ 365.255440][ C1] ? _raw_spin_lock+0x40/0x40 [ 365.260226][ C1] __wake_up+0xf8/0x190 [ 365.264442][ C1] ? __wake_up_bit+0x1e0/0x1e0 [ 365.269751][ C1] __usb_hcd_giveback_urb+0x396/0x520 [ 365.275451][ C1] dummy_timer+0x8a3/0x31b0 [ 365.280148][ C1] ? mark_lock+0x94/0x320 [ 365.284663][ C1] ? lock_chain_count+0x20/0x20 [ 365.289785][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 365.296116][ C1] ? dummy_free_streams+0x530/0x530 [ 365.301734][ C1] ? debug_object_deactivate+0x67/0x350 [ 365.307521][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 365.312950][ C1] ? dummy_free_streams+0x530/0x530 [ 365.318440][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 365.324154][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 365.330592][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 365.335809][ C1] handle_softirqs+0x280/0x820 [ 365.340845][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 365.345965][ C1] ? do_softirq+0x180/0x180 [ 365.350608][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 365.355913][ C1] __irq_exit_rcu+0xc7/0x190 [ 365.360520][ C1] ? irq_exit_rcu+0x20/0x20 [ 365.365048][ C1] irq_exit_rcu+0x9/0x20 [ 365.369307][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 365.375138][ C1] [ 365.378588][ C1] [ 365.381529][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 365.387706][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x60 [ 365.394097][ C1] Code: f8 15 00 00 83 fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc 15 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 08 0f 1f 00 f3 0f 1e fa 48 8b 04 24 65 48 8b 15 00 24 7e 7e 65 8b [ 365.414329][ C1] RSP: 0018:ffffc9000461f4b0 EFLAGS: 00000293 [ 365.420455][ C1] RAX: ffffffff81e7ab34 RBX: ffffffff81e7aaf2 RCX: ffff88801fb8bc00 [ 365.428959][ C1] RDX: 0000000000000000 RSI: ffffffff8afc6760 RDI: ffffffff8afc6720 [ 365.437290][ C1] RBP: 0000000000000001 R08: dffffc0000000000 R09: 1ffffffff21b46a4 [ 365.445479][ C1] R10: dffffc0000000000 R11: fffffbfff21b46a5 R12: ffffea0001dfe780 [ 365.453588][ C1] R13: dffffc0000000000 R14: ffffea0001dfe780 R15: 0000000001dfe780 [ 365.462180][ C1] ? page_ext_get+0x22/0x2b0 [ 365.467138][ C1] ? page_ext_get+0x64/0x2b0 [ 365.471832][ C1] page_ext_get+0x64/0x2b0 [ 365.476328][ C1] page_table_check_set+0x51/0x6f0 [ 365.481893][ C1] copy_page_range+0x248d/0x3600 [ 365.487050][ C1] ? pfn_valid+0x450/0x450 [ 365.492387][ C1] ? mas_wr_store_entry+0x151/0x340 [ 365.497796][ C1] ? mas_store+0x34d/0x500 [ 365.502248][ C1] ? mas_empty_area_rev+0x1880/0x1880 [ 365.508085][ C1] ? up_write+0x1c3/0x410 [ 365.512690][ C1] ? anon_vma_interval_tree_verify+0x150/0x150 [ 365.519221][ C1] copy_mm+0x1124/0x1c20 [ 365.523658][ C1] ? copy_signal+0x680/0x680 [ 365.528354][ C1] ? lockdep_init_map_type+0xa1/0x880 [ 365.533836][ C1] ? __init_rwsem+0x122/0x160 [ 365.538704][ C1] ? copy_signal+0x556/0x680 [ 365.543324][ C1] copy_process+0x16d3/0x3d70 [ 365.548532][ C1] ? copy_process+0x945/0x3d70 [ 365.553583][ C1] ? __pidfd_prepare+0x140/0x140 [ 365.558580][ C1] ? vma_end_read+0x18/0x170 [ 365.563423][ C1] kernel_clone+0x21b/0x840 [ 365.568061][ C1] ? create_io_thread+0x140/0x140 [ 365.573102][ C1] __x64_sys_clone+0x18c/0x1e0 [ 365.577963][ C1] ? __ia32_sys_vfork+0x100/0x100 [ 365.583578][ C1] ? lock_chain_count+0x20/0x20 [ 365.588634][ C1] ? lock_chain_count+0x20/0x20 [ 365.593587][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 365.598905][ C1] do_syscall_64+0x55/0xb0 [ 365.603526][ C1] ? clear_bhb_loop+0x40/0x90 [ 365.608309][ C1] ? clear_bhb_loop+0x40/0x90 [ 365.613181][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 365.619445][ C1] RIP: 0033:0x7f01c0785453 [ 365.624152][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 365.644929][ C1] RSP: 002b:00007ffde1a9ef08 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 365.653818][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f01c0785453 [ 365.662026][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 365.670449][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 365.679065][ C1] R10: 00005555948447d0 R11: 0000000000000246 R12: 0000000000000000 [ 365.687702][ C1] R13: 00000000000927c0 R14: 0000000000059100 R15: 00007ffde1a9f0a0 [ 365.695866][ C1] [ 365.698985][ C1] [ 365.701319][ C1] Allocated by task 5861: [ 365.705912][ C1] kasan_set_track+0x4e/0x70 [ 365.710957][ C1] __kasan_kmalloc+0x8f/0xa0 [ 365.715813][ C1] xpad_probe+0x41c/0x1ec0 [ 365.720502][ C1] usb_probe_interface+0x5a4/0xb00 [ 365.725837][ C1] really_probe+0x25b/0xb40 [ 365.730521][ C1] __driver_probe_device+0x18c/0x330 [ 365.735825][ C1] driver_probe_device+0x4f/0x420 [ 365.741222][ C1] __device_attach_driver+0x2ca/0x520 [ 365.747000][ C1] bus_for_each_drv+0x24b/0x2d0 [ 365.751878][ C1] __device_attach+0x2b5/0x400 [ 365.756939][ C1] bus_probe_device+0x180/0x260 [ 365.761934][ C1] device_add+0x85b/0xc20 [ 365.766400][ C1] usb_set_configuration+0x1a79/0x20c0 [ 365.772252][ C1] usb_generic_driver_probe+0x8d/0x150 [ 365.777835][ C1] usb_probe_device+0x13d/0x280 [ 365.782789][ C1] really_probe+0x25b/0xb40 [ 365.787310][ C1] __driver_probe_device+0x18c/0x330 [ 365.792616][ C1] driver_probe_device+0x4f/0x420 [ 365.797748][ C1] __device_attach_driver+0x2ca/0x520 [ 365.803421][ C1] bus_for_each_drv+0x24b/0x2d0 [ 365.808717][ C1] __device_attach+0x2b5/0x400 [ 365.813581][ C1] bus_probe_device+0x180/0x260 [ 365.818745][ C1] device_add+0x85b/0xc20 [ 365.823384][ C1] usb_new_device+0xa31/0x1630 [ 365.828507][ C1] hub_event+0x2962/0x49c0 [ 365.833389][ C1] process_scheduled_works+0xa45/0x15b0 [ 365.839121][ C1] worker_thread+0xa55/0xfc0 [ 365.844156][ C1] kthread+0x2fa/0x390 [ 365.848230][ C1] ret_from_fork+0x48/0x80 [ 365.852658][ C1] ret_from_fork_asm+0x11/0x20 [ 365.857527][ C1] [ 365.859863][ C1] Freed by task 1205: [ 365.863937][ C1] kasan_set_track+0x4e/0x70 [ 365.868713][ C1] kasan_save_free_info+0x2e/0x50 [ 365.874027][ C1] ____kasan_slab_free+0x126/0x1e0 [ 365.879509][ C1] slab_free_freelist_hook+0x130/0x1b0 [ 365.885172][ C1] __kmem_cache_free+0xba/0x1f0 [ 365.890412][ C1] xpad_disconnect+0x350/0x480 [ 365.895297][ C1] usb_unbind_interface+0x1f2/0x870 [ 365.901552][ C1] device_release_driver_internal+0x4cb/0x7a0 [ 365.907899][ C1] bus_remove_device+0x342/0x400 [ 365.913130][ C1] device_del+0x50b/0x900 [ 365.917933][ C1] usb_disable_device+0x3e9/0x8a0 [ 365.922986][ C1] usb_disconnect+0x34c/0x8a0 [ 365.927756][ C1] hub_event+0x1cef/0x49c0 [ 365.932292][ C1] process_scheduled_works+0xa45/0x15b0 [ 365.938321][ C1] worker_thread+0xa55/0xfc0 [ 365.942966][ C1] kthread+0x2fa/0x390 [ 365.947492][ C1] ret_from_fork+0x48/0x80 [ 365.951969][ C1] ret_from_fork_asm+0x11/0x20 [ 365.956921][ C1] [ 365.959466][ C1] Last potentially related work creation: [ 365.965495][ C1] kasan_save_stack+0x3e/0x60 [ 365.970401][ C1] __kasan_record_aux_stack+0xaf/0xc0 [ 365.976197][ C1] call_rcu+0x158/0x930 [ 365.980391][ C1] rht_deferred_worker+0x1bdd/0x2410 [ 365.985869][ C1] process_scheduled_works+0xa45/0x15b0 [ 365.991898][ C1] worker_thread+0xa55/0xfc0 [ 365.996951][ C1] kthread+0x2fa/0x390 [ 366.001466][ C1] ret_from_fork+0x48/0x80 [ 366.006349][ C1] ret_from_fork_asm+0x11/0x20 [ 366.011309][ C1] [ 366.013648][ C1] The buggy address belongs to the object at ffff88801de7c800 [ 366.013648][ C1] which belongs to the cache kmalloc-1k of size 1024 [ 366.027974][ C1] The buggy address is located 92 bytes inside of [ 366.027974][ C1] freed 1024-byte region [ffff88801de7c800, ffff88801de7cc00) [ 366.041954][ C1] [ 366.044297][ C1] The buggy address belongs to the physical page: [ 366.050819][ C1] page:ffffea0000779e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1de78 [ 366.061414][ C1] head:ffffea0000779e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 366.070733][ C1] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 366.079259][ C1] page_type: 0xffffffff() [ 366.083651][ C1] raw: 00fff00000000840 ffff888017841dc0 0000000000000000 dead000000000001 [ 366.093129][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 366.102068][ C1] page dumped because: kasan: bad access detected [ 366.108780][ C1] page_owner tracks the page as allocated [ 366.114536][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5848, tgid 5848 (kworker/1:6), ts 89399390185, free_ts 88864956830 [ 366.134714][ C1] post_alloc_hook+0x1cd/0x210 [ 366.139866][ C1] get_page_from_freelist+0x195c/0x19f0 [ 366.145527][ C1] __alloc_pages+0x1e3/0x460 [ 366.150288][ C1] alloc_slab_page+0x5d/0x170 [ 366.155175][ C1] new_slab+0x87/0x2e0 [ 366.159516][ C1] ___slab_alloc+0xc6d/0x12f0 [ 366.164225][ C1] __kmem_cache_alloc_node+0x1a2/0x260 [ 366.169889][ C1] __kmalloc+0xa4/0x240 [ 366.174425][ C1] ___neigh_create+0x6d2/0x2440 [ 366.179311][ C1] ip6_finish_output2+0x159e/0x1650 [ 366.184777][ C1] NF_HOOK+0x161/0x470 [ 366.189206][ C1] mld_sendpack+0x7f9/0xd70 [ 366.193746][ C1] mld_ifc_work+0x835/0xb40 [ 366.198260][ C1] process_scheduled_works+0xa45/0x15b0 [ 366.203818][ C1] worker_thread+0xa55/0xfc0 [ 366.208562][ C1] kthread+0x2fa/0x390 [ 366.212727][ C1] page last free stack trace: [ 366.217518][ C1] free_unref_page_prepare+0x7ce/0x8e0 [ 366.222987][ C1] free_unref_page+0x32/0x2e0 [ 366.227851][ C1] __slab_free+0x35e/0x410 [ 366.232575][ C1] qlist_free_all+0x75/0xe0 [ 366.237590][ C1] kasan_quarantine_reduce+0x143/0x160 [ 366.243470][ C1] __kasan_slab_alloc+0x22/0x80 [ 366.248557][ C1] slab_post_alloc_hook+0x6e/0x4d0 [ 366.253941][ C1] kmem_cache_alloc_node+0x150/0x330 [ 366.259609][ C1] __alloc_skb+0x108/0x2c0 [ 366.264042][ C1] mld_newpack+0x143/0xbf0 [ 366.268480][ C1] add_grhead+0x5a/0x2a0 [ 366.272909][ C1] add_grec+0x13ad/0x1660 [ 366.277562][ C1] mld_ifc_work+0x6e6/0xb40 [ 366.282181][ C1] process_scheduled_works+0xa45/0x15b0 [ 366.288302][ C1] worker_thread+0xa55/0xfc0 [ 366.293074][ C1] kthread+0x2fa/0x390 [ 366.297239][ C1] [ 366.299584][ C1] Memory state around the buggy address: [ 366.305218][ C1] ffff88801de7c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 366.313641][ C1] ffff88801de7c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 366.321928][ C1] >ffff88801de7c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 366.330347][ C1] ^ [ 366.337547][ C1] ffff88801de7c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 366.346080][ C1] ffff88801de7c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 366.354338][ C1] ================================================================== [ 366.362593][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 366.369882][ C1] CPU: 1 PID: 5790 Comm: syz-executor Not tainted 6.6.101-syzkaller #0 [ 366.378506][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 366.388724][ C1] Call Trace: [ 366.392356][ C1] [ 366.395301][ C1] dump_stack_lvl+0x16c/0x230 [ 366.400044][ C1] ? show_regs_print_info+0x20/0x20 [ 366.405739][ C1] ? load_image+0x3b0/0x3b0 [ 366.410458][ C1] panic+0x2c0/0x710 [ 366.414753][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 366.419550][ C1] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 366.425639][ C1] ? _raw_spin_unlock+0x40/0x40 [ 366.430629][ C1] ? print_memory_metadata+0x314/0x400 [ 366.436491][ C1] ? do_raw_spin_lock+0x26d/0x2c0 [ 366.442164][ C1] check_panic_on_warn+0x84/0xa0 [ 366.447295][ C1] ? do_raw_spin_lock+0x26d/0x2c0 [ 366.452346][ C1] end_report+0x6f/0x140 [ 366.456786][ C1] kasan_report+0x128/0x150 [ 366.461392][ C1] ? do_raw_spin_lock+0x26d/0x2c0 [ 366.466696][ C1] do_raw_spin_lock+0x26d/0x2c0 [ 366.471653][ C1] ? read_lock_is_recursive+0x20/0x20 [ 366.477063][ C1] ? __rwlock_init+0x150/0x150 [ 366.482073][ C1] _raw_spin_lock_irqsave+0xb4/0xf0 [ 366.487497][ C1] ? _raw_spin_lock+0x40/0x40 [ 366.492456][ C1] __wake_up+0xf8/0x190 [ 366.496825][ C1] ? __wake_up_bit+0x1e0/0x1e0 [ 366.501700][ C1] __usb_hcd_giveback_urb+0x396/0x520 [ 366.507289][ C1] dummy_timer+0x8a3/0x31b0 [ 366.512020][ C1] ? mark_lock+0x94/0x320 [ 366.516455][ C1] ? lock_chain_count+0x20/0x20 [ 366.521408][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 366.527451][ C1] ? dummy_free_streams+0x530/0x530 [ 366.532743][ C1] ? debug_object_deactivate+0x67/0x350 [ 366.538664][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 366.543964][ C1] ? dummy_free_streams+0x530/0x530 [ 366.549480][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 366.554779][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 366.561469][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 366.566608][ C1] handle_softirqs+0x280/0x820 [ 366.571496][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 366.576302][ C1] ? do_softirq+0x180/0x180 [ 366.581096][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 366.586414][ C1] __irq_exit_rcu+0xc7/0x190 [ 366.591102][ C1] ? irq_exit_rcu+0x20/0x20 [ 366.595614][ C1] irq_exit_rcu+0x9/0x20 [ 366.599865][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 366.605514][ C1] [ 366.608454][ C1] [ 366.611413][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 366.617861][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x60 [ 366.624031][ C1] Code: f8 15 00 00 83 fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc 15 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 08 0f 1f 00 f3 0f 1e fa 48 8b 04 24 65 48 8b 15 00 24 7e 7e 65 8b [ 366.644869][ C1] RSP: 0018:ffffc9000461f4b0 EFLAGS: 00000293 [ 366.651340][ C1] RAX: ffffffff81e7ab34 RBX: ffffffff81e7aaf2 RCX: ffff88801fb8bc00 [ 366.661583][ C1] RDX: 0000000000000000 RSI: ffffffff8afc6760 RDI: ffffffff8afc6720 [ 366.670363][ C1] RBP: 0000000000000001 R08: dffffc0000000000 R09: 1ffffffff21b46a4 [ 366.678457][ C1] R10: dffffc0000000000 R11: fffffbfff21b46a5 R12: ffffea0001dfe780 [ 366.686889][ C1] R13: dffffc0000000000 R14: ffffea0001dfe780 R15: 0000000001dfe780 [ 366.695486][ C1] ? page_ext_get+0x22/0x2b0 [ 366.700290][ C1] ? page_ext_get+0x64/0x2b0 [ 366.704971][ C1] page_ext_get+0x64/0x2b0 [ 366.709545][ C1] page_table_check_set+0x51/0x6f0 [ 366.714876][ C1] copy_page_range+0x248d/0x3600 [ 366.720051][ C1] ? pfn_valid+0x450/0x450 [ 366.724645][ C1] ? mas_wr_store_entry+0x151/0x340 [ 366.729952][ C1] ? mas_store+0x34d/0x500 [ 366.734457][ C1] ? mas_empty_area_rev+0x1880/0x1880 [ 366.740021][ C1] ? up_write+0x1c3/0x410 [ 366.744557][ C1] ? anon_vma_interval_tree_verify+0x150/0x150 [ 366.750899][ C1] copy_mm+0x1124/0x1c20 [ 366.755436][ C1] ? copy_signal+0x680/0x680 [ 366.760224][ C1] ? lockdep_init_map_type+0xa1/0x880 [ 366.765716][ C1] ? __init_rwsem+0x122/0x160 [ 366.770729][ C1] ? copy_signal+0x556/0x680 [ 366.775647][ C1] copy_process+0x16d3/0x3d70 [ 366.780914][ C1] ? copy_process+0x945/0x3d70 [ 366.785894][ C1] ? __pidfd_prepare+0x140/0x140 [ 366.791021][ C1] ? vma_end_read+0x18/0x170 [ 366.795888][ C1] kernel_clone+0x21b/0x840 [ 366.800589][ C1] ? create_io_thread+0x140/0x140 [ 366.806114][ C1] __x64_sys_clone+0x18c/0x1e0 [ 366.811068][ C1] ? __ia32_sys_vfork+0x100/0x100 [ 366.816280][ C1] ? lock_chain_count+0x20/0x20 [ 366.821435][ C1] ? lock_chain_count+0x20/0x20 [ 366.826295][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 366.831873][ C1] do_syscall_64+0x55/0xb0 [ 366.836434][ C1] ? clear_bhb_loop+0x40/0x90 [ 366.841262][ C1] ? clear_bhb_loop+0x40/0x90 [ 366.846212][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 366.852300][ C1] RIP: 0033:0x7f01c0785453 [ 366.856814][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 366.877314][ C1] RSP: 002b:00007ffde1a9ef08 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 366.886651][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f01c0785453 [ 366.894720][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 366.902860][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 366.911379][ C1] R10: 00005555948447d0 R11: 0000000000000246 R12: 0000000000000000 [ 366.919409][ C1] R13: 00000000000927c0 R14: 0000000000059100 R15: 00007ffde1a9f0a0 [ 366.927741][ C1] [ 366.931400][ C1] Kernel Offset: disabled [ 366.935988][ C1] Rebooting in 86400 seconds..