last executing test programs: 3.541439801s ago: executing program 5 (id=748): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000740)={'veth1_vlan\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r1}, 0x10, &(0x7f0000000100)={&(0x7f00000005c0)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e7692fddc9d8ba5a0ac79669b2947a81f2e3c8973fc2af2a7fa10b9126ea28baed9b57d82ab23db557c307ae88da9c6c68d7eeae8e69b06707297b87f8c925a"}, 0x48}, 0x2}, 0x0) 3.130756229s ago: executing program 5 (id=754): syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x800080, &(0x7f0000000100)=ANY=[@ANYBLOB='nobarrier,mode=lfs,fsync_mode=strict\x00acl,\x00'], 0x1, 0x552d, &(0x7f000000d000)="$eJzs3M1rI2UYAPAn7Xa7X65FPHjbgUVoYRM23Q/0VnUXP7BLWfXgSdMkDdlNMqVJ09qTB4/iwf9EFDx59G/w4NmbeFC8CUpmJrpdFVybtN3294PJM/PmnWeeN5TCMxMSwKm1kPz6cykux/mImI2ISxHZfqnYMit5eCEirkTEzCNbqRj/c+BsRFyIiMtxbnx6qXjr82vDq7d+euuXb76bP3Pxi6+/P5IFA8fCixHR3cz3d7p5TFt5fFCM14btLHZvDouYv9F9WBynedxprmcZdmrjebUs3mjl89PN7f4obnRq9VFstTey8c1efsH+sDXOk53woLaVHTea61ls99Mstvbyunb38v+Xe/1BnqdR5PsoSx+DwTjm483dZr6ezYdZrPcGxXieN200d0dxWMTiclFPO42sjvWDfNLH29vt3vZuMmxu9dtpL7lVqb5Uqd4uV7fSRnPQvFmudRu3byaLrc5oWnnQrHVXWmna6jQr9bS7lCy26vVytZos3mmut2u9pFqt3KhcL99aKvauJa/fey/pNJLFUXy13dsetDv9ZCPdSvIzlpLlyo2Xl5Kr1eSd1bVk7f7du6tr735w5/17r6y++Vox6W9lJYvL15eXy9Xr5eXq0ila/ydF0RNcPxxI6cmmz0+rDoCnyBT7/4iFPKf+H3jc9Pr/rfsR0+//Q/8/EU9V/3va+/8prB8O5An7fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATo4f5r58I9tZyI8vFuPPFEPPFceliJiJiN//wWyc3Zdztsgz9y/z5x6r4dtSZBlG15gvtgsRsVJsvz077U8BAAAATq6vPr7yWd6t5y8LR10Qhym/aTNz6cMJ5StFxNzCjxPKNjN6eX5CybK/7zOxO6Fs2Q2scxNKlt9yOzOpbP/J7L5w7pFQysPMoZYDAAAciv2dwOF2IQAAABymT4+6AI5GKcaPMsfPgrNv3v/1QPD8viMAAADgKM3/v9NKk64DAAAAOHay/t/v/wEAAMDJlv/+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAHO3eUozQQxwH435YKikZifDTxKPoGx/AIPvpoOICX4Ah4BS/AGfDNIxjY0OmSZcNudtNp2d18X9IO0ww/Zgg8zEwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp7/1evH75+dfXXN2+27yjAYAAAA4Z1uvF82LWapP2+fv2kcf2noREWVEnJu7V/HqJLOKiE8RUd/Rvr7Vhz8RTcLhM8bt9SYivrbX//d9fwsAAADwcm2Wq3marafb7NIdYkhp0aZ8+y1TXhER9exfprTykPcxU1jz+x7Fj0xpzQLWJFNYWnIb5Up7kObvfly1m9woilSU978/29gBAIABVSfFsLMQAAAAhvT9cPty6V7QXfW45kVcb2UetwLHqWi3916f1AAAAIBnqLh0BwAAAIDeNfP/vs7/mzr/DwAAAJ6EdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfdrW68VmuZp3zdntu8kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAK/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J/fDIhhKIqjd2Yy/75V9r/YuqS6hCrnEH7yJDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABu5H/EY50zXo0tyUjybLx7PZN8Omp8O2r8+mCuD8e8cCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY2bmf1ziqOADgb2Z2tmlVXKPkEBELHvRi021t7U08KMGDf4IQ0m2N3fqjzcGWIuTiTXLuRfQoIijx1v+h5xZ6qbcecqjguTK/kpc04KpkZtP9fODN+84wmfd9sxDynTdZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYY/v93TgrNoMqTutj9x7fWi36+/v6wp3NB4tFK+KkzaSPhtfinWQh2plrPxkAAABmQ9bU9yGEh/nWctGng7L+z5tzipr/hxequKnn99f9Td/U/kX7/bdHr+wMNKjGKS56aW08Ov10Kr3Dm+V0e/Efz+iVd7589pKVH0j60cbL23l5P5Pv7t79oF+Gx9rIFgD4L041fR00fw8V/bDLxACYGb2o8G7q/2zQbU4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdjeCM81cRJCWOztxoX7j2+tHtTf2Xyw2LTzt29vxtcsLpGHEC6tjUenw1yLs5lu12/cvLIyHo+utR+8HkLoavT36ulf+WSCk0M4pDROdnTnZyxI6w97WvI5GkGHv5QAAHgm5XUr6vqH+dZycSyZD+HJj3vr/zejOExY/z/69Py9eKy4/h+2NsPpt7R+9cul6zduvr12deXy6PLo83fODN8dnr1w7tyFpfJZSbXtOk0AAACOsH7d4vo/nX96/f9EFIcJ6/+vvh9+E4+Vqf8PtLvo13UmAAAAs+2lk3/9mRxwPOn3w9cr6+vXhtV2Z/9Mte0g1X/tWN3i+j+b7zorAAAAoA3bG8me9f+LURwmXP9//qdXf4mvmYUQjtfr/6dWvxhfbG86U+1//Idw6E34413PEQAAgHY92fciw/G6xev/efn+f7pzZhpCeOuNKq6/BnCi+j/78Nuf47Hi9//PHvI8p126UN2Psl8IobfQdUYAAAA8y+bKNijr/z/yreXPfj3xcd/7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABt+zsAAP//RP895g==") mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x3) 2.754020604s ago: executing program 3 (id=758): recvmmsg(0xffffffffffffffff, &(0x7f0000004500)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000580)=""/46, 0x2e}], 0x1}}], 0x1, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r0, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r1, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0) 2.449463078s ago: executing program 3 (id=760): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'wlan1\x00', {0x2, 0x0, @broadcast}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000000)={'wlan1\x00', {0x2, 0x0, @empty}}) 2.264922442s ago: executing program 3 (id=763): openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x559b, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 2.005401501s ago: executing program 3 (id=766): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@allocspi={0x104, 0x16, 0x1, 0x0, 0x0, {{{@in6=@private1, @in=@remote}, {@in6=@private1, 0x0, 0x33}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, [@mark={0xc, 0x15, {0x35075b}}]}, 0x104}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@allocspi={0xf8, 0x16, 0x3b5bef62e1571d3d, 0x0, 0x0, {{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev}, {@in=@multicast2, 0x0, 0x33}, @in6=@empty}}}, 0xf8}}, 0x0) 2.005009172s ago: executing program 1 (id=767): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 2.004790054s ago: executing program 2 (id=768): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xc4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x94, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x38, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x752b}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x10001}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x101}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0xfffffffffffffc44}]}]}]}}]}, 0xc4}}, 0x0) 1.87415919s ago: executing program 3 (id=769): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmsg$sock(r0, &(0x7f0000000540)={&(0x7f0000000000)=@rc, 0x80, 0x0}, 0x0) listen(r0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.852353099s ago: executing program 1 (id=770): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}]}, 0x30}}, 0x0) 1.726552028s ago: executing program 1 (id=771): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x183203, 0x0) fcntl$setlease(r0, 0x400, 0x1) 1.716528753s ago: executing program 2 (id=772): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x180000, @empty}, 0x1c) 1.63135102s ago: executing program 0 (id=773): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000000c0)=0x40) ppoll(&(0x7f0000000340)=[{r0}], 0x1, &(0x7f00000003c0), 0x0, 0x0) 1.595213878s ago: executing program 4 (id=774): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) setns(r2, 0x40000000) 1.566531365s ago: executing program 2 (id=775): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_BETA={0x8}, @TCA_FQ_PIE_ALPHA={0x8}]}}]}, 0x44}}, 0x0) 1.565631196s ago: executing program 5 (id=776): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x4c, 0x0, 0x1, 0x5, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040850}, 0x0) 1.454672916s ago: executing program 4 (id=777): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x14, r2, 0x1}, 0x14}}, 0x0) 1.453019732s ago: executing program 2 (id=778): openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 1.297313749s ago: executing program 4 (id=779): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_serviced\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000880)={0x2020}, 0x2020) 1.230136572s ago: executing program 2 (id=780): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000000c0)='^', 0x1}], 0x1}}], 0x1, 0x4081) recvmmsg(r1, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}], 0x700, 0x2, 0x0) dup3(r1, r0, 0x0) 1.197516866s ago: executing program 4 (id=781): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1, 0xc8ba}, &(0x7f0000000100)=0x8) 1.068975421s ago: executing program 5 (id=782): syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x200000, &(0x7f00000000c0)={[{@umask={'umask', 0x3d, 0x80}}, {@file_umask={'file_umask', 0x3d, 0x2}}, {@gid}, {@type={'type', 0x3d, "9d4b9598"}}, {@codepage={'codepage', 0x3d, 'macceltic'}}, {@iocharset={'iocharset', 0x3d, 'cp862'}}, {@gid}, {@file_umask={'file_umask', 0x3d, 0x3}}]}, 0x4, 0x322, &(0x7f0000000600)="$eJzs3U1r1E4cB/DvZDfbzb+l/9hWCh6rBU+lrQdFBEWKF9+ABynWNoXSWMFWsIK4ehbxJggevXkWfQt6Ed+AnnoonvRSPBiZmTxuZ9Ld7UNa9vuB7m428/CbJJPM7LINiKhvXZ/7/u7ClvwTLoAagMuAA6AJ1AGcxnjz4drGykYYLJUVVFM55J+Azil2pVlcC0xZZT6VI+bLpTqG8u/R4YiiKPqxZ6pfRxILVUfovr+LAwzEvVOtbx55ZIejpdvVX3J7WOxgB48wXGU4RERUvfj678RXiaF4/O44wGQ8Dj/p1//C+GanujiOhfT67+jlSMjt879alc331BRO7n0nmSWayjIeE1G2uRvQR1ZhB4i9ZpUqFsdbXgmDqZYq4DmuxnLJxtTjEpKGKLZoG/ppwjA3LVHW9nKDqg2ubINriX+06xo/beO1ubr5Lx3EJD6Lr2Je+HiDpXT8V4+E3Dhq+/iAl8+g45+2l6ha6etUhVZm8/dTqpIzyR74+D5rpWfbrk3UZCwmshTRPn73kzhfNey5MILixwq6dTP21qlco8Zcs+nyH2OusfZc3rIbBlOL98PSj1IOjHFGJ16KW2ICP/EBc7nxvyNTT8LeMwu9XKiU8ZFR2p66SmnZjwWqA9/rqmeScsO4o8u9wF1cwvD65uPVhTAMHlT/IukqxyQefSDGh6N8Rz7n0qApX7gADqzSv1EUGVfVcZANtMXsqqZefJs2WZ1mW3pxf5WipbdhbtU1e+LstCnfSc4IvdT+NM0lrxbdZP8d176+aT4gRS7CxuEekElVhVU1DHTUU7weKr35ZHUh7P6UQidPttMxfnv7StXh0NGT4y6h53+5+cq0OuvIB79kNhLtVXiuxBnLDGhEPf7X2QwuLdY6ThxMXoTBbNmc6+x54FxbjQ6SGp+1F+vHceI4fitp/CrDK8sh5vANd/j5PxERERERERERERERERERERERERHRSdPtrxF6+TlBscatPvzHG0RERERERERERERERERERERERERERERE+5O7/y9QU3eMaVR+/99aB/f/Te5LQUQ9+xcAAP//GmNcVw==") openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) mount(&(0x7f0000005880)=@nullb, &(0x7f00000058c0)='./file0\x00', &(0x7f0000005900)='qnx4\x00', 0x18001, 0x0) mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='adfs\x00', 0x0, 0x0) 945.916229ms ago: executing program 0 (id=783): setreuid(0xee00, 0x0) r0 = getuid() setreuid(0xee00, r0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000002feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffffb9, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 945.692169ms ago: executing program 4 (id=784): r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001280000000000900"}) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000200)=""/186) 923.01544ms ago: executing program 3 (id=785): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) shmget$private(0x0, 0x1000, 0x20, &(0x7f00008e1000/0x1000)=nil) 917.913317ms ago: executing program 5 (id=786): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev}, 0x10) connect$inet(r0, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) 905.35708ms ago: executing program 2 (id=787): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000200)={0x24, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x23, @string={0x23, 0x3, "5d95b5db2648b4c56db3094885239e187f30232fb4711d740fabfa519a43621ba8"}}, 0x0, 0x0}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r0, 0x8028c003, 0x0) 743.879708ms ago: executing program 1 (id=788): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x9}, {0x5}, {0xfff1, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0xc080}, 0x0) 743.350754ms ago: executing program 0 (id=789): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="440000001800010000000000000000000a000000000000000000000018001600140001000200000000000000000010000000000008000400", @ANYRES32=r1, @ANYBLOB="0600150007"], 0x44}}, 0x0) 573.472313ms ago: executing program 0 (id=790): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e999000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000004e220000000000000a008080"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x188}}, 0x0) 573.180792ms ago: executing program 1 (id=791): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0) 506.004125ms ago: executing program 0 (id=792): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) 440.473631ms ago: executing program 1 (id=793): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0xc8, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x1, 0x5, 0x0, 0x2, 0x0, 0x2baf1e3f}}, {0x4}}]}]}, 0xc8}}, 0x0) 327.994656ms ago: executing program 4 (id=794): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x40}}]}}]}, 0x44}}, 0x0) 142.78045ms ago: executing program 0 (id=795): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xb, "0000000000000000000100000e00"}}}]}, 0x48}}, 0x0) 0s ago: executing program 5 (id=796): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) kernel console output (not intermixed with test programs): ite_user helper that may corrupt user memory! [ 77.680095][ T5448] ======================================================= [ 77.680095][ T5448] WARNING: The mand mount option has been deprecated and [ 77.680095][ T5448] and is ignored by this kernel. Remove the mand [ 77.680095][ T5448] option from the mount to silence this warning. [ 77.680095][ T5448] ======================================================= [ 77.763004][ T5448] devtmpfs: Bad value for 'mpol' [ 77.822316][ T3029] kworker/u8:11: attempt to access beyond end of device [ 77.822316][ T3029] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 77.903303][ T3029] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 78.240738][ T5457] loop5: detected capacity change from 0 to 32768 [ 78.333518][ T5460] loop1: detected capacity change from 0 to 40427 [ 78.359953][ T5460] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 78.369558][ T5460] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 78.381034][ T5460] F2FS-fs (loop1): invalid crc value [ 78.392778][ T5240] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.564221][ T5454] loop0: detected capacity change from 0 to 32768 [ 78.577344][ T5460] F2FS-fs (loop1): Found nat_bits in checkpoint [ 78.579907][ T5454] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.45 (5454) [ 78.787296][ T5460] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 78.794054][ T5454] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 78.803502][ T5460] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 78.812640][ T5454] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.895672][ T5454] BTRFS info (device loop0): using free-space-tree [ 79.174718][ T5480] loop2: detected capacity change from 0 to 128 [ 79.367359][ T5469] loop3: detected capacity change from 0 to 32768 [ 79.455313][ T5491] loop4: detected capacity change from 0 to 8 [ 79.462608][ T5491] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 80.120484][ T5234] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 80.243608][ T5509] loop4: detected capacity change from 0 to 512 [ 80.283554][ T5509] EXT4-fs: Ignoring removed oldalloc option [ 80.420192][ T5509] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz.4.65: Parent and EA inode have the same ino 15 [ 80.486204][ T5516] unknown channel width for channel at 909000KHz? [ 80.580680][ T5509] EXT4-fs (loop4): Remounting filesystem read-only [ 80.623893][ T5509] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 80.695563][ T5509] EXT4-fs warning (device loop4): ext4_evict_inode:259: couldn't mark inode dirty (err -5) [ 80.731895][ T5509] EXT4-fs (loop4): 1 orphan inode deleted [ 80.738959][ T5509] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.930422][ T5238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.097694][ T25] cfg80211: failed to load regulatory.db [ 81.103878][ T5532] capability: warning: `syz.3.72' uses deprecated v2 capabilities in a way that may be insecure [ 81.356111][ T5503] loop5: detected capacity change from 0 to 32768 [ 81.510281][ T5503] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 81.793906][ T5503] XFS (loop5): Ending clean mount [ 81.811675][ T5503] XFS (loop5): Quotacheck needed: Please wait. [ 81.912539][ T5503] XFS (loop5): Quotacheck: Done. [ 82.086807][ T5236] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 82.248472][ T5562] vlan2: entered allmulticast mode [ 82.262455][ T5557] loop2: detected capacity change from 0 to 40427 [ 82.286383][ T5557] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 82.294406][ T5557] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 82.303653][ T5557] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x1fffff [ 82.323774][ T5557] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8 [ 82.344546][ T5557] F2FS-fs (loop2): invalid crc value [ 82.385344][ T5557] F2FS-fs (loop2): Found nat_bits in checkpoint [ 82.647154][ T5557] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 82.673212][ T5557] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 82.788711][ T5581] loop4: detected capacity change from 0 to 256 [ 82.900864][ T5237] syz-executor: attempt to access beyond end of device [ 82.900864][ T5237] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 82.902263][ T5581] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84977, utbl_chksum : 0xe619d30d) [ 82.955544][ T5237] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 83.071246][ T5586] loop1: detected capacity change from 0 to 1024 [ 83.100033][ T5587] loop5: detected capacity change from 0 to 128 [ 83.159814][ T5587] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 83.200322][ T5587] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 83.268794][ T5586] hfsplus: bad catalog entry type [ 83.387393][ T11] hfsplus: b-tree write err: -5, ino 4 [ 83.521615][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 83.686290][ T5601] loop3: detected capacity change from 0 to 512 [ 83.697438][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 83.708113][ T5566] loop0: detected capacity change from 0 to 40427 [ 83.724168][ T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 83.734359][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.751071][ T5566] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1fffff [ 83.770478][ T9] usb 6-1: Product: syz [ 83.775526][ T5601] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.98: invalid block [ 83.797109][ T5566] F2FS-fs (loop0): invalid crc value [ 83.822045][ T9] usb 6-1: Manufacturer: syz [ 83.826679][ T9] usb 6-1: SerialNumber: syz [ 83.866297][ T5566] F2FS-fs (loop0): Found nat_bits in checkpoint [ 83.912855][ T9] cdc_ether 6-1:1.0: skipping garbage [ 83.919630][ T5601] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.98: invalid indirect mapped block 4294967295 (level 1) [ 83.941559][ T9] usb 6-1: bad CDC descriptors [ 83.945810][ T5601] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.98: invalid indirect mapped block 4294967295 (level 1) [ 83.961584][ T25] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 83.995539][ T5566] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 84.007885][ T5601] EXT4-fs (loop3): 2 truncates cleaned up [ 84.033254][ T5601] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.067634][ T5566] syz.0.84: attempt to access beyond end of device [ 84.067634][ T5566] loop0: rw=2049, sector=45096, nr_sectors = 96 limit=40427 [ 84.111559][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 84.114464][ T5340] usb 6-1: USB disconnect, device number 2 [ 84.118411][ T25] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 84.140617][ T5601] EXT4-fs (loop3): shut down requested (2) [ 84.159648][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 84.187396][ T25] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 84.203143][ T5566] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_merge_page_bio+0x1e5/0x1540 [ 84.207085][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.228870][ T5566] syz.0.84: attempt to access beyond end of device [ 84.228870][ T5566] loop0: rw=2049, sector=45192, nr_sectors = 40 limit=40427 [ 84.254162][ T5566] syz.0.84: attempt to access beyond end of device [ 84.254162][ T5566] loop0: rw=2049, sector=45096, nr_sectors = 64 limit=40427 [ 84.268028][ T25] usb 5-1: Product: syz [ 84.268053][ T25] usb 5-1: Manufacturer: syz [ 84.268074][ T25] usb 5-1: SerialNumber: syz [ 84.297469][ T5240] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.300018][ T25] usb 5-1: config 0 descriptor?? [ 84.384633][ T25] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 84.420770][ T25] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 84.557858][ T5625] batman_adv: batadv0: Adding interface: wlan1 [ 84.578966][ T5625] batman_adv: batadv0: The MTU of interface wlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.613801][ T5234] syz-executor: attempt to access beyond end of device [ 84.613801][ T5234] loop0: rw=2049, sector=45232, nr_sectors = 8 limit=40427 [ 84.626011][ T5609] loop1: detected capacity change from 0 to 32768 [ 84.644176][ T5625] batman_adv: batadv0: Interface activated: wlan1 [ 84.652397][ T5234] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 85.018408][ T25] em28xx 5-1:0.0: chip ID is em2874 [ 85.050132][ T5634] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.073118][ T5634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.112'. [ 85.311995][ T25] usb 5-1: USB disconnect, device number 2 [ 85.319615][ T25] em28xx 5-1:0.0: Disconnecting em28xx [ 85.373274][ T5642] loop5: detected capacity change from 0 to 512 [ 85.522195][ T25] em28xx 5-1:0.0: Freeing device [ 85.595652][ T5642] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.114: invalid indirect mapped block 4294967295 (level 1) [ 85.681178][ T5655] loop3: detected capacity change from 0 to 1024 [ 85.720376][ T5642] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.114: invalid indirect mapped block 4294967295 (level 1) [ 85.846537][ T5644] loop2: detected capacity change from 0 to 32768 [ 85.873787][ T5240] hfsplus: bad catalog entry type [ 85.891760][ T5644] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.116 (5644) [ 85.925818][ T5642] EXT4-fs (loop5): 2 truncates cleaned up [ 85.942603][ T5642] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.948628][ T5644] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 86.025394][ T5642] EXT4-fs error (device loop5): ext4_get_parent:1860: inode #11: comm syz.5.114: bad parent inode number: 3 [ 86.051232][ T5644] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 86.063433][ T5659] can0: slcan on ttyS3. [ 86.119919][ T5644] BTRFS info (device loop2): using free-space-tree [ 86.152068][ T5659] can0 (unregistered): slcan off ttyS3. [ 86.152556][ T5236] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.370630][ T5672] loop4: detected capacity change from 0 to 4096 [ 86.432849][ T5672] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 86.526885][ T5672] ntfs3(loop4): Failed to initialize $Extend/$Reparse. [ 86.534621][ T5644] BTRFS info (device loop2): rebuilding free space tree [ 86.548653][ T5679] loop1: detected capacity change from 0 to 4096 [ 86.572649][ T1097] hfsplus: b-tree write err: -5, ino 4 [ 86.578591][ T5679] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 86.603536][ T5687] loop5: detected capacity change from 0 to 512 [ 86.780144][ T5687] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.932565][ T5687] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.009729][ T5238] ntfs3(loop4): ino=1a, ntfs_sync_fs failed, -22. [ 87.079294][ T5687] EXT4-fs error (device loop5): ext4_get_first_dir_block:3532: inode #12: comm syz.5.126: Directory hole found for htree leaf block 0 [ 87.163050][ T5644] BTRFS warning (device loop2): failed to trim 1 device(s), last error -512 [ 87.184389][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.317962][ T9] IPVS: starting estimator thread 0... [ 87.333173][ T5237] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 87.379960][ T5236] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.437895][ T5703] IPVS: using max 16 ests per chain, 38400 per kthread [ 87.502283][ T5705] loop0: detected capacity change from 0 to 2048 [ 87.512723][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.708394][ T5705] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.753422][ T5253] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.762552][ T5253] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.770254][ T5253] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.779261][ T5253] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.801223][ T5700] loop1: detected capacity change from 0 to 32768 [ 87.807037][ T5253] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 87.828247][ T5253] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.913455][ T5705] EXT4-fs error (device loop0): ext4_lookup:1813: inode #16: comm syz.0.135: unexpected EA_INODE flag [ 88.034471][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.078753][ T5700] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 88.150638][ T5234] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.507693][ T5700] XFS (loop1): Ending clean mount [ 88.516377][ T5700] XFS (loop1): Quotacheck needed: Please wait. [ 88.575529][ T29] audit: type=1326 audit(1729410015.116:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836797dff9 code=0x7ffc0000 [ 88.597782][ T29] audit: type=1326 audit(1729410015.136:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836797dff9 code=0x7ffc0000 [ 88.607083][ T5731] loop0: detected capacity change from 0 to 512 [ 88.619995][ T29] audit: type=1326 audit(1729410015.136:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f836797dff9 code=0x7ffc0000 [ 88.648495][ T29] audit: type=1326 audit(1729410015.136:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f836797e033 code=0x7ffc0000 [ 88.670861][ T29] audit: type=1326 audit(1729410015.166:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f836797cadf code=0x7ffc0000 [ 88.693451][ T29] audit: type=1326 audit(1729410015.166:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f836797e087 code=0x7ffc0000 [ 88.716281][ T29] audit: type=1326 audit(1729410015.166:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f836797c990 code=0x7ffc0000 [ 88.738458][ T29] audit: type=1326 audit(1729410015.166:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f836797dbfb code=0x7ffc0000 [ 88.786587][ T29] audit: type=1326 audit(1729410015.336:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f836797cc8a code=0x7ffc0000 [ 88.810598][ T29] audit: type=1326 audit(1729410015.336:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.0.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f836797cc8a code=0x7ffc0000 [ 88.816355][ T5731] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 88.850275][ T5700] XFS (loop1): Quotacheck: Done. [ 88.923661][ T5724] loop2: detected capacity change from 0 to 40427 [ 88.941322][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.983044][ T5729] loop5: detected capacity change from 0 to 32768 [ 89.000634][ T5724] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 89.008133][ T5724] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 89.026098][ T5724] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x1fffff [ 89.062306][ T5724] F2FS-fs (loop2): invalid crc value [ 89.098382][ T5724] F2FS-fs (loop2): Found nat_bits in checkpoint [ 89.167576][ T5729] JBD2: Ignoring recovery information on journal [ 89.183152][ T5731] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.201234][ T5731] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.268147][ T5724] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 89.280443][ T5235] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 89.285736][ T5724] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 89.349501][ T5724] syz.2.138: attempt to access beyond end of device [ 89.349501][ T5724] loop2: rw=2049, sector=53248, nr_sectors = 128 limit=40427 [ 89.392317][ T5729] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 89.433984][ T5708] chnl_net:caif_netlink_parms(): no params data found [ 89.478514][ T35] bridge_slave_1: left allmulticast mode [ 89.486544][ T35] bridge_slave_1: left promiscuous mode [ 89.521272][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.615593][ T5733] loop4: detected capacity change from 0 to 32768 [ 89.632784][ T5733] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.141 (5733) [ 89.662155][ T5237] syz-executor: attempt to access beyond end of device [ 89.662155][ T5237] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 89.677190][ T5237] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 89.696021][ T5733] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 89.699104][ T35] bridge_slave_0: left allmulticast mode [ 89.712354][ T5733] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 89.720809][ T5733] BTRFS info (device loop4): using free-space-tree [ 89.764162][ T5731] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 89.785008][ T35] bridge_slave_0: left promiscuous mode [ 89.805767][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.826711][ T5236] ocfs2: Unmounting device (7,5) on (node local) [ 89.996121][ T5234] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.049150][ T5253] Bluetooth: hci5: command tx timeout [ 90.550320][ T5238] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 90.741931][ T5301] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 90.902225][ T5301] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 90.918788][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.927833][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.946027][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 90.973675][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.997295][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.025081][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.052391][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.072349][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.102698][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.136877][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.161993][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.190573][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.214816][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.232878][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.249789][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 91.259203][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.268017][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.277167][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.292433][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.299542][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 91.309500][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.319487][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.331601][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.342627][ T35] bond0 (unregistering): Released all slaves [ 91.349702][ T5301] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 91.358687][ T5301] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 91.369634][ T5301] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.391358][ T5301] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 91.400634][ T5301] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 91.409175][ T5301] usb 1-1: Product: syz [ 91.413394][ T5301] usb 1-1: Manufacturer: syz [ 91.418001][ T5301] usb 1-1: SerialNumber: syz [ 91.429289][ T5301] usb 1-1: config 0 descriptor?? [ 91.450451][ T5301] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 91.692746][ T35] batman_adv: batadv0: Interface deactivated: wlan1 [ 91.774478][ T5340] usb 1-1: USB disconnect, device number 2 [ 91.788242][ T5340] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 91.806925][ T35] batman_adv: batadv0: Removing interface: wlan1 [ 91.850470][ T5795] loop1: detected capacity change from 0 to 4096 [ 91.883356][ T5795] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 92.027247][ T5301] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 92.140091][ T5253] Bluetooth: hci5: command tx timeout [ 92.214547][ T5795] ntfs3(loop1): Failed to load $Extend (-22). [ 92.220737][ T5795] ntfs3(loop1): Failed to initialize $Extend. [ 92.258494][ T5793] loop5: detected capacity change from 0 to 32768 [ 92.289340][ T5708] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.297924][ T5708] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.306242][ T5301] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 92.318785][ T5793] [ 92.318785][ T5793] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.318785][ T5793] [ 92.344058][ T5793] find_entry called with index = 0 [ 92.372626][ T5708] bridge_slave_0: entered allmulticast mode [ 92.382264][ T5301] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.393126][ T5708] bridge_slave_0: entered promiscuous mode [ 92.394665][ T5301] usb 3-1: config 0 descriptor?? [ 92.402759][ T5793] read_mapping_page failed! [ 92.408396][ T5793] ERROR: (device loop5): txCommit: [ 92.408396][ T5793] [ 92.417523][ T5708] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.425525][ T5708] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.433736][ T5301] cp210x 3-1:0.0: cp210x converter detected [ 92.435955][ T5708] bridge_slave_1: entered allmulticast mode [ 92.474488][ T5708] bridge_slave_1: entered promiscuous mode [ 92.509317][ T5799] loop4: detected capacity change from 0 to 32768 [ 92.531803][ T5236] [ 92.531803][ T5236] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.531803][ T5236] [ 92.565181][ T5236] [ 92.565181][ T5236] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.565181][ T5236] [ 92.686408][ T5799] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 92.688571][ T5708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.830760][ T5799] XFS (loop4): Ending clean mount [ 92.840023][ T5799] XFS (loop4): Quotacheck needed: Please wait. [ 92.884765][ T5799] XFS (loop4): Quotacheck: Done. [ 92.956935][ T5815] loop1: detected capacity change from 0 to 256 [ 92.992962][ T5820] loop5: detected capacity change from 0 to 128 [ 93.009819][ T5815] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 93.011290][ T5820] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 93.085082][ T5820] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 93.152273][ T5301] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 93.213367][ T35] hsr_slave_0: left promiscuous mode [ 93.279753][ T5238] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 93.307160][ T5301] usb 3-1: cp210x converter now attached to ttyUSB0 [ 93.325545][ T35] hsr_slave_1: left promiscuous mode [ 93.347911][ T5829] loop0: detected capacity change from 0 to 1024 [ 93.381755][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.397463][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.621300][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.703992][ T5244] usb 3-1: USB disconnect, device number 2 [ 93.712449][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.742758][ T5244] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 93.817758][ T5244] cp210x 3-1:0.0: device disconnected [ 93.928310][ T35] veth1_macvtap: left promiscuous mode [ 93.934205][ T35] veth0_macvtap: left promiscuous mode [ 93.939933][ T35] veth1_vlan: left promiscuous mode [ 93.946051][ T35] veth0_vlan: left promiscuous mode [ 94.202461][ T5253] Bluetooth: hci5: command tx timeout [ 94.326889][ T5831] loop1: detected capacity change from 0 to 40427 [ 94.341813][ T5831] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 94.380307][ T5831] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 94.405308][ T5831] F2FS-fs (loop1): invalid crc value [ 94.805946][ T5831] F2FS-fs (loop1): Found nat_bits in checkpoint [ 95.056102][ T5831] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 95.082594][ T5831] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 95.159945][ T5864] loop0: detected capacity change from 0 to 32768 [ 95.179215][ T5864] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.172 (5864) [ 95.196745][ T5864] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 95.207122][ T5864] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 95.216325][ T5864] BTRFS info (device loop0): using free-space-tree [ 95.580258][ T35] team0 (unregistering): Port device team_slave_1 removed [ 95.627815][ T5234] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 95.804949][ T5862] loop2: detected capacity change from 0 to 32768 [ 95.835404][ T35] team0 (unregistering): Port device team_slave_0 removed [ 96.195941][ T5887] loop1: detected capacity change from 0 to 32768 [ 96.218705][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 96.218723][ T29] audit: type=1800 audit(1729410022.776:24): pid=5887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.175" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 96.290666][ T5253] Bluetooth: hci5: command tx timeout [ 96.290747][ T5862] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 96.455221][ T5862] XFS (loop2): Ending clean mount [ 96.471912][ T5862] XFS (loop2): Quotacheck needed: Please wait. [ 96.559409][ T5862] XFS (loop2): Quotacheck: Done. [ 96.641689][ T5301] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 96.813864][ T5301] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.824199][ T5301] usb 1-1: config 0 has no interfaces? [ 96.829780][ T5301] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 96.839599][ T5301] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.859308][ T5301] usb 1-1: config 0 descriptor?? [ 96.901307][ T5708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.963974][ T5856] macvlan2: entered promiscuous mode [ 96.977286][ T5856] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 96.987057][ T5856] team0: Port device macvlan2 added [ 97.071055][ T5708] team0: Port device team_slave_0 added [ 97.117936][ T5299] usb 1-1: USB disconnect, device number 3 [ 97.190875][ T5708] team0: Port device team_slave_1 added [ 97.389357][ T5708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.427344][ T5708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.480579][ T29] audit: type=1326 audit(1729410024.036:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.182" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc75d17dff9 code=0x0 [ 97.515731][ T5920] loop5: detected capacity change from 0 to 16 [ 97.536024][ T5708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.568618][ T5920] erofs: (device loop5): mounted with root inode @ nid 36. [ 97.585519][ T5708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.611568][ T5708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.710821][ T5708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.924980][ T5930] loop0: detected capacity change from 0 to 128 [ 98.017061][ T5930] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 98.097941][ T5930] sysv_free_block: trying to free block not in datazone [ 98.120046][ T5930] sysv_count_free_blocks: free block count was -2041545929, correcting to 9 [ 98.159376][ T5708] hsr_slave_0: entered promiscuous mode [ 98.203074][ T5708] hsr_slave_1: entered promiscuous mode [ 98.230540][ T5708] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.272715][ T5708] Cannot create hsr debugfs directory [ 98.281060][ T5930] sysv_count_free_inodes: unable to read inode table [ 98.432810][ T5234] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 98.637355][ T5947] netlink: 16 bytes leftover after parsing attributes in process `syz.1.191'. [ 98.721328][ T5952] loop1: detected capacity change from 0 to 256 [ 98.752796][ T5952] exfat: Deprecated parameter 'utf8' [ 98.913669][ T5957] loop5: detected capacity change from 0 to 4096 [ 98.922370][ T5957] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 98.940896][ T5952] exfat: Deprecated parameter 'utf8' [ 98.949043][ T5952] exfat: Deprecated parameter 'utf8' [ 98.982115][ T5244] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 98.988833][ T5959] ieee802154 phy0 wpan0: encryption failed: -90 [ 99.008348][ T5952] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 99.062301][ T5957] ntfs3: Cannot load iocharset cp94./file1 [ 99.135180][ T5237] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 99.151559][ T5244] usb 5-1: Using ep0 maxpacket: 8 [ 99.170191][ T5244] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 99.192520][ T5244] usb 5-1: config 179 has no interface number 0 [ 99.205358][ T5244] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 99.242568][ T5244] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 99.300450][ T5244] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 99.319882][ T5244] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 99.331814][ T5244] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 99.345885][ T5244] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 99.355252][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.501864][ T5942] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 99.807061][ T5981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.197'. [ 99.866384][ T5301] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input5 [ 99.871695][ T5969] loop0: detected capacity change from 0 to 4096 [ 100.086852][ T5969] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.246158][ T5969] fs-verity: sha512 using implementation "sha512-avx2" [ 100.274488][ T5969] fs-verity (loop0, inode 13): Unsupported log_blocksize: 13 [ 100.424120][ T25] usb 5-1: USB disconnect, device number 3 [ 100.424259][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 100.439509][ T25] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 100.479576][ T5997] netlink: 'syz.5.208': attribute type 1 has an invalid length. [ 100.487858][ T5234] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.525335][ T5997] netlink: 224 bytes leftover after parsing attributes in process `syz.5.208'. [ 100.632947][ T6003] loop2: detected capacity change from 0 to 64 [ 100.767562][ T6005] loop0: detected capacity change from 0 to 764 [ 100.827369][ T6005] rock: directory entry would overflow storage [ 100.834459][ T6005] rock: sig=0x4654, size=5, remaining=4 [ 100.919745][ T6007] Bluetooth: MGMT ver 1.23 [ 101.181010][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.212'. [ 101.216625][ T6012] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.262017][ T6012] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.290970][ T6012] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.299778][ T6012] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.383881][ T5993] loop1: detected capacity change from 0 to 32768 [ 101.421752][ T5993] JBD2: Ignoring recovery information on journal [ 101.513788][ T6022] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.216'. [ 101.525241][ T6022] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 101.565705][ T5708] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.781876][ T5993] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 101.841998][ T6017] loop2: detected capacity change from 0 to 32768 [ 101.861380][ T6026] tipc: Started in network mode [ 101.885847][ T6026] tipc: Node identity ac14140f, cluster identity 4711 [ 101.902336][ T6026] tipc: New replicast peer: 255.255.255.255 [ 101.920671][ T6026] tipc: Enabled bearer , priority 10 [ 101.928876][ T5708] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.940450][ T5708] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.995692][ T5708] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 102.051393][ T5235] ocfs2: Unmounting device (7,1) on (node local) [ 102.381359][ T5708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.455301][ T5708] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.478740][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.485984][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.557716][ T2497] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.564906][ T2497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.701363][ T6047] IPVS: wrr: TCP 172.20.20.170:0 - no destination available [ 102.762191][ T5708] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 103.033437][ T5299] tipc: Node number set to 2886997007 [ 103.076958][ T6070] loop1: detected capacity change from 0 to 64 [ 103.453219][ T5708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.624883][ T6092] loop4: detected capacity change from 0 to 128 [ 103.716729][ T5708] veth0_vlan: entered promiscuous mode [ 103.799960][ T5708] veth1_vlan: entered promiscuous mode [ 103.971011][ T6098] netlink: 'syz.2.241': attribute type 6 has an invalid length. [ 104.041388][ T5708] veth0_macvtap: entered promiscuous mode [ 104.090330][ T5708] veth1_macvtap: entered promiscuous mode [ 104.170809][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.228331][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.310898][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.372204][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.440300][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.486837][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.541866][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.605449][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.659607][ T5708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.789844][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.851574][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.881510][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.911533][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.951539][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.991867][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.000428][ T6118] loop2: detected capacity change from 0 to 8 [ 105.020999][ T6085] loop0: detected capacity change from 0 to 32768 [ 105.027978][ T5708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.048642][ T5708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.049696][ T6118] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 105.075066][ T5708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.083251][ T6094] loop5: detected capacity change from 0 to 32768 [ 105.096848][ T5708] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.105861][ T5708] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.115219][ T5708] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.124061][ T5708] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.144409][ T6094] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.240 (6094) [ 105.177415][ T6094] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 105.188000][ T6094] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 105.196945][ T6094] BTRFS info (device loop5): using free-space-tree [ 105.286070][ T6085] XFS (loop0): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 105.391993][ T6118] cramfs: Error -3 while decompressing! [ 105.406586][ T6118] cramfs: ffffffff9a508978(42)->ffff8880291ee000(4096) [ 105.431159][ T6140] netlink: 168 bytes leftover after parsing attributes in process `syz.1.248'. [ 105.466688][ T3006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.475019][ T3006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.502449][ T2497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.510312][ T2497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.778956][ T6114] loop4: detected capacity change from 0 to 32768 [ 105.887804][ T6085] XFS (loop0): Ending clean mount [ 105.930346][ T6154] ALSA: mixer_oss: invalid OSS volume '' [ 105.947683][ T6094] BTRFS error (device loop5): target device is invalid! [ 105.957069][ T6114] BTRFS: device /dev/loop4 (7:4) using temp-fsid bdaabf3f-50d9-40e7-bff1-58504658272a [ 105.982205][ T6114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.245 (6114) [ 106.108600][ T6114] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 106.118832][ T6114] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 106.145768][ T29] audit: type=1800 audit(1729410288.666:26): pid=6158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.237" name="file1" dev="loop0" ino=1286 res=0 errno=0 [ 106.177223][ T6114] BTRFS info (device loop4): using free-space-tree [ 106.215556][ T5236] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 106.462594][ T5234] XFS (loop0): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 106.693637][ T6189] loop2: detected capacity change from 0 to 2048 [ 106.871413][ T6202] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 106.961212][ T6207] loop0: detected capacity change from 0 to 256 [ 107.056337][ T6207] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 107.164088][ T6202] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 107.235044][ T29] audit: type=1800 audit(1729410289.796:27): pid=6207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.254" name=FDDD3B dev="loop0" ino=1048623 res=0 errno=0 [ 107.235246][ T6202] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 107.391925][ T5238] BTRFS info (device loop4): last unmount of filesystem bdaabf3f-50d9-40e7-bff1-58504658272a [ 107.413638][ T6202] Remounting filesystem read-only [ 107.424056][ T5237] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 108.061965][ T5244] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 108.233008][ T5244] usb 4-1: config 4 has an invalid interface number: 44 but max is 0 [ 108.283486][ T5244] usb 4-1: config 4 has no interface number 0 [ 108.341610][ T5244] usb 4-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice=80.20 [ 108.370393][ T5244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.414612][ T5244] usb 4-1: Product: syz [ 108.433921][ T5244] usb 4-1: Manufacturer: syz [ 108.457439][ T5244] usb 4-1: SerialNumber: syz [ 108.794851][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 108.803213][ T6260] sctp: [Deprecated]: syz.1.275 (pid 6260) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.803213][ T6260] Use struct sctp_sack_info instead [ 108.842497][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 108.896817][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 108.955658][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 108.960662][ T5244] dvb-usb: found a 'Gigabyte U7000' in warm state. [ 108.977386][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 108.991922][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.015428][ T5244] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 109.023423][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.044600][ T5244] dvbdev: DVB: registering new adapter (Gigabyte U7000) [ 109.051571][ T4642] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 109.052306][ T5244] usb 4-1: media controller created [ 109.067570][ T5244] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 109.100444][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.144481][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.201666][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.209194][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.301877][ T5299] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 109.380705][ T6276] sctp: [Deprecated]: syz.1.279 (pid 6276) Use of int in maxseg socket option. [ 109.380705][ T6276] Use struct sctp_assoc_value instead [ 109.429265][ T5244] DVB: Unable to find symbol dib7000p_attach() [ 109.436117][ T5244] dvb-usb: no frontend was attached by 'Gigabyte U7000' [ 109.576318][ T6236] loop0: detected capacity change from 0 to 40427 [ 109.602743][ T4642] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 109.612312][ T4642] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.620323][ T4642] usb 3-1: Product: syz [ 109.624563][ T4642] usb 3-1: Manufacturer: syz [ 109.629172][ T4642] usb 3-1: SerialNumber: syz [ 109.647523][ T5244] rc_core: IR keymap rc-dib0700-rc5 not found [ 109.652725][ T6236] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 109.654856][ T5244] Registered IR keymap rc-empty [ 109.661311][ T6236] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 109.668081][ T5244] dvb-usb: could not initialize remote control. [ 109.680869][ T5244] dvb-usb: Gigabyte U7000 successfully initialized and connected. [ 109.710802][ T5299] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 109.778192][ T6253] loop4: detected capacity change from 0 to 32768 [ 109.832412][ T4642] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 109.865256][ T5244] usb 4-1: USB disconnect, device number 3 [ 109.921585][ T6253] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.273 (6253) [ 109.960513][ T25] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 109.975048][ T6287] loop1: detected capacity change from 0 to 512 [ 110.000531][ T6253] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 110.011273][ T6253] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 110.027157][ T6253] BTRFS info (device loop4): disk space caching is enabled [ 110.034881][ T6253] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 110.066079][ T6236] F2FS-fs (loop0): Found nat_bits in checkpoint [ 110.288030][ T5340] usb 3-1: USB disconnect, device number 3 [ 110.305356][ T6303] loop3: detected capacity change from 0 to 4096 [ 110.325017][ T6287] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.349514][ T6287] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.358174][ T6303] ntfs3(loop3): It is recommened to use chkdsk. [ 110.361838][ T6236] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 110.374628][ T6236] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 110.461199][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 110.470156][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 110.479046][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 110.487603][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 110.493830][ T5244] dvb-usb: Gigabyte U7000 successfully deinitialized and disconnected. [ 110.495489][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc1c00 [ 110.512104][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc2c00 [ 110.519949][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc4c00 [ 110.528129][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffc8c00 [ 110.536689][ T6303] ntfs3(loop3): try to read out of volume at offset 0x3fffffd0c00 [ 110.695559][ T5235] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.696694][ T6253] BTRFS info (device loop4): rebuilding free space tree [ 110.768234][ T6253] BTRFS info (device loop4): disabling free space tree [ 110.816962][ T6253] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.827896][ T6253] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 111.002868][ T25] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 111.010202][ T25] ath9k_htc: Failed to initialize the device [ 111.211184][ T5340] usb 3-1: ath9k_htc: USB layer deinitialized [ 111.522199][ T6346] loop1: detected capacity change from 0 to 2048 [ 111.550046][ T5238] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 111.609500][ T6351] netlink: 24 bytes leftover after parsing attributes in process `syz.3.299'. [ 111.615394][ T6346] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 111.785614][ T6357] loop5: detected capacity change from 0 to 512 [ 111.812558][ T6357] EXT4-fs: Ignoring removed orlov option [ 111.853377][ T6357] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13 [ 111.912420][ T6357] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.302: invalid indirect mapped block 2683928664 (level 1) [ 111.959433][ T5244] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 112.063466][ T6357] EXT4-fs (loop5): 1 truncate cleaned up [ 112.070143][ T6357] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.137663][ T5244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.149249][ T5244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.221728][ T5244] usb 1-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 112.230818][ T5244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.314003][ T5244] usb 1-1: config 0 descriptor?? [ 112.352731][ T5236] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.613332][ T6382] [U] [ 112.616360][ T6382] [U] [ 112.619080][ T6382] [U] [ 112.621799][ T6382] [U] [ 112.651421][ T6380] overlayfs: failed to clone upperpath [ 112.672075][ T6382] [U] [ 112.674904][ T6382] [U] [ 112.677620][ T6382] [U] [ 112.680340][ T6382] [U] [ 112.731302][ T6382] [U] [ 112.734073][ T6382] [U] [ 112.736801][ T6382] [U] [ 112.744830][ T5244] steelseries 0003:1038:12B6.0002: unbalanced collection at end of report description [ 112.786641][ T5244] steelseries 0003:1038:12B6.0002: probe with driver steelseries failed with error -22 [ 112.796633][ T6381] [U] [ 112.830043][ T6385] loop4: detected capacity change from 0 to 4096 [ 112.953846][ T9] usb 1-1: USB disconnect, device number 4 [ 113.201107][ T6398] loop5: detected capacity change from 0 to 256 [ 113.286539][ T6398] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 113.290548][ T6400] IPv6: NLM_F_CREATE should be specified when creating new route [ 113.316398][ T6400] netlink: 'syz.1.321': attribute type 1 has an invalid length. [ 113.694724][ T6419] loop4: detected capacity change from 0 to 512 [ 113.702858][ T6419] EXT4-fs: Ignoring removed i_version option [ 113.811025][ T6419] EXT4-fs (loop4): 1 truncate cleaned up [ 113.817886][ T6419] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.040335][ T6431] loop2: detected capacity change from 0 to 1024 [ 114.195691][ T5238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.263045][ T29] audit: type=1800 audit(1729410296.806:28): pid=6431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.330" name="bus" dev="loop2" ino=26 res=0 errno=0 [ 114.520035][ T12] hfsplus: b-tree write err: -5, ino 4 [ 114.545812][ T6450] loop4: detected capacity change from 0 to 1024 [ 114.555131][ T6450] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 114.681590][ T6450] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 114.729319][ T6457] loop2: detected capacity change from 0 to 512 [ 114.800900][ T6450] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 114.822386][ T6457] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 114.912302][ T6457] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 114.941290][ T6464] loop3: detected capacity change from 0 to 256 [ 114.948513][ T6464] exfat: Unknown parameter 'allow_utimÁ•á*¸cW00000000000000007' [ 114.948793][ T6450] EXT4-fs error (device loop4): ext4_ext_check_inode:524: inode #3: comm syz.4.337: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 114.966875][ T6464] loop3: detected capacity change from 0 to 512 [ 115.009679][ T6464] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 115.088286][ T6469] netlink: 'syz.1.349': attribute type 12 has an invalid length. [ 115.089013][ T6457] EXT4-fs (loop2): 1 truncate cleaned up [ 115.096176][ T6469] netlink: 'syz.1.349': attribute type 29 has an invalid length. [ 115.096201][ T6469] netlink: 'syz.1.349': attribute type 2 has an invalid length. [ 115.096219][ T6469] netlink: 128 bytes leftover after parsing attributes in process `syz.1.349'. [ 115.129688][ T6450] EXT4-fs (loop4): no journal found [ 115.150209][ T6457] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.166319][ T6450] EXT4-fs (loop4): can't get journal size [ 115.177596][ T6464] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 115.185850][ T6450] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 115.259556][ T6464] EXT4-fs (loop3): 1 truncate cleaned up [ 115.266607][ T6464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.450501][ T6446] loop0: detected capacity change from 0 to 40427 [ 115.485496][ T5238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.499884][ T6446] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1fffff [ 115.508561][ T6446] F2FS-fs (loop0): heap/no_heap options were deprecated [ 115.515746][ T6446] F2FS-fs (loop0): Image doesn't support compression [ 115.544088][ T5708] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.571178][ T6446] F2FS-fs (loop0): invalid crc value [ 115.658937][ T6446] F2FS-fs (loop0): Found nat_bits in checkpoint [ 115.817198][ T5237] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.877389][ T6485] loop5: detected capacity change from 0 to 512 [ 115.909924][ T6485] EXT4-fs: Ignoring removed i_version option [ 115.951630][ T6485] EXT4-fs: Ignoring removed nobh option [ 115.962366][ T6446] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 115.969239][ T6489] loop3: detected capacity change from 0 to 256 [ 115.977589][ T6485] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 116.083390][ T6446] F2FS-fs (loop0): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x6a5/0x1d60 [ 116.129961][ T6485] EXT4-fs (loop5): 1 truncate cleaned up [ 116.186844][ T5234] syz-executor: attempt to access beyond end of device [ 116.186844][ T5234] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 116.212777][ T5234] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 116.219739][ T5234] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 116.284742][ T6485] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.303593][ T6489] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb75ad3fb, utbl_chksum : 0xe619d30d) [ 116.453227][ T6506] loop4: detected capacity change from 0 to 64 [ 116.613799][ T5236] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.847906][ T6519] loop3: detected capacity change from 0 to 2048 [ 116.999912][ T6519] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 117.352959][ T6540] netlink: 201400 bytes leftover after parsing attributes in process `syz.0.362'. [ 117.489735][ T6545] netlink: 132 bytes leftover after parsing attributes in process `syz.1.375'. [ 117.599456][ T6545] netlink: 'syz.1.375': attribute type 10 has an invalid length. [ 117.665208][ T6545] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 117.865044][ T5299] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 117.999828][ T6555] loop0: detected capacity change from 0 to 40427 [ 118.003480][ T6548] loop2: detected capacity change from 0 to 1024 [ 118.027821][ T6559] loop1: detected capacity change from 0 to 512 [ 118.043752][ T5299] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 118.059682][ T6559] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 118.074240][ T5299] usb 6-1: config 0 has no interface number 0 [ 118.096242][ T6559] EXT4-fs (loop1): 1 orphan inode deleted [ 118.107346][ T5299] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.120279][ T6559] EXT4-fs (loop1): 1 truncate cleaned up [ 118.128137][ T6559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.129401][ T6555] F2FS-fs (loop0): Found nat_bits in checkpoint [ 118.201699][ T5299] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.214217][ T6559] EXT4-fs error (device loop1): ext4_check_all_de:657: inode #12: block 7: comm syz.1.380: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=124 fake=0 [ 118.234217][ T5299] usb 6-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 118.241603][ T5340] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 118.261542][ T5299] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.283135][ T5299] usb 6-1: config 0 descriptor?? [ 118.305822][ T6559] EXT4-fs (loop1): Remounting filesystem read-only [ 118.372023][ T6555] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 118.397088][ T6528] loop4: detected capacity change from 0 to 32768 [ 118.432871][ T5340] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 118.449816][ T6528] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.368 (6528) [ 118.458221][ T5340] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 118.488885][ T5340] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 118.509938][ T5340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.545879][ T5235] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.545894][ T6551] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 118.615583][ T5340] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 118.656616][ T6528] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 118.712643][ T5234] syz-executor: attempt to access beyond end of device [ 118.712643][ T5234] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 118.758856][ T6528] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 118.782111][ T5234] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 118.837328][ T5299] input: HID 04d9:a055 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/0003:04D9:A055.0003/input/input7 [ 118.913601][ T6528] BTRFS info (device loop4): using free-space-tree [ 119.083120][ T9] usb 4-1: USB disconnect, device number 4 [ 119.514209][ T5299] holtek_kbd 0003:04D9:A055.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.5-1/input1 [ 119.529741][ T5299] usb 6-1: USB disconnect, device number 3 [ 119.712732][ T4642] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 119.780004][ T5238] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 119.973183][ T4642] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.991900][ T4642] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.008001][ T4642] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 120.031592][ T4642] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.270103][ T6623] loop1: detected capacity change from 0 to 256 [ 120.276695][ T4642] usb 3-1: config 0 descriptor?? [ 120.343656][ T6623] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000006) [ 120.385934][ T6623] FAT-fs (loop1): Filesystem has been set read-only [ 120.886281][ T6640] loop1: detected capacity change from 0 to 256 [ 120.944986][ T4642] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 120.954398][ T4642] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 120.962092][ T4642] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 120.969209][ T4642] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 120.990647][ T4642] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 120.999896][ T4642] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 121.008001][ T4642] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 121.095596][ T6640] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 121.113505][ T4642] arvo 0003:1E7D:30D4.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.2-1/input0 [ 121.408374][ T4642] usb 3-1: USB disconnect, device number 4 [ 122.013029][ T6673] trusted_key: encrypted_key: keyword 'updat_fault' not recognized [ 122.237621][ T6680] loop0: detected capacity change from 0 to 1024 [ 122.260980][ T6680] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 122.511696][ T5244] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 122.682241][ T5244] usb 6-1: Using ep0 maxpacket: 32 [ 122.695026][ T5244] usb 6-1: config 0 has an invalid descriptor of length 185, skipping remainder of the config [ 122.712235][ T5244] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.742267][ T5244] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 122.753312][ T6663] loop3: detected capacity change from 0 to 32768 [ 122.762684][ T5244] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.803969][ T5244] usb 6-1: config 0 descriptor?? [ 122.819251][ T6663] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 122.821384][ T5244] hub 6-1:0.0: bad descriptor, ignoring hub [ 122.901618][ T5244] hub 6-1:0.0: probe with driver hub failed with error -5 [ 123.017490][ T6663] XFS (loop3): Ending clean mount [ 123.105990][ T6669] loop4: detected capacity change from 0 to 32768 [ 123.212237][ T6686] loop0: detected capacity change from 0 to 32768 [ 123.246830][ T6669] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 123.248500][ T6704] loop2: detected capacity change from 0 to 8 [ 123.324608][ T6669] JBD2: Ignoring recovery information on journal [ 123.383990][ T5708] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 123.390481][ T6686] XFS (loop0): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 123.411852][ T4642] usb 6-1: USB disconnect, device number 4 [ 123.499665][ T6669] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 123.555627][ T6686] XFS (loop0): Ending clean mount [ 123.609833][ T6719] loop1: detected capacity change from 0 to 128 [ 123.706406][ T6719] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 123.708842][ T29] audit: type=1800 audit(1729410306.266:29): pid=6686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.416" name="file1" dev="loop0" ino=6150 res=0 errno=0 [ 123.734180][ T6719] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 123.736626][ C1] vkms_vblank_simulate: vblank timer overrun [ 123.771395][ T4642] XFS (loop0): Metadata CRC error detected at xfs_rmapbt_read_verify+0x41/0xd0, xfs_rmapbt block 0x14 [ 123.804763][ T4642] XFS (loop0): Unmount and run xfs_repair [ 123.825128][ T4642] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 123.829087][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 123.844745][ T5238] ocfs2: Unmounting device (7,4) on (node local) [ 123.860108][ T4642] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 123.901404][ T4642] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 10 ................ [ 123.941424][ T4642] 00000020: ed 37 bf 6e 74 ea 4e 01 af ba 5f ee 27 4b 0f 3a .7.nt.N..._.'K.: [ 123.993173][ T4642] 00000030: 00 00 00 00 05 1b 0d e2 00 00 00 00 00 00 00 01 ................ [ 124.016686][ T6727] netlink: 'syz.3.426': attribute type 4 has an invalid length. [ 124.025445][ T9] usb 6-1: config 0 has an invalid descriptor of length 185, skipping remainder of the config [ 124.031846][ T6727] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.426'. [ 124.046532][ T4642] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 124.067070][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.071150][ T6727] netlink: 18430 bytes leftover after parsing attributes in process `syz.3.426'. [ 124.089343][ T9] usb 6-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice= 0.40 [ 124.092273][ T4642] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 124.111553][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.128807][ T4642] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 124.172876][ T4642] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 124.195303][ T6686] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x14 len 4 error 74 [ 124.203293][ T9] usb 6-1: config 0 descriptor?? [ 124.228294][ T9] ttusbir 6-1:0.0: cannot find expected altsetting [ 124.311328][ T6686] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 124.350320][ T6686] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 124.473819][ T4642] usb 6-1: USB disconnect, device number 5 [ 124.482593][ T5234] XFS (loop0): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 124.485838][ T6738] loop3: detected capacity change from 0 to 64 [ 124.507889][ T6739] netlink: 'syz.4.429': attribute type 10 has an invalid length. [ 124.519679][ T6739] syz_tun: entered promiscuous mode [ 124.549662][ T6739] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 124.688530][ T6738] syz.3.432: attempt to access beyond end of device [ 124.688530][ T6738] loop3: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 124.771157][ T6738] Buffer I/O error on dev loop3, logical block 512, async page read [ 124.894951][ T6738] syz.3.432: attempt to access beyond end of device [ 124.894951][ T6738] loop3: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 124.999965][ T6738] Buffer I/O error on dev loop3, logical block 56576, async page read [ 125.257509][ T6753] loop4: detected capacity change from 0 to 16 [ 125.304446][ T6753] erofs: (device loop4): mounted with root inode @ nid 36. [ 125.407387][ T6753] erofs: (device loop4): z_erofs_read_folio: read error -95 @ 8200 of nid 36 [ 125.498698][ T6734] loop1: detected capacity change from 0 to 32768 [ 125.764307][ T6761] loop3: detected capacity change from 0 to 512 [ 125.777817][ T6734] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 125.924957][ T6761] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.031981][ T6761] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.047705][ T6734] XFS (loop1): Ending clean mount [ 126.178716][ T6778] smc: net device bond0 applied user defined pnetid SYZ0 [ 126.252268][ T6778] smc: net device bond0 erased user defined pnetid SYZ0 [ 126.403608][ T5235] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 126.495930][ T5708] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.833630][ T6785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.448'. [ 126.917626][ T6785] netlink: 12 bytes leftover after parsing attributes in process `syz.2.448'. [ 127.034050][ T6787] gretap0: entered promiscuous mode [ 127.095526][ T6787] erspan0: entered promiscuous mode [ 127.414849][ T6755] loop5: detected capacity change from 0 to 262144 [ 127.455199][ T6796] random: crng reseeded on system resumption [ 127.479236][ T6798] netlink: 4 bytes leftover after parsing attributes in process `syz.4.453'. [ 127.489346][ T6798] netlink: 16 bytes leftover after parsing attributes in process `syz.4.453'. [ 127.585973][ T6799] loop3: detected capacity change from 0 to 2048 [ 127.597000][ T6799] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 127.616691][ T6799] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 127.626392][ T6755] F2FS-fs (loop5): Found nat_bits in checkpoint [ 127.647980][ T6799] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned length of impUse field [ 127.681691][ T6799] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned length of impUse field [ 127.752668][ T6755] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 128.629991][ T6821] loop4: detected capacity change from 0 to 32768 [ 128.802856][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 128.979733][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 129.015628][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 129.037713][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 129.091151][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 129.102639][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.148510][ T9] usb 2-1: Product: syz [ 129.170281][ T9] usb 2-1: Manufacturer: syz [ 129.199519][ T9] usb 2-1: SerialNumber: syz [ 129.227158][ T9] usb 2-1: config 0 descriptor?? [ 129.260847][ T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 129.287737][ T9] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 129.501321][ T6834] netlink: 16 bytes leftover after parsing attributes in process `syz.4.465'. [ 129.879930][ T9] em28xx 2-1:0.0: chip ID is em2800 [ 130.081110][ T9] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 130.122277][ T9] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 130.178918][ T9] em28xx 2-1:0.0: No AC97 audio processor [ 130.245348][ T9] usb 2-1: USB disconnect, device number 2 [ 130.282845][ T9] em28xx 2-1:0.0: Disconnecting em28xx [ 130.295900][ T6825] loop2: detected capacity change from 0 to 32768 [ 130.550538][ T9] em28xx 2-1:0.0: Freeing device [ 130.640816][ T6825] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 130.962987][ T6873] loop3: detected capacity change from 0 to 1024 [ 131.097281][ T6825] XFS (loop2): Ending clean mount [ 131.110597][ T6825] XFS (loop2): Quotacheck needed: Please wait. [ 131.300810][ T6884] tun0: tun_chr_ioctl cmd 1074025681 [ 131.336908][ T6825] XFS (loop2): Quotacheck: Done. [ 131.365142][ T2497] hfsplus: b-tree write err: -5, ino 3 [ 131.431581][ T29] audit: type=1804 audit(1729410313.976:30): pid=6825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.464" name="/newroot/78/file0/file1" dev="loop2" ino=9286 res=1 errno=0 [ 131.523775][ T6888] process 'syz.3.487' launched './file2' with NULL argv: empty string added [ 131.632196][ T5237] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 131.655836][ T6881] bridge_slave_1: left allmulticast mode [ 131.662308][ T6881] bridge_slave_1: left promiscuous mode [ 131.668845][ T6881] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.786884][ T6886] loop1: detected capacity change from 0 to 40427 [ 132.004177][ T6881] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 132.069231][ T6886] F2FS-fs (loop1): Found nat_bits in checkpoint [ 132.285815][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.380614][ T6886] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 132.465528][ T6899] loop0: detected capacity change from 0 to 32768 [ 132.482408][ T6899] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.491 (6899) [ 132.526581][ T6886] syz.1.486: attempt to access beyond end of device [ 132.526581][ T6886] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 132.552465][ T6899] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 132.563086][ T6899] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 132.572994][ T6899] BTRFS info (device loop0): using free-space-tree [ 132.769575][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 132.816663][ T5235] syz-executor: attempt to access beyond end of device [ 132.816663][ T5235] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 132.830917][ T5235] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 133.039338][ T5234] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 133.059658][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.073396][ T9] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 133.082505][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.101921][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 133.112553][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.120745][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.162116][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 133.170496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 133.190288][ T9] usb 3-1: config 0 descriptor?? [ 133.252304][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 133.322007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 133.496551][ T29] audit: type=1326 audit(1729410316.026:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6948 comm="syz.4.505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f8c97dff9 code=0x7fc00000 [ 133.564536][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 133.584851][ T9] usb 3-1: USB disconnect, device number 5 [ 133.615565][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.642823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 134.063907][ T6961] netlink: 40 bytes leftover after parsing attributes in process `syz.5.510'. [ 134.169148][ T6965] netlink: 28 bytes leftover after parsing attributes in process `syz.0.504'. [ 135.024427][ T7001] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 135.054946][ T7002] mac80211_hwsim hwsim12 wlan1: entered promiscuous mode [ 135.064298][ T7000] mac80211_hwsim hwsim12 wlan1: left promiscuous mode [ 135.484925][ T7019] input: syz0 as /devices/virtual/input/input9 [ 135.524132][ T7017] block device autoloading is deprecated and will be removed. [ 135.568676][ T7017] syz.1.534: attempt to access beyond end of device [ 135.568676][ T7017] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 135.810745][ T7030] loop1: detected capacity change from 0 to 256 [ 135.850385][ T7033] netlink: 32 bytes leftover after parsing attributes in process `syz.5.541'. [ 136.186829][ T5253] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 136.201507][ T5253] Bluetooth: hci3: Injecting HCI hardware error event [ 136.210897][ T5253] Bluetooth: hci3: hardware error 0x00 [ 136.438769][ T7021] loop3: detected capacity change from 0 to 32768 [ 136.446859][ T7021] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.536 (7021) [ 136.496251][ T7021] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 136.511743][ T7021] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 136.522669][ T7021] BTRFS info (device loop3): using free-space-tree [ 136.554261][ T7050] loop2: detected capacity change from 0 to 64 [ 136.979690][ T7068] loop1: detected capacity change from 0 to 64 [ 137.587757][ T7089] loop1: detected capacity change from 0 to 512 [ 137.669849][ T7089] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.744239][ T5708] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 137.771223][ T7089] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.933798][ T7088] loop4: detected capacity change from 0 to 2048 [ 138.072269][ T7088] Alternate GPT is invalid, using primary GPT. [ 138.107669][ T7088] loop4: p1 p2 p3 [ 138.182515][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 138.295093][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 138.422022][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 138.442297][ T5253] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 138.579701][ T7080] loop5: detected capacity change from 0 to 131072 [ 139.102410][ T7080] F2FS-fs (loop5): Segment count (31) mismatch with total segments from devices (0) [ 139.111946][ T7080] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 139.131159][ T7080] F2FS-fs (loop5): invalid crc value [ 139.192578][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 139.208947][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 139.220368][ T7104] loop4: detected capacity change from 0 to 32768 [ 139.249439][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 139.259646][ T7104] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.564 (7104) [ 139.288174][ T7080] F2FS-fs (loop5): Found nat_bits in checkpoint [ 139.338858][ T7104] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 139.349567][ T7104] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 139.358700][ T7104] BTRFS info (device loop4): using free-space-tree [ 139.401199][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 139.476711][ T7080] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 139.485335][ T7080] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 139.501183][ T7080] F2FS-fs (loop5): checksum invalid, nid = 7, ino_of_node = 7, 32dd6215 vs. 1de10dc4 [ 139.539029][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 139.575962][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 139.623268][ T5235] EXT4-fs error (device loop1): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 140.021627][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 140.042564][ T5238] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 140.172304][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 140.206902][ T9] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 140.224030][ T9] usb 1-1: config 0 has no interface number 0 [ 140.230471][ T9] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 140.261532][ T9] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 140.298718][ T9] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 140.322868][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.341160][ T9] usb 1-1: Product: syz [ 140.381492][ T9] usb 1-1: Manufacturer: syz [ 140.386145][ T9] usb 1-1: SerialNumber: syz [ 140.429982][ T9] usb 1-1: config 0 descriptor?? [ 140.456701][ T7141] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 140.482153][ T7141] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 140.522730][ T5235] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.702621][ T7141] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 140.709965][ T7141] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 140.769874][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.895471][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.092663][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.147188][ T9] asix 1-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 141.169912][ T9] asix 1-1:0.251: probe with driver asix failed with error -524 [ 141.265496][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.384676][ T5244] usb 1-1: USB disconnect, device number 5 [ 141.586192][ T5252] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 141.597525][ T5252] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 141.610890][ T5252] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 141.619283][ T5252] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 141.629175][ T5252] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 141.638791][ T5252] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 141.866519][ T12] bridge_slave_1: left allmulticast mode [ 141.911606][ T12] bridge_slave_1: left promiscuous mode [ 141.917512][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.976218][ T12] bridge_slave_0: left allmulticast mode [ 142.001743][ T12] bridge_slave_0: left promiscuous mode [ 142.007534][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.064875][ T7167] loop4: detected capacity change from 0 to 32768 [ 142.074100][ T7167] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.584 (7167) [ 142.090897][ T7189] netlink: 172 bytes leftover after parsing attributes in process `syz.0.594'. [ 142.145140][ T7167] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 142.184447][ T7167] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 142.221688][ T7167] BTRFS info (device loop4): using free-space-tree [ 142.313241][ T7202] loop0: detected capacity change from 0 to 1024 [ 142.437854][ T7202] hfsplus: invalid extended attribute record [ 142.444330][ T7180] loop2: detected capacity change from 0 to 32768 [ 142.446949][ T7180] (syz.2.590,7180,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 142.485401][ T7180] (syz.2.590,7180,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 142.555143][ T3029] hfsplus: b-tree write err: -5, ino 8 [ 142.577343][ T7180] JBD2: Ignoring recovery information on journal [ 142.612883][ T5238] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 142.651765][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 142.708601][ T7180] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 142.774541][ T7214] binder: 7213:7214 ioctl 40046205 0 returned -22 [ 142.813692][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 142.821042][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA5, changing to 0x85 [ 142.857048][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 104 [ 142.873955][ T9] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 142.889935][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.911736][ T9] usb 4-1: Product: syz [ 142.915955][ T9] usb 4-1: Manufacturer: syz [ 142.926848][ T9] usb 4-1: SerialNumber: syz [ 142.960034][ T9] usb 4-1: config 0 descriptor?? [ 142.981306][ T7209] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 143.042829][ T9] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input10 [ 143.056818][ T5237] ocfs2: Unmounting device (7,2) on (node local) [ 143.098963][ C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 143.144592][ C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 143.241578][ T5252] Bluetooth: Frame is too long (len 12, expected len 4) [ 143.261633][ T9] usb 4-1: USB disconnect, device number 5 [ 143.309624][ T7222] loop4: detected capacity change from 0 to 1024 [ 143.316903][ T7222] EXT4-fs: Ignoring removed orlov option [ 143.411979][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 143.478078][ T7222] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.492058][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 143.504919][ T7231] loop0: detected capacity change from 0 to 128 [ 143.516595][ T29] audit: type=1800 audit(1863628054.081:32): pid=7222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.602" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 143.550307][ T12] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 143.553597][ T7231] EXT4-fs: Ignoring removed nobh option [ 143.569526][ T5238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.585304][ T12] bond0 (unregistering): Released all slaves [ 143.633405][ T7231] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 143.739725][ T7236] loop5: detected capacity change from 0 to 512 [ 143.748827][ T5252] Bluetooth: hci2: command tx timeout [ 143.763472][ T7236] EXT4-fs: Ignoring removed oldalloc option [ 143.769603][ T7231] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 143.848949][ T7236] EXT4-fs (loop5): can't mount with data=, fs mounted w/o journal [ 143.897180][ T7224] loop2: detected capacity change from 0 to 32768 [ 143.973435][ T5301] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 143.999267][ T5301] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 144.011994][ T5301] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz1 [ 144.053487][ T7231] fscrypt (loop0, inode 12): Sub-block data units not yet supported with IV_INO_LBLK_32 [ 144.147944][ T7255] loop4: detected capacity change from 0 to 64 [ 144.156666][ T7224] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.175176][ T5234] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 144.391842][ T4642] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 144.415663][ T7224] XFS (loop2): Ending clean mount [ 144.457730][ T7224] XFS (loop2): Quotacheck needed: Please wait. [ 144.503760][ T7269] program syz.0.616 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 144.507016][ T7267] loop4: detected capacity change from 0 to 1024 [ 144.562973][ T7224] XFS (loop2): Quotacheck: Done. [ 144.572823][ T4642] usb 4-1: Using ep0 maxpacket: 16 [ 144.583757][ T29] audit: type=1800 audit(1863628055.151:33): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.600" name="file2" dev="loop2" ino=9287 res=0 errno=0 [ 144.590720][ T4642] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 144.615455][ T4642] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 144.626480][ T4642] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 144.636450][ T4642] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 144.646963][ T4642] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 144.672695][ T4642] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 144.682573][ T4642] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 144.690588][ T4642] usb 4-1: Manufacturer: syz [ 144.699071][ T4642] usb 4-1: config 0 descriptor?? [ 144.701550][ T29] audit: type=1800 audit(1863628055.191:34): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.600" name="file2" dev="loop2" ino=9287 res=0 errno=0 [ 144.792373][ T5237] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.845347][ T29] audit: type=1800 audit(1863628055.411:35): pid=7267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.615" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 144.904270][ T12] hsr_slave_0: left promiscuous mode [ 144.919873][ T12] hsr_slave_1: left promiscuous mode [ 145.059554][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.088840][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.102284][ T4642] rc_core: IR keymap rc-hauppauge not found [ 145.118013][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.125276][ T4642] Registered IR keymap rc-empty [ 145.127302][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.154571][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.188110][ T7282] VFS: could not find a valid V7 on nullb0. [ 145.204400][ T12] veth1_macvtap: left promiscuous mode [ 145.212290][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.221599][ T12] veth0_macvtap: left promiscuous mode [ 145.227300][ T12] veth1_vlan: left promiscuous mode [ 145.229056][ T7282] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 145.243246][ T12] veth0_vlan: left promiscuous mode [ 145.250480][ T4642] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 145.261706][ T7282] qnx6: wrong signature (magic) in superblock #1. [ 145.265980][ T4642] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input11 [ 145.277399][ T7282] qnx6: unable to read the first superblock [ 145.326052][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.351843][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.411732][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.441617][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.489253][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.510592][ T7288] loop2: detected capacity change from 0 to 4096 [ 145.524623][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.538665][ T7288] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 145.556325][ T7292] loop4: detected capacity change from 0 to 512 [ 145.572374][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.591042][ T7292] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 145.631666][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.649573][ T7292] EXT4-fs (loop4): 1 truncate cleaned up [ 145.657652][ T7292] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.661612][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.702217][ T4642] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 145.741174][ T7292] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 145.758970][ T4642] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 145.773508][ T4642] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 145.795229][ T4642] usb 4-1: USB disconnect, device number 6 [ 145.802391][ T5252] Bluetooth: hci2: command tx timeout [ 145.857886][ T7288] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 145.907459][ T5238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.154757][ T7290] loop5: detected capacity change from 0 to 32768 [ 146.197447][ T5301] IPVS: starting estimator thread 0... [ 146.203371][ T7304] IPVS: ovf: UDP 127.0.0.1:19999 - no destination available [ 146.238885][ T7290] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 146.301597][ T7306] IPVS: using max 16 ests per chain, 38400 per kthread [ 146.393859][ T7290] XFS (loop5): Ending clean mount [ 146.438754][ T7290] XFS (loop5): Quotacheck needed: Please wait. [ 146.524992][ T7290] XFS (loop5): Quotacheck: Done. [ 146.664329][ T7313] loop4: detected capacity change from 0 to 32768 [ 146.689062][ T12] team0 (unregistering): Port device team_slave_1 removed [ 146.698712][ T5236] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 146.743708][ T12] team0 (unregistering): Port device team_slave_0 removed [ 146.967871][ T7313] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 146.991032][ T7313] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 147.002431][ T7313] bcachefs (loop4): Version upgrade required: [ 147.002431][ T7313] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 147.002431][ T7313] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 147.002431][ T7313] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 147.090722][ T7313] bcachefs (loop4): dropping and reconstructing all alloc info [ 147.231117][ T7313] bcachefs (loop4): check_topology... done [ 147.244603][ T7313] bcachefs (loop4): accounting_read... done [ 147.270929][ T7313] bcachefs (loop4): alloc_read... done [ 147.276961][ T7313] bcachefs (loop4): stripes_read... done [ 147.283584][ T7313] bcachefs (loop4): snapshots_read... done [ 147.290156][ T7313] bcachefs (loop4): check_allocations... done [ 147.457904][ T7313] bcachefs (loop4): going read-write [ 147.470870][ T7313] bcachefs (loop4): done starting filesystem [ 147.709715][ T5238] bcachefs (loop4): shutting down [ 147.723637][ T5238] bcachefs (loop4): going read-only [ 147.735565][ T5238] bcachefs (loop4): finished waiting for writes to stop [ 147.784654][ T5238] bcachefs (loop4): flushing journal and stopping allocators, journal seq 11 [ 147.879021][ T7178] chnl_net:caif_netlink_parms(): no params data found [ 147.886222][ T5252] Bluetooth: hci2: command tx timeout [ 147.915413][ T7278] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 147.946546][ T35] bcachefs (loop4): bch2_write_super(): fatal error loop4: Superblock write was silently dropped! (seq 0 expected 53) [ 147.963432][ T35] bcachefs (loop4): fatal error - emergency read only [ 147.985600][ T7336] netlink: 'syz.5.636': attribute type 8 has an invalid length. [ 148.001757][ T5238] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 14 [ 148.029271][ T5238] bcachefs (loop4): unshutdown complete, journal seq 14 [ 148.037778][ T5238] bcachefs (loop4): done going read-only, filesystem not clean [ 148.115781][ T5238] bcachefs (loop4): shutdown complete [ 148.243996][ T7352] loop5: detected capacity change from 0 to 2048 [ 148.287846][ T7178] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.298196][ T7178] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.310185][ T7352] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.372217][ T7178] bridge_slave_0: entered allmulticast mode [ 148.384014][ T7178] bridge_slave_0: entered promiscuous mode [ 148.421062][ T7178] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.437809][ T7178] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.458018][ T7178] bridge_slave_1: entered allmulticast mode [ 148.470197][ T7352] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 148.505795][ T7352] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 1 with error 28 [ 148.522871][ T7178] bridge_slave_1: entered promiscuous mode [ 148.529998][ T7352] EXT4-fs (loop5): This should not happen!! Data will be lost [ 148.529998][ T7352] [ 148.551183][ T7363] tun0: tun_chr_ioctl cmd 1074025677 [ 148.585239][ T7352] EXT4-fs (loop5): Total free blocks count 0 [ 148.600930][ T7363] tun0: linktype set to 773 [ 148.615983][ T7352] EXT4-fs (loop5): Free/Dirty block details [ 148.639574][ T7352] EXT4-fs (loop5): free_blocks=2415919104 [ 148.648282][ T7352] EXT4-fs (loop5): dirty_blocks=16 [ 148.658782][ T7352] EXT4-fs (loop5): Block reservation details [ 148.677465][ T7352] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 148.728665][ T7178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.767133][ T7178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.822242][ T2497] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 148.925947][ T7178] team0: Port device team_slave_0 added [ 148.938064][ T7178] team0: Port device team_slave_1 added [ 149.078285][ T7359] loop0: detected capacity change from 0 to 32768 [ 149.119127][ T7359] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.644 (7359) [ 149.123500][ T7178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.149546][ T7178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.183967][ T7178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.198485][ T7359] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 149.219118][ T7359] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 149.235637][ T7178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.241520][ T7359] BTRFS info (device loop0): disk space caching is enabled [ 149.249998][ T7359] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 149.261463][ T7178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.291235][ T7178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.480617][ T7367] loop2: detected capacity change from 0 to 32768 [ 149.498541][ T7367] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.646 (7367) [ 149.518428][ T7178] hsr_slave_0: entered promiscuous mode [ 149.536058][ T7178] hsr_slave_1: entered promiscuous mode [ 149.539225][ T7367] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.562052][ T7367] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 149.570777][ T7367] BTRFS info (device loop2): using free-space-tree [ 149.590496][ T7178] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.607402][ T7178] Cannot create hsr debugfs directory [ 149.659090][ T7359] BTRFS info (device loop0): rebuilding free space tree [ 149.703085][ T7359] BTRFS info (device loop0): disabling free space tree [ 149.708921][ T7391] loop3: detected capacity change from 0 to 4096 [ 149.718160][ T7359] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 149.744068][ T7359] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 149.877961][ T5237] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.971766][ T5253] Bluetooth: hci2: command tx timeout [ 150.228291][ T5234] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 150.288469][ T7419] program syz.3.657 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.399081][ T5253] Bluetooth: hci4: unknown advertising packet type: 0x63 [ 150.879278][ T7178] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 150.957413][ T7178] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 151.028402][ T7178] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 151.053586][ T4642] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 151.099297][ T7178] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 151.260170][ T4642] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 151.282506][ T4642] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.290536][ T4642] usb 6-1: Product: syz [ 151.311307][ T4642] usb 6-1: Manufacturer: syz [ 151.321533][ T4642] usb 6-1: SerialNumber: syz [ 151.357530][ T7178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.366904][ T4642] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 151.419933][ T7178] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.439549][ T5298] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 151.450407][ T7426] loop3: detected capacity change from 0 to 32768 [ 151.495445][ T7426] (syz.3.659,7426,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 151.518577][ T7444] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.667'. [ 151.564899][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.572069][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.582288][ T7426] (syz.3.659,7426,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 151.610364][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.617558][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.790844][ T7178] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 151.813298][ T7178] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 151.871527][ T7440] loop0: detected capacity change from 0 to 40427 [ 151.906001][ T7440] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(0) root(83886083) [ 151.914376][ T7440] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 151.922783][ T7440] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1fffff [ 151.931249][ T7440] F2FS-fs (loop0): heap/no_heap options were deprecated [ 151.938398][ T7440] F2FS-fs (loop0): Image doesn't support compression [ 151.962083][ T7440] F2FS-fs (loop0): invalid crc value [ 151.993355][ T7440] F2FS-fs (loop0): Found nat_bits in checkpoint [ 152.011194][ T25] usb 6-1: USB disconnect, device number 6 [ 152.099055][ T7426] JBD2: Ignoring recovery information on journal [ 152.204782][ T7455] loop4: detected capacity change from 0 to 512 [ 152.314431][ T7440] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 152.323889][ T7440] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 152.358808][ T29] audit: type=1326 audit(1863628062.871:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0c12174fa7 code=0x7ffc0000 [ 152.401595][ T29] audit: type=1326 audit(1863628062.871:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0c12119959 code=0x7ffc0000 [ 152.434023][ T29] audit: type=1326 audit(1863628062.871:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c1217dff9 code=0x7ffc0000 [ 152.446346][ T7455] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.457254][ T29] audit: type=1326 audit(1863628062.871:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0c12174fa7 code=0x7ffc0000 [ 152.470145][ T7455] ext4 filesystem being mounted at /114/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 152.500883][ T29] audit: type=1326 audit(1863628062.871:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0c12119959 code=0x7ffc0000 [ 152.525788][ T29] audit: type=1326 audit(1863628062.871:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f0c1217dff9 code=0x7ffc0000 [ 152.553581][ T7440] F2FS-fs (loop0): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x6a5/0x1d60 [ 152.566615][ T5298] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 152.566723][ T29] audit: type=1326 audit(1863628062.871:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0c12174fa7 code=0x7ffc0000 [ 152.595639][ T5298] ath9k_htc: Failed to initialize the device [ 152.604533][ T29] audit: type=1326 audit(1863628062.871:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0c12119959 code=0x7ffc0000 [ 152.637748][ T25] usb 6-1: ath9k_htc: USB layer deinitialized [ 152.646648][ T29] audit: type=1326 audit(1863628062.871:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.2.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c1217dff9 code=0x7ffc0000 [ 152.683632][ T7426] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 152.696642][ T5234] syz-executor: attempt to access beyond end of device [ 152.696642][ T5234] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 152.752946][ T7178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.759142][ T5238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.787095][ T5234] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 152.839677][ T5234] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 152.913680][ T7178] veth0_vlan: entered promiscuous mode [ 152.978458][ T7178] veth1_vlan: entered promiscuous mode [ 153.049632][ T5708] ocfs2: Unmounting device (7,3) on (node local) [ 153.078719][ T7178] veth0_macvtap: entered promiscuous mode [ 153.087229][ T7178] veth1_macvtap: entered promiscuous mode [ 153.099229][ T7477] loop2: detected capacity change from 0 to 2048 [ 153.099979][ T7477] EXT4-fs: Ignoring removed mblk_io_submit option [ 153.174985][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.175014][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.175031][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.175051][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.235075][ T7477] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.264365][ T7477] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.677: bg 0: block 234: padding at end of block bitmap is not set [ 153.269910][ T7477] EXT4-fs (loop2): Remounting filesystem read-only [ 153.281481][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.326191][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.336785][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.347502][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.359071][ T7178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.396006][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.411128][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.422760][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.433509][ T5237] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.457680][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.468817][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.468841][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.468867][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.468887][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.502519][ T7178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.506049][ T7178] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.506129][ T7178] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.506169][ T7178] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.506208][ T7178] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.668905][ T29] audit: type=1326 audit(1863628064.221:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7485 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c1217dff9 code=0x7ffc0000 [ 153.711707][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.711730][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.780471][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.780499][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.829163][ T7492] loop3: detected capacity change from 0 to 1024 [ 153.829918][ T7492] EXT4-fs: Ignoring removed nomblk_io_submit option [ 153.843169][ T7495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.684'. [ 153.856935][ T7492] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a042c018, mo2=0002] [ 154.062109][ T7492] System zones: 0-1, 3-12 [ 154.067714][ T7492] EXT4-fs (loop3): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.273563][ T5708] EXT4-fs (loop3): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 154.565325][ T7512] loop0: detected capacity change from 0 to 32768 [ 154.667077][ T7523] loop3: detected capacity change from 0 to 2048 [ 154.740306][ T7533] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 154.994155][ T7543] Context (ID=0x1) not attached to queue pair (handle=0x1:0x0) [ 155.183528][ T7550] vivid-003: ================= START STATUS ================= [ 155.202146][ T7550] vivid-003: Radio HW Seek Mode: Bounded [ 155.219124][ T7550] vivid-003: Radio Programmable HW Seek: false [ 155.231531][ T7550] vivid-003: RDS Rx I/O Mode: Block I/O [ 155.244363][ T7550] vivid-003: Generate RBDS Instead of RDS: false [ 155.268948][ T7550] vivid-003: RDS Reception: true [ 155.274652][ T7552] loop0: detected capacity change from 0 to 2048 [ 155.288321][ T7550] vivid-003: RDS Program Type: 0 inactive [ 155.306356][ T7552] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.363159][ T7550] vivid-003: RDS PS Name: inactive [ 155.368438][ T7550] vivid-003: RDS Radio Text: inactive [ 155.411615][ T7550] vivid-003: RDS Traffic Announcement: false inactive [ 155.418717][ T7550] vivid-003: RDS Traffic Program: false inactive [ 155.426677][ T7550] vivid-003: RDS Music: false inactive [ 155.433022][ T7550] vivid-003: ================== END STATUS ================== [ 155.497184][ T7538] loop5: detected capacity change from 0 to 32768 [ 155.546337][ T7538] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 155.650583][ T5234] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.687832][ T7566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.712'. [ 155.699418][ T7567] loop3: detected capacity change from 0 to 512 [ 155.733142][ T5236] ocfs2: Unmounting device (7,5) on (node local) [ 155.785330][ T7567] EXT4-fs: Ignoring removed i_version option [ 155.811389][ T7567] EXT4-fs: Ignoring removed nobh option [ 155.833985][ T7567] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 155.844407][ T25] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 155.890658][ T7573] loop0: detected capacity change from 0 to 8 [ 155.900881][ T7567] EXT4-fs (loop3): 1 truncate cleaned up [ 155.908100][ T7567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.908350][ T7573] SQUASHFS error: lzo decompression failed, data probably corrupt [ 155.928423][ T7573] SQUASHFS error: Failed to read block 0x91: -5 [ 155.934727][ T7573] SQUASHFS error: Unable to read metadata cache entry [8f] [ 155.943922][ T7573] SQUASHFS error: Unable to read inode 0x11f [ 156.029362][ T7576] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.716'. [ 156.040182][ T7576] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 156.111642][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 156.120731][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 156.133743][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 156.145410][ T25] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 156.155535][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.166496][ T25] usb 5-1: config 0 descriptor?? [ 156.254467][ T5708] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.371577][ T5244] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 156.534725][ T5244] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 156.561921][ T5244] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 156.593647][ T7563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.599849][ T5244] usb 3-1: Manufacturer: syz [ 156.619805][ T5244] usb 3-1: config 0 descriptor?? [ 156.670444][ T7563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.720513][ T25] hid (null): bogus close delimiter [ 156.746647][ T25] hid-generic 0003:0158:0100.0006: unknown main item tag 0x0 [ 156.787594][ T25] hid-generic 0003:0158:0100.0006: bogus close delimiter [ 156.812439][ T25] hid-generic 0003:0158:0100.0006: item 0 0 2 10 parsing failed [ 156.831029][ T25] hid-generic 0003:0158:0100.0006: probe with driver hid-generic failed with error -22 [ 156.856758][ T7604] netlink: 12 bytes leftover after parsing attributes in process `syz.5.729'. [ 156.930706][ T25] usb 5-1: USB disconnect, device number 4 [ 156.955623][ T7606] loop1: detected capacity change from 0 to 256 [ 156.988018][ T7606] FAT-fs (loop1): bogus sectors per cluster 0 [ 157.001381][ T7606] FAT-fs (loop1): Can't find a valid FAT filesystem [ 157.036121][ T5244] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 157.249058][ T5244] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 157.292365][ T5244] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 157.453301][ T5244] usb 3-1: USB disconnect, device number 6 [ 157.458077][ T7619] loop0: detected capacity change from 0 to 1024 [ 157.485107][ T7621] loop3: detected capacity change from 0 to 128 [ 157.530892][ T7621] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 157.705344][ T7621] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 157.727861][ T7611] loop5: detected capacity change from 0 to 32768 [ 157.795405][ T7632] netlink: 44 bytes leftover after parsing attributes in process `syz.4.740'. [ 157.805699][ T7611] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 157.846901][ T7615] loop1: detected capacity change from 0 to 32768 [ 157.875810][ T5708] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 157.987191][ T7615] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.048020][ T7651] netlink: 9 bytes leftover after parsing attributes in process `syz.0.744'. [ 158.062405][ T7651] netlink: 56 bytes leftover after parsing attributes in process `syz.0.744'. [ 158.078052][ T7611] XFS (loop5): Ending clean mount [ 158.078778][ T7651] netlink: 9 bytes leftover after parsing attributes in process `syz.0.744'. [ 158.161786][ T5299] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 158.240501][ T5236] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.245495][ T7660] netlink: 'syz.2.747': attribute type 1 has an invalid length. [ 158.271566][ T7660] netlink: 9372 bytes leftover after parsing attributes in process `syz.2.747'. [ 158.301812][ T7660] netlink: 'syz.2.747': attribute type 1 has an invalid length. [ 158.441657][ T5299] usb 5-1: Using ep0 maxpacket: 16 [ 158.448671][ T5299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.449923][ T7615] XFS (loop1): Ending clean mount [ 158.461141][ T5299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.489787][ T5299] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 158.512597][ T5299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.570265][ T5299] usb 5-1: config 0 descriptor?? [ 158.621256][ T7178] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 159.123285][ T5299] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x0 [ 159.162730][ T5299] corsair 0003:1B1C:1B02.0007: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.4-1/input0 [ 159.309847][ T5299] corsair 0003:1B1C:1B02.0007: Read invalid backlight brightness: db. [ 159.509378][ T7667] loop0: detected capacity change from 0 to 40427 [ 159.533354][ T931] usb 5-1: USB disconnect, device number 5 [ 159.534544][ T7675] loop5: detected capacity change from 0 to 40427 [ 159.556006][ T7675] F2FS-fs (loop5): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 159.564962][ T7667] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1fffff [ 159.581631][ T7675] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 159.593864][ T7667] F2FS-fs (loop0): invalid crc value [ 159.648544][ T7699] netem: incorrect gi model size [ 159.654613][ T7699] netem: change failed [ 159.659917][ T7675] F2FS-fs (loop5): invalid crc value [ 159.696646][ T7667] F2FS-fs (loop0): Found nat_bits in checkpoint [ 159.799669][ T7708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.768'. [ 159.802018][ T7675] F2FS-fs (loop5): Found nat_bits in checkpoint [ 159.851185][ T7667] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 159.955911][ T7675] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 159.966713][ T7675] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 159.994154][ T7700] f2fs_ckpt-7:5: attempt to access beyond end of device [ 159.994154][ T7700] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 160.023472][ T7700] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 160.080438][ T7718] syz.5.754: attempt to access beyond end of device [ 160.080438][ T7718] loop5: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 160.698455][ T7745] loop5: detected capacity change from 0 to 64 [ 160.734928][ T7745] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 161.049823][ T7760] netlink: 'syz.0.789': attribute type 1 has an invalid length. [ 161.141619][ T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 161.301590][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 161.308649][ T25] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 161.320260][ T25] usb 3-1: config 0 has no interface number 0 [ 161.340595][ T25] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 161.367942][ T25] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 161.410288][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.431996][ T25] usb 3-1: config 0 descriptor?? [ 161.458922][ T25] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 161.671477][ T25] usb 3-1: USB disconnect, device number 7 [ 161.718509][ T25] iowarrior 3-1:0.1: I/O-Warror #0 now disconnected [ 266.781389][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 266.788387][ C0] rcu: 1-...!: (1 ticks this GP) idle=6344/1/0x4000000000000000 softirq=22156/22156 fqs=0 [ 266.800601][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P7755/1:b..l P5238/1:b..l [ 266.809694][ C0] rcu: (detected by 0, t=10502 jiffies, g=19785, q=475 ncpus=2) [ 266.817424][ C0] Sending NMI from CPU 0 to CPUs 1: [ 266.817458][ C1] NMI backtrace for cpu 1 [ 266.817471][ C1] CPU: 1 UID: 0 PID: 7775 Comm: syz.5.796 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 266.817495][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 266.817509][ C1] RIP: 0010:taprio_set_budgets+0x12b/0x370 [ 266.817542][ C1] Code: 00 00 00 4c 89 fe e8 f4 d8 c8 f7 49 83 ff 0f 0f 87 63 01 00 00 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 <74> 08 4c 89 ef e8 7b 98 32 f8 4b 8b 2c 66 48 b8 00 00 00 00 00 fc [ 266.817562][ C1] RSP: 0018:ffffc90000a18c30 EFLAGS: 00000046 [ 266.817581][ C1] RAX: 1ffff11005e22381 RBX: ffff88802f111930 RCX: dffffc0000000000 [ 266.817599][ C1] RDX: 0000000000010000 RSI: 0000000000000001 RDI: 0000000000000010 [ 266.817613][ C1] RBP: 0000000000000000 R08: ffffffff89cc13ec R09: 1ffff11005e22390 [ 266.817629][ C1] R10: dffffc0000000000 R11: ffffed1005e22391 R12: 0000000000000004 [ 266.817645][ C1] R13: ffff88802f111c08 R14: ffff88802f111c00 R15: 0000000000000001 [ 266.817665][ C1] FS: 000055559512a500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 266.817686][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 266.817701][ C1] CR2: 000000110c380017 CR3: 0000000063fc4000 CR4: 0000000000350ef0 [ 266.817719][ C1] Call Trace: [ 266.817729][ C1] [ 266.817739][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 266.817771][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 266.817809][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 266.817839][ C1] ? nmi_handle+0x2a/0x5a0 [ 266.817874][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 266.817906][ C1] ? nmi_handle+0x151/0x5a0 [ 266.817930][ C1] ? nmi_handle+0x2a/0x5a0 [ 266.817955][ C1] ? taprio_set_budgets+0x12b/0x370 [ 266.817980][ C1] ? default_do_nmi+0x63/0x160 [ 266.818010][ C1] ? exc_nmi+0x123/0x1f0 [ 266.818040][ C1] ? end_repeat_nmi+0xf/0x53 [ 266.818068][ C1] ? taprio_set_budgets+0x10c/0x370 [ 266.818101][ C1] ? taprio_set_budgets+0x12b/0x370 [ 266.818128][ C1] ? taprio_set_budgets+0x12b/0x370 [ 266.818155][ C1] ? taprio_set_budgets+0x12b/0x370 [ 266.818181][ C1] [ 266.818188][ C1] [ 266.818201][ C1] advance_sched+0x98d/0xca0 [ 266.818236][ C1] ? __pfx_advance_sched+0x10/0x10 [ 266.818261][ C1] __hrtimer_run_queues+0x59d/0xd50 [ 266.818287][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 266.818331][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 266.818356][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.818382][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 266.818418][ C1] hrtimer_interrupt+0x396/0x990 [ 266.818458][ C1] __sysvec_apic_timer_interrupt+0x112/0x3f0 [ 266.818485][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 266.818520][ C1] [ 266.818528][ C1] [ 266.818537][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 266.818561][ C1] RIP: 0010:unwind_next_frame+0xb89/0x22d0 [ 266.818584][ C1] Code: 5c 24 40 49 8b 6d 08 49 8d 5d 10 49 89 df 49 c1 ef 03 43 80 3c 27 00 74 08 48 89 df e8 e0 3a bd 00 4c 8b 74 24 08 4d 8b 66 10 <48> b8 00 00 00 00 00 fc ff df 48 8b 4c 24 20 0f b6 04 01 84 c0 0f [ 266.818602][ C1] RSP: 0018:ffffc900041878b0 EFLAGS: 00000246 [ 266.818621][ C1] RAX: 1ffff92000830f31 RBX: ffffc90004187990 RCX: ffffffff90306cfc [ 266.818638][ C1] RDX: ffffffff90a73ac8 RSI: 0000000000000002 RDI: ffffffff814166e0 [ 266.818655][ C1] RBP: ffffc90004180000 R08: 000000000000000c R09: ffffc90004187a70 [ 266.818671][ C1] R10: dffffc0000000000 R11: ffffffff8180a0e0 R12: ffffc90004188000 [ 266.818688][ C1] R13: ffffc90004187980 R14: ffffc90004187980 R15: 1ffff92000830f32 [ 266.818708][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 266.818741][ C1] ? unwind_next_frame+0xb0/0x22d0 [ 266.818772][ C1] ? stack_trace_save+0x118/0x1d0 [ 266.818801][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 266.818831][ C1] arch_stack_walk+0x11c/0x150 [ 266.818860][ C1] ? stack_trace_save+0x118/0x1d0 [ 266.818890][ C1] stack_trace_save+0x118/0x1d0 [ 266.818920][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 266.818950][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.818975][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 266.819015][ C1] kasan_save_track+0x3f/0x80 [ 266.819076][ C1] kasan_save_free_info+0x40/0x50 [ 266.819113][ C1] __kasan_slab_free+0x59/0x70 [ 266.819138][ C1] ? file_free+0x24/0x1f0 [ 266.819167][ C1] kmem_cache_free+0x1a2/0x420 [ 266.819199][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.819225][ C1] ? file_free+0x24/0x1f0 [ 266.819257][ C1] file_free+0x24/0x1f0 [ 266.819290][ C1] task_work_run+0x251/0x310 [ 266.819320][ C1] ? __pfx_task_work_run+0x10/0x10 [ 266.819349][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 266.819375][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 266.819400][ C1] do_syscall_64+0x100/0x230 [ 266.819428][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.819464][ C1] RIP: 0033:0x7f2be817dff9 [ 266.819484][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.819503][ C1] RSP: 002b:00007ffd38542128 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 266.819524][ C1] RAX: 0000000000000000 RBX: 00000000000277d9 RCX: 00007f2be817dff9 [ 266.819539][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 266.819553][ C1] RBP: 00007f2be8337a80 R08: 0000000000000001 R09: 00007ffd3854241f [ 266.819569][ C1] R10: 00007f2be8000000 R11: 0000000000000246 R12: 0000000000027811 [ 266.819584][ C1] R13: 00007ffd38542230 R14: 0000000000000032 R15: ffffffffffffffff [ 266.819611][ C1] [ 266.820451][ C0] task:syz-executor state:R running task stack:12368 pid:5238 tgid:5238 ppid:5232 flags:0x00000000 [ 267.378488][ C0] Call Trace: [ 267.381771][ C0] [ 267.384719][ C0] __schedule+0x1895/0x4b30 [ 267.389265][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.394928][ C0] ? __pfx___schedule+0x10/0x10 [ 267.399811][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.405459][ C0] ? mark_lock+0x9a/0x360 [ 267.409810][ C0] ? copy_pmd_range+0x7b35/0x85f0 [ 267.414849][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.420511][ C0] ? preempt_schedule+0xe1/0xf0 [ 267.425404][ C0] preempt_schedule_common+0x84/0xd0 [ 267.430721][ C0] preempt_schedule+0xe1/0xf0 [ 267.435423][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 267.440818][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 267.446736][ C0] ? __page_table_check_ptes_set+0x30f/0x410 [ 267.452741][ C0] ? copy_pmd_range+0x7b35/0x85f0 [ 267.457778][ C0] preempt_schedule_thunk+0x1a/0x30 [ 267.462995][ C0] _raw_spin_unlock+0x3e/0x50 [ 267.467696][ C0] copy_pmd_range+0x7b90/0x85f0 [ 267.472584][ C0] ? mas_destroy+0x197c/0x1fe0 [ 267.477372][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 267.482586][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.488233][ C0] ? look_up_lock_class+0x77/0x170 [ 267.493358][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.499004][ C0] ? register_lock_class+0x102/0x980 [ 267.504322][ C0] ? __pfx_mas_destroy+0x10/0x10 [ 267.509290][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.514942][ C0] ? mark_lock+0x9a/0x360 [ 267.519287][ C0] ? __entry_text_end+0x1020c5/0x1020c9 [ 267.524849][ C0] ? __lock_acquire+0x1384/0x2050 [ 267.529929][ C0] copy_page_range+0x99f/0xe90 [ 267.534732][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 267.540037][ C0] ? __pfx_up_write+0x10/0x10 [ 267.544728][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.550375][ C0] ? __asan_memset+0x23/0x50 [ 267.554993][ C0] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 267.561775][ C0] ? vma_interval_tree_insert_after+0x259/0x2b0 [ 267.568043][ C0] copy_mm+0x11fb/0x1f40 [ 267.572334][ C0] ? __pfx_copy_mm+0x10/0x10 [ 267.576958][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.582606][ C0] ? __init_rwsem+0x122/0x160 [ 267.587301][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.592949][ C0] ? copy_signal+0x52a/0x650 [ 267.597563][ C0] copy_process+0x1845/0x3d50 [ 267.602279][ C0] ? copy_process+0x9fa/0x3d50 [ 267.607071][ C0] ? __lock_acquire+0x1384/0x2050 [ 267.612123][ C0] ? __pfx_copy_process+0x10/0x10 [ 267.617179][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.622831][ C0] kernel_clone+0x226/0x8f0 [ 267.627365][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 267.632435][ C0] __x64_sys_clone+0x258/0x2a0 [ 267.637216][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 267.642510][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 267.648528][ C0] ? exc_page_fault+0x590/0x8c0 [ 267.653402][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.659052][ C0] ? do_syscall_64+0xb6/0x230 [ 267.663746][ C0] do_syscall_64+0xf3/0x230 [ 267.668267][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.674199][ C0] RIP: 0033:0x7f5f8c974853 [ 267.678626][ C0] RSP: 002b:00007fff176e4268 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 267.687057][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f8c974853 [ 267.695037][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 267.703013][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 267.710992][ C0] R10: 000055557d8b47d0 R11: 0000000000000246 R12: 0000000000000000 [ 267.718970][ C0] R13: 00000000000277a0 R14: 0000000000027689 R15: 00007fff176e43f0 [ 267.726971][ C0] [ 267.729998][ C0] task:syz.3.785 state:R running task stack:23088 pid:7755 tgid:7751 ppid:5708 flags:0x00004000 [ 267.741785][ C0] Call Trace: [ 267.745071][ C0] [ 267.748041][ C0] __schedule+0x1895/0x4b30 [ 267.752589][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.758252][ C0] ? __pfx___schedule+0x10/0x10 [ 267.763129][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.768775][ C0] ? mark_lock+0x9a/0x360 [ 267.773131][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.778781][ C0] ? preempt_schedule+0xe1/0xf0 [ 267.783671][ C0] preempt_schedule_common+0x84/0xd0 [ 267.788993][ C0] preempt_schedule+0xe1/0xf0 [ 267.793694][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 267.799093][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 267.805011][ C0] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 267.810585][ C0] preempt_schedule_thunk+0x1a/0x30 [ 267.815806][ C0] _raw_spin_unlock+0x3e/0x50 [ 267.820506][ C0] unmap_page_range+0x36b1/0x40e0 [ 267.825585][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 267.830979][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.836632][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.842279][ C0] ? mas_next_slot+0xdc6/0xea0 [ 267.847080][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.852726][ C0] ? uprobe_munmap+0x183/0x460 [ 267.857510][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.863156][ C0] ? unmap_single_vma+0x1bd/0x2b0 [ 267.868292][ C0] unmap_vmas+0x3cc/0x5f0 [ 267.872655][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 267.877540][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.883190][ C0] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 267.888672][ C0] exit_mmap+0x275/0xc40 [ 267.892936][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.898593][ C0] ? __mutex_lock+0x2ef/0xd70 [ 267.903287][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 267.908077][ C0] ? __pfx_exit_aio+0x10/0x10 [ 267.912786][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.918433][ C0] ? uprobe_clear_state+0x271/0x290 [ 267.923645][ C0] ? mm_update_next_owner+0xa4/0x810 [ 267.928940][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 267.934162][ C0] __mmput+0x115/0x390 [ 267.938255][ C0] exit_mm+0x220/0x310 [ 267.942343][ C0] ? __pfx_exit_mm+0x10/0x10 [ 267.946946][ C0] ? taskstats_exit+0x326/0xa60 [ 267.951817][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.957469][ C0] do_exit+0x9b2/0x28e0 [ 267.961645][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.967295][ C0] ? __pfx_do_exit+0x10/0x10 [ 267.971902][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 267.977300][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.982950][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 267.988957][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 267.995318][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 268.000496][ C0] do_group_exit+0x207/0x2c0 [ 268.005118][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 268.010341][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.015989][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 268.021202][ C0] get_signal+0x16a3/0x1740 [ 268.025734][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.031379][ C0] ? __pfx_get_signal+0x10/0x10 [ 268.036257][ C0] arch_do_signal_or_restart+0x96/0x860 [ 268.041826][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 268.047999][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 268.054018][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 268.059753][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 268.065316][ C0] do_syscall_64+0x100/0x230 [ 268.069924][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.075844][ C0] RIP: 0033:0x7fac7c57dff9 [ 268.080268][ C0] RSP: 002b:00007fac7d3160e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 268.088696][ C0] RAX: fffffffffffffe00 RBX: 00007fac7c735f88 RCX: 00007fac7c57dff9 [ 268.096676][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fac7c735f88 [ 268.104657][ C0] RBP: 00007fac7c735f80 R08: 0000000000000000 R09: 0000000000000000 [ 268.112632][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac7c735f8c [ 268.120609][ C0] R13: 0000000000000000 R14: 00007ffc878d3be0 R15: 00007ffc878d3cc8 [ 268.128608][ C0] [ 268.131629][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g19785 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 268.143960][ C0] rcu: Possible timer handling issue on cpu=1 timer-softirq=10568 [ 268.151845][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g19785 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 268.163218][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 268.173190][ C0] rcu: RCU grace-period kthread stack dump: [ 268.179076][ C0] task:rcu_preempt state:I stack:24912 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 268.189293][ C0] Call Trace: [ 268.192571][ C0] [ 268.195507][ C0] __schedule+0x1895/0x4b30 [ 268.200058][ C0] ? __pfx___schedule+0x10/0x10 [ 268.204973][ C0] ? __pfx_lock_release+0x10/0x10 [ 268.210021][ C0] ? __asan_memset+0x23/0x50 [ 268.214640][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 268.220817][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 268.227168][ C0] ? schedule+0x90/0x320 [ 268.231435][ C0] schedule+0x14b/0x320 [ 268.235621][ C0] schedule_timeout+0x1be/0x310 [ 268.240493][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 268.245888][ C0] ? __pfx_process_timeout+0x10/0x10 [ 268.251230][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.256897][ C0] ? prepare_to_swait_event+0x330/0x350 [ 268.262474][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 268.267427][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 268.272655][ C0] ? rcu_gp_init+0x1256/0x1630 [ 268.277446][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 268.282397][ C0] ? __pfx_rcu_watching_snap_save+0x10/0x10 [ 268.288307][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 268.293607][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 268.299537][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.305285][ C0] ? finish_swait+0xd4/0x1e0 [ 268.309907][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 268.314514][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 268.319722][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 268.325646][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.331304][ C0] ? __kthread_parkme+0x169/0x1d0 [ 268.336367][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 268.341581][ C0] kthread+0x2f2/0x390 [ 268.345664][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 268.350875][ C0] ? __pfx_kthread+0x10/0x10 [ 268.355481][ C0] ret_from_fork+0x4d/0x80 [ 268.359923][ C0] ? __pfx_kthread+0x10/0x10 [ 268.364529][ C0] ret_from_fork_asm+0x1a/0x30 [ 268.369337][ C0]