last executing test programs: 2m57.182074781s ago: executing program 0 (id=500): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x2000000000003) 2m56.94228974s ago: executing program 0 (id=510): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000002c0)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000800000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108) 2m56.636188845s ago: executing program 0 (id=504): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8}, @NFTA_SET_ELEM_EXPRESSIONS={0x18, 0xb, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @counter={{0x10}, @val={0x4}}}]}]}]}]}], {0x14, 0x10}}, 0xd0}}, 0x0) 2m56.393203385s ago: executing program 0 (id=515): syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@errors_remount}, {@gid}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@fmask={'fmask', 0x3d, 0x8c1}}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@errors_continue}, {@keep_last_dots}, {@errors_remount}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@namecase}]}, 0x1, 0x1531, &(0x7f0000001f80)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k1imSTJJUkuSZIkSW4JSZMcSUgMuSUNSch1SC5DSC4Tk8b9fr8kJEmTJCG5Jev/Ef7qVL9zzu/0O86neb6fz/5Yz+z9rP287/Ne1t6YbzoOqtageuV6RAT/FrzwRxIAxAJAPwC4BgACACgdVzru/P7sEpP+vZOwP9fDqVe6AnYlcf+zNu5/1sb9z9q4/1kb9z9r4/5nbdz/rI37z1hWtnFq/mt5y7ob3///66vzh3v4+/8vJLPE6C9Wl7i+E0DMP5vC/c/auP9/WcE/cxD3P2vj/mdVsVe6APZfgN//f0lNfh1m+8MDuf9ZG/efsazsSt9/vtIbRLL2c3ClX3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxrKGU/6i0+AVAFwKr3RdjDHGGGOMMcYY+/P4bFe6AsYYY4wxxhhjjP3fQxAgQUEAMZANYiE75AABAFdDLrgGInAtxMF1kBuuhzyQF/JBfoiHAlAQNBiwQBBCISgMUbgBisCNUBRugmJQHByUgAS4GUrCLVAKboXScBuUgduhLJSD8lAB7oCKcCdUgrugMtwNVaAqVIPqcA/UgHuhJtwHteB+qA0PQB14EOrCQ1APHob68Ag0gEehITwGjaAxNIGm0Ox/lf8idIWXoBt0hyToAT3hZegFvaEP9IV+8Ar0h1dhALwGyTAQBsHrMBjegCHwJgyFYTAc3oIRMBJGwWgYA2MhBcbBeHgbJsA7MBEmwWSYAqkwFabBuzAdZsBMeA9mwfswG+bAXJgHafABzIcFkA4fwkL4CDJgESyGJbAUlsFyWAErYRWshjWwFtbBetgAG2ETbIYtsBW2wXb4GHbAJ7ATdsFu+BT2wGf/Yv7Jv8vvhICAAgUqVBiDMRiLsZgDc2BOzIm5MBdGMIJxGIe5MTfmwTyYD/NhPMZjQSyIBg0SEhbCQhjFKBbBIlgUi2IxLIYOHSZgApbEW7AUlsLSWBrLYBksi+WwHFbAClgRK2IlrISVsTJWwSpYDavhPXgP9sCaWBNrYS2sjbUv3Z7CelgP62N9bIANsCE2xEbYCJtgE2yGzbA5NscW2AJbYStsja2xDbbBREzEttgW22E7bI/tsQN2wI7YETthZ+yc+WI2wJfwJeyOVUQP7Ik9sRcmZ+uDfbEvvoL98VV8FV/DZByIg/B1fB3fwCF4AofiMByOw7GiGImjcDSSGIspmILjcTxOwAk4ESfhJJyCqTgVp+E0nI4zcAa+h7PwfXwf5+AcnIdpmIbzcQGmYzouxJOYgYtwMS7BpbgMl+IKXIkrcDWuwdW4DtfhBtyAm3ATbsEtuA234ceoAPAT3IW7MBn34B7ci3txH+7D/bgfMzETD+ABPIgH8RAewsN4GI/gUTyGR/E4HscTeBJP4Sk8g2fwLD4f/1X9j29alQziPCWUiBExIlbEihwih8gpcopcIpeIiIiIE3Eit8gt8og8Ip/IJ+JFvCgoCgojjCARxgCAiIqoKCKKiKKiqCgmigknnEgQCaKkKClKiVKitLhNlBG3i7KinGjpKogKoqJo5SqJu0RlUVlUEVVFNVFdVBc1RA1RU9QUtUQtUVvUFnXEg6Ku6IF98GFxvjMNxEBsKAZhI9FYyIufYM3FEGwhWopW4kkxDIdiG9HcJYpnRFsxCtuJv4nR+JzoIMZiR/GC6CQ6iy7iRdFVtHDdRHcxEXuInmIK9hK9RR/RV0zHquI9nJW9mnhNJIuBYpB4XczDN8QQ8aYYKoaJ4eItMUKMFKPEaDFGjBUpYpwYL94WE8Q7YqKYJCaLKSJVTBXTxLtiupghZor3xCzxvpgt5oi5Yp5IEx+I+WKBSBcfioXiI5EhFonFYolYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iY7FDfCJ2il1it/hU7BGfib3ic7FPfCH2iy9FpvhKHBBfi4PiG3FIfCsOi+/EEXFUHBPfi+PiB3FCnBSnxGlxRvwozoqfxDnhBUiUQkqpZCBjZDYZK7PLHPIqmVMGF5/da2WcvE7mltfLPDKvzCfzy3hZQBaUWhppJclQFpKFZVTeIIvIG2VReZMsJotLJ0vIBHmzLClvkaXkrbK0vE2WkbfLsrKcLC8ryDtkRXmnhMiFc1SRVWU1WV3eI5PgXllT3idryftlbfmArCMflHXlQ7KefFjWl4/IBvJR2VA+JhvJxrKJbCqbycdlc/mEbCFbylbySdlaPiXbyKdlonxGtpX+4kvkOdlBPi87yhdkJ9lZdpE/yXPSy26yu4QeIHvKl2Uv2Vv2kX1lP/mK7C9flQPkazJZDpSD5OtysHxDDpFvyqFymBwu35Ij5Eg5So6WY+RYmSLHyfHybTlBviMnyklyspwiU+VU2efiTDOl/If5b/9O/oCfz75BbpSb5Ga5RW6V2+R2+bHcIXfInXKn3C13yz1yj9wr98p9cp/cL/fLTJkpD8gD8qA8KA/JQ/KwPCyPyKPytPxeHpc/yBPypDwpT8sz8ow8e/E5AIVKKKmUClSMyqZiVXaVQ12lcqqrVS51jYqoa1Wcuk7lVterPCqvyqfyq3hVQBVUWhllFalQFVKFVVTdgBdfMKqYKq6cKqES1M3/Sr4qom5URdVNv8q/VF/SH9TXTDVTzVVz1UK1UK1UK9VatVZtVBuVqBJVW9VWtVPtVHvVXnVQHVRH1VF1Up1UF9VFdVVdVTfVTSWpJNVTvax6qd6qj+qr+qlXVH/VXw1QA1SySlaD1CA1WA1WQ9QQNVQNVcPVcDVCjVCj1Cg1Ro1RKSpFjVfj1QQ1QU1UE9VkNVmlqlQ1TU1T09V0NVPNVLPULDVbzVZz1VyVptLUfDVfpat0tVAtVBlqkVqklqglaplaplaoFWqVWqXWqDVqnVqnMtRGtVFtVpvVVrVVbVfb1Q61Q+1UO9VutVvtUXvUXrVX7VP71H61X2WqTHVAHVAH1UF1SB1Sh9VhdUQdUcfUMXVcHVcn1Al1Sp1SZ9QZdVadVefUufPLvkAEIlCBCmKCmCA2iA1yBDmCnEHOIFeQK4gEkSAuiAtyB9cHeYK8Qb4gfxAfFAgKBjowgQ3ExaZHgxuCIsGNQdHgpqBYUDxwQYkgIbg5KBncEpQKbg1KB7cFZYLbg7JBuaB8UCG4I6gY3BlUCu4KKgd3B1WCqkG1oHpwT1AjuDeoGdwX1AruD2oHDwR1ggeDusFDQb3g4aB+8EjQIHg0aBg8FjQKGgdNgqZBsz91fu9P5H3CddPddZLuoXvql3Uv3Vv30X11P/2K7q9f1QP0azpZD9SD9Ot6sH5DD9Fv6qF6mB6u39Ij9Eg9So/WY/RYnaLH6fH6bT1Bv6Mn6kl6sp6iU/VUPU2/q6frGXqmfk/P0u/r2XqOnqvn6TT9gZ6vF+h0/aFeqD/SGXqRXqyX6KV6mV6uV+iVepVerdfotXqdXq836I16k96st+itepverj/WO/QneqfepXfrT/Ue/Zneqz/X+/QXer/+Umfqr/QB/bU+qL/Rh/S3+rD+Th/RR/Ux/b0+rn/QJ/RJfUqf1mf0j/qs/kmf0/784v7817tRRpkYE2NiTazJYXKYnCanyWVymYiJmDgTZ3Kb3CaPyWPymXwm3sSbgqagOY8MmUKmkImaqCliipiipqgpZooZZ5xJMAmmpClpSplSprQpbcqYMqasKWvKm/LmDnOHudPcae4yd5m7zd2mqqlqqpvqpoapYWqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkmpgmpplpZpqb5qaFaWFamVamtWlt2pg2JtEkmramrWln2pn2pr3pYDqYjqaj6WQ6mS6mi+lquppupptJMkmmp+lpeplepo/pY/qZfqa/6W8GmAEm2SSbQWaQGWwGmyFmiBlqhpnh5xeqZqQZZUZ/O8aMNSkmxYw3480EM8FMNBPNZDPZpJpUM81MM9PNdDPTzDSzzCwz28w2c81ck2bSzHwz36SbdLPQLDQZJsMsNovNUrPULDfLzUqz0qw2q81aWGvWm/Vmo9loNpvNZqvZarab7WaH2WF2mp1mt9lt9pg9Zq/Za/aZfWa/2W8yTaY5YA6Yg+agOWQOmcPmsDlijphj5pg5bo6bE+aEOWVOmTMm78XvS29ibXabw15lc9qrbS57jf37OJ/Nb+NtAVvQapvH5v1VbKy1Re1Ntpgtbp0tYRPszb+Jy9pytrytYO+wFe2dttJv4hr2XlvT3mdr2fttdXvPr+La9gFbxz5q6yIC2Ma2vm1qG9hHbUP7mG1kG9smtqltbZ+ybezTNtE+Y9vaZ38Tz7cL7Eq7yq62a+xOu8uesqftQfuNPWN/tN1sd9vPvmL721ftAPuaTbYDfxMPt2/ZEXakHWVH2zF27G/iyXaKTbVT7TT7rp1uZ/wmTrMf2Fk23c62c+xcO+/n+HxN6fZDu9B+ZDNsAIvtErvULrPL7Yr/X+sSu86utxvsDvuJ3Wy32K12m91+aSFsd9nd9lO7x35mD9iv7T77hd1vD9lM+9XP8fnHd8h+aw/b7+wRe9Qes9/b4/YH9XPuyF4A9kf7vf3JnrPeAiEBSVIUUAxlo1jKTjnoKspJV1MuuoYidC3F0XWUm66nPJSX8lF+iqcCVJA0GbJEFFIhKkxRuoEulVeMipOjEpRAN1NJuoVK0a1Umm6jMnQ7laVyVJ4q0B1Uke6kSnQXVaa7qQpVpWpUne6hGnQv1aT7qBbdT7XpAapDD1Jdeojq0cNUnx6hBvQoNaTHqBE1pibUlJrR49ScnqAW1JJa0ZPUmp6iNvQ0JdIz1JaepXb0N2pPz1EHep460gvUiTpTF3qRutJL1I26UxL1oJ70MvWi3tSH+lI/eoX606s0gF6jZBpIg+h1Gkxv0BB6k4bSMBpOb9EIGkmjaDSNobGUQuNoPL1NE+gdmkiTaDJNoVSaStPoXZpOM2gmvUez6H2aTXNoLs2jNPqA5tMCSqcPaSF9RBm0iBbTElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDt9TDvoE9pJu2g3fUp76DPaS5/TPvqC9tOXlElf0QH6mg7SN3SIvvXd6Ts6QkfpGH1Px+kHOkEn6RSdpjP0I52ln+gceYIQQxHKUIVBGBNmC2PD7GGO8KowZ3h1mCu8JoyE14Zx4XVh7vD6ME+YN8wX5g/jwwJhwVCHJrQhhWFYKCwcRsMbwiLhjWHREMNiYfHQhSXChPDmsGR4S1gqvDUsHd4WlglvD8uG5cJH768Q3hFWDO8MK4V3hZXDu8MqYdWwWlg9vCesEd4b1gzvC2uF94elwgfCOuGDYd3wobBe+HBYP3wkbBA+GjYMHwsbhY3DJmHTsFn4eNg8fCJsEbYMW4VPhq3Dp8I24dNhYvhM2DZ89uf9Dyz44/1JYY+wZ/hy+HLo/X1ybnReNC36QXR+dEE0PfphdGH0o2hGdFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRD1Pvq2cChE0465QIX47K5WJfd5XBXuZzuapfLXeMi7loX565zud31Lo/L6/K5/C7eFXAFnXbGWUcudIVcYRd1N7gi7kZX1N3kirnizrkSLsE1dc1cM9fcPeFauJaulXvSPemeck+5p93T7hnX1j3r2rm/ufbuOdfBPe+edy+4Tq6z6+JedF3duFwX3pNJrqfr6Xq5Xq6P6+P6uX6uv+vvBrgBLtklu0FukBvsBrshbogb6oa64W64G+FGuFFulBvjxrgUl+LGu/FugpvgJrqJbrKb7FJdqpvmprnpbrqrOOPCWWa72W6um+vSXJqb786vGdPdQrfQZbgMt9gtdkvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt9Nfc2FSt8ftdXvdPrfP7Xdfukz3lTvgvnYH3TfukPvWHXbfuSPuqDvmvnfH3Q/uhDvpTrnT7oz70Z11P7lzzruUyLjI+MjbkQmRdyITI5MikyNTIqmRqZFpkXcj0yMzIjMj70VmRd6PzI7MicyNzIukRT6IzI8siKRHPowsjHwUyYgsiiyOLIksjSyLeF9gc+gL+cI+6m/wRfyNvqi/yRfzxb3zJXyCv9mX9Lf4Uv5WX9rf5sv4231ZX86X94/5Rr6xb+Kb+mb+cd/cP+Fb+Ja+lX/St/ZP+Tb+aZ/on/Ft/bO+nf+bb++f8x38876jf8F38p19F/+i7+pf8t18d5/ke/ie/mXfy/f2fXxf38+/4vv7V/0A/5pP9gP9IP+6H+zf8EP8m36oH+aHx7zlR1y6RIaxPsWP8+P9236Cf8dP9JP8ZD/Fp/qpfpp/10/3M/xM/56f5d/3s/0cP9fP82n+Az/fL/Dp/kO/0H/kM/yiSzeV/XK/wq/0q/xqv8av9ev8er/Bb/Sb/Ga/xW/12/x2/7Hf4T/xO/0uv9t/6vf4z/xe/7nf57/w+/2XPtN/5Q/4r/1B/40/5L/1h/13/og/6o/57/1x/4M/4U/6U/60P+N/9Gf9T/4c/581xhhjjLF/yrjLQ/HrPRdu5/f4nRzxi4N7AsDVW/Jn/nL/+RXl2jwXxr1FfOsIADzTvePDl7YqVZKSki4emyEhKDwH4NLfBJ0XA5fjRdAKnoJEaAklf7f+3qLzGfoH80dvA8jxi5xYuBxfnv9zAEz6nfkff3L4/DLhqbj/Yf45AEULX87JDpfjRdDq5/srLaHUH9Sft/kv64/97fzZv0gBaPGLnJxwOb5cfwI8Ac9C4q+OZIwxxhhjjDHGLugtyre/dP156V98/t71eby6nJMNLsf/6PqcMcYYY4wxxhhjV95znbs8/XhiYsv2//qg0v8q658eNIT/q5l58LsD7wEu/UQBwL85IcD5gfxPPopN/5FzJV986/z9rqWnfQD/Ha38MwZX+IOJMcYYY4wx9qe7vOj/9c/VlSqIMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLgv4Tv07sSj9GxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Er7fwEAAP//nXwDKg==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) 2m55.816310141s ago: executing program 0 (id=521): r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x0, 0x0) ioctl$BINDER_CTL_ADD(r0, 0xc1086201, 0x0) 2m55.367415508s ago: executing program 0 (id=514): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000001640)=@ethtool_cmd={0x15, 0xfff, 0x5, 0x90, 0x38, 0x2, 0xf7, 0x8, 0x5, 0xa5, 0x4, 0x5, 0x976, 0xaa, 0x4, 0x80000000, [0x7ff, 0x7]}}) 2m54.956234781s ago: executing program 32 (id=514): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000001640)=@ethtool_cmd={0x15, 0xfff, 0x5, 0x90, 0x38, 0x2, 0xf7, 0x8, 0x5, 0xa5, 0x4, 0x5, 0x976, 0xaa, 0x4, 0x80000000, [0x7ff, 0x7]}}) 3.463858121s ago: executing program 4 (id=2839): r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f000000ac40)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000080)={0x2, 0x4}) 2.347456921s ago: executing program 4 (id=2852): r0 = fsopen(&(0x7f0000000040)='fusectl\x00', 0x1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) 1.963606812s ago: executing program 4 (id=2858): r0 = syz_open_procfs(0x0, &(0x7f00000023c0)='net/vlan/config\x00') pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 1.719139952s ago: executing program 4 (id=2861): r0 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00') pread64(r0, &(0x7f0000000100)=""/253, 0x2d, 0x9) 1.509098409s ago: executing program 4 (id=2865): r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 1.339896872s ago: executing program 4 (id=2869): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000980)=ANY=[]) 1.076071893s ago: executing program 1 (id=2876): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001002abd70000002000000000000", @ANYRES32=0x0, @ANYBLOB="0801000000000000140003006e657464657673696d3000000000000008001b000800000014001680100001800c0009"], 0x50}}, 0x800) 1.037333917s ago: executing program 2 (id=2877): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a00)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x3, 0xffffffff, 0x3, 0x8, 0x3}, 0x4}}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x6c}}, 0x10) 898.226908ms ago: executing program 2 (id=2879): r0 = syz_open_dev$dri(&(0x7f0000001140), 0x0, 0x141800) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000001280)={0x0, 0x0, 0x0, 0xffff, 0x3, 0x9, 0x2, 0x7, 0xf, 0x3, 0x40, 0x4c}) 850.316622ms ago: executing program 1 (id=2881): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlinkprop={0x44, 0x6c, 0xe40c30bb29912201, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x8d0}, [@IFLA_MAP={0x24, 0xe, {0xa, 0xa, 0x5, 0x2, 0x7, 0x83}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) 821.284824ms ago: executing program 3 (id=2882): r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x9a0915, 0x8000, '\x00', @string=0x0}}) 763.571859ms ago: executing program 1 (id=2883): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0x2, 0x20000000, 0x3, 0xa}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 643.450329ms ago: executing program 2 (id=2884): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') futimesat(r0, &(0x7f0000000040)='./mnt\x00', &(0x7f0000000240)={{0x77359400}}) 641.576489ms ago: executing program 3 (id=2885): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x658, 0x1, 0x4, 0x0, 0x17}) 638.105709ms ago: executing program 1 (id=2886): r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x28}], 0x2) 520.752279ms ago: executing program 1 (id=2887): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000001100), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@s={0x5, @generic=0xd, 0x19, 0x23}) 468.640553ms ago: executing program 3 (id=2888): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/comedi4\x00', 0x8000, 0x0) ioctl$COMEDI_SETWSUBD(r0, 0x6411) 423.326047ms ago: executing program 2 (id=2889): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x80) 332.087284ms ago: executing program 3 (id=2890): r0 = socket(0x1d, 0x2, 0x6) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x6a, 0x5, 0x20000000, 0x3) 328.773904ms ago: executing program 1 (id=2891): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x37, 0x0, &(0x7f0000000180)=0x1e) 252.15902ms ago: executing program 2 (id=2892): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000180)={0x24, 0x1, 0x2, "27425ba25f173b3ccec1d8665c00840000000000796caf19e30200", 0x34325241}) 189.245145ms ago: executing program 3 (id=2893): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) 140.286209ms ago: executing program 2 (id=2894): r0 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000002940)={&(0x7f0000001400)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000980)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x6}}, @ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x0, 0x4, "ef61"}]}}}, @ip_retopts={{0x10}}], 0x40}, 0x0) 0s ago: executing program 3 (id=2895): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000400)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty, 0x700, 0x20}}) kernel console output (not intermixed with test programs): size (2048) and media sector size (512). [ 186.016568][ T9485] loop4: detected capacity change from 0 to 32768 [ 186.987070][ T9540] loop2: detected capacity change from 0 to 2048 [ 187.058846][ T9541] loop1: detected capacity change from 0 to 4096 [ 187.059540][ T9540] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.083214][ T9541] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 187.216250][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.237387][ T9541] ntfs3: loop1: failed to convert "c46c" to iso8859-4 [ 187.352065][ T9550] loop4: detected capacity change from 0 to 1024 [ 187.378516][ T9550] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 187.404249][ T9550] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 187.477634][ T9550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.563062][ T9550] EXT4-fs error (device loop4): ext4_xattr_inode_iget:440: inode #11: comm syz.4.1548: missing EA_INODE flag [ 187.607869][ T9550] EXT4-fs (loop4): Remounting filesystem read-only [ 187.631660][ T9550] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 187.752715][ T7033] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.879981][ T9567] syz.4.1554 uses old SIOCAX25GETINFO [ 187.896986][ T9568] loop3: detected capacity change from 0 to 764 [ 187.985641][ T9572] netlink: 'syz.2.1557': attribute type 49 has an invalid length. [ 187.997130][ T9568] Symlink component flag not implemented [ 188.020925][ T9568] Symlink component flag not implemented [ 188.061444][ T9568] Symlink component flag not implemented (129) [ 188.102130][ T9568] Symlink component flag not implemented (6) [ 188.109416][ T9568] rock: directory entry would overflow storage [ 188.123571][ T9576] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1560'. [ 188.143602][ T9568] rock: sig=0x4f50, size=4, remaining=3 [ 188.152512][ T9568] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 188.354634][ T9585] loop2: detected capacity change from 0 to 128 [ 188.404467][ T9585] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 188.515635][ T9585] ext4 filesystem being mounted at /412/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 188.659336][ T9585] EXT4-fs warning (device loop2): verify_group_input:151: Cannot add at group 3 (only 1 groups) [ 188.799396][ T5786] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 189.093039][ T9618] loop1: detected capacity change from 0 to 256 [ 189.205200][ T9618] FAT-fs (loop1): Directory bread(block 64) failed [ 189.231319][ T9618] FAT-fs (loop1): Directory bread(block 65) failed [ 189.238025][ T9618] FAT-fs (loop1): Directory bread(block 66) failed [ 189.272800][ T9618] FAT-fs (loop1): Directory bread(block 67) failed [ 189.281168][ T9618] FAT-fs (loop1): Directory bread(block 68) failed [ 189.287738][ T9618] FAT-fs (loop1): Directory bread(block 69) failed [ 189.311926][ T9618] FAT-fs (loop1): Directory bread(block 70) failed [ 189.318513][ T9618] FAT-fs (loop1): Directory bread(block 71) failed [ 189.336957][ T9618] FAT-fs (loop1): Directory bread(block 72) failed [ 189.362216][ T9618] FAT-fs (loop1): Directory bread(block 73) failed [ 190.400069][ T9625] loop2: detected capacity change from 0 to 32768 [ 191.224900][ T9692] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1614'. [ 191.263305][ T9692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1614'. [ 191.276876][ T9692] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1614'. [ 191.595319][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 191.600673][ T5788] Bluetooth: hci3: command 0x0406 tx timeout [ 191.607663][ T5105] Bluetooth: hci2: command 0x0406 tx timeout [ 191.701557][ T9709] overlayfs: failed to resolve 'smackfsdef=&:': -2 [ 191.848006][ T9706] loop2: detected capacity change from 0 to 8192 [ 191.854978][ T9688] loop1: detected capacity change from 0 to 32768 [ 191.907577][ T9711] netlink: 'syz.3.1623': attribute type 32 has an invalid length. [ 191.918718][ T9706] loop2: p1 p2[DM] p4 [ 191.946738][ T9713] netlink: 'syz.4.1624': attribute type 5 has an invalid length. [ 191.961247][ T9706] loop2: p1 size 196608 extends beyond EOD, truncated [ 191.997052][ T9706] loop2: p2 start 4292936063 is beyond EOD, truncated [ 192.018660][ T9706] loop2: p4 size 50331648 extends beyond EOD, truncated [ 192.382507][ T9727] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 192.440592][ T7653] udevd[7653]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 192.455625][ T5778] udevd[5778]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 192.690490][ T5798] Bluetooth: Wrong link type (-22) [ 192.773492][ T9735] openvswitch: netlink: EtherType 0 is less than min 600 [ 192.786847][ T9737] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1635'. [ 192.796304][ T9737] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1635'. [ 194.080029][ T9785] netlink: 'syz.3.1659': attribute type 5 has an invalid length. [ 194.412005][ T27] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 194.613563][ T27] usb 2-1: unable to get BOS descriptor or descriptor too short [ 194.640119][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.647735][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.673948][ T27] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 194.691093][ T27] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 194.700211][ T27] usb 2-1: config 1 has no interface number 1 [ 194.707062][ T27] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 194.725699][ T27] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 194.750254][ T27] usb 2-1: New USB device strings: Mfr=20, Product=2, SerialNumber=3 [ 194.768834][ T27] usb 2-1: Product: syz [ 194.778979][ T27] usb 2-1: Manufacturer: syz [ 194.787590][ T27] usb 2-1: SerialNumber: syz [ 195.083809][ T27] usb 2-1: USB disconnect, device number 7 [ 195.198440][ T6118] udevd[6118]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 195.647563][ T9835] loop4: detected capacity change from 0 to 512 [ 195.667903][ T9835] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 195.801717][ T9835] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters [ 195.821526][ T9842] netlink: 404 bytes leftover after parsing attributes in process `syz.1.1686'. [ 195.832290][ T9842] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1686'. [ 195.842170][ T9842] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1686'. [ 195.851784][ T9842] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1686'. [ 195.921618][ T9835] Quota error (device loop4): write_blk: dquota write failed [ 195.951082][ T9835] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 195.982897][ T9835] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1684: Failed to acquire dquot type 0 [ 196.017275][ T9835] EXT4-fs (loop4): 1 truncate cleaned up [ 196.056295][ T9835] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.131933][ T9835] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 5 index 2 [ 196.174030][ T9835] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 131074 [ 196.188010][ T9835] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1684: Failed to acquire dquot type 1 [ 196.241452][ T8] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 196.255612][ T9856] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1693'. [ 196.268904][ T7033] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.431140][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 196.451032][ T8] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 196.451066][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.454866][ T8] usb 4-1: config 0 descriptor?? [ 196.459346][ T8] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 196.863866][ T8] gspca_nw80x: reg_r err -71 [ 196.868669][ T8] nw80x: probe of 4-1:0.0 failed with error -71 [ 196.911788][ T8] usb 4-1: USB disconnect, device number 11 [ 197.186746][ T9879] loop1: detected capacity change from 0 to 8192 [ 197.219288][ T9866] loop2: detected capacity change from 0 to 40427 [ 197.236293][ T9866] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 197.246424][ T9879] loop1: p1 p2[DM] p4 [ 197.265408][ T9879] loop1: p1 size 196608 extends beyond EOD, truncated [ 197.283546][ T9866] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 197.306262][ T9866] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x7ffff [ 197.316529][ T9879] loop1: p2 start 4292936063 is beyond EOD, truncated [ 197.328697][ T9879] loop1: p4 size 50331648 extends beyond EOD, truncated [ 197.336179][ T9866] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x6 [ 197.399382][ T9866] F2FS-fs (loop2): invalid crc value [ 197.453570][ T9866] F2FS-fs (loop2): Found nat_bits in checkpoint [ 197.621753][ T9866] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 197.656049][ T9866] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 197.786642][ T9866] syz.2.1698: attempt to access beyond end of device [ 197.786642][ T9866] loop2: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 197.827996][ T5893] udevd[5893]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 197.828146][ T6118] udevd[6118]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 197.968683][ T5786] syz-executor: attempt to access beyond end of device [ 197.968683][ T5786] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 198.014062][ T5786] F2FS-fs (loop2): Remounting filesystem read-only [ 198.167238][ T9911] ip6t_srh: unknown srh invflags 7D00 [ 198.325844][ T9916] loop1: detected capacity change from 0 to 1024 [ 198.399286][ T9916] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 198.417611][ T9916] ext4 filesystem being mounted at /434/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.542514][ T9922] netlink: 'syz.4.1723': attribute type 10 has an invalid length. [ 198.653018][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 198.681562][ T9922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.722349][ T9922] bond0: entered promiscuous mode [ 198.739845][ T9922] bond_slave_0: entered promiscuous mode [ 198.751520][ T9922] bond_slave_1: entered promiscuous mode [ 198.769130][ T9922] team0: Port device bond0 added [ 198.830680][ T9930] loop1: detected capacity change from 0 to 512 [ 198.919945][ T9930] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 198.993454][ T9932] loop3: detected capacity change from 0 to 4096 [ 199.012087][ T9932] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 199.134383][ T9932] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 199.233882][ T5798] Bluetooth: Wrong link type (-22) [ 199.726745][ T9960] netlink: 'syz.4.1741': attribute type 2 has an invalid length. [ 199.777618][ T9960] netlink: 'syz.4.1741': attribute type 1 has an invalid length. [ 199.803589][ T9960] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1741'. [ 199.965315][ T9966] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1744'. [ 199.993392][ T9966] netlink: 30 bytes leftover after parsing attributes in process `syz.1.1744'. [ 200.164780][ T9974] loop4: detected capacity change from 0 to 128 [ 200.233965][ T9974] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 200.310099][ T9974] ext4 filesystem being mounted at /318/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.362078][ T28] audit: type=1326 audit(1756509433.658:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9978 comm="syz.3.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe25f78ebe9 code=0x7ffc0000 [ 200.384340][ C0] vkms_vblank_simulate: vblank timer overrun [ 200.407931][ T9979] mmap: syz.3.1750 (9979) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 200.464295][ T28] audit: type=1326 audit(1756509433.658:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9978 comm="syz.3.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe25f78ebe9 code=0x7ffc0000 [ 200.535215][ T9983] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1751'. [ 200.559604][ T7033] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 200.568713][ T28] audit: type=1326 audit(1756509433.668:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9978 comm="syz.3.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe25f78ebe9 code=0x7ffc0000 [ 200.612833][ T28] audit: type=1326 audit(1756509433.738:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9978 comm="syz.3.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe25f78ebe9 code=0x7ffc0000 [ 200.736091][ T28] audit: type=1326 audit(1756509433.738:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9978 comm="syz.3.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fe25f78ebe9 code=0x7ffc0000 [ 200.794142][ T28] audit: type=1326 audit(1756509433.818:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9978 comm="syz.3.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe25f78ebe9 code=0x7ffc0000 [ 200.964458][ T9996] loop3: detected capacity change from 0 to 512 [ 201.012420][ T9996] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 201.589281][T10016] netlink: 'syz.1.1768': attribute type 1 has an invalid length. [ 201.599960][ T9991] loop2: detected capacity change from 0 to 32768 [ 201.616268][T10016] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1768'. [ 201.711810][ T9991] ERROR: (device loop2): dbAllocNext: Corrupt dmap page [ 201.711810][ T9991] [ 202.381893][T10044] loop4: detected capacity change from 0 to 64 [ 202.567407][T10050] loop2: detected capacity change from 0 to 512 [ 202.606639][T10050] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 203.049887][T10066] loop2: detected capacity change from 0 to 64 [ 203.122212][T10066] syz.2.1793: attempt to access beyond end of device [ 203.122212][T10066] loop2: rw=0, sector=16777216, nr_sectors = 2 limit=64 [ 203.164168][T10070] loop1: detected capacity change from 0 to 256 [ 203.172619][T10066] Buffer I/O error on dev loop2, logical block 8388608, async page read [ 203.296222][T10066] syz.2.1793: attempt to access beyond end of device [ 203.296222][T10066] loop2: rw=0, sector=16777216, nr_sectors = 2 limit=64 [ 203.367504][T10066] Buffer I/O error on dev loop2, logical block 8388608, async page read [ 203.548214][T10078] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1799'. [ 203.574281][T10078] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1799'. [ 203.577745][T10064] loop3: detected capacity change from 0 to 32768 [ 203.711010][ T966] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 203.841120][T10086] netlink: 'syz.2.1804': attribute type 15 has an invalid length. [ 203.913721][ T966] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 203.928428][ T966] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 203.939685][ T966] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 203.949796][ T966] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 203.970536][ T966] usb 2-1: SerialNumber: syz [ 204.112713][T10092] netdevsim netdevsim4: Direct firmware load for  failed with error -2 [ 204.128099][T10092] netdevsim netdevsim4: Falling back to sysfs fallback for:  [ 204.143383][T10094] mmap: syz.2.1808 (10094): VmData 37457920 exceed data ulimit 131072. Update limits or use boot option ignore_rlimit_data. [ 204.193982][ T966] usb 2-1: 0:2 : does not exist [ 204.249306][ T966] usb 2-1: USB disconnect, device number 8 [ 204.328986][ T6118] udevd[6118]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 204.393463][T10100] netlink: 160 bytes leftover after parsing attributes in process `syz.3.1810'. [ 204.427404][T10102] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1811'. [ 204.906003][T10121] loop3: detected capacity change from 0 to 1024 [ 205.085321][ T743] hfsplus: b-tree write err: -5, ino 4 [ 205.538394][T10123] loop2: detected capacity change from 0 to 40427 [ 205.553537][T10123] F2FS-fs (loop2): invalid crc value [ 205.813069][T10123] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 206.333510][T10160] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1837'. [ 206.520598][T10146] loop1: detected capacity change from 0 to 32768 [ 206.544928][T10146] XFS: ikeep mount option is deprecated. [ 206.607651][T10146] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 206.798099][T10146] XFS (loop1): Ending clean mount [ 206.838246][T10184] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1844'. [ 206.865535][T10146] XFS (loop1): Quotacheck needed: Please wait. [ 206.959151][T10182] loop3: detected capacity change from 0 to 4096 [ 206.984161][T10182] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 207.014609][T10146] XFS (loop1): Quotacheck: Done. [ 207.199855][T10182] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 207.305139][ T5785] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 207.318964][T10194] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 207.332082][T10194] exFAT-fs (nullb0): invalid boot record signature [ 207.338707][T10194] exFAT-fs (nullb0): failed to read boot sector [ 207.352956][T10194] exFAT-fs (nullb0): failed to recognize exfat type [ 207.519434][T10198] xt_l2tp: missing protocol rule (udp|l2tpip) [ 207.628082][T10202] loop3: detected capacity change from 0 to 512 [ 207.663167][T10202] EXT4-fs: Ignoring removed nomblk_io_submit option [ 207.718456][T10202] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 207.762853][T10202] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102] [ 207.772028][T10202] EXT4-fs (loop3): couldn't mount RDWR because of unsupported optional features (80) [ 207.782080][T10202] EXT4-fs (loop3): Skipping orphan cleanup due to unknown ROCOMPAT features [ 207.799709][T10202] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 207.821008][ T966] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 207.864979][T10202] EXT4-fs: Ignoring removed nomblk_io_submit option [ 207.916121][T10202] EXT4-fs (loop3): couldn't mount RDWR because of unsupported optional features (80) [ 208.000957][ T966] usb 5-1: Using ep0 maxpacket: 16 [ 208.010522][ T966] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 208.028553][ T966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.038884][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.048468][ T966] usb 5-1: Product: syz [ 208.057866][ T966] usb 5-1: Manufacturer: syz [ 208.086258][T10215] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 208.096404][ T966] usb 5-1: SerialNumber: syz [ 208.110153][ T966] usb 5-1: config 0 descriptor?? [ 208.125555][T10215] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 208.149531][ T966] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 208.281747][T10221] kAFS: unparsable volume name [ 208.322351][T10223] loop2: detected capacity change from 0 to 64 [ 208.491417][T10227] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1865'. [ 208.588710][ T966] usb 5-1: clie_3_5_startup: get interface number failed: -71 [ 208.603948][ T966] visor: probe of 5-1:0.0 failed with error -71 [ 208.631778][ T966] usb 5-1: USB disconnect, device number 6 [ 208.679723][T10235] loop2: detected capacity change from 0 to 256 [ 208.985906][T10245] trusted_key: encrypted_key: keyword 'ne' not recognized [ 209.205647][T10253] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1878'. [ 209.665052][ T5794] Bluetooth: hci3: unexpected event for opcode 0x0c1a [ 209.947891][T10287] netlink: 'syz.2.1894': attribute type 21 has an invalid length. [ 210.530531][T10303] loop4: detected capacity change from 0 to 4096 [ 210.552711][T10303] __ntfs_warning: 3 callbacks suppressed [ 210.552728][T10303] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 210.580996][ T28] audit: type=1326 audit(1756509443.898:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10304 comm="syz.2.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 210.603256][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.631926][T10303] ntfs: (device loop4): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 210.634365][ T28] audit: type=1326 audit(1756509443.898:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10304 comm="syz.2.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 210.667147][T10303] ntfs: (device loop4): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 210.718019][ T28] audit: type=1326 audit(1756509443.948:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10304 comm="syz.2.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 210.793053][T10303] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 210.810957][ T28] audit: type=1326 audit(1756509443.948:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10304 comm="syz.2.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 210.821517][T10303] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 210.833337][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.897325][ T28] audit: type=1326 audit(1756509443.948:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10304 comm="syz.2.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 210.919688][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.966816][T10303] ntfs: volume version 3.1. [ 211.015649][T10314] netdevsim netdevsim2: Direct firmware load for  failed with error -2 [ 211.025024][T10314] netdevsim netdevsim2: Falling back to sysfs fallback for:  [ 211.147159][T10315] loop3: detected capacity change from 0 to 4096 [ 211.159258][T10286] loop1: detected capacity change from 0 to 32768 [ 211.258966][T10286] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 211.269028][T10286] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 211.338635][T10286] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 211.397571][ T786] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 211.421989][ T786] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 211.567088][ T786] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 145ms [ 211.578729][T10320] loop4: detected capacity change from 0 to 16 [ 211.608198][ T786] gfs2: fsid=syz:syz.0: jid=0: Done [ 211.616532][T10320] erofs: (device loop4): mounted with root inode @ nid 36. [ 211.633979][T10286] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 211.681271][T10320] syz.4.1911: attempt to access beyond end of device [ 211.681271][T10320] loop4: rw=0, sector=32, nr_sectors = 8 limit=16 [ 211.976455][T10329] tmpfs: Bad value for 'mpol' [ 212.065832][T10332] loop2: detected capacity change from 0 to 512 [ 212.194993][T10332] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.215559][T10332] ext4 filesystem being mounted at /492/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.289987][T10332] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 212.426988][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.535558][T10350] netdevsim netdevsim3: Direct firmware load for  failed with error -2 [ 212.565432][T10350] netdevsim netdevsim3: Falling back to sysfs fallback for:  [ 212.629443][T10354] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 212.658069][T10354] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 212.964291][ T5794] Bluetooth: hci1: unexpected event for opcode 0x0c1a [ 213.115993][T10375] loop2: detected capacity change from 0 to 128 [ 213.147551][T10375] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 213.174143][T10375] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 213.190585][T10378] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 213.450105][T10385] loop4: detected capacity change from 0 to 512 [ 213.479148][T10385] EXT4-fs: Ignoring removed nomblk_io_submit option [ 213.506383][T10385] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 213.521028][T10385] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102] [ 213.566692][T10385] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 213.641066][T10385] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features [ 213.686865][T10385] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 213.798740][T10385] EXT4-fs: Ignoring removed nomblk_io_submit option [ 213.851230][T10385] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 213.949625][ T7033] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.082287][ T8] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 214.181483][T10411] netlink: 'syz.3.1954': attribute type 10 has an invalid length. [ 214.301291][ T8] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 214.320926][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.329157][ T8] usb 2-1: Product: syz [ 214.350983][ T8] usb 2-1: Manufacturer: syz [ 214.355651][ T8] usb 2-1: SerialNumber: syz [ 214.379681][ T8] usb 2-1: config 0 descriptor?? [ 214.394301][ T8] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 214.503885][T10419] loop3: detected capacity change from 0 to 256 [ 214.601256][T10405] loop2: detected capacity change from 0 to 32768 [ 214.608782][T10405] XFS: ikeep mount option is deprecated. [ 214.628582][T10419] FAT-fs (loop3): Directory bread(block 64) failed [ 214.654386][T10419] FAT-fs (loop3): Directory bread(block 65) failed [ 214.676429][T10419] FAT-fs (loop3): Directory bread(block 66) failed [ 214.683518][T10419] FAT-fs (loop3): Directory bread(block 67) failed [ 214.690434][T10419] FAT-fs (loop3): Directory bread(block 68) failed [ 214.690486][T10405] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 214.697700][T10419] FAT-fs (loop3): Directory bread(block 69) failed [ 214.712732][T10419] FAT-fs (loop3): Directory bread(block 70) failed [ 214.719402][T10419] FAT-fs (loop3): Directory bread(block 71) failed [ 214.726888][T10419] FAT-fs (loop3): Directory bread(block 72) failed [ 214.733545][T10419] FAT-fs (loop3): Directory bread(block 73) failed [ 214.799273][ T8] gspca_sunplus: reg_r err -71 [ 214.815185][ T8] sunplus: probe of 2-1:0.0 failed with error -71 [ 214.867921][ T8] usb 2-1: USB disconnect, device number 9 [ 214.983801][T10405] XFS (loop2): Ending clean mount [ 215.010132][T10405] XFS (loop2): Quotacheck needed: Please wait. [ 215.135449][T10405] XFS (loop2): Quotacheck: Done. [ 215.260677][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 215.853278][T10458] loop2: detected capacity change from 0 to 512 [ 215.861009][T10458] EXT4-fs: Ignoring removed nomblk_io_submit option [ 215.933182][T10461] loop1: detected capacity change from 0 to 1024 [ 215.942375][T10458] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 215.950393][T10458] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102] [ 215.960113][T10458] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80) [ 215.961007][T10461] EXT4-fs (loop1): orphan cleanup on readonly fs [ 215.970068][T10458] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features [ 215.987282][T10458] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 216.039014][T10464] loop4: detected capacity change from 0 to 256 [ 216.076718][T10458] EXT4-fs: Ignoring removed nomblk_io_submit option [ 216.081660][ T786] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 216.105636][T10458] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80) [ 216.127030][T10461] EXT4-fs (loop1): 1 truncate cleaned up [ 216.143168][T10461] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 216.229051][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.292441][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.298710][ T786] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 216.330051][ T786] usb 4-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.359628][ T786] usb 4-1: config 1 interface 0 has no altsetting 0 [ 216.385588][ T786] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 216.411213][ T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.426186][ T786] usb 4-1: Product: syz [ 216.436504][ T786] usb 4-1: Manufacturer: syz [ 216.455402][ T786] usb 4-1: SerialNumber: syz [ 216.831733][T10478] loop1: detected capacity change from 0 to 4096 [ 216.892643][ T5791] usb 4-1: USB disconnect, device number 12 [ 217.333119][T10494] loop2: detected capacity change from 0 to 4096 [ 217.343519][T10494] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 217.387720][T10494] ntfs3: loop2: failed to convert "c46c" to koi8-u [ 217.801426][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1998'. [ 217.820117][T10512] netlink: 'syz.1.1998': attribute type 1 has an invalid length. [ 217.829593][T10512] netlink: 'syz.1.1998': attribute type 2 has an invalid length. [ 217.870208][T10512] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1998'. [ 218.205027][T10525] loop1: detected capacity change from 0 to 4096 [ 218.214990][T10525] __ntfs_warning: 16 callbacks suppressed [ 218.215005][T10525] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 218.294084][T10525] ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 218.357133][T10525] ntfs: (device loop1): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 218.428423][T10525] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 218.451954][T10525] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 218.498423][T10525] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 218.510214][T10525] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 218.539315][T10525] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 218.557631][T10525] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 218.603143][T10525] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 218.613338][T10536] loop2: detected capacity change from 0 to 4096 [ 218.655444][T10525] ntfs: volume version 3.1. [ 218.728317][T10536] ntfs: volume version 3.1. [ 218.748152][T10544] netlink: 'syz.4.2014': attribute type 10 has an invalid length. [ 219.108928][T10550] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2017'. [ 219.127697][T10552] ufs: You didn't specify the type of your ufs filesystem [ 219.127697][T10552] [ 219.127697][T10552] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 219.127697][T10552] [ 219.127697][T10552] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 219.159687][ C0] vkms_vblank_simulate: vblank timer overrun [ 219.217160][T10552] ufs: ufstype=old is supported read-only [ 219.229591][T10552] syz.3.2018: attempt to access beyond end of device [ 219.229591][T10552] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 219.375794][T10560] loop2: detected capacity change from 0 to 256 [ 219.394800][T10560] exfat: Deprecated parameter 'utf8' [ 219.460919][T10560] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 219.790395][T10577] netlink: 'syz.1.2030': attribute type 10 has an invalid length. [ 219.818752][T10578] loop4: detected capacity change from 0 to 128 [ 219.859044][T10578] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 219.900687][T10578] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 219.960962][ T6118] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 220.078689][T10582] loop1: detected capacity change from 0 to 256 [ 220.148201][T10582] FAT-fs (loop1): Directory bread(block 64) failed [ 220.165375][T10582] FAT-fs (loop1): Directory bread(block 65) failed [ 220.181459][T10582] FAT-fs (loop1): Directory bread(block 66) failed [ 220.208964][T10582] FAT-fs (loop1): Directory bread(block 67) failed [ 220.231692][T10582] FAT-fs (loop1): Directory bread(block 68) failed [ 220.238274][T10582] FAT-fs (loop1): Directory bread(block 69) failed [ 220.245575][T10582] FAT-fs (loop1): Directory bread(block 70) failed [ 220.253138][T10582] FAT-fs (loop1): Directory bread(block 71) failed [ 220.259779][T10582] FAT-fs (loop1): Directory bread(block 72) failed [ 220.266784][T10582] FAT-fs (loop1): Directory bread(block 73) failed [ 220.471166][T10590] loop3: detected capacity change from 0 to 164 [ 220.493625][T10574] loop2: detected capacity change from 0 to 32768 [ 220.511590][T10574] XFS: ikeep mount option is deprecated. [ 220.538287][T10590] Unsupported NM flag settings (8) [ 220.603396][T10574] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 220.772458][T10574] XFS (loop2): Ending clean mount [ 220.842330][T10574] XFS (loop2): Quotacheck needed: Please wait. [ 220.975670][T10574] XFS (loop2): Quotacheck: Done. [ 221.150303][ T5786] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 221.666723][T10619] netlink: 'syz.2.2042': attribute type 10 has an invalid length. [ 221.728973][T10605] loop3: detected capacity change from 0 to 32768 [ 221.783456][T10605] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 221.799212][T10605] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 221.806393][T10623] loop1: detected capacity change from 0 to 512 [ 221.857900][T10623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.892465][T10623] ext4 filesystem being mounted at /510/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.984064][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.995680][T10605] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 222.058636][ T8] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 222.074216][ T8] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 222.244424][ T8] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 170ms [ 222.255504][ T8] gfs2: fsid=syz:syz.0: jid=0: Done [ 222.262866][T10605] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 222.563876][T10642] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2055'. [ 222.575655][T10642] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2055'. [ 224.018410][T10663] loop4: detected capacity change from 0 to 32768 [ 224.036865][T10683] ip6gre1: entered allmulticast mode [ 224.058752][T10663] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 224.078059][T10663] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 224.127899][T10686] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2078'. [ 224.134163][T10663] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 224.207829][ T5791] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 224.226570][ T5791] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 224.388487][ T5791] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 161ms [ 224.413445][ T5791] gfs2: fsid=syz:syz.0: jid=0: Done [ 224.418810][T10663] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 224.646196][T10696] loop1: detected capacity change from 0 to 4096 [ 224.646201][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 224.646213][ T28] audit: type=1326 audit(1756509457.978:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10697 comm="syz.2.2082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 224.646442][ T28] audit: type=1326 audit(1756509457.978:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10697 comm="syz.2.2082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 224.703739][ C0] vkms_vblank_simulate: vblank timer overrun [ 224.727982][T10696] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 224.737706][ T28] audit: type=1326 audit(1756509458.048:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10697 comm="syz.2.2082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 224.768390][ T28] audit: type=1326 audit(1756509458.048:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10697 comm="syz.2.2082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 224.875594][ T28] audit: type=1326 audit(1756509458.048:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10697 comm="syz.2.2082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 224.913003][T10696] ntfs3: loop1: failed to convert "c46c" to koi8-u [ 224.913439][T10700] comedi comedi3: pcl730: I/O port conflict (0x8,4) [ 224.937562][T10702] (syz.2.2084,10702,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 224.957896][T10702] (syz.2.2084,10702,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 225.271511][T10688] loop3: detected capacity change from 0 to 32768 [ 225.307720][T10688] XFS: ikeep mount option is deprecated. [ 225.398897][T10688] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 225.543423][T10724] ieee802154 phy0 wpan0: encryption failed: -90 [ 225.654120][T10688] XFS (loop3): Ending clean mount [ 225.699415][T10688] XFS (loop3): Quotacheck needed: Please wait. [ 225.820429][T10688] XFS (loop3): Quotacheck: Done. [ 226.042841][ T5783] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 226.228510][T10743] loop4: detected capacity change from 0 to 2048 [ 226.376736][T10751] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 226.716311][ T28] audit: type=1400 audit(1756509460.048:59): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=10756 comm="syz.3.2103" [ 227.061112][ T27] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 227.290979][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 227.298412][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 227.323463][ T27] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 227.340434][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.371058][ T27] usb 3-1: Product: syz [ 227.384372][ T27] usb 3-1: Manufacturer: syz [ 227.401013][ T27] usb 3-1: SerialNumber: syz [ 227.418719][ T27] usb 3-1: config 0 descriptor?? [ 227.442861][ T27] hub 3-1:0.0: bad descriptor, ignoring hub [ 227.448816][ T27] hub: probe of 3-1:0.0 failed with error -5 [ 227.501365][ T27] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input13 [ 227.538126][T10790] loop4: detected capacity change from 0 to 4096 [ 227.556150][T10790] ntfs: (device loop4): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 227.658567][T10790] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 227.677334][T10790] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 227.751037][T10790] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 227.808459][T10790] ntfs: volume version 3.1. [ 228.311322][T10816] ip6gre1: entered promiscuous mode [ 229.193776][T10856] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2156'. [ 229.269650][T10854] loop1: detected capacity change from 0 to 2048 [ 229.304543][T10860] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2157'. [ 229.329271][T10861] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 229.777547][T10875] loop3: detected capacity change from 0 to 512 [ 229.808055][T10875] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 229.884863][T10875] loop3: Can't mount, would change RO state [ 229.906671][T10880] netlink: 'syz.1.2166': attribute type 1 has an invalid length. [ 229.906736][T10880] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.2166'. [ 230.076081][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.237740][T10886] loop3: detected capacity change from 0 to 1024 [ 230.421781][ T743] hfsplus: b-tree write err: -5, ino 4 [ 230.627165][T10882] loop1: detected capacity change from 0 to 32768 [ 230.711809][T10882] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 231.143910][T10882] XFS (loop1): Ending clean mount [ 231.277012][ T5785] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 231.691918][T10906] loop2: detected capacity change from 0 to 32768 [ 231.749408][T10906] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 231.785041][T10906] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 231.846260][T10906] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 231.880273][ T966] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 231.887684][ T966] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 231.946215][ T966] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 58ms [ 231.972990][ T966] gfs2: fsid=syz:syz.0: jid=0: Done [ 231.978313][T10906] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 232.025567][T10929] loop4: detected capacity change from 0 to 256 [ 232.191664][ T5176] usb 3-1: USB disconnect, device number 10 [ 232.349590][T10935] loop3: detected capacity change from 0 to 128 [ 232.551710][ T5798] Bluetooth: hci0: command 0x0405 tx timeout [ 233.557254][T10969] netlink: 'syz.2.2207': attribute type 21 has an invalid length. [ 233.581318][T10969] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2207'. [ 233.592558][T10969] netlink: 'syz.2.2207': attribute type 4 has an invalid length. [ 233.612089][T10969] netlink: 'syz.2.2207': attribute type 3 has an invalid length. [ 233.630977][T10969] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2207'. [ 233.685403][T10973] ieee802154 phy0 wpan0: encryption failed: -22 [ 234.052903][T10990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2216'. [ 234.446903][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 234.446916][ T28] audit: type=1326 audit(1756509467.778:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11005 comm="syz.4.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6862f8ebe9 code=0x7ffc0000 [ 234.449007][ T28] audit: type=1326 audit(1756509467.778:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11005 comm="syz.4.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6862f8ebe9 code=0x7ffc0000 [ 234.494824][ T28] audit: type=1326 audit(1756509467.828:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11005 comm="syz.4.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f6862f8ebe9 code=0x7ffc0000 [ 234.494874][ T28] audit: type=1326 audit(1756509467.828:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11005 comm="syz.4.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6862f8ebe9 code=0x7ffc0000 [ 234.494910][ T28] audit: type=1326 audit(1756509467.828:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11005 comm="syz.4.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6862f8ebe9 code=0x7ffc0000 [ 234.560248][ C1] vkms_vblank_simulate: vblank timer overrun [ 234.628235][ C1] vkms_vblank_simulate: vblank timer overrun [ 234.669677][T11011] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2227'. [ 235.139196][T11002] loop2: detected capacity change from 0 to 32768 [ 235.140161][T11022] netlink: 'syz.4.2231': attribute type 21 has an invalid length. [ 235.140235][T11022] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2231'. [ 235.154230][T11002] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.2223 (11002) [ 235.171825][T11002] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 235.171938][T11002] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 235.172012][T11002] BTRFS info (device loop2): using free space tree [ 235.360355][T11002] BTRFS info (device loop2): enabling ssd optimizations [ 235.360381][T11002] BTRFS info (device loop2): auto enabling async discard [ 235.558982][ T5786] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 235.629805][T11044] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2234'. [ 235.812654][T11018] loop1: detected capacity change from 0 to 32768 [ 235.845701][T11018] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.2229 (11018) [ 235.923580][T11018] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 235.971998][T11018] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 236.013896][T11018] BTRFS info (device loop1): force zlib compression, level 3 [ 236.051820][T11018] BTRFS info (device loop1): force clearing of disk cache [ 236.058992][T11018] BTRFS info (device loop1): setting nodatasum [ 236.094728][T11018] BTRFS info (device loop1): use zlib compression, level 3 [ 236.131367][T11018] BTRFS info (device loop1): turning on flush-on-commit [ 236.161737][T11018] BTRFS info (device loop1): enabling disk space caching [ 236.168823][T11018] BTRFS info (device loop1): disk space caching is enabled [ 236.374697][ T28] audit: type=1326 audit(1756509469.708:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 236.379792][T11018] BTRFS info (device loop1): enabling ssd optimizations [ 236.476434][ T28] audit: type=1326 audit(1756509469.728:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 236.507869][T11018] BTRFS info (device loop1): auto enabling async discard [ 236.551071][T11018] BTRFS info (device loop1): rebuilding free space tree [ 236.580134][ T28] audit: type=1326 audit(1756509469.808:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 236.622496][T11018] BTRFS info (device loop1): disabling free space tree [ 236.629513][T11018] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 236.645340][ T28] audit: type=1326 audit(1756509469.808:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 236.670389][T11018] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 236.744753][ T28] audit: type=1326 audit(1756509469.808:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f933df8ebe9 code=0x7ffc0000 [ 236.939672][T11018] BTRFS info (device loop1): balance: start -susage=0..3752,limit=25769836543 [ 236.981858][T11018] BTRFS info (device loop1): balance: ended with status: 0 [ 237.121283][ T5785] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 237.364696][T11107] trusted_key: encrypted_key: hex blob is missing [ 237.444918][T11109] tc_dump_action: action bad kind [ 237.505920][T11111] binder: 11110:11111 ioctl c018620c 2000000001c0 returned -22 [ 237.831678][T11122] xt_hashlimit: size too large, truncated to 1048576 [ 237.843473][T11122] xt_hashlimit: overflow, try lower: 3/0 [ 238.333969][T11139] loop1: detected capacity change from 0 to 8 [ 238.384128][T11139] SQUASHFS error: Unable to read directory block [629:26] [ 238.656575][T11125] loop4: detected capacity change from 0 to 32768 [ 238.721708][T11125] ERROR: (device loop4): dbAllocAG: Corrupt dmapctl page [ 238.721708][T11125] [ 238.753585][T11125] ERROR: (device loop4): remounting filesystem as read-only [ 238.936992][T11157] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2281'. [ 238.992784][T11161] futex_wake_op: syz.1.2284 tries to shift op by -1; fix this program [ 239.169692][T11157] team0: Port device team_slave_0 removed [ 239.374673][T11169] loop3: detected capacity change from 0 to 4096 [ 239.443405][T11169] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 239.459016][T11169] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 239.658558][T11179] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2291'. [ 239.675862][ T11] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -22. [ 239.688331][ T5783] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 239.695723][ T5783] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 239.710932][ T5783] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 239.731069][ T11] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -22. [ 239.875564][T11184] ALSA: mixer_oss: invalid OSS volume ';ʸg™¯ÔŠ8ª\>Px´i9ù hû~¢)–„VÌ' [ 239.901125][T11184] ALSA: mixer_oss: invalid OSS volume '*ØbbÆX-]¢‰Oœ¾ïF¸¤{ãT0p³Áúc©' [ 239.919052][T11184] ALSA: mixer_oss: invalid OSS volume 'g›IÓÒš¼ò"Í4¨×-Z›' [ 239.927532][T11184] ALSA: mixer_oss: invalid OSS volume 'eQCÈ¡*«±§qµpA˜ÚœøÄe ¦TÒú|Kˆ' [ 239.939445][T11184] ALSA: mixer_oss: invalid OSS volume ':ÀaøËz’´Äã]¶q³°e£X×fb]݆›BäÜ.' [ 239.963795][T11184] ALSA: mixer_oss: invalid OSS volume '¯Þj|‡ÓâÚÕq⩃˚[Òw3ù^.¸Œî×’ø' [ 240.001265][T11184] ALSA: mixer_oss: invalid OSS volume 'Ü"PÞ¸àøÛœåÂÏo[ç8>ú7|¤YMeÃp»ñq' [ 240.019881][T11184] ALSA: mixer_oss: invalid OSS volume '¨ÿwI þ×·Ë#Þt\ÞW˜,ãbP=&ež' [ 240.029832][T11183] loop4: detected capacity change from 0 to 8192 [ 240.040119][T11184] ALSA: mixer_oss: invalid OSS volume ']÷“á´Õz‘a›-¯!)ŸÙüúÏ»à²vC¤YpsÆÚ' [ 240.054573][T11184] ALSA: mixer_oss: invalid OSS volume 'L¹Eá]DþÒxtÎéÝ‚OY3f£¸k$T ÓÝ"' [ 240.065106][T11184] ALSA: mixer_oss: invalid OSS volume 'î[' [ 240.081182][T11184] ALSA: mixer_oss: invalid OSS volume '‡¾ö3ÍÉûA14IN—+|¦\' [ 240.088544][T11184] ALSA: mixer_oss: invalid OSS volume '·$ [ 251.540680][T11514] dump_stack_lvl+0x16c/0x230 [ 251.540715][T11514] ? show_regs_print_info+0x20/0x20 [ 251.540735][T11514] ? kmem_cache_alloc+0x14d/0x2e0 [ 251.540763][T11514] ? __asan_memset+0x22/0x40 [ 251.540789][T11514] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 251.540817][T11514] nilfs_btree_last_key+0x489/0x610 [ 251.540845][T11514] nilfs_bmap_last_key+0x74/0x120 [ 251.540864][T11514] nilfs_truncate_bmap+0xff/0x340 [ 251.540887][T11514] ? nilfs_update_inode+0x1d0/0x1d0 [ 251.540906][T11514] ? block_truncate_page+0x168/0x9f0 [ 251.540933][T11514] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 251.540958][T11514] nilfs_truncate+0x267/0x4a0 [ 251.540985][T11514] ? nilfs_write_failed+0xa0/0xa0 [ 251.541020][T11514] nilfs_setattr+0x211/0x2b0 [ 251.541043][T11514] ? nilfs_clear_inode+0x280/0x280 [ 251.541065][T11514] ? is_bad_inode+0xd/0x40 [ 251.541082][T11514] ? evm_inode_setattr+0x94/0x6a0 [ 251.541105][T11514] ? bpf_lsm_inode_setattr+0x9/0x10 [ 251.541120][T11514] ? try_break_deleg+0x79/0x120 [ 251.541136][T11514] ? nilfs_clear_inode+0x280/0x280 [ 251.541158][T11514] notify_change+0xb0d/0xe10 [ 251.541190][T11514] do_truncate+0x19b/0x220 [ 251.541213][T11514] ? put_page_bootmem+0x2c0/0x2c0 [ 251.541229][T11514] ? apparmor_file_truncate+0x23f/0x2d0 [ 251.541254][T11514] ? ima_bprm_check+0x1f0/0x1f0 [ 251.541283][T11514] path_openat+0x298c/0x3190 [ 251.541341][T11514] ? do_filp_open+0x3d0/0x3d0 [ 251.541395][T11514] do_filp_open+0x1c5/0x3d0 [ 251.541422][T11514] ? vfs_tmpfile+0x490/0x490 [ 251.541474][T11514] ? _raw_spin_unlock+0x28/0x40 [ 251.541496][T11514] ? alloc_fd+0x58f/0x630 [ 251.541521][T11514] do_sys_openat2+0x12c/0x1c0 [ 251.541542][T11514] ? do_sys_open+0xe0/0xe0 [ 251.541557][T11514] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 251.541582][T11514] ? lock_chain_count+0x20/0x20 [ 251.541609][T11514] __x64_sys_creat+0x90/0xb0 [ 251.541635][T11514] do_syscall_64+0x55/0xb0 [ 251.541654][T11514] ? clear_bhb_loop+0x40/0x90 [ 251.541670][T11514] ? clear_bhb_loop+0x40/0x90 [ 251.541687][T11514] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 251.541713][T11514] RIP: 0033:0x7fe25f78ebe9 [ 251.541742][T11514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.541760][T11514] RSP: 002b:00007fe260629038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 251.541782][T11514] RAX: ffffffffffffffda RBX: 00007fe25f9c5fa0 RCX: 00007fe25f78ebe9 [ 251.541796][T11514] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000200000000100 [ 251.541809][T11514] RBP: 00007fe25f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 251.541821][T11514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.541833][T11514] R13: 00007fe25f9c6038 R14: 00007fe25f9c5fa0 R15: 00007ffc9cb19db8 [ 251.541866][T11514] [ 251.544629][T11514] NILFS (loop3): btree level mismatch (ino=16): 1 != 7 [ 251.544761][T11514] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 251.587103][T11514] Remounting filesystem read-only [ 251.587122][T11514] NILFS (loop3): error -5 truncating bmap (ino=16) [ 251.660937][ T5176] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 251.763629][ T5783] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 251.763742][ T5783] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 251.763758][ T5783] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 251.763773][ T5783] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 251.763788][ T5783] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 251.764337][ T5783] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 251.863109][ T5176] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 251.863148][ T5176] usb 2-1: config 0 has no interface number 0 [ 251.863190][ T5176] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 251.865532][ T5176] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 251.865562][ T5176] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.865581][ T5176] usb 2-1: Product: syz [ 251.865594][ T5176] usb 2-1: Manufacturer: syz [ 251.865606][ T5176] usb 2-1: SerialNumber: syz [ 251.868039][ T5176] usb 2-1: config 0 descriptor?? [ 251.906462][ T5176] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 252.202992][ C1] vkms_vblank_simulate: vblank timer overrun [ 252.318322][ T5176] usb 2-1: USB disconnect, device number 11 [ 252.466331][ T5176] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 252.496223][T11539] loop2: detected capacity change from 0 to 4096 [ 252.510932][T11539] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 252.828853][T11543] netdevsim netdevsim2: Firmware load for './file0/../file0' refused, path contains '..' component [ 252.830675][T11545] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2449'. [ 253.093500][T11545] team_slave_0 (unregistering): left promiscuous mode [ 253.108049][T11549] loop2: detected capacity change from 0 to 4096 [ 253.127081][T11545] team0: Port device team_slave_0 removed [ 253.145691][T11549] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 253.205664][T11549] ntfs3: loop2: Failed to initialize $Secure (-22). [ 253.268565][T11551] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 253.293484][T11551] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 253.316246][T11551] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 253.327921][T11551] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 253.369681][T11551] geneve0: entered promiscuous mode [ 253.397735][T11551] geneve0: entered allmulticast mode [ 253.521645][T11551] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 253.534459][T11551] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 253.564102][T11551] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 253.577316][T11551] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 253.618956][T11565] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2459'. [ 253.673516][T11562] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2457'. [ 254.087550][T11583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2468'. [ 254.100233][T11583] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2468'. [ 254.116809][T11583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2468'. [ 254.258246][T11581] loop4: detected capacity change from 0 to 8192 [ 254.305158][T11581] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 254.415291][T11581] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 254.449177][T11581] FAT-fs (loop4): Filesystem has been set read-only [ 254.512194][T11597] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2474'. [ 254.572481][ T7033] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 254.713869][T11599] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 254.743489][T11599] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 254.760906][T11599] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 254.790917][T11599] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 254.831359][T11599] geneve0: entered promiscuous mode [ 254.839764][T11599] geneve0: entered allmulticast mode [ 254.893180][T11599] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 254.907380][T11599] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 254.936918][T11599] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 254.950136][T11599] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 255.027932][T11614] loop4: detected capacity change from 0 to 16 [ 255.039129][T11614] erofs: (device loop4): mounted with root inode @ nid 36. [ 255.069547][T11614] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 255.103348][T11614] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 255.246601][T11620] netlink: 'syz.3.2485': attribute type 39 has an invalid length. [ 255.283371][T11620] veth0_macvtap: left promiscuous mode [ 255.547475][T11626] loop4: detected capacity change from 0 to 4096 [ 255.566566][T11626] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 255.638611][T11626] ntfs3: loop4: Failed to initialize $Secure (-22). [ 255.800135][T11630] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2490'. [ 256.029813][T11628] loop1: detected capacity change from 0 to 32768 [ 256.069512][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.079425][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.269981][T11628] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 256.328763][T11628] (syz.1.2489,11628,1):ocfs2_symlink:2068 ERROR: status = -2 [ 256.482240][T11642] tmpfs: Bad value for 'mpol' [ 256.487561][ T5785] (syz-executor,5785,1):ocfs2_inode_is_valid_to_delete:852 ERROR: Skipping delete of root inode. [ 256.524436][ T5785] ocfs2: Unmounting device (7,1) on (node local) [ 256.811677][T11636] loop2: detected capacity change from 0 to 32768 [ 256.890761][T11636] ERROR: (device loop2): diNewExt: no free extents [ 256.890761][T11636] [ 256.916779][T11636] ERROR: (device loop2): remounting filesystem as read-only [ 256.968607][T11636] ialloc: diAlloc returned -5! [ 257.666461][T11676] loop3: detected capacity change from 0 to 2048 [ 257.782652][T11681] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 257.865335][T11685] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2515'. [ 258.138200][T11668] loop1: detected capacity change from 0 to 32768 [ 258.179577][T11693] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2519'. [ 258.720376][T11708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2526'. [ 258.761015][T11708] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2526'. [ 259.225961][T11725] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org. [ 259.253053][T11727] loop3: detected capacity change from 0 to 8 [ 259.318518][T11727] SQUASHFS error: xz decompression failed, data probably corrupt [ 259.336665][T11727] SQUASHFS error: Failed to read block 0x108: -5 [ 259.351061][T11727] SQUASHFS error: Unable to read metadata cache entry [106] [ 259.358434][T11727] SQUASHFS error: Unable to read inode 0x11f [ 259.671775][T11714] loop4: detected capacity change from 0 to 32768 [ 259.694423][T11714] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9 [ 259.861115][ T5791] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 259.875847][ T5778] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9 [ 260.096834][ T5791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 260.113159][ T5791] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 260.146103][T11751] loop4: detected capacity change from 0 to 4096 [ 260.151028][ T5791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33119, setting to 1024 [ 260.186356][T11751] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 260.186409][ T5791] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 260.247069][ T5791] usb 4-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 260.281003][ T5791] usb 4-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 260.289370][ T5791] usb 4-1: Manufacturer: syz [ 260.314172][ T5791] usb 4-1: config 0 descriptor?? [ 260.338153][T11727] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 260.367440][ T5791] smsusb:smsusb_probe: board id=9, interface number 0 [ 260.379565][ T5791] smsusb:siano_media_device_register: media controller created [ 260.385651][T11751] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 260.410892][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.418345][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.425753][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.431182][T11751] ntfs3: loop4: ino=1e, "file1" attr_set_size [ 260.433178][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.447751][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.455310][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.462814][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.470138][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.478054][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.485680][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.493090][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.500436][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.507786][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.515088][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.521802][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.529203][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.536507][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.543818][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.552994][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.560352][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.567687][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.575001][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.582312][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.596277][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.603815][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.611114][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.618421][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.625870][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.632821][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.640168][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.647493][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.654895][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.663167][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.670555][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.677842][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.685341][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.692674][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.699106][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.706443][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.713756][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.721059][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.728410][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.734858][ T5791] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22 [ 260.740296][ T2963] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22. [ 260.744574][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.758043][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.762213][ T7033] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 260.765410][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.779739][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.787316][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.794685][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.802068][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.809438][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.816912][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.822179][ T7033] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 260.824236][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.839143][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.846660][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.854004][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.861408][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.868828][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.876142][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.883478][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.886133][ T7033] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 260.890860][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.905206][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.912618][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.919923][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.927259][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.935474][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.942799][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.950057][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.957301][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.964595][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.971859][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.979187][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 260.986654][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.993323][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.000658][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.007996][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.015850][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.023177][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.030519][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.037838][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.045179][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.049504][ T12] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22. [ 261.052771][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.052824][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.074581][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.081962][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.089246][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.096595][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.103914][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.111223][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.118550][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.125885][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.133197][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.140634][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.148236][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.155602][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.163293][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.170603][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.177883][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.185144][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.192384][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.199635][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.206281][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.213604][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.221217][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.228575][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.235900][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.243215][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.250796][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.258109][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.265436][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.272841][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.280152][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.287536][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.295087][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.302428][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.309740][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.317063][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.324391][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.331751][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.339101][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.346308][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.353640][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.360982][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.368260][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.375556][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.382110][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.389437][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.396758][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.404096][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.411435][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.418753][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.426152][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.433142][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.440504][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.447850][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.455182][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.462506][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.469828][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.477158][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.484428][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.492295][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.499752][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.507079][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.514416][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.521716][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.529046][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.536373][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.543741][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.550861][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.558224][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.565552][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.572947][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.579592][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.586927][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.594240][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.601568][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.608883][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.616203][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.623540][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.629986][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.637321][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.644653][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.651964][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.659259][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.666513][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.673776][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.681043][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.688288][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.695549][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.702831][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.710416][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.717832][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.725159][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.732523][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.739846][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.747256][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.754599][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.761911][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.769190][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.776520][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.783886][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.805581][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.812973][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.820404][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.827813][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.835562][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.842921][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.850325][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.857679][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.865106][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.872492][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.879846][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.887265][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.894596][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.902393][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.909723][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.917742][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.925078][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.932449][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.940203][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.947719][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.955050][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.962560][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.969893][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.977211][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.984439][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.991871][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 261.999228][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.006554][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.013878][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.021186][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.028508][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.035826][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.042452][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.049762][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.057038][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.064310][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.071571][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.078819][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.086153][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.093399][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.100637][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.107944][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.114297][ T5791] smsmdtv:smscore_set_device_mode: mode detect failed -22 [ 262.123043][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123201][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123315][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123411][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123502][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123591][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123686][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123774][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123873][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.123976][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.198676][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.206067][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.213402][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.220781][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.228092][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.235526][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.242860][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.250180][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.257559][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.264933][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.272277][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.279588][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.287086][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.294435][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.301834][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.309160][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.316481][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.323793][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.331085][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.338402][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.346023][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.353380][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.360717][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.368123][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.375779][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.383083][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.390420][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.397729][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.405046][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.412366][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.419824][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.427770][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.435106][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.442426][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.449728][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.457035][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.464448][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.471788][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.479144][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.486465][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.494232][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.501545][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.509204][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.516544][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.517158][T11759] loop1: detected capacity change from 0 to 32768 [ 262.523901][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.523953][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.523999][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.552795][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.560115][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.567408][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.574703][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 262.582043][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.588150][ T5791] smsmdtv:smscore_start_device: set device mode failed , rc -22 [ 262.597701][ T5791] smsusb:smsusb_init_device: smscore_start_device(...) failed [ 262.612105][ T5791] smsusb:smsusb_probe: Device initialized with return code -22 [ 262.657283][ T5791] smsusb: probe of 4-1:0.0 failed with error -22 [ 262.666989][T11759] JBD2: Ignoring recovery information on journal [ 262.668301][ T5791] usb 4-1: USB disconnect, device number 13 [ 262.923593][T11759] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 263.203793][ T5785] ocfs2: Unmounting device (7,1) on (node local) [ 263.462358][T11799] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2570'. [ 264.082211][T11827] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 264.263012][T11834] netlink: 'syz.4.2585': attribute type 21 has an invalid length. [ 264.359937][T11840] netlink: 'syz.2.2588': attribute type 2 has an invalid length. [ 264.393853][T11840] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 264.524186][ T28] audit: type=1326 audit(264.469:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 264.600044][ T28] audit: type=1326 audit(264.469:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 264.681052][ T28] audit: type=1326 audit(264.479:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 264.744871][ T28] audit: type=1326 audit(264.479:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 264.785868][ T28] audit: type=1326 audit(264.479:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.1.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 265.080963][ T5176] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 265.223744][T11874] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 265.244843][T11874] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 265.271267][ T5176] usb 4-1: Using ep0 maxpacket: 32 [ 265.283156][ T5176] usb 4-1: config 0 has an invalid interface number: 35 but max is 0 [ 265.301413][ T5176] usb 4-1: config 0 has no interface number 0 [ 265.313810][ T5176] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 265.326931][ T5176] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.347160][ T5176] usb 4-1: Product: syz [ 265.360543][ T5176] usb 4-1: Manufacturer: syz [ 265.365957][ T5176] usb 4-1: SerialNumber: syz [ 265.394051][ T5176] usb 4-1: config 0 descriptor?? [ 265.420482][ T5176] radio-si470x 4-1:0.35: could not find interrupt in endpoint [ 265.439177][ T5176] radio-si470x: probe of 4-1:0.35 failed with error -5 [ 265.522263][ T28] audit: type=1326 audit(265.469:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.2610" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f933df8ebe9 code=0x0 [ 265.652128][ T5176] radio-raremono 4-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 265.654621][T11888] dlm: no locking on control device [ 265.853959][ T5176] radio-raremono 4-1:0.35: raremono_cmd_main failed (-71) [ 265.876483][ T5176] radio-raremono 4-1:0.35: V4L2 device registered as radio48 [ 265.901247][ T5176] usb 4-1: USB disconnect, device number 14 [ 265.911346][ T5176] radio-raremono 4-1:0.35: Thanko's Raremono disconnected [ 266.199102][T11890] loop4: detected capacity change from 0 to 32768 [ 266.235535][T11890] JBD2: Ignoring recovery information on journal [ 266.321784][T11890] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 266.514303][ T7033] ocfs2: Unmounting device (7,4) on (node local) [ 267.109040][T11933] IPv6: Can't replace route, no match found [ 267.259487][T11941] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 267.385080][T11945] loop3: detected capacity change from 0 to 2048 [ 267.429624][T11948] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 267.478315][T11945] NILFS (loop3): bad btree root (ino=16): level = 164, flags = 0x1, nchildren = 1 [ 268.015372][T11972] loop3: detected capacity change from 0 to 256 [ 268.117073][T11972] FAT-fs (loop3): Directory bread(block 64) failed [ 268.152941][T11972] FAT-fs (loop3): Directory bread(block 65) failed [ 268.184593][T11972] FAT-fs (loop3): Directory bread(block 66) failed [ 268.206568][T11972] FAT-fs (loop3): Directory bread(block 67) failed [ 268.216919][T11972] FAT-fs (loop3): Directory bread(block 68) failed [ 268.230995][T11972] FAT-fs (loop3): Directory bread(block 69) failed [ 268.237801][T11972] FAT-fs (loop3): Directory bread(block 70) failed [ 268.249662][T11972] FAT-fs (loop3): Directory bread(block 71) failed [ 268.271062][T11972] FAT-fs (loop3): Directory bread(block 72) failed [ 268.285874][T11972] FAT-fs (loop3): Directory bread(block 73) failed [ 268.315453][ T28] audit: type=1326 audit(268.269:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 268.411657][ T28] audit: type=1326 audit(268.269:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 268.495140][ T28] audit: type=1326 audit(268.299:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 268.576591][ T28] audit: type=1326 audit(268.299:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eaab8ebe9 code=0x7ffc0000 [ 268.750614][T11990] loop4: detected capacity change from 0 to 4096 [ 268.805305][T11990] ntfs: volume version 3.1. [ 269.355311][T12011] loop4: detected capacity change from 0 to 4096 [ 269.366587][T12011] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 269.407301][T12011] ntfs3: loop4: Failed to initialize $Extend/$Reparse. [ 269.473481][T12011] ntfs3: loop4: ino=1b, "file0" attr_set_size [ 269.491899][T12011] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 269.970007][T12034] loop4: detected capacity change from 0 to 1024 [ 270.008263][T12034] EXT4-fs: Ignoring removed bh option [ 270.061948][T12034] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 270.391978][ T7033] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 270.493716][T12052] xfrm0: entered promiscuous mode [ 270.498886][T12052] xfrm0: entered allmulticast mode [ 270.788014][T12064] loop1: detected capacity change from 0 to 256 [ 271.245653][T12083] loop1: detected capacity change from 0 to 512 [ 271.273534][T12083] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 271.480412][ T5785] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 271.646741][T12094] loop2: detected capacity change from 0 to 1024 [ 271.909948][T12102] loop3: detected capacity change from 0 to 256 [ 271.965457][T12104] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073072017407) [ 272.011479][T12104] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 272.038565][T12102] FAT-fs (loop3): Directory bread(block 64) failed [ 272.038606][T12102] FAT-fs (loop3): Directory bread(block 65) failed [ 272.038696][T12102] FAT-fs (loop3): Directory bread(block 66) failed [ 272.038721][T12102] FAT-fs (loop3): Directory bread(block 67) failed [ 272.038808][T12102] FAT-fs (loop3): Directory bread(block 68) failed [ 272.038834][T12102] FAT-fs (loop3): Directory bread(block 69) failed [ 272.038926][T12102] FAT-fs (loop3): Directory bread(block 70) failed [ 272.038958][T12102] FAT-fs (loop3): Directory bread(block 71) failed [ 272.039046][T12102] FAT-fs (loop3): Directory bread(block 72) failed [ 272.039071][T12102] FAT-fs (loop3): Directory bread(block 73) failed [ 272.272111][T12087] loop4: detected capacity change from 0 to 32768 [ 272.326371][T12087] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.2706 (12087) [ 272.379801][T12087] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 272.436114][T12087] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 272.475766][T12087] BTRFS info (device loop4): enabling ssd optimizations [ 272.501205][T12087] BTRFS info (device loop4): using free space tree [ 272.512435][T12114] loop1: detected capacity change from 0 to 512 [ 272.543009][T12114] EXT4-fs: Ignoring removed nomblk_io_submit option [ 272.583609][T12114] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 272.630901][T12114] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 272.677676][T12087] BTRFS info (device loop4): auto enabling async discard [ 272.725462][T12114] EXT4-fs (loop1): orphan cleanup on readonly fs [ 272.725520][T12139] loop3: detected capacity change from 0 to 1024 [ 272.747597][T12114] __quota_error: 7 callbacks suppressed [ 272.747612][T12114] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 272.762978][T12114] EXT4-fs warning (device loop1): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 272.821535][T12114] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 272.845824][T12114] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.2720: bg 0: block 40: padding at end of block bitmap is not set [ 272.881323][T12114] EXT4-fs (loop1): Remounting filesystem read-only [ 272.888116][T12114] EXT4-fs (loop1): 1 truncate cleaned up [ 272.931847][T12114] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 273.016418][ T7033] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 273.118680][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.534589][T12156] loop2: detected capacity change from 0 to 256 [ 273.558046][T12156] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 274.761206][T12204] loop3: detected capacity change from 0 to 4096 [ 274.771477][T12204] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 274.951203][T12204] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 274.981921][T12204] ntfs3: loop3: Failed to load $Extend (-22). [ 274.988408][T12204] ntfs3: loop3: Failed to initialize $Extend. [ 275.246188][T12218] loop1: detected capacity change from 0 to 4096 [ 275.610598][T12234] loop2: detected capacity change from 0 to 512 [ 275.671080][T12234] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 275.722317][T12234] EXT4-fs (loop2): warning: maximal mount count reached, running e2fsck is recommended [ 275.749932][T12234] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.2769: inode #15: comm syz.2.2769: iget: illegal inode # [ 275.767441][T12234] EXT4-fs (loop2): Remounting filesystem read-only [ 275.783228][T12234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 276.081036][ T966] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 276.306819][ T966] usb 3-1: config 1 has an invalid descriptor of length 222, skipping remainder of the config [ 276.325523][ T966] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 276.325650][T12265] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2783'. [ 276.344593][ T966] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 276.353867][ T966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 276.369216][ T966] usb 3-1: SerialNumber: syz [ 276.395787][ T966] usb 3-1: 0:2 : does not exist [ 276.610887][ T966] usb 3-1: USB disconnect, device number 11 [ 276.886712][T12284] netlink: 'syz.3.2792': attribute type 10 has an invalid length. [ 276.899569][T12284] veth1_macvtap: left promiscuous mode [ 277.105563][T12294] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2798'. [ 277.203296][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.376787][T12302] netlink: 'syz.2.2801': attribute type 13 has an invalid length. [ 277.468031][T12306] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.2804'. [ 277.687668][T12314] binder: 12313:12314 ioctl c00c6211 ffffffffffffffff returned -14 [ 277.723468][T12318] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2809'. [ 277.884656][T12322] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609) [ 277.930922][T12322] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 278.341483][T12344] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2823'. [ 278.908802][T12368] loop2: detected capacity change from 0 to 128 [ 278.911348][T12369] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2833'. [ 278.954494][T12369] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2833'. [ 279.553073][T12388] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.2842'. [ 279.755543][ T5791] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 279.902963][T12382] loop4: detected capacity change from 0 to 32768 [ 279.937033][T12382] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.2839 (12382) [ 279.963108][ T5791] usb 3-1: Using ep0 maxpacket: 16 [ 279.985954][ T5791] usb 3-1: config 0 has an invalid descriptor of length 39, skipping remainder of the config [ 280.001096][ T5791] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 32695, setting to 1024 [ 280.024423][T12382] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 280.054661][ T5791] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 280.071823][T12382] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 280.087996][ T5791] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 280.113436][T12382] BTRFS info (device loop4): using free space tree [ 280.126559][ T5791] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 280.137688][ T5791] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 280.169015][ T5791] usb 3-1: Manufacturer: syz [ 280.207376][ T5791] usb 3-1: config 0 descriptor?? [ 280.226631][T12384] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 280.251441][T12382] BTRFS info (device loop4): enabling ssd optimizations [ 280.258551][T12382] BTRFS info (device loop4): auto enabling async discard [ 280.411201][ T7033] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 280.540083][ T5791] usb 3-1: USB disconnect, device number 12 [ 281.447012][T12456] netlink: 'syz.1.2868': attribute type 2 has an invalid length. [ 281.525533][T12462] x_tables: unsorted entry at hook 2 [ 281.801116][ T5791] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 281.852095][T12474] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 281.991310][ T5791] usb 5-1: Using ep0 maxpacket: 8 [ 282.039897][ T5791] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 282.065920][ T5791] usb 5-1: config 179 has no interface number 0 [ 282.082964][ T5791] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 282.101315][ T5791] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 282.117875][ T5791] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 282.129440][ T5791] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 282.176702][ T5791] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 282.208609][ T5791] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 282.232738][ T5791] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.256160][T12461] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 282.700010][T12506] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2893'. [ 282.776145][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 282.776151][ T966] usb 5-1: USB disconnect, device number 8 [ 282.776287][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 282.800286][ C0] ================================================================== [ 282.808377][ C0] BUG: KASAN: slab-use-after-free in register_lock_class+0x7fc/0x890 [ 282.816455][ C0] Read of size 1 at addr ffff888079cd3891 by task syz-executor/5783 [ 282.824428][ C0] [ 282.826740][ C0] CPU: 0 PID: 5783 Comm: syz-executor Not tainted syzkaller #0 [ 282.834468][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 282.844551][ C0] Call Trace: [ 282.847831][ C0] [ 282.850762][ C0] dump_stack_lvl+0x16c/0x230 [ 282.855449][ C0] ? __lock_acquire+0x7c80/0x7c80 [ 282.860592][ C0] ? show_regs_print_info+0x20/0x20 [ 282.865787][ C0] ? load_image+0x3b0/0x3b0 [ 282.870281][ C0] ? __virt_addr_valid+0x469/0x540 [ 282.875473][ C0] print_report+0xac/0x220 [ 282.879881][ C0] ? register_lock_class+0x7fc/0x890 [ 282.885241][ C0] kasan_report+0x117/0x150 [ 282.889735][ C0] ? register_lock_class+0x7fc/0x890 [ 282.895015][ C0] register_lock_class+0x7fc/0x890 [ 282.900121][ C0] ? __down_timeout+0x10/0x10 [ 282.904797][ C0] ? is_dynamic_key+0x260/0x260 [ 282.909638][ C0] ? prb_read_valid+0x3d/0x60 [ 282.914309][ C0] __lock_acquire+0x17a/0x7c80 [ 282.919077][ C0] ? __lock_acquire+0x1334/0x7c80 [ 282.924098][ C0] ? mark_lock+0x94/0x320 [ 282.928424][ C0] ? __lock_acquire+0x1334/0x7c80 [ 282.933434][ C0] ? verify_lock_unused+0x140/0x140 [ 282.938635][ C0] lock_acquire+0x197/0x410 [ 282.943159][ C0] ? __wake_up+0xf8/0x190 [ 282.947487][ C0] ? read_lock_is_recursive+0x20/0x20 [ 282.952887][ C0] _raw_spin_lock_irqsave+0xa8/0xf0 [ 282.958086][ C0] ? __wake_up+0xf8/0x190 [ 282.962496][ C0] ? _raw_spin_lock+0x40/0x40 [ 282.967258][ C0] __wake_up+0xf8/0x190 [ 282.971489][ C0] ? __wake_up_bit+0x1e0/0x1e0 [ 282.976271][ C0] __usb_hcd_giveback_urb+0x396/0x520 [ 282.981753][ C0] dummy_timer+0x8a3/0x31b0 [ 282.986269][ C0] ? debug_deactivate+0x1d/0x1d0 [ 282.991216][ C0] ? lock_chain_count+0x20/0x20 [ 282.996183][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 283.002080][ C0] ? dummy_free_streams+0x530/0x530 [ 283.007274][ C0] ? debug_object_deactivate+0x67/0x350 [ 283.012816][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 283.018011][ C0] ? dummy_free_streams+0x530/0x530 [ 283.023198][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 283.028307][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 283.034371][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 283.039469][ C0] handle_softirqs+0x280/0x820 [ 283.044232][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 283.048993][ C0] ? do_softirq+0x180/0x180 [ 283.053629][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 283.058923][ C0] __irq_exit_rcu+0xc7/0x190 [ 283.063505][ C0] ? irq_exit_rcu+0x20/0x20 [ 283.068101][ C0] irq_exit_rcu+0x9/0x20 [ 283.072357][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 283.077996][ C0] [ 283.080915][ C0] [ 283.083852][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 283.089829][ C0] RIP: 0010:deref_stack_reg+0x70/0x240 [ 283.095405][ C0] Code: 00 48 89 5c 24 18 4d 8b 77 08 49 8d 5f 10 49 89 dd 49 c1 ed 03 41 80 7c 2d 00 00 74 08 48 89 df e8 a5 06 a2 00 48 89 5c 24 08 <4d> 8b 67 10 4c 89 fb 48 c1 eb 03 0f b6 04 2b 84 c0 0f 85 78 01 00 [ 283.115035][ C0] RSP: 0018:ffffc900046cf398 EFLAGS: 00000246 [ 283.121091][ C0] RAX: 1ffff920008d9e9a RBX: ffffc900046cf4d8 RCX: ffff888027b58000 [ 283.129154][ C0] RDX: 0000000000000000 RSI: ffffc900046cf860 RDI: ffffc900046cf4c8 [ 283.137315][ C0] RBP: dffffc0000000000 R08: ffff888027b58000 R09: 0000000000000003 [ 283.145290][ C0] R10: 0000000000000004 R11: 0000000000000000 R12: ffffc900046cf4c8 [ 283.153357][ C0] R13: 1ffff920008d9e9b R14: ffffc900046c8000 R15: ffffc900046cf4c8 [ 283.161433][ C0] ? deref_stack_reg+0x29/0x240 [ 283.166357][ C0] unwind_next_frame+0x1789/0x2970 [ 283.171468][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 283.176496][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 283.181595][ C0] ? stack_trace_save+0xe0/0xe0 [ 283.186606][ C0] arch_stack_walk+0x144/0x190 [ 283.191371][ C0] ? slab_post_alloc_hook+0x6e/0x4d0 [ 283.196690][ C0] stack_trace_save+0x9c/0xe0 [ 283.201482][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 283.206617][ C0] kasan_set_track+0x4e/0x70 [ 283.211258][ C0] ? kasan_set_track+0x4e/0x70 [ 283.216193][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 283.221527][ C0] __kasan_slab_alloc+0x6c/0x80 [ 283.226431][ C0] slab_post_alloc_hook+0x6e/0x4d0 [ 283.231588][ C0] kmem_cache_alloc+0x11e/0x2e0 [ 283.236590][ C0] ? security_file_alloc+0x34/0x120 [ 283.241814][ C0] security_file_alloc+0x34/0x120 [ 283.246853][ C0] init_file+0x94/0x1f0 [ 283.251090][ C0] alloc_empty_file+0xb7/0x1d0 [ 283.255848][ C0] path_openat+0x100/0x3190 [ 283.260350][ C0] ? kasan_set_track+0x4e/0x70 [ 283.265113][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 283.270140][ C0] ? do_sys_openat2+0xcb/0x1c0 [ 283.274962][ C0] ? __x64_sys_openat+0x139/0x160 [ 283.279980][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 283.286058][ C0] ? verify_lock_unused+0x140/0x140 [ 283.291267][ C0] ? do_filp_open+0x3d0/0x3d0 [ 283.295932][ C0] ? __virt_addr_valid+0x18c/0x540 [ 283.301027][ C0] do_filp_open+0x1c5/0x3d0 [ 283.305527][ C0] ? vfs_tmpfile+0x490/0x490 [ 283.310129][ C0] ? _raw_spin_unlock+0x28/0x40 [ 283.314966][ C0] ? alloc_fd+0x58f/0x630 [ 283.319295][ C0] do_sys_openat2+0x12c/0x1c0 [ 283.324048][ C0] ? may_mount+0x90/0x90 [ 283.328286][ C0] ? do_sys_open+0xe0/0xe0 [ 283.332689][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 283.338651][ C0] ? lock_chain_count+0x20/0x20 [ 283.343486][ C0] ? lock_chain_count+0x20/0x20 [ 283.348340][ C0] __x64_sys_openat+0x139/0x160 [ 283.353199][ C0] do_syscall_64+0x55/0xb0 [ 283.357613][ C0] ? clear_bhb_loop+0x40/0x90 [ 283.362314][ C0] ? clear_bhb_loop+0x40/0x90 [ 283.366986][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 283.372960][ C0] RIP: 0033:0x7fe25f78e4e1 [ 283.377359][ C0] Code: 44 24 18 31 c0 41 83 e2 40 75 3e 89 f0 25 00 00 41 00 3d 00 00 41 00 74 30 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 77 3f 48 8b 54 24 18 64 48 2b 14 25 28 00 00 00 [ 283.397150][ C0] RSP: 002b:00007ffc9cb18fe0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 283.405555][ C0] RAX: ffffffffffffffda RBX: 00007fe25f811c05 RCX: 00007fe25f78e4e1 [ 283.413519][ C0] RDX: 0000000000090800 RSI: 00007ffc9cb1a190 RDI: 00000000ffffff9c [ 283.421480][ C0] RBP: 00007ffc9cb1a17c R08: 0000000000000000 R09: 0000000000000000 [ 283.429434][ C0] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffc9cb1a190 [ 283.437544][ C0] R13: 00007fe25f811c05 R14: 000000000004502f R15: 00007ffc9cb1a1d0 [ 283.445589][ C0] [ 283.448625][ C0] [ 283.450935][ C0] Allocated by task 5791: [ 283.455262][ C0] kasan_set_track+0x4e/0x70 [ 283.459905][ C0] __kasan_kmalloc+0x8f/0xa0 [ 283.464493][ C0] xpad_probe+0x41c/0x1ec0 [ 283.468952][ C0] usb_probe_interface+0x5a4/0xb00 [ 283.474093][ C0] really_probe+0x25b/0xb40 [ 283.478607][ C0] __driver_probe_device+0x18c/0x330 [ 283.484211][ C0] driver_probe_device+0x4f/0x420 [ 283.489243][ C0] __device_attach_driver+0x2ca/0x520 [ 283.494641][ C0] bus_for_each_drv+0x24b/0x2d0 [ 283.499495][ C0] __device_attach+0x2b5/0x400 [ 283.504353][ C0] bus_probe_device+0x180/0x260 [ 283.509190][ C0] device_add+0x85b/0xc20 [ 283.513523][ C0] usb_set_configuration+0x1a79/0x20c0 [ 283.519071][ C0] usb_generic_driver_probe+0x8d/0x150 [ 283.524511][ C0] usb_probe_device+0x13d/0x280 [ 283.529533][ C0] really_probe+0x25b/0xb40 [ 283.534045][ C0] __driver_probe_device+0x18c/0x330 [ 283.539352][ C0] driver_probe_device+0x4f/0x420 [ 283.544448][ C0] __device_attach_driver+0x2ca/0x520 [ 283.549803][ C0] bus_for_each_drv+0x24b/0x2d0 [ 283.554645][ C0] __device_attach+0x2b5/0x400 [ 283.559488][ C0] bus_probe_device+0x180/0x260 [ 283.564333][ C0] device_add+0x85b/0xc20 [ 283.568641][ C0] usb_new_device+0xa31/0x1630 [ 283.573386][ C0] hub_event+0x2962/0x49c0 [ 283.577784][ C0] process_scheduled_works+0xa45/0x15b0 [ 283.583309][ C0] worker_thread+0xa55/0xfc0 [ 283.587906][ C0] kthread+0x2fa/0x390 [ 283.591952][ C0] ret_from_fork+0x48/0x80 [ 283.596374][ C0] ret_from_fork_asm+0x11/0x20 [ 283.601160][ C0] [ 283.603474][ C0] Freed by task 966: [ 283.607348][ C0] kasan_set_track+0x4e/0x70 [ 283.611943][ C0] kasan_save_free_info+0x2e/0x50 [ 283.617033][ C0] ____kasan_slab_free+0x126/0x1e0 [ 283.622122][ C0] slab_free_freelist_hook+0x130/0x1b0 [ 283.627600][ C0] __kmem_cache_free+0xba/0x1f0 [ 283.632500][ C0] xpad_disconnect+0x350/0x480 [ 283.637276][ C0] usb_unbind_interface+0x1f2/0x870 [ 283.642468][ C0] device_release_driver_internal+0x4cb/0x7a0 [ 283.648529][ C0] bus_remove_device+0x342/0x400 [ 283.653568][ C0] device_del+0x50b/0x900 [ 283.658172][ C0] usb_disable_device+0x3e9/0x8a0 [ 283.663212][ C0] usb_disconnect+0x34c/0x8a0 [ 283.667887][ C0] hub_event+0x1cef/0x49c0 [ 283.672292][ C0] process_scheduled_works+0xa45/0x15b0 [ 283.677922][ C0] worker_thread+0xa55/0xfc0 [ 283.682604][ C0] kthread+0x2fa/0x390 [ 283.686684][ C0] ret_from_fork+0x48/0x80 [ 283.691105][ C0] ret_from_fork_asm+0x11/0x20 [ 283.695875][ C0] [ 283.698186][ C0] Last potentially related work creation: [ 283.703887][ C0] kasan_save_stack+0x3e/0x60 [ 283.708572][ C0] __kasan_record_aux_stack+0xaf/0xc0 [ 283.713927][ C0] kvfree_call_rcu+0xee/0x780 [ 283.718605][ C0] batadv_hard_if_event+0x7e1/0x15b0 [ 283.724062][ C0] notifier_call_chain+0x197/0x390 [ 283.729200][ C0] unregister_netdevice_many_notify+0xf36/0x1810 [ 283.735523][ C0] default_device_exit_batch+0x9cb/0xa60 [ 283.741149][ C0] cleanup_net+0x77f/0xb90 [ 283.745565][ C0] process_scheduled_works+0xa45/0x15b0 [ 283.751283][ C0] worker_thread+0xa55/0xfc0 [ 283.755872][ C0] kthread+0x2fa/0x390 [ 283.759943][ C0] ret_from_fork+0x48/0x80 [ 283.764356][ C0] ret_from_fork_asm+0x11/0x20 [ 283.769111][ C0] [ 283.771439][ C0] Second to last potentially related work creation: [ 283.778024][ C0] kasan_save_stack+0x3e/0x60 [ 283.782757][ C0] __kasan_record_aux_stack+0xaf/0xc0 [ 283.788150][ C0] kvfree_call_rcu+0xee/0x780 [ 283.792826][ C0] neigh_remove_one+0x5f1/0x700 [ 283.797674][ C0] ___neigh_create+0x467/0x2440 [ 283.802524][ C0] ip6_finish_output2+0x159e/0x1650 [ 283.807745][ C0] ndisc_send_skb+0xbed/0x14b0 [ 283.812614][ C0] addrconf_dad_completed+0x79f/0xd40 [ 283.817998][ C0] addrconf_dad_work+0xc4e/0x14e0 [ 283.823042][ C0] process_scheduled_works+0xa45/0x15b0 [ 283.828578][ C0] worker_thread+0xa55/0xfc0 [ 283.833326][ C0] kthread+0x2fa/0x390 [ 283.837404][ C0] ret_from_fork+0x48/0x80 [ 283.841842][ C0] ret_from_fork_asm+0x11/0x20 [ 283.846614][ C0] [ 283.848938][ C0] The buggy address belongs to the object at ffff888079cd3800 [ 283.848938][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 283.863110][ C0] The buggy address is located 145 bytes inside of [ 283.863110][ C0] freed 1024-byte region [ffff888079cd3800, ffff888079cd3c00) [ 283.877187][ C0] [ 283.879499][ C0] The buggy address belongs to the physical page: [ 283.885919][ C0] page:ffffea0001e73400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79cd0 [ 283.896084][ C0] head:ffffea0001e73400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 283.905041][ C0] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 283.913480][ C0] page_type: 0xffffffff() [ 283.917879][ C0] raw: 00fff00000000840 ffff888017841dc0 0000000000000000 dead000000000001 [ 283.926458][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 283.935118][ C0] page dumped because: kasan: bad access detected [ 283.941524][ C0] page_owner tracks the page as allocated [ 283.947231][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 743, tgid 743 (kworker/u4:5), ts 70437567864, free_ts 70413919248 [ 283.969833][ C0] post_alloc_hook+0x1cd/0x210 [ 283.974719][ C0] get_page_from_freelist+0x195c/0x19f0 [ 283.980264][ C0] __alloc_pages+0x1e3/0x460 [ 283.984865][ C0] alloc_slab_page+0x5d/0x170 [ 283.989566][ C0] new_slab+0x87/0x2e0 [ 283.993636][ C0] ___slab_alloc+0xc6d/0x12f0 [ 283.998319][ C0] __kmem_cache_alloc_node+0x1a2/0x260 [ 284.003783][ C0] __kmalloc_node_track_caller+0xa2/0x230 [ 284.009614][ C0] kmalloc_reserve+0x117/0x260 [ 284.014564][ C0] __alloc_skb+0x138/0x2c0 [ 284.019050][ C0] inet6_rt_notify+0xb4/0x240 [ 284.023705][ C0] fib6_add+0x1d9a/0x3d20 [ 284.028035][ C0] ip6_ins_rt+0xc9/0x120 [ 284.032275][ C0] __ipv6_ifa_notify+0x62f/0xaa0 [ 284.037210][ C0] addrconf_dad_completed+0x181/0xd40 [ 284.042584][ C0] addrconf_dad_work+0xc4e/0x14e0 [ 284.047601][ C0] page last free stack trace: [ 284.052277][ C0] free_unref_page_prepare+0x7ce/0x8e0 [ 284.057772][ C0] free_unref_page+0x32/0x2e0 [ 284.062479][ C0] __unfreeze_partials+0x1cf/0x210 [ 284.067582][ C0] put_cpu_partial+0x17c/0x250 [ 284.072355][ C0] __slab_free+0x31d/0x410 [ 284.076790][ C0] qlist_free_all+0x75/0xe0 [ 284.081314][ C0] kasan_quarantine_reduce+0x143/0x160 [ 284.086978][ C0] __kasan_slab_alloc+0x22/0x80 [ 284.091834][ C0] slab_post_alloc_hook+0x6e/0x4d0 [ 284.097031][ C0] __kmem_cache_alloc_node+0x13e/0x260 [ 284.102496][ C0] kmalloc_trace+0x2a/0xe0 [ 284.106897][ C0] __ipv6_dev_mc_inc+0x3fa/0xa90 [ 284.111817][ C0] ipv6_add_dev+0xd66/0x11f0 [ 284.116396][ C0] addrconf_notify+0x67b/0x1010 [ 284.121250][ C0] notifier_call_chain+0x197/0x390 [ 284.126372][ C0] register_netdevice+0x160c/0x1ae0 [ 284.131580][ C0] [ 284.133905][ C0] Memory state around the buggy address: [ 284.139553][ C0] ffff888079cd3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 284.147632][ C0] ffff888079cd3800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 284.155699][ C0] >ffff888079cd3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 284.164139][ C0] ^ [ 284.168815][ C0] ffff888079cd3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 284.176894][ C0] ffff888079cd3980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 284.184999][ C0] ================================================================== [ 284.193071][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 284.200330][ C0] CPU: 0 PID: 5783 Comm: syz-executor Not tainted syzkaller #0 [ 284.207983][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 284.218040][ C0] Call Trace: [ 284.221322][ C0] [ 284.224193][ C0] dump_stack_lvl+0x16c/0x230 [ 284.228931][ C0] ? show_regs_print_info+0x20/0x20 [ 284.234144][ C0] ? load_image+0x3b0/0x3b0 [ 284.238658][ C0] panic+0x2c0/0x710 [ 284.242570][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 284.247075][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 284.252960][ C0] ? _raw_spin_unlock+0x40/0x40 [ 284.257808][ C0] ? print_memory_metadata+0x314/0x400 [ 284.263275][ C0] ? register_lock_class+0x7fc/0x890 [ 284.268652][ C0] check_panic_on_warn+0x84/0xa0 [ 284.273591][ C0] ? register_lock_class+0x7fc/0x890 [ 284.278867][ C0] end_report+0x6f/0x140 [ 284.283095][ C0] kasan_report+0x128/0x150 [ 284.287600][ C0] ? register_lock_class+0x7fc/0x890 [ 284.292981][ C0] register_lock_class+0x7fc/0x890 [ 284.298100][ C0] ? __down_timeout+0x10/0x10 [ 284.302816][ C0] ? is_dynamic_key+0x260/0x260 [ 284.307789][ C0] ? prb_read_valid+0x3d/0x60 [ 284.312479][ C0] __lock_acquire+0x17a/0x7c80 [ 284.317270][ C0] ? __lock_acquire+0x1334/0x7c80 [ 284.322297][ C0] ? mark_lock+0x94/0x320 [ 284.326681][ C0] ? __lock_acquire+0x1334/0x7c80 [ 284.331717][ C0] ? verify_lock_unused+0x140/0x140 [ 284.336934][ C0] lock_acquire+0x197/0x410 [ 284.341465][ C0] ? __wake_up+0xf8/0x190 [ 284.345843][ C0] ? read_lock_is_recursive+0x20/0x20 [ 284.351238][ C0] _raw_spin_lock_irqsave+0xa8/0xf0 [ 284.356448][ C0] ? __wake_up+0xf8/0x190 [ 284.360861][ C0] ? _raw_spin_lock+0x40/0x40 [ 284.365518][ C0] __wake_up+0xf8/0x190 [ 284.369651][ C0] ? __wake_up_bit+0x1e0/0x1e0 [ 284.374483][ C0] __usb_hcd_giveback_urb+0x396/0x520 [ 284.379858][ C0] dummy_timer+0x8a3/0x31b0 [ 284.384347][ C0] ? debug_deactivate+0x1d/0x1d0 [ 284.389266][ C0] ? lock_chain_count+0x20/0x20 [ 284.394106][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 284.400015][ C0] ? dummy_free_streams+0x530/0x530 [ 284.405197][ C0] ? debug_object_deactivate+0x67/0x350 [ 284.410744][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 284.415926][ C0] ? dummy_free_streams+0x530/0x530 [ 284.421117][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 284.426226][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 284.432281][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 284.437397][ C0] handle_softirqs+0x280/0x820 [ 284.442185][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 284.446948][ C0] ? do_softirq+0x180/0x180 [ 284.451440][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 284.456630][ C0] __irq_exit_rcu+0xc7/0x190 [ 284.461317][ C0] ? irq_exit_rcu+0x20/0x20 [ 284.465836][ C0] irq_exit_rcu+0x9/0x20 [ 284.470173][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 284.475812][ C0] [ 284.478735][ C0] [ 284.481762][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 284.487726][ C0] RIP: 0010:deref_stack_reg+0x70/0x240 [ 284.493173][ C0] Code: 00 48 89 5c 24 18 4d 8b 77 08 49 8d 5f 10 49 89 dd 49 c1 ed 03 41 80 7c 2d 00 00 74 08 48 89 df e8 a5 06 a2 00 48 89 5c 24 08 <4d> 8b 67 10 4c 89 fb 48 c1 eb 03 0f b6 04 2b 84 c0 0f 85 78 01 00 [ 284.512782][ C0] RSP: 0018:ffffc900046cf398 EFLAGS: 00000246 [ 284.518834][ C0] RAX: 1ffff920008d9e9a RBX: ffffc900046cf4d8 RCX: ffff888027b58000 [ 284.526786][ C0] RDX: 0000000000000000 RSI: ffffc900046cf860 RDI: ffffc900046cf4c8 [ 284.534738][ C0] RBP: dffffc0000000000 R08: ffff888027b58000 R09: 0000000000000003 [ 284.542718][ C0] R10: 0000000000000004 R11: 0000000000000000 R12: ffffc900046cf4c8 [ 284.550857][ C0] R13: 1ffff920008d9e9b R14: ffffc900046c8000 R15: ffffc900046cf4c8 [ 284.558831][ C0] ? deref_stack_reg+0x29/0x240 [ 284.563685][ C0] unwind_next_frame+0x1789/0x2970 [ 284.568808][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 284.573901][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 284.578910][ C0] ? stack_trace_save+0xe0/0xe0 [ 284.583764][ C0] arch_stack_walk+0x144/0x190 [ 284.588533][ C0] ? slab_post_alloc_hook+0x6e/0x4d0 [ 284.593822][ C0] stack_trace_save+0x9c/0xe0 [ 284.598504][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 284.603804][ C0] kasan_set_track+0x4e/0x70 [ 284.608400][ C0] ? kasan_set_track+0x4e/0x70 [ 284.613165][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 284.618319][ C0] __kasan_slab_alloc+0x6c/0x80 [ 284.623179][ C0] slab_post_alloc_hook+0x6e/0x4d0 [ 284.628473][ C0] kmem_cache_alloc+0x11e/0x2e0 [ 284.633317][ C0] ? security_file_alloc+0x34/0x120 [ 284.638593][ C0] security_file_alloc+0x34/0x120 [ 284.643604][ C0] init_file+0x94/0x1f0 [ 284.647757][ C0] alloc_empty_file+0xb7/0x1d0 [ 284.652501][ C0] path_openat+0x100/0x3190 [ 284.656989][ C0] ? kasan_set_track+0x4e/0x70 [ 284.661732][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 284.666837][ C0] ? do_sys_openat2+0xcb/0x1c0 [ 284.671585][ C0] ? __x64_sys_openat+0x139/0x160 [ 284.676828][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 284.682881][ C0] ? verify_lock_unused+0x140/0x140 [ 284.688064][ C0] ? do_filp_open+0x3d0/0x3d0 [ 284.692957][ C0] ? __virt_addr_valid+0x18c/0x540 [ 284.698152][ C0] do_filp_open+0x1c5/0x3d0 [ 284.702640][ C0] ? vfs_tmpfile+0x490/0x490 [ 284.707216][ C0] ? _raw_spin_unlock+0x28/0x40 [ 284.712066][ C0] ? alloc_fd+0x58f/0x630 [ 284.716425][ C0] do_sys_openat2+0x12c/0x1c0 [ 284.721104][ C0] ? may_mount+0x90/0x90 [ 284.725347][ C0] ? do_sys_open+0xe0/0xe0 [ 284.729760][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 284.735744][ C0] ? lock_chain_count+0x20/0x20 [ 284.740591][ C0] ? lock_chain_count+0x20/0x20 [ 284.745427][ C0] __x64_sys_openat+0x139/0x160 [ 284.750285][ C0] do_syscall_64+0x55/0xb0 [ 284.754703][ C0] ? clear_bhb_loop+0x40/0x90 [ 284.759377][ C0] ? clear_bhb_loop+0x40/0x90 [ 284.764320][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 284.770221][ C0] RIP: 0033:0x7fe25f78e4e1 [ 284.774637][ C0] Code: 44 24 18 31 c0 41 83 e2 40 75 3e 89 f0 25 00 00 41 00 3d 00 00 41 00 74 30 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 77 3f 48 8b 54 24 18 64 48 2b 14 25 28 00 00 00 [ 284.794234][ C0] RSP: 002b:00007ffc9cb18fe0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 284.802629][ C0] RAX: ffffffffffffffda RBX: 00007fe25f811c05 RCX: 00007fe25f78e4e1 [ 284.810590][ C0] RDX: 0000000000090800 RSI: 00007ffc9cb1a190 RDI: 00000000ffffff9c [ 284.818541][ C0] RBP: 00007ffc9cb1a17c R08: 0000000000000000 R09: 0000000000000000 [ 284.826505][ C0] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffc9cb1a190 [ 284.834814][ C0] R13: 00007fe25f811c05 R14: 000000000004502f R15: 00007ffc9cb1a1d0 [ 284.842859][ C0] [ 285.942809][ C0] Shutting down cpus with NMI [ 285.947810][ C0] Kernel Offset: disabled [ 285.952147][ C0] Rebooting in 86400 seconds..