last executing test programs: 1m50.795034108s ago: executing program 0 (id=156): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x5, 0x8, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000bc0)={r1, 0x0, 0x0}, 0x10) 1m50.13634657s ago: executing program 0 (id=160): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) syz_io_uring_setup(0x82e, 0x0, &(0x7f0000000100), &(0x7f0000000080)) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x40, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) 1m48.524133943s ago: executing program 0 (id=167): r0 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x116, 0x0, r0}, &(0x7f0000000040)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000001800)=""/201, 0xc9}], 0x1, 0x0, 0x1}) io_uring_enter(r1, 0x847ba, 0x2000, 0xe, 0x0, 0x0) 1m47.610946944s ago: executing program 0 (id=176): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000180)={[{@min_batch_time={'min_batch_time', 0x3d, 0x83}}, {@init_itable}, {@mblk_io_submit}]}, 0x3, 0x476, &(0x7f0000000d40)="$eJzs3MtvVFUYAPDv3naKtWAr4gt8VNFIfLQUUFm4UKOJC0xMdKHLSVsIUsDQmghpYnGBK2NM3BOX/guudGOMKxO3ujckxLARXI25M/e284bSmQ44v18y8J376DnfnHvac+/pNIChNZ39k0TsjIg/ImKyVmw8YLr23/Vrq/M3rq3OJ1GpvP93Uj3un2ur88WhxXkT9YVIYl+bepfPXzhVXlpaPJeXZ1dOfzK7fP7CSydPl08snlg8c+jo0SOH51595dDLPclzItI8euejb9499lVD/k159Mh0t53PVio9rm6wdtXFowNsB5szkvdXqTr+J2Okrvcm4+0v1gufD6iBQN9UKpXKROfdaxXgfyyJxrIhD8Oi+EFf3P+2uw9+vW+zj8G7+kbtBijL+3r+qu0ZXX9iUGq6v+2l6Yj4cO3fy9kr+vMcAgCgwY/Z/OfFbLazOp/NPTbmH2k8VHfcffna0FRE3B8RuyPigTgTeyLiwYjqsQ9HxCObrL95kaR1/pNeua3EblE2/3stX9tqnP8Vs7+YGslLu6r5l5LjJ5cWD+bvyYEo7cjKc13q+Omt37/utK9u/pe9t5ez+ou5YN6OK6M7Gs9ZKK+Ut5JzvasXI/aOtss/WV8JSCLi0YjY2+4LpDev4+Tz3z/WaV/9/Dd7tebfRQ8WmirfRTxX6/+1aMq/kHRfn5y9J5YWD84WV0WrX3+79F6n+reUfw9k/X9v2+t/Pf+ppH69dnnzdVz688uO9zTTpTzomH/r9b9WXimPJR9U47F822fllZVzcxFjybFao+u3H9o4tygXx2f5H9jffvzvjo13Yl9EZBfx4xHxREQ8mffdUxHxdETs75L/L28+83HztvEi/zug/xc21f8bwVg0b2kfjJz6+YeGSqc2wjz/G53zz/r/SDU6kG+5le9/t9Ku27uaAQAA4O6TRsTOSNKZ9ThNZ2Zqv8O/JyJdOru88sLxs5+eWah9RmAqSmnxpGuy7nnoXH5bXytfjIjarxYU+w9HWn1u/O3IeLU8M392aWHQycOQm+gw/jN/jQy6dUDf+cAWDC/jH4ZX1/Ff2r52ANuvZfx3HfM7+toWYHu1+fk/Poh2ANuv3fzf3/uB4dA0/i37wRDx/B+Gl/EPw8v4h6G0PB43/5B816D4Srd5+s2CyYittnAwQZTuiGb0LYi071WM9ffS6luQ3IVtbgkG9z0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgl/4LAAD//9yCzmA=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0xe0880, 0x4b) getdents(r0, 0x0, 0x0) 1m46.789787182s ago: executing program 0 (id=185): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0xfffffffb) syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000005c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0xc2}}}}}}}, 0x0) 1m46.073478016s ago: executing program 0 (id=189): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001440)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000001480)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20004000) 1m45.409554108s ago: executing program 32 (id=189): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001440)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000001480)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20004000) 3.641409168s ago: executing program 3 (id=844): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000200)={[{@barrier}]}, 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x40000) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.155531524s ago: executing program 2 (id=847): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1400c, &(0x7f0000000840)={[{@stripe={'stripe', 0x3d, 0x3d}}, {@init_itable}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x3, 0x44d, &(0x7f0000000340)="$eJzs281vFGUYAPBnZrvFWrAV8Qv8qKKx8aOlgMrBgxpNPGBiogc9Nm0hyAKG1kQIiWAMnowx8W48+i940osxnky86t2QENOL4GnN7M60u8vu0pbdLrK/XzLwvPPR93125t19Z97dAIbWVPZPErEzIv6IiIl6sXmHqfp/11YvLFxfvbCQRLX67t9Jbb9/Vi8sFLsWx43nhek0Iv08iX1t6l0+d/7kfKWydDYvz66c+mh2+dz5F06cmj++dHzp9MEjRw4fmnv5pYMv9iTP8Ujz6K0Pvn776JdN+bfk0SNT3TY+Xa32uLrB2tUQJyMDbAibUoqI7HSVa/1/IkqxfvIm4s3PBto4oK+q1Wp1vPPmi1XgDpZEc1mXh2FRfNBn97/F0joIeLV/w4+Bu/pa/QYoy/tavtS3jKw9MSi33N/20lREvH/x32+zJfrzHAIAoMmP2fjn+Wy00zr+S+OBhv3uyeeGJiPi3ojYHRH3xenYExH3R9T2fTAiHtpk/a2TJDeOf9IrW0psg7Lx3yv53Fbz+K8Y/cVkKS/tquVfTo6dqCwdyF+T6SjvyMpzXer46Y3fv+q0rXH8ly1Z/cVYMG/HlZEdzccszq/M30rOja5eitg70i7/ZG0mIImIhyNi7xbrOPHs94902nbz/LvowTxT9buIZ+rn/2K05F9Ius9Pzt4VlaUDs8VVcaNff7v8Tqf6byn/HsjO/91tr/+1/CeTxvna5c3XcfnPLzre02z1+h9N3qvFo/m6T+ZXVs7ORYwmR+uNblx/cP3Yolzsn+U/vb99/98d66/EvojILuJHI+KxiHg8b/sTEfFkROzvkv8vrz/1Yeu6sQ3n319Z/oubOv/rwWi0rmkflE7+/ENTpZPrYZ7/9e7n/3Atms7XbOT9byPt2trVDAAAAP8/aUTsjCSdWYvTdGam/h3+PRFp5czyynPHznx8erH+G4HJKKfFk66Jhuehc/ltfb18KSLqXy0oth/Knxt/UxqrlWcWzlQWB508DLnxDv0/81dp0K0D+s7vtWB46f8wvPR/GF6b6/87+tYOYPu16f9jg2gHsP3aff5/OoB2ANuvpf+b9oMh4vkfDC/9H4aX/g9DaXksbv4j+a5B8Ze2ePgdG0T5tmhG34JIb4tmCPoUDPZ9CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoFf+CwAA//9kXt09") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0xff10, 0x8000c61) 3.093491907s ago: executing program 3 (id=848): rt_sigprocmask(0x2, &(0x7f0000000b40)={[0x6d285c19]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x1b) tkill(r0, 0x1f) ppoll(0x0, 0x0, &(0x7f0000000480), &(0x7f00000004c0)={[0x8]}, 0x8) 2.711747539s ago: executing program 3 (id=851): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000040)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000500)={0x0, 0x0, r2, r3, 0x3, 0x2001, 0x4, 0x5, {0x200004, 0x5, 0x5, 0xa, 0x8002, 0x3, 0x4, 0x5, 0x9, 0x3, 0x7, 0x60b, 0x71, 0xfffb, "6f4f1b090000000000000028000136419c2cd5a37237dceeb0be00"}}) 2.579503474s ago: executing program 2 (id=853): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x7, 0x4, 0x3b8, 0x20, 0x1e8, 0x1e8, 0x2d0, 0x2d0, 0x2d0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x44, 0x2, {0xffffffffffffe8d8}}}}, {{@arp={@remote, @multicast1, 0xff000000, 0xffffff00, 0x3, 0x3, {@mac=@broadcast, {[0x1fe, 0xff, 0xff, 0x0, 0xff, 0xff]}}, {@empty, {[0x0, 0xff, 0xff, 0xff, 0x0, 0xff]}}, 0x6, 0x2, 0xd9e7, 0x1, 0x2, 0x1000, 'vxcan1\x00', 'macvlan0\x00', {}, {0xff}, 0x0, 0x8}, 0xc0, 0xe8}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x408) 2.459170638s ago: executing program 3 (id=854): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000106a05310300000000000109022400010000800009040002010300010009210000000122f80409058103"], 0x0) syz_usb_connect$cdc_ecm(0x6, 0x4d, &(0x7f0000000400)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x2, 0x90, 0x55}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 2.274947444s ago: executing program 2 (id=855): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x6) fchdir(r1) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) 2.129416359s ago: executing program 1 (id=857): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000026000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$tun(0xffffffffffffff9c, 0x0, 0x80901, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000640)="d9b9547ed3c0021a6fd6a67ab922", 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.09427561s ago: executing program 2 (id=858): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000000c0), 0x10) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000280)=0x40, 0x4) sendto$l2tp(r0, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x2000c054, &(0x7f00000002c0)={0x2, 0x0, @loopback}, 0x10) recvfrom$inet(r0, 0x0, 0x0, 0x40010120, 0x0, 0x0) 1.79596765s ago: executing program 1 (id=860): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x8) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000440)=0x13) 1.746345021s ago: executing program 4 (id=861): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x408007}, 0x8) syz_open_dev$evdev(&(0x7f0000000000), 0x8b, 0x123a40) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) 1.645874995s ago: executing program 1 (id=862): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) pivot_root(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000540)='./file0/../file0\x00') 1.622291076s ago: executing program 4 (id=863): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%ps \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0feffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000801000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x2f08, 0xe, 0x0, &(0x7f0000000380)="a162cef0563a20f5177241ee8f52", 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7}, 0x50) 1.50430032s ago: executing program 4 (id=864): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(blake2b-512-generic)\x00'}, 0x58) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000005140)='./file0\x00', 0x0, &(0x7f0000005180), 0x11, 0x5109, &(0x7f000000f400)="$eJzs3U+IVVUcB/Dz5o8zKcw8QcighS3chhQtVIYeYZCL9KUQtDAnF0EIMtguwWxEEIwaCaSsQAuG3MgDIUGYEBe1CTRJEFqY4KaVQrtaFO/de968d67vvueojennEzP3nvu759zzHncx35fnvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhDVv194vq09tvHJh4eyWg7MHGsdvzh89EkKldbyS13e/8tqOd3fufn08dph+I9tWq72GzLr+njVWdB1s9uv+eSeEMJoMMJxvXx0ujNq5u784YKlrx/adnj25fdPCmvVTl3bNnyu+dJrGl3sCyyW/r24t3ku11u+h5Ix2u+PWq3Tdoln/9Ib7T14EAHBPNtRbm/afo/mfuO32obSetGtJey5px78Q5jobS5GNu6LXPNel9WWaZy2LCmM955nU8/e/3a6n/ZN2EjXuYZ7dp+aRZrzXPGeS+nLNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBRcqb2wday+tTGKxcWzm45OHugcfzm/NEjIVRbxytZufL07RMjY9e3/fDRja9PvrT66t/Deb+4Hek4OVyPOxsnQ9jTUbkVh/1jIoR6d6HVDF8UC++1drbGAgAAAI+TZ1q/h9rtLA6OdrUrrTRZaf0XZWHx2rF9p2dPbt+0sGb91KVd8+eWPl69x3i1u47XblcXfyodwTjG33S8xXo8dX9hnHLpiGmeP//Ltq/K+hfyf7U8/8d3Tv4HAADgfsj/6Tjl+uX/PZufnSnrX8j/67ouWcj/ccYx/w+FpeV/AAAAeJQ97PxfK4xTrl/+f/Hwm9+X9S/k/w2D5f+RzmnHgz/HCe+dDGFDv6kDAAAAPcT/77740ULM69knB2lev/rNU7+WjVfI/7XB8v/oA31VAAAAwP3YXr3xfFm9kP/rg+X/sYc6awAAAOBefF75ZLasXsj/04Pl/5X5Nl/5kHX6Mf4rhM8mQxhv7sxkhZ/C3MvtAgAAAPCAxJz+6cffXi47r5D/Z8qf/x+fdBDX/3c9/6+w/r+jkD31b7MHAwAAAPAkKq7nj4/Hz765oNf37w+6/n/i5u3vyq5fyP+HBsv/w53bB/n9fwAAALAE/7fv/3urME65fs///2von4tl/Qv5f26w/B+3qzpf3sX4/hyeDGFtcyd/muCZeLm9SaEx2lFoqSc9dsYeeaEx1lFomUl6vDAZwnPNnUNJYXUszCWFOxN54VRSuBwL+f3QLpxNChfjnXZiIp9uWjgfC/kCi0ZcQbGqvSQi6fFnrx7Nwl17/Na+OAAAwBMlhuc8y452N0MaZRuVfies7HfCUL8ThvudMJKckJ7Y63iY7i7E4x/uOP1lKFHI/6cGy//xrViRbXqt/w9x/X/+vYbt9f/TsVBNCo1YqKdPDKjHa2Rh91i8RrWe97iztl0AAACAx1r8XGB4mecBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7J3rzFyXfUBwM8+Z3e93l0TpASKYAElIZW8Xm+wpZAgbKAEgQSbynyoUISNvUk33iTGDwmHh9YOQaAUNSkpCShQuxUUf0lWVIhHgVioGFVN1SiVkNOURwgUIUFNSJSKOpGrmXvP7J1zdx6Odx1v+vtJ3jkz//O8c2c85947ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP8fjt3xhotaxd981SPf/u4Db//44Y8s3P3EVz51RwjTtce7snDXxac+11s5+Z7vHfrpF7+wad2jp/vzcnk8rKn+6c7vfCLW+ou1IXyjK4TeNLB+OAv05feHY32vGg5hXVgM1EvMDGUl0obDDwZDOBIWA/WqvjUYwnAhsO3R7z/0mWrinsEQLg0hVNI2flzJ2hhMA5f1Z4GhNHBrbxb4nzOZeuCb3VkAzll8MdR3+oXpxgxjS5drsv/1LVvHXlzp8HpiYqx5vt9uXeFOFfSnD0yf09NWqo4VUXp5HPdqWwWvttJ2vsvTVvwglX9CObMYqoTuXTM37Dgwtz8+0h0mJnqa1bRCz/NjT31059mkV81+GDswtiz74b2f//nHvvTktfff98l3XP/gM78fP9dunixs0mJ6pVVCvs+tmucx2uL9ZBW8/EqfksbbPm21Ii/xD12f/tnf/kmreGn+P9Z6/h9353jb3ZA71np6JJubx0eGY+LUSDY3BwAAgFVjNRw1nf/K1VOt6ivN/8c7O/8fT/nnk/lstMdD2FJL3D4awiW1x7PAsdjcB0dDeG0tNd0Y2JoEjofwilriinpVSYmBWGI8CfxqJA9sSQInYmA6CXw5Bu5KAp+IgYUksDMGjieBt8ZAmG0cxx+P5OPoODAYA9uzjbgQr0J4eiS2lmyrx+tVAQAALJN8dtjXeLdwrcO5ZojTy4XBdhniFdhNM1SSGtIZbH1a1bSG3nY1dLeroT7u+dbDL9Xc1a7m0mUYXY0Z9n70d38WWijN/ydbz/8rS3Skq3T+P4Tran9j7u48MlePb59uyAAAAACcgzVbb9nWKl6a/2/p7Pr/eEykp5A5PBwPQ+weDWGyMZBVe3U5kJ31XpMHAAAAYDWon4+vnwufzW+zS7TT+XQ5//RZ5o8n/rcsmf/X73zTTa36W5r/T3d2/f9Q423WiROxF58dDWGgEPhh7GU1UDMeAz97S2MgH/+JuAHujFXlFybUq7ozltgeA5NJ4EizEo/US1zSGMifrHrjt9fHMZuXKAQAAADgvIuHA+J5+Xj9/2MHTr6tVbnS/H/72V3/X5sHly7vn1sTwobeEHrSLwY8PJQtDBgDw1154rtDWV09aVWHhkK4pjqwtKon8vX/e9M1Bh8dzKqKgUte99WnLqsm/m4whA3FwI/ef3RTNbE/CdQbf99gCK+pjjZt/OsDWeN9aeP3DoTw6kKgXtUHB0KoNtafVvX9Sv47BmlVD1ZCuKgQqFe1uRLCwQDAKhX/K91VfHDfwdt275ibm9m7gol4DH8w3DA7NzOx89a5XZUmfdqV9LlhGaND5TE1XQ4p8Xi+RNGx564a6SRd/57gZLEv+XH80oWD+f34WaivNs6pvoa7V6ZDfsPry02EwiepF2vIQ8VKFp/EUv0xf39YEwYO7JvZO/HhHfv3792Y/e00+1T2Nw4q21Yb0201tFTfLoDd4/JiJRv237xnw76Dt62fvXnHjTM3ztwyNfnGTZs3TU1u3ryhOqrJ7G+boV6+VNXJUM8cPf9DfWVvoZLz8a4hISGx2hLztx9d0+rtpzT/39N6/h/fdeI7f74+Q7Pz/2PxNH/2+OJp/u0xcKTT8/9jzc7m1y8MGE8C8zEw7zQ/AAAALw3xcGQ87BiPWvcfvfI3rcqV5v/znX3/f5nW/68vXf+uZsv8XxFLTDZb/z9d5r++/v98s/X/02X+6+v/H3kR1v8/UA8km+Rp6/8DAAAvBedv/f+2y/unPxBQytB2ef/0BwJKGdou49/pDwSc9fr/Uzf99BehhdL8/67O5v8W7gcAAIALx93/9NRrWsVL8/8jnc3/z//6f6HZ9f/jzQLTzRYGtP4fAAAAq1Sz9f/OjP7F+1qVK83/Fzqb/8fLLrobcsdaT49ka9qFdE27UyP1rwwAAADA6tAdJib6OszbsDLq1hfe5mP5UqCt0kU/vPq/bmxVX2n+f7yz+X/D9zLu/fzPP/alJ6+9//R9n3zH9Q8+8/vxxfP/AAAAwMrp9LgEAAAAAAAAAAAAAADw4jvwgX891Spe+v5/uK72eLPv/8ff/YvfL3h5Q+5Ya/v1//L72979wMHakoUPj4Tw+mJg9+Hd60L+2/yXFwMPXX/FxdXE4bTEd37y1l9WEx9IA+9c/7Jnq4lrksD2uEjiK9JA/FXFZ9cmgbi84r+ngbg9FtJAfx749NpsHF3ptvr1cLatutJt9R/DIYwWAvVt9Y3hrI2udID3JIH6AD+UBuIA35MHutNePbAm61UMDMeif7Mm6xUAABes+CmwL9wwOzczGT/Cx9tX9jbeRg1Llh0qV9vTYfOP50uTHXvuqpFO0j3pZ9HF3xrvC5XqEDaWPq4Ws3TVRrk8tbTZdC9vMuR2q72t1Kbrbz6iwWxEEztvndvV13bgV7bPMtXbNsvG0mSnmKW7tkk7qKWDvnQwog63TQddjve7w8RET5LrTTE4Fhq02yM6/b5+cZ2/ZntBMc+hub7nW9VXmv+PdTb/rxTH9Wz+YwDz8Zf1/nLUMv8AAACwsj699Q/3xX/fGX3vf7bKW5r/j3c2/48HxvJTwdnRjuPx9/9vHw2h9tP6Y1ngWGzug6MhvLaWmo4lsh/Uf1csMZkFjsUDJlfEEtunG6saiIGFJPCrkTxwPAmciIH8KMVXQ34o5+6REDbVUtc1ltgTS4wlgffGwHgSmIiBySSwNga2JIHfrM0D00ngX2IgzDZuq39Ym28rAACAs5HPs/oa74Z0nrfQ2y5DV7sMQ+0ydLfLUGmXodko4v2vxQx9xfPxeYb4UF9a62BSSylD/DH8s+5XKUN4pDFnWrDUdP1KkrHGnDHDtoXDa0MLpfn/ZGfz/6HG26z1E3H+v/j7f1ngh7F7n42Xjo/HwM/e0hjIDwyciJPdO+tVTecl8kn7nbHElhgYTwJ7YmBLEth+XR44cnFjIJ9p1xu/vd74bF6iEAAAAIDzLh4giIdp4vz/vwee/+tW5Urz/y2dzf9je2uKjX0i1vqLtSF8o2uxN/XA+uEsEI9jDMevx79qOIR1hQMc9RIzQ1mJ/qTh8IPB7Bvq/WlV3xrMvnwQ72979PsPfaaauGcwhEsLR1/qbfy4krUxmAYu688CQ2ng1t4sEI/81APf7M4CcM7qRwXjDpVf6lI3tnS5JvvfS+U3QdPhlY6BLpFvqe9crZRK+kB+TLXu7J62UnWsjHT7H/dqWw2vtufz/4Pr/fJqK36QOpNsnuoQu3fN3LDjwNz++Ejxm6wlK/Q8F7+l2kl6GfbD+Rfe26i7aaSSdmAyefuYXLrc0vthV6zu3s///GNfevLa++/75Duuf/CZ34+362C7/Td+UfiWm/535GRh8660Ssj3uQv+/SR9YNr7yWr4byB9YNzTFkK4Y+GSp1vFS/P/6c7m/73Jbc0f4sbcNxrCGwob9+G4+d82mr0PFgLZu+RF5UB2yv3JkabvnAAAALDc6oc76scLZvPb7ILwdJ5czj99lvnj8YotS+bvtN8fufTSf2wVL83/t7ee/w8k3XT+3/l/Vojz/0u60A9FD6QPzJ/ToehSdayI0svD+f+wCl5tpTM1zv8H5/+X7N8ynP9vzvn/lpz/X90u9Ket9Clpjw9dIYTBr1/9SKt4af6/p7P5v/X/ll60r77+3/Zm6//tabb+37z1/wAAgBXVZKG5dJ5XWr2vlCFdva+Uoe0CgW2XGLT+31mv/zf0V+//XWihNP+f72z+H3eHNcXWV8v6f+PXNanqrhjYY2FAAAAALkTNDhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw4vrVyaG3t4q/+apHvv3dB97+8cMfWbj7ia986o4QZmuPd2XhrotPfa63cvI93zv00y9+YdO6R09X8nJ9+e0fNeSOtZ4eCeFI4ZHhmDg1Ur2zGNj27gcO9lYTD4+E8PpiYPfh3euqiS+PhHB5MfDQ9VdcXE0cTkt85ydv/WU18YE08M71L3u2mrgmD3Sl3b1/bdbdrrS7n1kbwmghUO/uTWsbq6q3cW0e6E7b+PvhrI0YGI5F7xvO2oiBuVhidiCEDb0h9KRV/XMlq6onrerblayqnrSqj1dCuCaE0JtW9ZP+rKredOT/1p9VFQOXvO6rT11WTRzpD2FDMfCj9x/dVE18KAnUG//T/hBeU91l0sa/1pc13pc2fk9fCK8OIfSnJZ7pzUr0pyWe6A3hokKg3vif94ZwMPCSEN98dhUf3Hfwtt075uZm9q5goj9vazDcMDs3M7Hz1rldlaRPzXQV0mcOlePdHY798ac+urN6e+y5q0Y6Sffm5fpqXZ7qa7h75XL1vmuFeh/7NVSsZPH5KNUf8/eHNWHgwL6ZvRMf3rF//96N2d9Os09lf3vyaLatNi7XturUC91Wlxcr2bD/5j0b9h28bf3szTtunLlx5papyTdu2rxpanLz5g3VUU1mf5djqEfL8Z4VHuorewuVnI83AAkJidWW6G54d5u80P/LLn3QX+xoX6jU3qBL04pilq7aKJdj0Ftbx89y0NUeNf+c0nZEG0sTh1KWqfZZrixNJhazDGZZap/rSpPDYk3dtU0a73eHiYmm/9ONNd4tbr7fLrF5O/VYvuk6TQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA///jqU04") r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000027c0)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="ca10", 0x2}], 0x1, 0x0, 0x0, 0x4800}], 0x1, 0xe803) 1.451475272s ago: executing program 1 (id=865): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="02000000040000000400000001"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000001c0)={r1, 0xffffffffffffffff, 0x60000000}, 0xc) 1.338551336s ago: executing program 1 (id=866): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000f80)=[{{&(0x7f00000009c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000000e00)=[{&(0x7f00000000c0)=""/28, 0x1c}, {0x0}, {&(0x7f0000000a40)=""/216, 0xd8}, {&(0x7f0000000b40)=""/89, 0x59}, {&(0x7f0000000bc0)=""/86, 0x56}, {&(0x7f0000000c40)=""/213, 0xd5}, {&(0x7f0000000fc0)=""/162, 0xa2}], 0x7, &(0x7f0000000e80)=""/202, 0xca}, 0x3}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.148500852s ago: executing program 2 (id=867): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x28}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.045557355s ago: executing program 1 (id=868): syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0) r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000000)={0x5, {"c7517da9e7a8757d9c02fd45c7ed7c6a", "f61ac59ed63a57d6df15bd7dae0ceb42", "d08098bd12cdd439c06442623f678bba"}, 0x10001, 0x7}) ioctl$DVB_DEMUX_DMX_START(r0, 0x6f29) 974.296238ms ago: executing program 2 (id=869): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000006c0), 0x28c9c1, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff92"], 0x0) syz_usb_control_io$cdc_ecm(r1, &(0x7f00000005c0)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 656.965298ms ago: executing program 4 (id=870): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 471.508165ms ago: executing program 3 (id=871): syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000140)='./file0\x00', 0x800012, &(0x7f0000000b00)=ANY=[], 0x1, 0x2cb, &(0x7f00000002c0)="$eJzs3TuLY2UYAOD35HKSHYuksBLBA1pYLTvb2mSQLCymUlKojYO7C5IMwi4EXMVgZWtj6Y+w80/YCP4AwR9g5xYLn5wkh5zZzWWCZMbL8xSTd873vud7zyVzIeTLJ69fTB4U8eibr36LbjeLxiAG8SyLfjSiklJKsTb4LgCAf7NnKcUfaemQuiwiusdrCwA4ooN///949JYAgCP74MOP3jsbjYbvF0U37l18OxuX/9mXj8vxs0fxWUzjYdyJXjxfvhZQ/bVQfr2XUpq3ilI/3rqYz8azcTMifl7t/6ya6DR60V9El+vvj4anxVJVH1E+ZnGymn9Qzn83evHqhvnvj4Z3N9THOI+336z1fzt68cun8XlM48GiiXX916dF8W76/s8vPy7bK+uz+WzcWeStpeb1XRUAAAAAAAAAAAAAAAAAAAAAAP7rbq/WzunEYv2ectNq/Z3m8/KbdhSV/uX1eZb1WbWjF9YHmqf4IaVOK2I0vFMURVolrutb8VorWjdz1AAAAAAAAAAAAAAAAAAAAPDP8uSLp5Pz6fTh43qQxyL49STixaHdQbUaQPW2/j1VzW1Dg9qWN+Lp5LyzfYe1ocYq3DFpNKucLGLn4USrXe25f9BJWAfZ/n5OyuDWtpxqB1eftLs/p72rny1BI6J/QBvV3TU5z2JjTieqLd3qmv5Uz8mvOle+bSjtv/1qQb5xqHfwicpfWQTzHTmR7Wrsnd+XZ652A1zKyVtbj6tdW41j872x+Vpse6a8JFs8rfO//0MHAAAAAAAAAAAAAAAAAADYaP2m35eGbu0pbaTO0doCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGu1/vz/PUH1Wf/llvkq3l81zePxkxs8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP4n/goAAP//D3FGaw==") bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000080000000000000000000002000000000d0000000000000700000010000000000000000d00000000002e305f2e2e2e"], 0x0, 0x44}, 0x28) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x10, 0x0) 306.94449ms ago: executing program 4 (id=872): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8}, @IFLA_BOND_MODE={0x5, 0x1, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 89.543477ms ago: executing program 3 (id=873): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 0s ago: executing program 4 (id=874): r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) write$apparmor_exec(r0, &(0x7f0000000180)={'stack ', ':\x00\b\xc4\x99\x10\tI\xc22b\xe8\r\xfa\xc1\xd6-\b\xd4-\xce\xeapE\xb53&\v\xa0\xd3\v#E\xc4I\x97\xfd\x10\xd5m\x0e,B{<\xa7:\xc2\njN\f\xf5}\xdes\xab\xc9\xd5\x9b\x80I\x83\x8b\x1c\x00\x9ci\x9a\x03\xdd\xd6t\xe5we\n\xb0(L\x95\xf7P\x1f\x95\x06\x01\xb8\xa3\"\xc7M\x9e\xdfk\xc0j\xea\x1f\xf1\xa4&\x95)\xff\xa5\xe9\b\x80\xf10t\xc5B\xe5an\xb8+;\x86\v_\x18tX\xe5\f\xef\x0fO\x10Y!\a\xad\xe7\x94\x96gPs\'Y!7\xc2\v^wt\xe5\x1a\xdc`\xeeQo\xd2|<\xd9\x84\v\x1c%V8\"\x14\xea(tm\xf6\xa5\xd6\xd7\xd5\xec\x9b\x12\xa6\xd5\x1c\x19\x99\xe7\xa0\t\x1b\xfd\nZ%\xfeC\x06^\'^K\x8c\x95\x13\x9e\x8a\f+\x83c\xc0\xfd}tC\xd5\xca\xfe\xbb^K'}, 0xe4) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): pports timestamps until 2038-01-19 (0x7fffffff) [ 99.454890][ T788] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 99.507700][ T5768] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.527347][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 99.539790][ T9] usb 4-1: config 2 has an invalid interface number: 88 but max is 0 [ 99.554729][ T9] usb 4-1: config 2 has no interface number 0 [ 99.567924][ T9] usb 4-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 99.582490][ T9] usb 4-1: config 2 interface 88 has no altsetting 0 [ 99.606246][ T9] usb 4-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 99.615696][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.634399][ T9] usb 4-1: Product: syz [ 99.638649][ T9] usb 4-1: Manufacturer: syz [ 99.643253][ T9] usb 4-1: SerialNumber: syz [ 99.658314][ T6130] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 99.664239][ T788] usb 1-1: Using ep0 maxpacket: 8 [ 99.675344][ T788] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 99.690421][ T788] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 99.701282][ T788] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 99.712818][ T788] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 99.727845][ T788] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 99.737380][ T788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.922221][ T6130] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 99.967782][ T788] usb 1-1: GET_CAPABILITIES returned 0 [ 99.973439][ T788] usbtmc 1-1:16.0: can't read capabilities [ 100.070744][ T6145] loop2: detected capacity change from 0 to 40427 [ 100.098397][ T6145] F2FS-fs (loop2): invalid crc value [ 100.114294][ T6145] F2FS-fs (loop2): Found nat_bits in checkpoint [ 100.200835][ T6145] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 100.246644][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.257147][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.289415][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.298627][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.307767][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.323750][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.333015][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.344940][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.354515][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.363682][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.373813][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.382962][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.392195][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.402393][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.411629][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.420854][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 100.446814][ T5808] usb 1-1: USB disconnect, device number 2 [ 100.461089][ T6145] F2FS-fs (loop2): Inconsistent segment (8) type [1, 0] in SIT and SSA [ 100.475323][ T6145] F2FS-fs (loop2): Stopped filesystem due to reason: 4 [ 100.790199][ T9] asix 4-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 100.831101][ T9] asix 4-1:2.88 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 100.863876][ T9] asix: probe of 4-1:2.88 failed with error -71 [ 100.901086][ T9] usb 4-1: USB disconnect, device number 4 [ 101.177121][ T6153] netlink: 'syz.0.96': attribute type 1 has an invalid length. [ 101.218540][ T6153] netlink: 'syz.0.96': attribute type 2 has an invalid length. [ 101.494070][ C1] sched: RT throttling activated [ 102.033059][ T6163] loop2: detected capacity change from 0 to 8 [ 103.075433][ T6151] loop1: detected capacity change from 0 to 262144 [ 103.091942][ T6151] F2FS-fs (loop1): invalid crc value [ 103.136855][ T6151] F2FS-fs (loop1): Found nat_bits in checkpoint [ 103.219593][ T6151] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 103.861637][ T6183] loop0: detected capacity change from 0 to 8192 [ 103.911132][ T6183] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.945436][ T6183] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 103.988973][ T6183] REISERFS (device loop0): using ordered data mode [ 104.037296][ T6183] reiserfs: using flush barriers [ 104.079713][ T6183] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.144774][ T6183] REISERFS (device loop0): checking transaction log (loop0) [ 104.177052][ T6183] REISERFS (device loop0): Using r5 hash to sort names [ 104.215776][ T6183] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 104.349051][ T6183] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3561, free_space(entry_count) 2 [ 104.384194][ T6183] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 104.419977][ T6183] REISERFS (device loop0): Remounting filesystem read-only [ 105.022894][ T6185] loop3: detected capacity change from 0 to 40427 [ 105.065291][ T6185] F2FS-fs (loop3): invalid crc value [ 105.212028][ T6185] F2FS-fs (loop3): Found nat_bits in checkpoint [ 105.444456][ T6185] F2FS-fs (loop3): Start checkpoint disabled! [ 105.466663][ T6185] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 105.569682][ T6192] loop0: detected capacity change from 0 to 4096 [ 105.701409][ T6185] syz.3.108: attempt to access beyond end of device [ 105.701409][ T6185] loop3: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 105.904781][ T28] audit: type=1804 audit(1774673999.285:3): pid=6192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.110" name="/newroot/31/bus/file1" dev="loop0" ino=33 res=1 errno=0 [ 106.242655][ T2944] kworker/u4:8: attempt to access beyond end of device [ 106.242655][ T2944] loop3: rw=1, sector=53248, nr_sectors = 8 limit=40427 [ 106.310084][ T2944] kworker/u4:8: attempt to access beyond end of device [ 106.310084][ T2944] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 106.349545][ T2944] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 106.382324][ T2944] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 106.424170][ T2944] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 106.431235][ T2944] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 106.880127][ T6211] loop0: detected capacity change from 0 to 128 [ 106.937208][ T6215] loop2: detected capacity change from 0 to 512 [ 107.000995][ T6215] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.121: invalid indirect mapped block 256 (level 2) [ 107.201587][ T6215] EXT4-fs (loop2): 2 truncates cleaned up [ 107.215638][ T6215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.294226][ T6217] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 107.369078][ T28] audit: type=1800 audit(1774674000.755:4): pid=6215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.121" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 107.465560][ T6224] loop3: detected capacity change from 0 to 8 [ 107.506671][ T6224] SQUASHFS error: zlib decompression failed, data probably corrupt [ 107.559627][ T6224] SQUASHFS error: Failed to read block 0x9b: -5 [ 107.597735][ T6224] SQUASHFS error: Unable to read metadata cache entry [99] [ 107.612693][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.634243][ T6224] SQUASHFS error: Unable to read inode 0x127 [ 108.447338][ T6240] netlink: 35284 bytes leftover after parsing attributes in process `syz.2.129'. [ 108.464654][ T6240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.129'. [ 108.982839][ T6254] netlink: 20 bytes leftover after parsing attributes in process `syz.1.135'. [ 109.386977][ T5808] kernel read not supported for file /dsp (pid: 5808 comm: kworker/1:3) [ 109.547236][ T6257] loop3: detected capacity change from 0 to 32768 [ 109.587446][ T6257] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 109.648659][ T6257] XFS (loop3): Ending clean mount [ 109.677803][ T6257] XFS (loop3): Quotacheck needed: Please wait. [ 109.759399][ T6257] XFS (loop3): Quotacheck: Done. [ 109.888712][ T28] audit: type=1800 audit(1774674003.275:5): pid=6257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.136" name="file1" dev="loop3" ino=4422 res=0 errno=0 [ 109.989405][ T6279] loop2: detected capacity change from 0 to 512 [ 110.025888][ T6279] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 110.111215][ T6279] EXT4-fs (loop2): 1 truncate cleaned up [ 110.125952][ T6279] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.278967][ T5770] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 110.281870][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.788619][ T6292] input: syz0 as /devices/virtual/input/input8 [ 112.359079][ T6298] loop2: detected capacity change from 0 to 131072 [ 112.401255][ T6298] F2FS-fs (loop2): invalid crc value [ 112.453806][ T6298] F2FS-fs (loop2): Found nat_bits in checkpoint [ 112.564904][ T6298] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 112.675088][ T6327] loop3: detected capacity change from 0 to 2048 [ 112.722186][ T6327] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 112.761904][ T6327] NILFS (loop3): mounting unchecked fs [ 112.857181][ T6327] NILFS (loop3): recovery complete [ 112.918435][ T6329] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 113.635747][ T6325] mmap: syz.0.160 (6325) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 113.753926][ T6350] loop3: detected capacity change from 0 to 512 [ 113.823704][ T6350] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.875432][ T6350] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.221077][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.722982][ T6363] loop2: detected capacity change from 0 to 4096 [ 114.885401][ T6372] capability: warning: `syz.3.175' uses deprecated v2 capabilities in a way that may be insecure [ 114.919394][ T6372] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 114.929194][ T6373] netlink: 'syz.1.174': attribute type 1 has an invalid length. [ 114.929775][ T6373] netlink: 16 bytes leftover after parsing attributes in process `syz.1.174'. [ 114.945102][ T6372] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 114.989441][ T6373] netlink: 'syz.1.174': attribute type 1 has an invalid length. [ 115.018408][ T6373] netlink: 16 bytes leftover after parsing attributes in process `syz.1.174'. [ 115.271317][ T6378] loop0: detected capacity change from 0 to 512 [ 115.282721][ T6378] EXT4-fs: Ignoring removed mblk_io_submit option [ 115.329652][ T6378] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 115.390358][ T6378] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 115.431630][ T6378] EXT4-fs error (device loop0): ext4_orphan_get:1424: comm syz.0.176: bad orphan inode 131083 [ 115.472015][ T6378] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.638045][ T6378] overlayfs: upper fs needs to support d_type. [ 115.839107][ T6389] loop2: detected capacity change from 0 to 8192 [ 115.865059][ T5769] EXT4-fs error (device loop0): ext4_readdir:263: inode #2: block 13: comm syz-executor: path /42/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 115.978909][ T6399] loop3: detected capacity change from 0 to 1024 [ 116.304915][ T49] hfsplus: b-tree write err: -5, ino 25 [ 116.318220][ T6402] loop2: detected capacity change from 0 to 4096 [ 116.329854][ T49] hfsplus: b-tree write err: -5, ino 4 [ 116.343376][ T49] hfsplus: b-tree write err: -5, ino 2 [ 116.354419][ T49] hfsplus: b-tree write err: -5, ino 26 [ 116.361936][ T6403] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 116.463616][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.576912][ T28] audit: type=1800 audit(1774674009.955:6): pid=6402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.187" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 116.682768][ T456] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.898114][ T456] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.051650][ T456] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.241517][ T456] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.243808][ T6405] loop3: detected capacity change from 0 to 32768 [ 117.330601][ T6405] (syz.3.188,6405,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.371155][ T6409] loop1: detected capacity change from 0 to 256 [ 117.377991][ T6405] (syz.3.188,6405,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.444536][ T6405] JBD2: Ignoring recovery information on journal [ 117.484198][ T6409] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d) [ 117.606086][ T6405] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 118.057927][ T6419] loop1: detected capacity change from 0 to 128 [ 118.105419][ T6419] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 118.191145][ T6419] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 118.209484][ T5085] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 118.227786][ T5085] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 118.242226][ T5085] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 118.276480][ T5085] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 118.288695][ T5085] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 118.297138][ T5085] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 118.450241][ T5770] ocfs2: Unmounting device (7,3) on (node local) [ 119.437227][ T6426] loop2: detected capacity change from 0 to 32768 [ 119.579425][ T6426] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 119.815008][ T6426] XFS (loop2): Ending clean mount [ 119.850599][ T6426] XFS (loop2): Quotacheck needed: Please wait. [ 119.972857][ T6426] XFS (loop2): Quotacheck: Done. [ 120.021911][ T6420] chnl_net:caif_netlink_parms(): no params data found [ 120.026388][ T6446] loop1: detected capacity change from 0 to 32768 [ 120.227957][ T28] audit: type=1800 audit(1774674013.615:7): pid=6426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.195" name="file1" dev="loop2" ino=4421 res=0 errno=0 [ 120.308610][ T6446] find_entry called with index = 0 [ 120.325260][ T5085] Bluetooth: hci2: command tx timeout [ 120.347206][ T6446] read_mapping_page failed! [ 120.364364][ T6446] ERROR: (device loop1): txCommit: [ 120.364364][ T6446] [ 120.397449][ T5768] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 120.407264][ T6446] ERROR: (device loop1): remounting filesystem as read-only [ 120.427474][ T6465] read_mapping_page failed! [ 120.432413][ T6465] ERROR: (device loop1): txCommit: [ 120.432413][ T6465] [ 120.805535][ T6469] loop3: detected capacity change from 0 to 4096 [ 120.881749][ T6469] EXT4-fs: inline encryption not supported [ 120.991143][ T6469] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 121.059402][ T6469] System zones: 0-5 [ 121.092874][ T6469] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.264630][ T28] audit: type=1800 audit(1774674014.645:8): pid=6469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.205" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 121.338005][ T6420] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.367785][ T6420] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.410437][ T6420] bridge_slave_0: entered allmulticast mode [ 121.455385][ T6420] bridge_slave_0: entered promiscuous mode [ 121.538617][ T456] hsr_slave_0: left promiscuous mode [ 121.550498][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.560747][ T456] hsr_slave_1: left promiscuous mode [ 121.568504][ T456] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.594473][ T456] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.606264][ T456] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.618608][ T456] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.665842][ T456] bridge_slave_1: left allmulticast mode [ 121.692061][ T456] bridge_slave_1: left promiscuous mode [ 121.714103][ T456] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.750947][ T456] bridge_slave_0: left allmulticast mode [ 121.764198][ T456] bridge_slave_0: left promiscuous mode [ 121.770325][ T456] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.843877][ T456] veth1_macvtap: left promiscuous mode [ 121.861067][ T456] veth0_macvtap: left promiscuous mode [ 121.875710][ T456] veth1_vlan: left promiscuous mode [ 121.891814][ T456] veth0_vlan: left promiscuous mode [ 122.225677][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 122.404255][ T5085] Bluetooth: hci2: command tx timeout [ 122.435232][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 122.442665][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.462518][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.473741][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 122.484406][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 122.508902][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 122.518618][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 122.533104][ T9] usb 2-1: SerialNumber: syz [ 122.560550][ T9] hub 2-1:1.0: bad descriptor, ignoring hub [ 122.574222][ T9] hub: probe of 2-1:1.0 failed with error -5 [ 122.585909][ T9] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 122.683425][ T6513] loop2: detected capacity change from 0 to 64 [ 122.871581][ T6513] Trying to free block not in datazone [ 123.054621][ T6497] raw-gadget.0 gadget.1: fail, usb_ep_set_wedge returned -11 [ 123.123620][ T6516] loop2: detected capacity change from 0 to 256 [ 123.172322][ T6516] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf3da6b1f, utbl_chksum : 0xe619d30d) [ 123.194409][ T8] usb 2-1: USB disconnect, device number 3 [ 123.392861][ T456] team0 (unregistering): Port device team_slave_1 removed [ 123.447858][ T456] team0 (unregistering): Port device team_slave_0 removed [ 123.507229][ T456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.557615][ T456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.720894][ T6521] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 124.218773][ T456] bond0 (unregistering): Released all slaves [ 124.353476][ T6420] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.360926][ T6420] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.378320][ T6420] bridge_slave_1: entered allmulticast mode [ 124.381833][ T6530] loop2: detected capacity change from 0 to 1024 [ 124.388742][ T6420] bridge_slave_1: entered promiscuous mode [ 124.440788][ T6502] syzkaller1: entered promiscuous mode [ 124.451696][ T6502] syzkaller1: entered allmulticast mode [ 124.485425][ T5085] Bluetooth: hci2: command tx timeout [ 124.577173][ T1030] hfsplus: b-tree write err: -5, ino 25 [ 124.605426][ T1030] hfsplus: b-tree write err: -5, ino 4 [ 124.611077][ T1030] hfsplus: b-tree write err: -5, ino 2 [ 124.829131][ T6420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.874024][ T6420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.949771][ T6541] loop2: detected capacity change from 0 to 256 [ 124.986664][ T6541] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 125.003813][ T6420] team0: Port device team_slave_0 added [ 125.038456][ T6420] team0: Port device team_slave_1 added [ 125.077071][ T6541] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.219751][ T6420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 125.265246][ T6420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.291643][ C0] vkms_vblank_simulate: vblank timer overrun [ 125.363406][ T6420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 125.377628][ T6420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 125.385859][ T6420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.460862][ T6420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 125.567182][ T6550] ubi0: attaching mtd0 [ 125.598869][ T6550] ubi0: scanning is finished [ 125.603650][ T6550] ubi0: empty MTD device detected [ 125.745536][ T6420] hsr_slave_0: entered promiscuous mode [ 125.789797][ T6420] hsr_slave_1: entered promiscuous mode [ 125.805627][ T6550] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 125.813171][ T6550] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 125.834179][ T6550] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 125.853855][ T6550] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 125.895335][ T6550] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 125.934529][ T6550] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 125.969193][ T6550] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3046490894 [ 126.009976][ T6550] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 126.049298][ T6559] ubi0: background thread "ubi_bgt0d" started, PID 6559 [ 126.131876][ T6555] ubi0: detaching mtd0 [ 126.186105][ T6555] ubi0: mtd0 is detached [ 126.564528][ T5085] Bluetooth: hci2: command tx timeout [ 126.656660][ T6420] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 126.703557][ T6420] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 126.770209][ T6420] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 126.800466][ T6420] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 126.815964][ T6580] loop3: detected capacity change from 0 to 256 [ 126.940937][ T6580] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 127.114363][ T788] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 127.131572][ T6420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.203912][ T6420] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.232267][ T1030] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.239545][ T1030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.337091][ T788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.348852][ T788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.355654][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.365958][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.392685][ T788] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 127.462407][ T788] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 127.482202][ T788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.504956][ T788] usb 2-1: config 0 descriptor?? [ 127.552622][ T6596] loop3: detected capacity change from 0 to 512 [ 127.929361][ T788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 127.972484][ T788] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 128.048366][ T788] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 128.141522][ T6609] loop3: detected capacity change from 0 to 4096 [ 128.194633][ T6609] EXT4-fs: Ignoring removed bh option [ 128.235340][ T6420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.269301][ T6609] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.433814][ T6623] loop2: detected capacity change from 0 to 128 [ 128.440469][ T788] usb 2-1: USB disconnect, device number 4 [ 128.581565][ T6623] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 128.597140][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.626539][ T6623] ext4 filesystem being mounted at /71/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 128.801686][ T5768] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 129.088847][ T6635] loop2: detected capacity change from 0 to 512 [ 129.153168][ T6635] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.174421][ T6635] ext4 filesystem being mounted at /72/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 129.184524][ T6420] veth0_vlan: entered promiscuous mode [ 129.245567][ T6420] veth1_vlan: entered promiscuous mode [ 129.295868][ T6641] GUP no longer grows the stack in syz.1.251 (6641): 200000004000-20000000a000 (200000002000) [ 129.308649][ T6641] CPU: 0 PID: 6641 Comm: syz.1.251 Not tainted syzkaller #0 [ 129.316198][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 129.326392][ T6641] Call Trace: [ 129.329708][ T6641] [ 129.332679][ T6641] dump_stack_lvl+0x18c/0x250 [ 129.337522][ T6641] ? show_regs_print_info+0x20/0x20 [ 129.342788][ T6641] ? load_image+0x400/0x400 [ 129.347359][ T6641] ? find_vma+0x134/0x1b0 [ 129.351758][ T6641] __get_user_pages+0xf0e/0x1380 [ 129.356869][ T6641] ? populate_vma_page_range+0x380/0x380 [ 129.362583][ T6641] get_user_pages_remote+0x3ea/0xbd0 [ 129.367934][ T6641] ? __might_sleep+0xe0/0xe0 [ 129.372592][ T6641] ? get_dump_page+0x200/0x200 [ 129.377434][ T6641] __access_remote_vm+0x1fd/0x570 [ 129.382538][ T6641] ? generic_access_phys+0x650/0x650 [ 129.388070][ T6641] ? alloc_pages+0x4dc/0x740 [ 129.392545][ T6420] veth0_macvtap: entered promiscuous mode [ 129.392690][ T6641] ? do_raw_spin_unlock+0x121/0x230 [ 129.403687][ T6641] proc_pid_cmdline_read+0x453/0x840 [ 129.409044][ T6641] ? comm_show+0x150/0x150 [ 129.412218][ T6420] veth1_macvtap: entered promiscuous mode [ 129.413577][ T6641] ? common_file_perm+0xb0/0x1f0 [ 129.424572][ T6641] ? fsnotify_perm+0x271/0x5e0 [ 129.429400][ T6641] do_iter_read+0x4fa/0xc90 [ 129.433962][ T6641] ? comm_show+0x150/0x150 [ 129.438519][ T6641] ? vfs_iter_read+0xa0/0xa0 [ 129.443270][ T6641] ? __import_iovec+0x5f2/0x850 [ 129.448203][ T6641] ? import_iovec+0x73/0xa0 [ 129.452853][ T6641] do_preadv+0x236/0x390 [ 129.457171][ T6641] ? do_writev+0x480/0x480 [ 129.461676][ T6641] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 129.467714][ T6641] ? lock_chain_count+0x20/0x20 [ 129.468614][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.472598][ T6641] ? lockdep_hardirqs_on+0x98/0x150 [ 129.488294][ T6641] do_syscall_64+0x55/0xa0 [ 129.492765][ T6641] ? clear_bhb_loop+0x40/0x90 [ 129.497463][ T6641] ? clear_bhb_loop+0x40/0x90 [ 129.502165][ T6641] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 129.508075][ T6641] RIP: 0033:0x7f4501f9c799 [ 129.512507][ T6641] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.532306][ T6641] RSP: 002b:00007f4502eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 129.540911][ T6641] RAX: ffffffffffffffda RBX: 00007f4502215fa0 RCX: 00007f4501f9c799 [ 129.548896][ T6641] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 129.556903][ T6641] RBP: 00007f4502032c99 R08: 00000000fffffff9 R09: 0000000000000000 [ 129.565095][ T6641] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000 [ 129.573189][ T6641] R13: 00007f4502216038 R14: 00007f4502215fa0 R15: 00007fffcdc2c368 [ 129.581187][ T6641] [ 129.586047][ C0] vkms_vblank_simulate: vblank timer overrun [ 129.592703][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.629030][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.643626][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.666873][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.679112][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.697059][ T6420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.732535][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.774177][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.814372][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.844315][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.867895][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.894179][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.926298][ T6420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.929497][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.025410][ T6420] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.054154][ T6420] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.084998][ T6420] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.121313][ T6420] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.287428][ T6653] netlink: 8 bytes leftover after parsing attributes in process `syz.3.253'. [ 131.416132][ T6656] loop2: detected capacity change from 0 to 131072 [ 131.461080][ T1030] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.520723][ T1030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.551795][ T6656] F2FS-fs (loop2): invalid crc value [ 131.627306][ T6656] F2FS-fs (loop2): Found nat_bits in checkpoint [ 131.721898][ T6656] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 131.794580][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.871365][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.039864][ T6664] loop3: detected capacity change from 0 to 131072 [ 132.059193][ T6664] F2FS-fs (loop3): invalid crc value [ 132.125097][ T789] kernel read not supported for file /video37 (pid: 789 comm: kworker/1:2) [ 132.162010][ T6664] F2FS-fs (loop3): Found nat_bits in checkpoint [ 132.227230][ T6664] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 132.494794][ T6688] loop4: detected capacity change from 0 to 512 [ 133.211068][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.225974][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.839928][ T6741] loop2: detected capacity change from 0 to 1024 [ 134.872493][ T6741] EXT4-fs: Ignoring removed nomblk_io_submit option [ 134.995312][ T6741] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.189636][ T28] audit: type=1800 audit(1774674028.575:9): pid=6741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.278" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 135.216901][ T6756] loop4: detected capacity change from 0 to 16 [ 135.245794][ T6757] netlink: 260 bytes leftover after parsing attributes in process `syz.1.284'. [ 135.302440][ T6756] erofs: (device loop4): mounted with root inode @ nid 36. [ 135.347030][ T6756] erofs: (device loop4): erofs_find_target_block: corrupted dir block 0 @ nid 46 [ 135.392370][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.560834][ T6803] loop1: detected capacity change from 0 to 1024 [ 136.626732][ T6803] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 136.668075][ T6803] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.799674][ T6803] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.298: bg 0: block 112: padding at end of block bitmap is not set [ 136.854646][ T6803] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 48576 with max blocks 1 with error 28 [ 136.912020][ T6803] EXT4-fs (loop1): This should not happen!! Data will be lost [ 136.912020][ T6803] [ 136.944229][ T6803] EXT4-fs (loop1): Total free blocks count 0 [ 136.953551][ T6812] loop2: detected capacity change from 0 to 128 [ 136.961382][ T6803] EXT4-fs (loop1): Free/Dirty block details [ 136.986396][ T6803] EXT4-fs (loop1): free_blocks=0 [ 136.995356][ T6803] EXT4-fs (loop1): dirty_blocks=16 [ 137.014232][ T6803] EXT4-fs (loop1): Block reservation details [ 137.036268][ T6812] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 137.039898][ T6803] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 137.082840][ T6812] hpfs: filesystem error: improperly stopped [ 137.114307][ T6812] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 137.172330][ T6812] hpfs: You really don't want any checks? You are crazy... [ 137.206354][ T6812] hpfs: hpfs_map_sector(): read error [ 137.239401][ T6812] hpfs: code page support is disabled [ 137.245974][ T49] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: comm kworker/u4:3: lblock 0 mapped to illegal pblock 0 (length 1) [ 137.271145][ T6812] hpfs: hpfs_map_4sectors(): unaligned read [ 137.309694][ T49] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 137.334267][ T6812] hpfs: hpfs_map_4sectors(): unaligned read [ 137.340702][ T6812] hpfs: filesystem error: unable to find root dir [ 138.049046][ T6847] syzkaller1: entered promiscuous mode [ 138.081179][ T6847] syzkaller1: entered allmulticast mode [ 138.682787][ T6865] loop1: detected capacity change from 0 to 512 [ 138.712490][ T6865] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 139.013781][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 139.058648][ T6865] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548) [ 139.090256][ T6865] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548) [ 139.368665][ T6883] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 139.540433][ T6888] loop2: detected capacity change from 0 to 64 [ 140.225747][ T6899] loop2: detected capacity change from 0 to 8192 [ 141.246999][ T6903] loop4: detected capacity change from 0 to 40427 [ 141.280566][ T6903] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x7ffff [ 141.322953][ T6903] F2FS-fs (loop4): invalid crc value [ 141.349892][ T6903] F2FS-fs (loop4): Found nat_bits in checkpoint [ 141.474447][ T6903] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 141.631591][ T6903] syz.4.329: attempt to access beyond end of device [ 141.631591][ T6903] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 141.742043][ T6420] syz-executor: attempt to access beyond end of device [ 141.742043][ T6420] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 141.759935][ T6942] pim6reg1: entered promiscuous mode [ 141.773594][ T6942] pim6reg1: entered allmulticast mode [ 141.773626][ T6420] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 142.399328][ T6953] loop3: detected capacity change from 0 to 512 [ 142.520971][ T6953] EXT4-fs (loop3): 1 truncate cleaned up [ 142.531753][ T6953] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.020832][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.316972][ T6978] pim6reg1: entered promiscuous mode [ 143.322377][ T6981] loop3: detected capacity change from 0 to 512 [ 143.333954][ T6978] pim6reg1: entered allmulticast mode [ 143.393553][ T6981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.430895][ T6980] loop1: detected capacity change from 0 to 8192 [ 143.438544][ T6981] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 143.583462][ T6980] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 143.657239][ T28] audit: type=1800 audit(1774674037.045:10): pid=6981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.355" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 143.886059][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.424194][ T5808] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 144.644442][ T5808] usb 4-1: Using ep0 maxpacket: 8 [ 144.651983][ T5808] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 144.664392][ T5808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.707100][ T5808] pvrusb2: Hardware description: Terratec Grabster AV400 [ 144.742335][ T5808] pvrusb2: ********** [ 144.764239][ T5808] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 144.797465][ T5808] pvrusb2: Important functionality might not be entirely working. [ 144.827935][ T5808] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 144.864201][ T5808] pvrusb2: ********** [ 144.924468][ T6993] netlink: 'syz.3.363': attribute type 25 has an invalid length. [ 144.932618][ T6993] netlink: 'syz.3.363': attribute type 1 has an invalid length. [ 144.963404][ T6993] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.011257][ T2320] pvrusb2: Invalid write control endpoint [ 145.011406][ T5808] usb 4-1: USB disconnect, device number 5 [ 145.166657][ T2320] pvrusb2: Invalid write control endpoint [ 145.172881][ T2320] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 145.203364][ T2320] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 145.213571][ T2320] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 145.224595][ T2320] pvrusb2: Device being rendered inoperable [ 145.236018][ T2320] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 145.264738][ T2320] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 145.305352][ T2320] pvrusb2: Attached sub-driver cx25840 [ 145.321701][ T2320] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 145.342420][ T2320] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 145.564550][ T7006] loop4: detected capacity change from 0 to 32768 [ 145.600921][ T7006] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.368 (7006) [ 145.683767][ T7006] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 145.719345][ T7006] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 145.744714][ T7006] BTRFS info (device loop4): setting nodatasum [ 145.750961][ T7006] BTRFS info (device loop4): force zlib compression, level 3 [ 145.777385][ T7006] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 145.792722][ T7023] loop3: detected capacity change from 0 to 512 [ 145.804205][ T7006] BTRFS info (device loop4): use lzo compression, level 0 [ 145.811418][ T7006] BTRFS info (device loop4): turning on flush-on-commit [ 145.818188][ T7023] EXT4-fs: Ignoring removed nobh option [ 145.854200][ T7006] BTRFS info (device loop4): enabling auto defrag [ 145.860776][ T7006] BTRFS info (device loop4): max_inline at 4096 [ 145.868658][ T7023] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 145.878369][ T7006] BTRFS info (device loop4): using free space tree [ 145.923826][ T7023] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.373: iget: bad i_size value: 38620345925642 [ 145.999578][ T7023] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.373: couldn't read orphan inode 15 (err -117) [ 146.091164][ T7006] BTRFS info (device loop4): enabling ssd optimizations [ 146.117171][ T7023] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.230347][ T7023] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.373: bg 0: block 5: invalid block bitmap [ 146.312727][ T7019] loop2: detected capacity change from 0 to 32768 [ 146.353625][ T7019] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz.2.372 (7019) [ 146.442769][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.643386][ T5783] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by udevd (5783) [ 146.696741][ T6677] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 146.761917][ T6677] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 146.856948][ T6420] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 147.075102][ T7053] loop2: detected capacity change from 0 to 2048 [ 147.134193][ T7053] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 147.266685][ T28] audit: type=1800 audit(1774674040.645:11): pid=7053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.376" name="file2" dev="loop2" ino=1347 res=0 errno=0 [ 147.974212][ T5774] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 148.194582][ T5774] usb 5-1: Using ep0 maxpacket: 8 [ 148.205271][ T5774] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 148.244405][ T5774] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 148.285655][ T5774] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 148.324144][ T5774] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 148.352977][ T5774] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 148.383239][ T5774] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 148.397740][ T5774] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.249070][ T7109] usbtmc 5-1:16.0: simple usb_control_msg returned 0 [ 149.459740][ T7115] loop2: detected capacity change from 0 to 1024 [ 149.496777][ T5809] usb 5-1: USB disconnect, device number 2 [ 149.510785][ T7115] EXT4-fs: Ignoring removed orlov option [ 149.539977][ T7118] loop3: detected capacity change from 0 to 128 [ 149.560543][ T7115] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 149.623153][ T5774] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 149.656964][ T7115] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.677559][ T5774] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 149.772056][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.979832][ T5770] FAT-fs (loop3): error, invalid access to FAT (entry 0x0fff0000) [ 149.995285][ T5770] FAT-fs (loop3): Filesystem has been set read-only [ 151.019605][ T7160] loop1: detected capacity change from 0 to 256 [ 151.049067][ T7160] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 151.730682][ T7187] loop1: detected capacity change from 0 to 2048 [ 151.776751][ T7187] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 151.915389][ T7153] loop4: detected capacity change from 0 to 40427 [ 151.954540][ T7153] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 151.962364][ T7153] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 152.011564][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.015093][ T7153] F2FS-fs (loop4): invalid crc value [ 152.110550][ T7153] F2FS-fs (loop4): Found nat_bits in checkpoint [ 152.353504][ T7153] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 152.379318][ T7153] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 153.430430][ T7205] loop3: detected capacity change from 0 to 40427 [ 153.477417][ T7205] F2FS-fs (loop3): invalid crc value [ 153.515325][ T7205] F2FS-fs (loop3): Found nat_bits in checkpoint [ 153.693501][ T7205] F2FS-fs (loop3): Start checkpoint disabled! [ 153.764884][ T7205] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 154.151915][ T7249] ubi0: attaching mtd0 [ 154.166253][ T7249] ubi0: scanning is finished [ 154.284218][ T7249] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 154.303949][ T7249] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 154.321600][ T7249] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 154.334777][ T7249] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 154.352560][ T7249] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 154.372911][ T7249] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 154.383032][ T7249] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3046490894 [ 154.409449][ T7249] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 154.429680][ T7252] ubi0: background thread "ubi_bgt0d" started, PID 7252 [ 154.448956][ T7251] ubi0: detaching mtd0 [ 154.541254][ T7251] ubi0: mtd0 is detached [ 154.704411][ T49] kworker/u4:3: attempt to access beyond end of device [ 154.704411][ T49] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 154.768460][ T49] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 155.124521][ T5809] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 155.234565][ T7244] loop1: detected capacity change from 0 to 32768 [ 155.324575][ T5809] usb 3-1: Using ep0 maxpacket: 32 [ 155.340186][ T5809] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 155.374282][ T5809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.425187][ T5809] usb 3-1: config 0 descriptor?? [ 155.652994][ T7276] Bluetooth: MGMT ver 1.22 [ 155.669770][ T5809] dvb-usb: found a 'Elgato EyeTV DTT' in warm state. [ 155.701467][ T5809] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 155.739914][ T5809] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT) [ 155.784135][ T5809] usb 3-1: media controller created [ 155.838152][ T5809] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 155.904341][ T6677] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 156.054448][ T5809] DVB: Unable to find symbol dib7000p_attach() [ 156.060718][ T5809] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT' [ 156.140122][ T6677] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 156.201358][ T6677] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.257333][ T6677] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.285639][ T6677] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 156.336033][ T6677] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 156.349163][ T6677] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 156.357858][ T5809] rc_core: IR keymap rc-dib0700-rc5 not found [ 156.361273][ T6677] usb 4-1: Manufacturer: syz [ 156.374208][ T5809] Registered IR keymap rc-empty [ 156.379342][ T5809] dvb-usb: could not initialize remote control. [ 156.379612][ T6677] usb 4-1: config 0 descriptor?? [ 156.414541][ T5809] dvb-usb: Elgato EyeTV DTT successfully initialized and connected. [ 156.457511][ T5809] usb 3-1: USB disconnect, device number 3 [ 156.605191][ T5809] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected. [ 156.883344][ T6677] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 156.907218][ T6677] appleir 0003:05AC:8243.0005: No inputs registered, leaving [ 156.940834][ T6677] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 157.159348][ T7309] loop4: detected capacity change from 0 to 256 [ 157.346993][ T6677] usb 4-1: USB disconnect, device number 6 [ 157.362021][ T7309] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001207b, chksum : 0x1e861e4d, utbl_chksum : 0xe619d30d) [ 157.616429][ T7316] Illegal XDP return value 4294967274 on prog (id 37) dev syz_tun, expect packet loss! [ 158.171796][ T7333] netlink: 4 bytes leftover after parsing attributes in process `syz.4.445'. [ 158.182606][ T5809] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 158.206191][ T7333] chnl_net:caif_netlink_parms(): no params data found [ 158.231703][ T7331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.444'. [ 158.408220][ T5809] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 158.453105][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.471756][ T5809] usb 2-1: Product: syz [ 158.488902][ T5809] usb 2-1: Manufacturer: syz [ 158.493595][ T5809] usb 2-1: SerialNumber: syz [ 158.529665][ T5809] usb 2-1: config 0 descriptor?? [ 158.530603][ T7345] loop2: detected capacity change from 0 to 1024 [ 158.548121][ T7345] EXT4-fs: Ignoring removed bh option [ 158.568595][ T7345] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 158.619098][ T7345] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.640665][ T7345] EXT4-fs (loop2): shut down requested (2) [ 158.679731][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.704160][ T6677] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 158.761090][ T5809] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 158.916367][ T6677] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 158.947920][ T6677] usb 4-1: config 4 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 158.992630][ T6677] usb 4-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 159.039404][ T6677] usb 4-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 159.059178][ T6677] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.077880][ T6677] usb 4-1: Product: syz [ 159.088021][ T6677] usb 4-1: Manufacturer: syz [ 159.113294][ T6677] usb 4-1: SerialNumber: syz [ 159.149391][ T6677] usblp0: Disabling reads from problematic bidirectional printer [ 159.175433][ T5809] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -32 [ 159.193260][ T5809] usb 2-1: USB disconnect, device number 5 [ 159.371719][ T6677] usblp 4-1:4.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x03F0 pid 0x0004 [ 159.574680][ T6677] usb 4-1: USB disconnect, device number 7 [ 159.807813][ T7339] usblp0: removed [ 160.012600][ T28] audit: type=1326 audit(1774674053.395:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7378 comm="syz.1.457" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4501f9c799 code=0x0 [ 160.639481][ T7391] sock: sock_set_timeout: `syz.2.462' (pid 7391) tries to set negative timeout [ 160.961340][ T28] audit: type=1326 audit(1774674054.345:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 160.987240][ T28] audit: type=1326 audit(1774674054.345:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 161.011235][ T28] audit: type=1326 audit(1774674054.345:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 161.034439][ T7401] IPVS: Scheduler module ip_vs_ not found [ 161.044327][ T28] audit: type=1326 audit(1774674054.345:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 161.068186][ T28] audit: type=1326 audit(1774674054.345:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 161.091537][ T28] audit: type=1326 audit(1774674054.345:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 161.114790][ T28] audit: type=1326 audit(1774674054.435:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 161.138463][ T28] audit: type=1326 audit(1774674054.435:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4501f9c799 code=0x7ffc0000 [ 161.560867][ T7406] loop1: detected capacity change from 0 to 32768 [ 161.592231][ T7406] (syz.1.468,7406,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 161.627647][ T7406] (syz.1.468,7406,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 161.691684][ T7406] JBD2: Ignoring recovery information on journal [ 161.794380][ T5808] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 161.809657][ T7406] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 162.018116][ T5808] usb 4-1: Using ep0 maxpacket: 16 [ 162.040963][ T5808] usb 4-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 162.074162][ T5808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.083568][ T5808] usb 4-1: Product: syz [ 162.104115][ T5808] usb 4-1: Manufacturer: syz [ 162.119123][ T5808] usb 4-1: SerialNumber: syz [ 162.377770][ T5808] usb 4-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 162.407030][ T5808] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 162.438361][ T5808] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 162.453928][ T7417] loop2: detected capacity change from 0 to 32768 [ 162.455393][ T5808] usb 4-1: media controller created [ 162.480502][ T5767] ocfs2: Unmounting device (7,1) on (node local) [ 162.494870][ T7417] XFS (loop2): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b [ 162.565955][ T5808] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 162.634410][ T5808] zl10353_read_register: readreg error (reg=127, ret==-71) [ 162.709803][ T5808] dvb_usb_gl861: probe of 4-1:157.0 failed with error -5 [ 162.732018][ T7417] XFS (loop2): Ending clean mount [ 162.759502][ T5808] usb 4-1: USB disconnect, device number 8 [ 163.047206][ T5768] XFS (loop2): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b [ 163.365323][ T7436] loop3: detected capacity change from 0 to 256 [ 163.530838][ T7441] loop8: detected capacity change from 0 to 7 [ 163.568541][ T7441] Dev loop8: unable to read RDB block 7 [ 163.600585][ T7441] loop8: unable to read partition table [ 163.623510][ T7441] loop8: partition table beyond EOD, truncated [ 163.648347][ T7441] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 164.249452][ T7457] input: syz1 as /devices/virtual/input/input11 [ 164.905693][ T7447] loop4: detected capacity change from 0 to 40427 [ 164.940217][ T7447] F2FS-fs (loop4): heap/no_heap options were deprecated [ 164.958614][ T7447] F2FS-fs (loop4): build fault injection attr: rate: 19, type: 0x7ffff [ 164.980882][ T7447] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x77e8c [ 165.016288][ T7447] F2FS-fs (loop4): invalid crc value [ 165.050497][ T7447] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21d/0x9b0 [ 165.093442][ T7447] F2FS-fs (loop4): Found nat_bits in checkpoint [ 165.104304][ T5808] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 165.203906][ T7447] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650 [ 165.252004][ C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x597/0xe40 [ 165.344570][ T7447] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 165.553624][ T7447] F2FS-fs (loop4): inject no more block in inc_valid_node_count of f2fs_new_node_page+0x187/0x910 [ 165.775934][ T7466] F2FS-fs (loop4): inject truncate fail in f2fs_truncate of f2fs_setattr+0xcbe/0x1360 [ 165.794185][ T5808] usb 4-1: Using ep0 maxpacket: 32 [ 165.797177][ T28] audit: type=1800 audit(1774674059.155:21): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.481" name="file1" dev="loop4" ino=12 res=0 errno=0 [ 165.805279][ T5808] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.854101][ T5808] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.863941][ T5808] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 165.874146][ T5808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.886559][ T5808] usb 4-1: config 0 descriptor?? [ 165.957732][ T6420] syz-executor: attempt to access beyond end of device [ 165.957732][ T6420] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 165.994253][ T6420] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 166.244515][ T5809] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 166.324702][ T5808] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 166.485435][ T5809] usb 2-1: Using ep0 maxpacket: 8 [ 166.506607][ T5809] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 166.539145][ T5809] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 166.569800][ T5809] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 166.602282][ T5809] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 166.637096][ T5809] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 166.654156][ T6677] usb 4-1: USB disconnect, device number 9 [ 166.672981][ T5809] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 166.702067][ T5809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.579361][ T7489] usbtmc 2-1:16.0: simple usb_control_msg returned 0 [ 167.784610][ T5808] usb 2-1: USB disconnect, device number 6 [ 167.911657][ T7495] netlink: 'syz.3.498': attribute type 1 has an invalid length. [ 167.929026][ T7495] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 167.937109][ T7495] IPv6: NLM_F_CREATE should be set when creating new route [ 167.944458][ T7495] IPv6: NLM_F_CREATE should be set when creating new route [ 167.965868][ T7495] netlink: 'syz.3.498': attribute type 1 has an invalid length. [ 167.973729][ T7495] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 167.987193][ T7495] Zero length message leads to an empty skb [ 168.392292][ T7503] loop1: detected capacity change from 0 to 128 [ 168.401880][ T7503] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 168.428654][ T7503] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.124656][ T5808] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 169.330913][ T5808] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 169.342770][ T5808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.361000][ T5808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.371896][ T5808] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 169.388723][ T5808] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 169.400376][ T5808] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 169.409022][ T5808] usb 5-1: Manufacturer: syz [ 169.417956][ T5808] usb 5-1: config 0 descriptor?? [ 169.738763][ T7537] loop1: detected capacity change from 0 to 256 [ 169.761714][ T7537] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 169.858915][ T5808] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 169.871485][ T5808] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 169.909551][ T5808] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 170.219146][ T5774] usb 5-1: USB disconnect, device number 3 [ 170.265578][ T7544] loop2: detected capacity change from 0 to 2048 [ 170.323192][ T7544] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 170.353750][ T7544] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 170.919894][ T7559] syzkaller1: entered promiscuous mode [ 170.944187][ T7559] syzkaller1: entered allmulticast mode [ 171.891253][ T7581] loop4: detected capacity change from 0 to 4096 [ 171.925865][ T7585] tun0: tun_chr_ioctl cmd 1074025675 [ 171.931380][ T7585] tun0: persist enabled [ 171.975317][ T7585] tun0: tun_chr_ioctl cmd 1074025675 [ 171.982749][ T7589] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 171.994232][ T7585] tun0: persist enabled [ 172.260229][ T7581] NILFS error (device loop4): nilfs_dotdot: directory #12 missing '.' [ 172.300111][ T7581] Remounting filesystem read-only [ 172.505778][ T7600] syzkaller1: entered promiscuous mode [ 172.507966][ T7602] loop4: detected capacity change from 0 to 512 [ 172.524155][ T7600] syzkaller1: entered allmulticast mode [ 172.606109][ T7602] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.836224][ T6420] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.292954][ T7625] netlink: 'syz.4.548': attribute type 4 has an invalid length. [ 173.375796][ T7628] loop1: detected capacity change from 0 to 256 [ 173.474204][ T5774] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 173.690083][ T5774] usb 3-1: Using ep0 maxpacket: 32 [ 173.709809][ T5774] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 173.762159][ T5774] usb 3-1: config 0 has no interface number 0 [ 173.773830][ T5774] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 173.824557][ T5774] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.875937][ T5774] usb 3-1: Product: syz [ 173.880191][ T5774] usb 3-1: Manufacturer: syz [ 173.940169][ T5774] usb 3-1: SerialNumber: syz [ 173.983081][ T5774] usb 3-1: config 0 descriptor?? [ 174.005203][ T5774] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 174.021609][ T7643] loop1: detected capacity change from 0 to 128 [ 174.040054][ T7643] EXT4-fs: Ignoring removed nobh option [ 174.083398][ T7643] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 174.175536][ T7643] ext4 filesystem being mounted at /158/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 174.214410][ T7646] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 174.275608][ T5774] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 174.325477][ T5774] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 174.508117][ T5767] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 174.805451][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 174.826970][ T8] usb 3-1: USB disconnect, device number 4 [ 174.875449][ T8] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 174.940206][ T8] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 174.984016][ T8] quatech2 3-1:0.51: device disconnected [ 175.049868][ T7641] loop3: detected capacity change from 0 to 32768 [ 175.101202][ T7641] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 175.154661][ T789] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 175.159763][ T7669] netlink: 'syz.4.565': attribute type 5 has an invalid length. [ 175.277026][ T7671] loop4: detected capacity change from 0 to 512 [ 175.321198][ T7671] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 175.322648][ T7641] XFS (loop3): Ending clean mount [ 175.359160][ T7671] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm syz.4.566: bg 0: block 104: invalid block bitmap [ 175.365542][ T7641] XFS (loop3): Quotacheck needed: Please wait. [ 175.388645][ T789] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.422596][ T7671] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 175.453604][ T789] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.465923][ T7671] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.566: invalid indirect mapped block 1 (level 1) [ 175.512937][ T789] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 175.542065][ T789] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 175.551635][ T789] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.562391][ T789] usb 2-1: config 0 descriptor?? [ 175.566487][ T7671] EXT4-fs (loop4): 1 truncate cleaned up [ 175.592802][ T7641] XFS (loop3): Quotacheck: Done. [ 175.616953][ T7671] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.842714][ T5770] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 175.860153][ T6420] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.007127][ T6677] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 176.039530][ T789] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 176.082961][ T789] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 176.225452][ T6677] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 176.260738][ T6677] usb 3-1: New USB device strings: Mfr=51, Product=16, SerialNumber=115 [ 176.314845][ T6677] usb 3-1: Product: syz [ 176.319538][ T6677] usb 3-1: Manufacturer: syz [ 176.344869][ T6677] usb 3-1: SerialNumber: syz [ 176.381793][ T6677] usb 3-1: config 0 descriptor?? [ 176.418327][ T6677] cp210x 3-1:0.0: cp210x converter detected [ 176.457974][ T9] usb 2-1: USB disconnect, device number 7 [ 176.860495][ T6677] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 176.887308][ T6677] cp210x 3-1:0.0: GPIO initialisation failed: -524 [ 176.914804][ T6677] usb 3-1: cp210x converter now attached to ttyUSB0 [ 176.979154][ T7692] input: syz0 as /devices/virtual/input/input12 [ 177.166801][ T6677] usb 3-1: USB disconnect, device number 5 [ 177.199300][ T6677] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 177.233337][ T6677] cp210x 3-1:0.0: device disconnected [ 178.159475][ T7713] loop1: detected capacity change from 0 to 1764 [ 178.199783][ T7717] loop4: detected capacity change from 0 to 128 [ 178.216416][ T7717] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 178.246505][ T7713] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 178.288092][ T7717] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 178.599637][ T7724] netlink: 4 bytes leftover after parsing attributes in process `syz.4.585'. [ 178.660681][ T7726] netlink: 64535 bytes leftover after parsing attributes in process `syz.1.586'. [ 178.862891][ T7730] netlink: 8 bytes leftover after parsing attributes in process `syz.1.588'. [ 179.226693][ T7742] loop2: detected capacity change from 0 to 16 [ 179.291905][ T7742] erofs: (device loop2): mounted with root inode @ nid 36. [ 179.722313][ T7753] netlink: 8 bytes leftover after parsing attributes in process `syz.4.599'. [ 179.757307][ T7755] input: syz0 as /devices/virtual/input/input13 [ 180.230621][ T7757] loop3: detected capacity change from 0 to 32768 [ 180.383069][ T7757] find_entry called with index = 0 [ 180.427068][ T7757] find_entry called with index = 0 [ 180.450009][ T7757] read_mapping_page failed! [ 180.477702][ T7757] ERROR: (device loop3): txCommit: [ 180.477702][ T7757] [ 181.128937][ T7785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.613'. [ 181.294436][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 181.484201][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 181.507015][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 181.541994][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 181.564724][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 181.584155][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 181.601872][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 181.622325][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.810161][ T7795] (null): rxe_set_mtu: Set mtu to 256 [ 181.893162][ T9] usb 2-1: GET_CAPABILITIES returned 0 [ 181.907059][ T9] usbtmc 2-1:16.0: can't read capabilities [ 182.155663][ T9] usb 2-1: USB disconnect, device number 8 [ 182.608676][ T7795] infiniband syz1: set active [ 182.633089][ T7795] infiniband syz1: added syz_tun [ 182.937019][ T7795] RDS/IB: syz1: added [ 182.958359][ T7795] smc: adding ib device syz1 with port count 1 [ 182.979126][ T7795] smc: ib device syz1 port 1 has pnetid [ 182.989753][ T7787] iou-wrk-7786 (7787): drop_caches: 2 [ 183.137619][ T7783] syz.3.612 (7783): drop_caches: 2 [ 183.327201][ T7808] loop4: detected capacity change from 0 to 4096 [ 183.900019][ T7818] loop3: detected capacity change from 0 to 256 [ 183.967257][ T7818] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 184.041820][ T28] audit: type=1800 audit(1774674077.425:22): pid=7818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.627" name="bus" dev="loop3" ino=1048622 res=0 errno=0 [ 185.246521][ T28] audit: type=1326 audit(1774674078.625:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb46d3db19 code=0x7ffc0000 [ 185.313356][ T28] audit: type=1326 audit(1774674078.655:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb46d3db19 code=0x7ffc0000 [ 185.387353][ T28] audit: type=1326 audit(1774674078.655:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb46d9c799 code=0x7ffc0000 [ 185.477412][ T28] audit: type=1326 audit(1774674078.655:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb46d9c799 code=0x7ffc0000 [ 185.564280][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 185.572368][ T28] audit: type=1326 audit(1774674078.655:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb46d9c799 code=0x7ffc0000 [ 185.636155][ T7842] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 185.673460][ T28] audit: type=1326 audit(1774674078.655:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb46d3db19 code=0x7ffc0000 [ 185.698590][ T7833] loop3: detected capacity change from 0 to 32768 [ 185.710473][ T28] audit: type=1326 audit(1774674078.655:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb46d3db19 code=0x7ffc0000 [ 185.733939][ T28] audit: type=1326 audit(1774674078.655:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb46d3db19 code=0x7ffc0000 [ 185.814938][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 185.835495][ T28] audit: type=1326 audit(1774674078.655:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7824 comm="syz.4.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb46d3db19 code=0x7ffc0000 [ 185.855221][ T9] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 185.872974][ T7833] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 185.908314][ T9] usb 3-1: config 0 has no interface number 0 [ 185.952009][ T9] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 186.016822][ T9] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 186.081193][ T9] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 186.095381][ T7833] XFS (loop3): Ending clean mount [ 186.127878][ T9] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 186.151626][ T9] usb 3-1: Product: syz [ 186.157506][ T7833] XFS (loop3): Quotacheck needed: Please wait. [ 186.159044][ T9] usb 3-1: SerialNumber: syz [ 186.211470][ T9] usb 3-1: config 0 descriptor?? [ 186.241287][ T9] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 186.262113][ T7833] XFS (loop3): Quotacheck: Done. [ 186.266803][ T9] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input14 [ 186.447346][ T5770] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 186.688394][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.698345][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.705822][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.713846][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.721414][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.728817][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.736042][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.743228][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.750453][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.757934][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 186.794135][ T8] usb 3-1: USB disconnect, device number 6 [ 186.794220][ C0] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 186.805321][ T7858] loop1: detected capacity change from 0 to 4096 [ 186.871164][ T8] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 187.495763][ T7873] loop2: detected capacity change from 0 to 1024 [ 187.513756][ T7873] EXT4-fs: Ignoring removed oldalloc option [ 187.532847][ T7873] EXT4-fs: Ignoring removed bh option [ 187.562785][ T7873] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 187.625546][ T7873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.700033][ T7873] process 'syz.2.646' launched './file0' with NULL argv: empty string added [ 187.837042][ T7863] loop4: detected capacity change from 0 to 32768 [ 187.872417][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.911773][ T7863] JBD2: Ignoring recovery information on journal [ 188.028965][ T7863] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 188.326442][ T7863] (syz.4.642,7863,1):ocfs2_remount:623 ERROR: Cannot change heartbeat mode on remount [ 188.376274][ T7869] loop1: detected capacity change from 0 to 32768 [ 188.441762][ T7869] [ 188.441762][ T7869] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.441762][ T7869] [ 188.537718][ T6420] ocfs2: Unmounting device (7,4) on (node local) [ 188.603819][ T59] [ 188.603819][ T59] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.603819][ T59] [ 188.647503][ T59] [ 188.647503][ T59] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.647503][ T59] [ 188.688861][ T59] [ 188.688861][ T59] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.688861][ T59] [ 188.722919][ T112] [ 188.722919][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.722919][ T112] [ 188.756578][ T7896] [ 188.756578][ T7896] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.756578][ T7896] [ 188.804625][ T59] [ 188.804625][ T59] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.804625][ T59] [ 188.824845][ T59] [ 188.824845][ T59] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.824845][ T59] [ 188.843814][ T59] [ 188.843814][ T59] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.843814][ T59] [ 188.862232][ T59] [ 188.862232][ T59] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.862232][ T59] [ 188.927970][ T7896] [ 188.927970][ T7896] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.927970][ T7896] [ 188.979096][ T7901] loop2: detected capacity change from 0 to 512 [ 188.981246][ T7869] [ 188.981246][ T7869] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.981246][ T7869] [ 188.997922][ T7869] [ 188.997922][ T7869] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.997922][ T7869] [ 188.999971][ T7901] EXT4-fs: inline encryption not supported [ 189.035382][ T7869] [ 189.035382][ T7869] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.035382][ T7869] [ 189.041695][ T7901] EXT4-fs: Ignoring removed i_version option [ 189.067553][ T7869] [ 189.067553][ T7869] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.067553][ T7869] [ 189.133855][ T7901] EXT4-fs (loop2): 1 orphan inode deleted [ 189.141229][ T7901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.212580][ T5767] [ 189.212580][ T5767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.212580][ T5767] [ 189.226730][ T5767] [ 189.226730][ T5767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.226730][ T5767] [ 189.251558][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.661352][ T7918] loop1: detected capacity change from 0 to 512 [ 190.196897][ T7931] sctp: [Deprecated]: syz.3.665 (pid 7931) Use of int in max_burst socket option deprecated. [ 190.196897][ T7931] Use struct sctp_assoc_value instead [ 190.645185][ T7916] loop4: detected capacity change from 0 to 40427 [ 190.670474][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.668'. [ 190.687676][ T7916] F2FS-fs (loop4): build fault injection attr: rate: 14, type: 0x7ffff [ 190.711005][ T7916] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x724 [ 190.747446][ T7916] F2FS-fs (loop4): invalid crc value [ 190.763203][ T7916] F2FS-fs (loop4): Found nat_bits in checkpoint [ 190.882777][ T7916] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x68b/0x9b0 [ 190.937985][ T7916] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 190.960870][ T7925] loop1: detected capacity change from 0 to 40427 [ 190.993087][ T7925] F2FS-fs (loop1): invalid crc value [ 191.026430][ T7925] F2FS-fs (loop1): Found nat_bits in checkpoint [ 191.102838][ T7916] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x13a/0x910 [ 191.170607][ T7916] F2FS-fs (loop4): inject too big dir depth in f2fs_add_regular_entry of f2fs_add_dentry+0xda/0x1d0 [ 191.204460][ T7925] F2FS-fs (loop1): Start checkpoint disabled! [ 191.223000][ T7925] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 191.292451][ T6420] syz-executor: attempt to access beyond end of device [ 191.292451][ T6420] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 191.334157][ T6420] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 191.774940][ T59] kworker/u4:4: attempt to access beyond end of device [ 191.774940][ T59] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 191.831372][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 191.854168][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 192.434726][ T7950] loop2: detected capacity change from 0 to 32768 [ 192.517445][ T7950] XFS (loop2): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 192.740487][ T7952] loop3: detected capacity change from 0 to 40427 [ 192.760452][ T7952] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 192.781412][ T7952] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 192.826314][ T7952] F2FS-fs (loop3): heap/no_heap options were deprecated [ 192.861700][ T7950] XFS (loop2): Starting recovery (logdev: internal) [ 192.862416][ T7952] F2FS-fs (loop3): invalid crc value [ 192.911573][ T7952] F2FS-fs (loop3): Found nat_bits in checkpoint [ 192.943297][ T7950] XFS (loop2): Ending recovery (logdev: internal) [ 193.132970][ T7952] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 193.152950][ T7952] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 193.309611][ T7974] loop1: detected capacity change from 0 to 128 [ 193.368457][ T7952] syz.3.675: attempt to access beyond end of device [ 193.368457][ T7952] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 193.390849][ T5768] XFS (loop2): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 193.410219][ T7952] F2FS-fs (loop3): Remounting filesystem read-only [ 193.432616][ T7952] syz.3.675: attempt to access beyond end of device [ 193.432616][ T7952] loop3: rw=2049, sector=53280, nr_sectors = 8 limit=40427 [ 193.492256][ T7952] F2FS-fs (loop3): Remounting filesystem read-only [ 193.945408][ T7984] syzkaller1: entered promiscuous mode [ 193.950961][ T7984] syzkaller1: entered allmulticast mode [ 194.485374][ T28] kauditd_printk_skb: 155 callbacks suppressed [ 194.485390][ T28] audit: type=1326 audit(1774674087.875:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7994 comm="syz.3.690" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd52fb9c799 code=0x0 [ 194.653824][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.660485][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.552599][ T8019] iou-wrk-8018 (8019): drop_caches: 2 [ 195.640399][ T8016] syz.4.695 (8016): drop_caches: 2 [ 196.431608][ T8029] loop1: detected capacity change from 0 to 32768 [ 196.467563][ T8029] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.700 (8029) [ 196.510559][ T8029] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 196.536537][ T8029] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 196.556096][ T8029] BTRFS info (device loop1): force clearing of disk cache [ 196.563334][ T8029] BTRFS info (device loop1): enabling auto defrag [ 196.596662][ T8029] BTRFS info (device loop1): enabling ssd optimizations [ 196.603743][ T8029] BTRFS info (device loop1): max_inline at 0 [ 196.654830][ T8029] BTRFS info (device loop1): enabling disk space caching [ 196.665783][ T8029] BTRFS info (device loop1): disk space caching is enabled [ 196.695359][ T8041] loop2: detected capacity change from 0 to 1024 [ 196.776027][ T8037] loop4: detected capacity change from 0 to 40427 [ 196.795764][ T8037] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 196.803863][ T8037] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 196.856666][ T8037] F2FS-fs (loop4): invalid crc value [ 196.915705][ T8029] BTRFS info (device loop1): rebuilding free space tree [ 196.945363][ T8037] F2FS-fs (loop4): Found nat_bits in checkpoint [ 197.031077][ T8029] BTRFS info (device loop1): disabling free space tree [ 197.074397][ T8029] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 197.118423][ T8029] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 197.138731][ T59] hfsplus: b-tree write err: -5, ino 25 [ 197.156157][ T59] hfsplus: b-tree write err: -5, ino 4 [ 197.163770][ T59] hfsplus: b-tree write err: -5, ino 2 [ 197.191834][ T8037] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 197.224475][ T8037] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 197.403558][ T8065] loop2: detected capacity change from 0 to 128 [ 197.463843][ T8065] VFS: Found a Xenix FS (block size = 1024) on device loop2 [ 197.666419][ T5768] sysv_free_block: flc_count > flc_size [ 197.694455][ T5768] sysv_free_block: flc_count > flc_size [ 197.701516][ T5768] sysv_free_block: flc_count > flc_size [ 197.747329][ T5768] sysv_free_block: flc_count > flc_size [ 197.752944][ T5768] sysv_free_block: flc_count > flc_size [ 197.794426][ T5768] sysv_free_block: flc_count > flc_size [ 197.800312][ T5768] sysv_free_block: flc_count > flc_size [ 197.816556][ T5768] sysv_free_block: flc_count > flc_size [ 197.822728][ T5768] sysv_free_block: flc_count > flc_size [ 197.841508][ T5768] sysv_free_block: flc_count > flc_size [ 197.865639][ T5768] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 198.058132][ T5767] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 198.305023][ T8076] loop2: detected capacity change from 0 to 1024 [ 198.481043][ T8076] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 198.554927][ T8076] ext4 filesystem being mounted at /203/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.709668][ T8076] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 3: comm syz.2.712: lblock 3 mapped to illegal pblock 3 (length 3) [ 198.813522][ T8076] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 198.834318][ T8076] EXT4-fs (loop2): This should not happen!! Data will be lost [ 198.834318][ T8076] [ 199.100468][ T8072] loop3: detected capacity change from 0 to 131072 [ 199.121962][ T8072] F2FS-fs (loop3): Test dummy encryption mode enabled [ 199.128760][ T59] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: comm kworker/u4:4: lblock 0 mapped to illegal pblock 0 (length 3) [ 199.153584][ T8072] F2FS-fs (loop3): invalid crc value [ 199.153648][ T59] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 117 [ 199.197027][ T59] EXT4-fs (loop2): This should not happen!! Data will be lost [ 199.197027][ T59] [ 199.230353][ T42] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 7: comm kworker/u4:2: lblock 7 mapped to illegal pblock 7 (length 9) [ 199.268875][ T8072] F2FS-fs (loop3): Found nat_bits in checkpoint [ 199.287448][ T42] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 9 with error 117 [ 199.331687][ T42] EXT4-fs (loop2): This should not happen!! Data will be lost [ 199.331687][ T42] [ 199.384211][ T8072] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 199.391472][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 200.407138][ T8111] loop4: detected capacity change from 0 to 2048 [ 200.505557][ T8111] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.534343][ T8111] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.568426][ T23] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 200.804831][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 200.812457][ T23] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 200.821515][ T23] usb 3-1: config 0 has no interface number 0 [ 200.833005][ T6420] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.844130][ T23] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 200.864161][ T23] usb 3-1: config 0 interface 85 has no altsetting 0 [ 200.925265][ T23] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 200.954138][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.962208][ T23] usb 3-1: Product: syz [ 200.980718][ T23] usb 3-1: Manufacturer: syz [ 200.992750][ T23] usb 3-1: SerialNumber: syz [ 201.006990][ T23] usb 3-1: config 0 descriptor?? [ 201.063265][ T8124] tipc: Started in network mode [ 201.069148][ T8124] tipc: Node identity , cluster identity 4711 [ 201.081112][ T8124] tipc: Failed to obtain node identity [ 201.111917][ T8124] tipc: Enabling of bearer rejected, failed to enable media [ 201.241407][ T8109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 201.289107][ T8109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.744255][ T23] appletouch 3-1:0.85: Geyser mode initialized. [ 201.775329][ T23] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input15 [ 201.849626][ T5773] Bluetooth: hci3: command 0x0406 tx timeout [ 201.854142][ T5777] Bluetooth: hci1: command 0x0406 tx timeout [ 201.862063][ T5776] Bluetooth: hci0: command 0x0406 tx timeout [ 201.862555][ T8144] loop3: detected capacity change from 0 to 2048 [ 202.063484][ T8144] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.102720][ T9] usb 3-1: USB disconnect, device number 7 [ 202.105659][ T8144] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.189356][ T9] appletouch 3-1:0.85: input: appletouch disconnected [ 202.327749][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.365218][ T23] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 202.533609][ T8164] netlink: 14 bytes leftover after parsing attributes in process `syz.3.743'. [ 202.564308][ T8165] loop4: detected capacity change from 0 to 512 [ 202.574469][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 202.598514][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.619529][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.645122][ T23] usb 2-1: config 0 interface 0 has no altsetting 0 [ 202.655566][ T23] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 202.677818][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.688759][ T23] usb 2-1: config 0 descriptor?? [ 202.860200][ T8169] loop2: detected capacity change from 0 to 256 [ 202.900120][ T8169] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 202.998730][ T8169] syz.2.745: attempt to access beyond end of device [ 202.998730][ T8169] loop2: rw=524288, sector=34359738488, nr_sectors = 8 limit=256 [ 203.028685][ T8169] syz.2.745: attempt to access beyond end of device [ 203.028685][ T8169] loop2: rw=0, sector=34359738488, nr_sectors = 8 limit=256 [ 203.045368][ T28] audit: type=1800 audit(1774674096.435:188): pid=8169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.745" name="file1" dev="loop2" ino=1048625 res=0 errno=0 [ 203.071188][ T8169] exFAT-fs (loop2): hint_cluster is invalid (1), rewind to the first cluster [ 203.096706][ T8169] syz.2.745: attempt to access beyond end of device [ 203.096706][ T8169] loop2: rw=2049, sector=34359738488, nr_sectors = 8 limit=256 [ 203.150182][ T8153] loop1: detected capacity change from 0 to 512 [ 203.150483][ T8173] exFAT-fs (loop2): error, tried to truncate zeroed cluster. [ 203.172627][ T8173] exFAT-fs (loop2): Filesystem has been set read-only [ 203.198675][ T8169] exFAT-fs (loop2): error, invalid access to exfat cache (entry 0x00000000) [ 203.245627][ T8169] exFAT-fs (loop2): error, failed to bmap (inode : ffff88805b8714e0 iblock : 0, err : -5) [ 203.270624][ T8153] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 203.293175][ T8169] exFAT-fs (loop2): error, tried to truncate zeroed cluster. [ 203.324330][ T8153] ext4 filesystem being mounted at /207/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.336060][ T8169] exFAT-fs (loop2): error, tried to truncate zeroed cluster. [ 203.454930][ T23] hid (null): bogus close delimiter [ 203.461019][ T23] hid (null): report_id 0 is invalid [ 203.471139][ T23] hid (null): unknown global tag 0xc [ 203.761717][ T8187] loop8: detected capacity change from 0 to 8 [ 203.770507][ T23] usb 2-1: USB disconnect, device number 9 [ 203.797672][ T8187] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 203.811416][ T8187] loop8: p1 start 1701603686 is beyond EOD, truncated [ 203.845509][ T8187] loop8: p2 start 2381523385 is beyond EOD, truncated [ 203.881639][ T8189] loop3: detected capacity change from 0 to 512 [ 203.888169][ T8187] loop8: p3 start 256934931 is beyond EOD, truncated [ 203.912359][ T8187] loop8: p4 start 4084151128 is beyond EOD, truncated [ 203.920944][ T8189] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 203.953624][ T8187] loop8: p5 size 2048 extends beyond EOD, truncated [ 203.969376][ T8187] loop8: p6 start 2736933807 is beyond EOD, truncated [ 203.977789][ T8187] loop8: p7 start 75287518 is beyond EOD, truncated [ 203.984792][ T8187] loop8: p8 start 2402041521 is beyond EOD, truncated [ 204.022707][ T8187] loop8: p9 start 3492405423 is beyond EOD, truncated [ 204.036939][ T8187] loop8: p10 start 515314764 is beyond EOD, truncated [ 204.045342][ T8187] loop8: p11 start 2942580191 is beyond EOD, truncated [ 204.052368][ T8187] loop8: p12 start 163001658 is beyond EOD, truncated [ 204.223417][ T5783] udevd[5783]: inotify_add_watch(7, /dev/loop8p5, 10) failed: No such file or directory [ 204.357530][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 204.443485][ T8203] loop1: detected capacity change from 0 to 1024 [ 204.469858][ T8203] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 204.484679][ T8203] ext4 filesystem being mounted at /208/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 204.549062][ T8203] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 3: comm syz.1.757: lblock 3 mapped to illegal pblock 3 (length 3) [ 204.563524][ T23] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 204.568111][ T8203] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 204.585191][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 204.588037][ T8203] EXT4-fs (loop1): This should not happen!! Data will be lost [ 204.588037][ T8203] [ 204.620092][ T8203] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.757: lblock 3 mapped to illegal pblock 3 (length 1) [ 204.644358][ T5809] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 204.660111][ T456] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 8: comm kworker/u4:5: lblock 8 mapped to illegal pblock 8 (length 8) [ 204.676656][ T456] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 204.689666][ T456] EXT4-fs (loop1): This should not happen!! Data will be lost [ 204.689666][ T456] [ 204.702700][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 204.758844][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 204.770696][ T23] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 204.784197][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 204.790553][ T23] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.800162][ T9] usb 4-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 204.807227][ T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.816378][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.832753][ T9] usb 4-1: Product: syz [ 204.832971][ T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.838197][ T9] usb 4-1: Manufacturer: syz [ 204.853746][ T9] usb 4-1: SerialNumber: syz [ 204.859398][ T5809] usb 5-1: config 0 has no interfaces? [ 204.868192][ T23] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.873146][ T9] usb 4-1: config 0 descriptor?? [ 204.898939][ T9] gspca_main: spca508-2.14.0 probing 041e:4018 [ 204.908780][ T5809] usb 5-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85 [ 204.922784][ T23] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 204.932431][ T5809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.952459][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.964418][ T5809] usb 5-1: Product: syz [ 204.968647][ T5809] usb 5-1: Manufacturer: syz [ 204.985298][ T5809] usb 5-1: SerialNumber: syz [ 205.011414][ T5809] usb 5-1: config 0 descriptor?? [ 205.119768][ T9] gspca_spca508: reg_read err -32 [ 205.127729][ T9] gspca_spca508: reg_read err -32 [ 205.139405][ T9] gspca_spca508: reg_read err -32 [ 205.211960][ T23] usb 3-1: usb_control_msg returned -32 [ 205.224145][ T23] usbtmc 3-1:16.0: can't read capabilities [ 205.248778][ T5774] usb 5-1: USB disconnect, device number 4 [ 205.347589][ T9] gspca_spca508: reg_read err -71 [ 205.359358][ T9] gspca_spca508: reg write: error -71 [ 205.365761][ T9] spca508: probe of 4-1:0.0 failed with error -71 [ 205.398952][ T9] usb 4-1: USB disconnect, device number 10 [ 205.606795][ T8213] usbtmc 3-1:16.0: usb_control_msg returned -32 [ 205.615496][ T23] usb 3-1: USB disconnect, device number 8 [ 206.551468][ T8231] (null): rxe_set_mtu: Set mtu to 1024 [ 206.563119][ T8231] rdma_rxe: rxe_newlink: failed to add syz_tun [ 206.567470][ T8217] loop4: detected capacity change from 0 to 32768 [ 206.600225][ T8217] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 206.608467][ T5808] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 206.628941][ T8217] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 206.749802][ T8217] XFS (loop4): Ending clean mount [ 206.791852][ T8217] XFS (loop4): Quotacheck needed: Please wait. [ 206.825246][ T5808] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 206.880123][ T5808] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 206.935725][ T8217] XFS (loop4): Quotacheck: Done. [ 206.957750][ T5808] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 206.984200][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 207.000067][ T5808] usb 2-1: SerialNumber: syz [ 207.075563][ T8245] loop3: detected capacity change from 0 to 128 [ 207.114302][ T8245] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 207.147821][ T6420] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 207.201040][ T5770] sysv_free_block: flc_count > flc_size [ 207.208949][ T5770] sysv_free_block: flc_count > flc_size [ 207.215077][ T5770] sysv_free_block: flc_count > flc_size [ 207.220853][ T5770] sysv_free_block: flc_count > flc_size [ 207.233779][ T5770] sysv_free_block: flc_count > flc_size [ 207.279613][ T5808] usb 2-1: 0:2 : does not exist [ 207.306001][ T5770] sysv_free_block: flc_count > flc_size [ 207.330702][ T5770] sysv_free_block: flc_count > flc_size [ 207.349434][ T5770] sysv_free_block: flc_count > flc_size [ 207.362344][ T5770] sysv_free_block: flc_count > flc_size [ 207.379681][ T5770] sysv_free_block: flc_count > flc_size [ 207.392010][ T5770] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 207.469464][ T5808] usb 2-1: USB disconnect, device number 10 [ 207.587714][ T5762] udevd[5762]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 207.691862][ T8255] overlayfs: failed to create directory ./file1/work (errno: 13); mounting read-only [ 207.719147][ T8255] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 207.731298][ T8255] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 207.870876][ T8259] loop4: detected capacity change from 0 to 512 [ 207.940632][ T8259] EXT4-fs (loop4): 1 truncate cleaned up [ 207.952392][ T8259] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.277405][ T6420] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.434277][ T8257] loop3: detected capacity change from 0 to 32768 [ 208.444316][ T8257] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.774 (8257) [ 208.491166][ T8257] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 208.509432][ T8257] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 208.521730][ T8257] BTRFS info (device loop3): force clearing of disk cache [ 208.531446][ T8257] BTRFS info (device loop3): enabling auto defrag [ 208.538449][ T8257] BTRFS info (device loop3): enabling ssd optimizations [ 208.549884][ T8257] BTRFS info (device loop3): max_inline at 0 [ 208.557406][ T8257] BTRFS info (device loop3): enabling disk space caching [ 208.570498][ T8257] BTRFS info (device loop3): disk space caching is enabled [ 208.737282][ T8257] BTRFS info (device loop3): rebuilding free space tree [ 208.765676][ T8257] BTRFS info (device loop3): disabling free space tree [ 208.773123][ T8257] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 208.789923][ T8257] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 209.151368][ T8298] netlink: 14 bytes leftover after parsing attributes in process `syz.1.785'. [ 209.603667][ T5770] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 209.812841][ T8307] (null): rxe_set_mtu: Set mtu to 1024 [ 209.819264][ T8307] rdma_rxe: rxe_newlink: failed to add syz_tun [ 210.224296][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 210.434706][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 210.460616][ T9] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 210.474151][ T9] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 210.520269][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 210.539104][ T9] usb 3-1: config 1 has no interface number 0 [ 210.559285][ T9] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 210.581486][ T9] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 210.615435][ T9] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 210.622608][ T8320] loop3: detected capacity change from 0 to 8192 [ 210.641759][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.648051][ T8320] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 210.664422][ T8320] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 210.673775][ T8320] REISERFS (device loop3): using ordered data mode [ 210.684442][ T8320] reiserfs: using flush barriers [ 210.691934][ T8320] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 210.723747][ T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 210.736584][ T8320] REISERFS (device loop3): checking transaction log (loop3) [ 210.943236][ T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 210.985530][ T8320] REISERFS (device loop3): Using tea hash to sort names [ 211.013798][ T8320] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 211.127035][ T8315] loop1: detected capacity change from 0 to 32768 [ 211.185862][ T8315] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.791 (8315) [ 211.273168][ T8315] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 211.293229][ T8325] netlink: 20 bytes leftover after parsing attributes in process `syz.4.794'. [ 211.303666][ T8315] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 211.317944][ T8315] BTRFS info (device loop1): using free space tree [ 211.409753][ T8315] BTRFS info (device loop1): enabling ssd optimizations [ 211.449843][ T8315] BTRFS info (device loop1): auto enabling async discard [ 211.491143][ T9] usb 3-1: USB disconnect, device number 9 [ 211.499628][ T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 211.672743][ T8343] loop4: detected capacity change from 0 to 4096 [ 211.713563][ T5767] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 211.744583][ T8343] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512). [ 211.821832][ T8343] ntfs3: loop4: Failed to initialize $Extend/$Reparse. [ 212.584237][ T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 212.661261][ T8361] netlink: 104 bytes leftover after parsing attributes in process `syz.4.803'. [ 212.777354][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 212.785290][ T9] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 212.795609][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.808033][ T9] usb 3-1: config 0 descriptor?? [ 213.004128][ T5809] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 213.028245][ T9] dvb-usb: found a 'Elgato EyeTV DTT' in warm state. [ 213.042940][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 213.067728][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT) [ 213.076198][ T9] usb 3-1: media controller created [ 213.109412][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 213.186732][ T9] DVB: Unable to find symbol dib7000p_attach() [ 213.193819][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT' [ 213.211327][ T5809] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 213.239193][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.250776][ T5809] usb 2-1: Product: syz [ 213.264528][ T5809] usb 2-1: Manufacturer: syz [ 213.272642][ T5809] usb 2-1: SerialNumber: syz [ 213.304371][ T9] rc_core: IR keymap rc-dib0700-rc5 not found [ 213.320810][ T9] Registered IR keymap rc-empty [ 213.331176][ T9] dvb-usb: could not initialize remote control. [ 213.341075][ T9] dvb-usb: Elgato EyeTV DTT successfully initialized and connected. [ 213.365147][ T9] usb 3-1: USB disconnect, device number 10 [ 213.503003][ T9] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected. [ 213.521477][ T5809] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 213.557117][ T5809] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 213.588332][ T5809] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 213.601866][ T5809] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 213.613680][ T5809] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 213.638823][ T5809] lan78xx: probe of 2-1:1.0 failed with error -71 [ 213.646360][ T8371] bond0: entered promiscuous mode [ 213.651452][ T8371] bond_slave_0: entered promiscuous mode [ 213.663879][ T5809] usb 2-1: USB disconnect, device number 11 [ 213.670493][ T8371] bond_slave_1: entered promiscuous mode [ 213.693837][ T8371] batadv0: entered promiscuous mode [ 213.727941][ T8371] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 214.309459][ T5774] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 214.335718][ T5774] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 214.607703][ T8387] loop1: detected capacity change from 0 to 8192 [ 214.631449][ T8387] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 214.652229][ T8387] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 214.662125][ T8387] REISERFS (device loop1): using ordered data mode [ 214.669159][ T8387] reiserfs: using flush barriers [ 214.692205][ T8387] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 214.763044][ T8396] loop2: detected capacity change from 0 to 256 [ 214.771949][ T8396] exfat: Deprecated parameter 'utf8' [ 214.784872][ T8396] exfat: Deprecated parameter 'utf8' [ 214.790615][ T8396] exfat: Deprecated parameter 'utf8' [ 214.799423][ T8387] REISERFS (device loop1): checking transaction log (loop1) [ 214.841145][ T8396] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 214.947627][ T8392] loop3: detected capacity change from 0 to 16384 [ 215.113568][ T8387] REISERFS (device loop1): Using tea hash to sort names [ 215.143640][ T8398] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 215.173713][ T8387] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 215.202781][ T8387] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 215.407708][ T8387] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 215.475502][ T8401] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 215.497789][ T8400] loop2: detected capacity change from 0 to 1024 [ 215.655681][ T8400] hfsplus: small file entry [ 215.880649][ T8405] loop2: detected capacity change from 0 to 64 [ 216.008724][ T8407] loop3: detected capacity change from 0 to 128 [ 216.095007][ T8407] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 216.180240][ T8409] nullb0: [POWERTEC] p1 [ 216.198453][ T8407] ext4 filesystem being mounted at /193/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 216.232211][ T8409] nullb0: p1 start 809004142 is beyond EOD, truncated [ 216.352685][ T8403] loop4: detected capacity change from 0 to 32768 [ 216.393713][ T8403] [ 216.393713][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.393713][ T8403] [ 216.474948][ T28] audit: type=1800 audit(1774674109.865:189): pid=8403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.819" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 216.518262][ T5770] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 216.574655][ T456] [ 216.574655][ T456] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.574655][ T456] [ 216.604468][ T456] [ 216.604468][ T456] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.604468][ T456] [ 216.622389][ T456] [ 216.622389][ T456] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.622389][ T456] [ 216.684399][ T8416] [ 216.684399][ T8416] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.684399][ T8416] [ 216.716759][ T112] [ 216.716759][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.716759][ T112] [ 216.744559][ T11] [ 216.744559][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.744559][ T11] [ 216.787627][ T11] [ 216.787627][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.787627][ T11] [ 216.823395][ T11] [ 216.823395][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.823395][ T11] [ 216.824520][ T8420] syzkaller1: entered promiscuous mode [ 216.857738][ T11] [ 216.857738][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.857738][ T11] [ 216.867442][ T8420] syzkaller1: entered allmulticast mode [ 216.872561][ T8416] [ 216.872561][ T8416] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.872561][ T8416] [ 216.890709][ T8403] [ 216.890709][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.890709][ T8403] [ 216.906004][ T8424] netlink: 'syz.2.828': attribute type 4 has an invalid length. [ 216.911940][ T8403] [ 216.911940][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.911940][ T8403] [ 216.935329][ T8403] [ 216.935329][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.935329][ T8403] [ 216.952756][ T8403] [ 216.952756][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.952756][ T8403] [ 216.973941][ T8403] [ 216.973941][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.973941][ T8403] [ 216.989851][ T8403] [ 216.989851][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.989851][ T8403] [ 217.031077][ T8403] [ 217.031077][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.031077][ T8403] [ 217.085893][ T8403] [ 217.085893][ T8403] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.085893][ T8403] [ 217.239944][ T6420] [ 217.239944][ T6420] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.239944][ T6420] [ 217.294343][ T6420] [ 217.294343][ T6420] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.294343][ T6420] [ 217.321049][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 217.357533][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 217.387046][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 217.419537][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 217.964308][ T5774] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 218.078536][ T8451] loop1: detected capacity change from 0 to 1024 [ 218.109019][ T8451] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 218.155487][ T8451] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.175457][ T5774] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.206650][ T5774] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.225278][ T8451] ext4 filesystem being mounted at /230/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.259484][ T5774] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 218.330783][ T5774] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 218.362714][ T5774] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.370800][ T8451] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: comm syz.1.841: lblock 0 mapped to illegal pblock 0 (length 6) [ 218.408908][ T5774] usb 5-1: config 0 descriptor?? [ 218.415287][ T8451] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 218.442907][ T8451] EXT4-fs (loop1): This should not happen!! Data will be lost [ 218.442907][ T8451] [ 218.475523][ T8454] EXT4-fs error (device loop1): ext4_ext_remove_space:2940: inode #15: comm syz.1.841: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 218.505468][ T8454] EXT4-fs error (device loop1) in ext4_setattr:5663: Corrupt filesystem [ 218.609579][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 218.822357][ T8458] loop1: detected capacity change from 0 to 512 [ 218.859214][ T8458] EXT4-fs (loop1): 1 truncate cleaned up [ 218.867790][ T5774] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 218.868804][ T5808] kernel read not supported for file /sequencer (pid: 5808 comm: kworker/1:3) [ 218.900335][ T5774] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 218.903792][ T8458] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.194653][ T8463] loop3: detected capacity change from 0 to 2048 [ 219.255447][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.281463][ T8463] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.306402][ T5774] usb 5-1: USB disconnect, device number 5 [ 219.319508][ T8463] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.406829][ T8463] fs-verity: sha512 using implementation "sha512-avx2" [ 219.571677][ T8472] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 219.576520][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.642424][ T8472] EXT4-fs error (device loop2): ext4_orphan_get:1424: comm syz.2.847: bad orphan inode 131083 [ 219.691698][ T8472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.106791][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.579172][ T23] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 220.638667][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.856'. [ 220.774425][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 220.782424][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 220.794463][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 220.809317][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 220.816409][ T23] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 220.825747][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.837304][ T23] usb 4-1: config 0 descriptor?? [ 221.558976][ T5774] usb 4-1: USB disconnect, device number 11 [ 221.719109][ T8510] set_capacity_and_notify: 1 callbacks suppressed [ 221.719127][ T8510] loop4: detected capacity change from 0 to 32768 [ 221.741233][ T8510] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 scanned by syz.4.864 (8510) [ 221.775084][ T8510] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 221.787169][ T8510] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 221.798276][ T8510] BTRFS info (device loop4): using free space tree [ 221.877830][ T8510] BTRFS info (device loop4): enabling ssd optimizations [ 221.896339][ T8510] BTRFS info (device loop4): auto enabling async discard [ 221.984612][ T6677] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 221.993744][ T6420] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 222.034157][ T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 222.202654][ T6677] usb 2-1: Using ep0 maxpacket: 32 [ 222.226342][ T6677] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 222.237661][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 222.267819][ T6677] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.284289][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 222.316874][ T8542] loop3: detected capacity change from 0 to 256 [ 222.317016][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 222.335617][ T6677] usb 2-1: config 0 descriptor?? [ 222.353937][ T8542] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 222.383092][ T6677] as10x_usb: device has been detected [ 222.405504][ T9] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 222.427510][ T6677] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 222.435470][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.473885][ T9] usb 3-1: Product: syz [ 222.487873][ T9] usb 3-1: Manufacturer: syz [ 222.499515][ T9] usb 3-1: SerialNumber: syz [ 222.525626][ T6677] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 222.548698][ T9] usb 3-1: config 0 descriptor?? [ 222.582218][ T8519] ------------[ cut here ]------------ [ 222.588163][ T8519] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ 222.595902][ T8519] WARNING: CPU: 0 PID: 8519 at kernel/locking/mutex.c:582 __mutex_lock+0xb85/0xcc0 [ 222.611726][ T8519] Modules linked in: [ 222.615729][ T8519] CPU: 0 PID: 8519 Comm: syz.1.868 Not tainted syzkaller #0 [ 222.623096][ T8519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 222.633244][ T8519] RIP: 0010:__mutex_lock+0xb85/0xcc0 [ 222.638951][ T8519] Code: 04 08 84 c0 0f 85 27 01 00 00 83 3d 94 87 fc 03 00 0f 85 95 f5 ff ff 48 c7 c7 80 b4 ca 8a 48 c7 c6 20 b5 ca 8a e8 5b 28 c2 f6 <0f> 0b e9 7b f5 ff ff 0f 0b e9 5f f9 ff ff 0f 0b e9 18 f6 ff ff e8 [ 222.658888][ T8519] RSP: 0018:ffffc90003527aa0 EFLAGS: 00010246 [ 222.665171][ T8519] RAX: 41af3caf99de3000 RBX: ffff88804b6eece0 RCX: 0000000000080000 [ 222.673301][ T8519] RDX: ffffc9000d22b000 RSI: 000000000000287f RDI: 0000000000002880 [ 222.681418][ T8519] RBP: ffffc90003527bf8 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 222.689500][ T8519] R10: dffffc0000000000 R11: ffffed10171c5183 R12: 0000000000000000 [ 222.697680][ T8519] R13: 1ffff920006a4f64 R14: dffffc0000000000 R15: 0000000000000000 [ 222.706243][ T8519] FS: 00007f4502eee6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 222.715527][ T8519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 222.722223][ T8519] CR2: 000000110c34ea22 CR3: 000000005f291000 CR4: 00000000003506f0 [ 222.730425][ T8519] Call Trace: [ 222.733781][ T8519] [ 222.736836][ T8519] ? trace_contention_end+0x39/0xe0 [ 222.742142][ T8519] ? __mutex_lock+0x315/0xcc0 [ 222.746928][ T8519] ? as102_dvb_dmx_start_feed+0x70/0x280 [ 222.752812][ T8519] ? mutex_lock_nested+0x20/0x20 [ 222.757867][ T8519] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 222.763564][ T8519] ? dmx_section_feed_start_filtering+0x55/0x690 [ 222.770007][ T8519] ? mutex_lock_nested+0x20/0x20 [ 222.775033][ T8519] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 222.781080][ T8519] ? lock_chain_count+0x20/0x20 [ 222.786013][ T8519] ? _raw_spin_lock_irq+0xbb/0xf0 [ 222.791117][ T8519] as102_dvb_dmx_start_feed+0x70/0x280 [ 222.796772][ T8519] dmx_section_feed_start_filtering+0x4f5/0x690 [ 222.803079][ T8519] dvb_dmxdev_filter_start+0xcbd/0x10c0 [ 222.809376][ T8519] ? dvb_dmxdev_filter_set+0x2cc/0x580 [ 222.815207][ T8519] dvb_demux_do_ioctl+0x467/0x530 [ 222.820311][ T8519] dvb_usercopy+0x195/0x2b0 [ 222.824909][ T8519] ? dvb_dmxdev_buffer_read+0x4c0/0x4c0 [ 222.830620][ T8519] ? dvb_generic_ioctl+0xb0/0xb0 [ 222.835664][ T8519] ? dvb_demux_poll+0x220/0x220 [ 222.840604][ T8519] dvb_demux_ioctl+0x29/0x30 [ 222.845348][ T8519] __se_sys_ioctl+0xfd/0x170 [ 222.850074][ T8519] do_syscall_64+0x55/0xa0 [ 222.854592][ T8519] ? clear_bhb_loop+0x40/0x90 [ 222.859339][ T8519] ? clear_bhb_loop+0x40/0x90 [ 222.864101][ T8519] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 222.870128][ T8519] RIP: 0033:0x7f4501f9c799 [ 222.874639][ T8519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.894328][ T8519] RSP: 002b:00007f4502eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.902876][ T8519] RAX: ffffffffffffffda RBX: 00007f4502215fa0 RCX: 00007f4501f9c799 [ 222.911325][ T8519] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004 [ 222.919511][ T8519] RBP: 00007f4502032c99 R08: 0000000000000000 R09: 0000000000000000 [ 222.927595][ T8519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.935659][ T8519] R13: 00007f4502216038 R14: 00007f4502215fa0 R15: 00007fffcdc2c368 [ 222.943882][ T8519] [ 222.947019][ T8519] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 222.954432][ T8519] CPU: 0 PID: 8519 Comm: syz.1.868 Not tainted syzkaller #0 [ 222.961750][ T8519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 222.971842][ T8519] Call Trace: [ 222.975147][ T8519] [ 222.978110][ T8519] dump_stack_lvl+0x18c/0x250 [ 222.982920][ T8519] ? show_regs_print_info+0x20/0x20 [ 222.988269][ T8519] ? load_image+0x400/0x400 [ 222.992808][ T8519] panic+0x2dc/0x730 [ 222.996709][ T8519] ? bpf_jit_dump+0xd0/0xd0 [ 223.001214][ T8519] __warn+0x2e0/0x470 [ 223.005284][ T8519] ? __mutex_lock+0xb85/0xcc0 [ 223.009974][ T8519] ? __mutex_lock+0xb85/0xcc0 [ 223.014671][ T8519] report_bug+0x2be/0x4f0 [ 223.019029][ T8519] ? __mutex_lock+0xb85/0xcc0 [ 223.023711][ T8519] ? __mutex_lock+0xb85/0xcc0 [ 223.028398][ T8519] ? __mutex_lock+0xb87/0xcc0 [ 223.033082][ T8519] handle_bug+0xcf/0x120 [ 223.037322][ T8519] exc_invalid_op+0x1a/0x50 [ 223.041864][ T8519] asm_exc_invalid_op+0x1a/0x20 [ 223.046743][ T8519] RIP: 0010:__mutex_lock+0xb85/0xcc0 [ 223.052145][ T8519] Code: 04 08 84 c0 0f 85 27 01 00 00 83 3d 94 87 fc 03 00 0f 85 95 f5 ff ff 48 c7 c7 80 b4 ca 8a 48 c7 c6 20 b5 ca 8a e8 5b 28 c2 f6 <0f> 0b e9 7b f5 ff ff 0f 0b e9 5f f9 ff ff 0f 0b e9 18 f6 ff ff e8 [ 223.072055][ T8519] RSP: 0018:ffffc90003527aa0 EFLAGS: 00010246 [ 223.078236][ T8519] RAX: 41af3caf99de3000 RBX: ffff88804b6eece0 RCX: 0000000000080000 [ 223.086263][ T8519] RDX: ffffc9000d22b000 RSI: 000000000000287f RDI: 0000000000002880 [ 223.094345][ T8519] RBP: ffffc90003527bf8 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 223.102339][ T8519] R10: dffffc0000000000 R11: ffffed10171c5183 R12: 0000000000000000 [ 223.110328][ T8519] R13: 1ffff920006a4f64 R14: dffffc0000000000 R15: 0000000000000000 [ 223.118434][ T8519] ? trace_contention_end+0x39/0xe0 [ 223.123685][ T8519] ? __mutex_lock+0x315/0xcc0 [ 223.128373][ T8519] ? as102_dvb_dmx_start_feed+0x70/0x280 [ 223.134023][ T8519] ? mutex_lock_nested+0x20/0x20 [ 223.139237][ T8519] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 223.144963][ T8519] ? dmx_section_feed_start_filtering+0x55/0x690 [ 223.151299][ T8519] ? mutex_lock_nested+0x20/0x20 [ 223.156253][ T8519] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 223.162240][ T8519] ? lock_chain_count+0x20/0x20 [ 223.167094][ T8519] ? _raw_spin_lock_irq+0xbb/0xf0 [ 223.172125][ T8519] as102_dvb_dmx_start_feed+0x70/0x280 [ 223.177693][ T8519] dmx_section_feed_start_filtering+0x4f5/0x690 [ 223.183946][ T8519] dvb_dmxdev_filter_start+0xcbd/0x10c0 [ 223.189591][ T8519] ? dvb_dmxdev_filter_set+0x2cc/0x580 [ 223.195059][ T8519] dvb_demux_do_ioctl+0x467/0x530 [ 223.200110][ T8519] dvb_usercopy+0x195/0x2b0 [ 223.204624][ T8519] ? dvb_dmxdev_buffer_read+0x4c0/0x4c0 [ 223.210181][ T8519] ? dvb_generic_ioctl+0xb0/0xb0 [ 223.215135][ T8519] ? dvb_demux_poll+0x220/0x220 [ 223.219995][ T8519] dvb_demux_ioctl+0x29/0x30 [ 223.224620][ T8519] __se_sys_ioctl+0xfd/0x170 [ 223.229222][ T8519] do_syscall_64+0x55/0xa0 [ 223.233648][ T8519] ? clear_bhb_loop+0x40/0x90 [ 223.238427][ T8519] ? clear_bhb_loop+0x40/0x90 [ 223.243132][ T8519] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 223.249068][ T8519] RIP: 0033:0x7f4501f9c799 [ 223.253500][ T8519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 223.273120][ T8519] RSP: 002b:00007f4502eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 223.281542][ T8519] RAX: ffffffffffffffda RBX: 00007f4502215fa0 RCX: 00007f4501f9c799 [ 223.289521][ T8519] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004 [ 223.297582][ T8519] RBP: 00007f4502032c99 R08: 0000000000000000 R09: 0000000000000000 [ 223.305556][ T8519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.313531][ T8519] R13: 00007f4502216038 R14: 00007f4502215fa0 R15: 00007fffcdc2c368 [ 223.321523][ T8519] [ 223.325043][ T8519] Kernel Offset: disabled [ 223.329378][ T8519] Rebooting in 86400 seconds..