last executing test programs: 7m4.2137345s ago: executing program 1 (id=15243): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00') pread64(r0, &(0x7f0000000100)=""/253, 0xfd, 0xadc) 7m3.958401538s ago: executing program 1 (id=15248): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@setlink={0x40, 0x13, 0x331, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x34e4c, 0x46001}, [@IFLA_IFNAME={0x14, 0x3, 'bond_slave_1\x00'}, @IFLA_AF_SPEC={0x4}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000044}, 0x20040850) 7m3.733042665s ago: executing program 1 (id=15252): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff014}, {0x6, 0x9, 0x7, 0xd}]}, 0x10) 7m3.421837235s ago: executing program 1 (id=15256): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x2000004, &(0x7f0000000500)=ANY=[@ANYBLOB="00e3078fbb81fca067351e718b1742354077ee6bdefb8addaf7c0c235850b66dac0ba564a370a77264f1a57d44c84efc49fa6c64b9351ea8fd59a458a7791fedcc466b0eab6ca6dd32fcc642517fa3219450b91e3118bf2b9d3cfa562ea44c058252d29181c81c637c6ba7d179122eee61e5c9f68165b6abd469da8d90c0632f7265bb040411d5748c475bb33a7ce77afb2ea533f1653d8cb67dad989bb0a1c16881f0d91d6cbd3751c289aecf4a00"/185, @ANYBLOB="b12398658f5ec6488081d04c33b5a507b1cac8c4376c1895046a1e6e068e53d002eb4279796b4c014f4febee026f87bd0eea7d27598f7ff2687552fdd651", @ANYRESOCT=0x0, @ANYRES64], 0x1, 0x497, &(0x7f0000002480)="$eJzs281vG8Ufx/HPbGJnk/b3w31yC6qEJSSKiiix05I+gRRa0iL1gbYJAqEWhcYJVhMnitOqraCtxKFHoEggJA7l0AtCVZHgAgcOcOM/4MKtBy6YEycQms2sd+26JK0fEjfvl5R4vPv17uzM7OysdywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC9/MpQf9Ysdy4AAEA7HTt1sj/H9R8AgFVlhPt/AACA1cTI0ycy+uHTsjkavF/gHykUz18cPThc/2O9JvhkVxBv//xsbmDnrhcGd4ev//35Zntcx0+NDGUOzEzPzuVLpfx4ZrRYODsznl/yFhr9fK3tQQFkps+dH5+YKGVyOwaqVl9M3e1Zk07tG0zvfzqMHT04PHwqFtOdeOi93+N+I/ykPF2XUfnj2+aYJE+Nl8UibafVeoOD2B4cxOjB4eBApgpjxXm70oQF4VWXSTIsozbURUM2SjZfJtmce7aEPJVktCldNscldYXl8GzwxfDiG/Cako0HZvN5WlJGHVBnK1iPPO2S0Y09Kb1myyys/27p/eXOHFquW55uy2jbS2VzIugP7Plku80jr2deLU7MxGKNcWdUp18f2mmF902+PB0LzviyObncmUHb2cHSaRntHLkQjCsUjEsf2zd46PBIfISxeZHt2NgdLr2Ua3IiNnQwyzSGAAAAAAAAAB51vvGC7+I+/8YP3mfcMyCsEsbT8zL683A5eDQen5fQFZvfUdHpz35am/9e/8DM7KW5wuS783XX9/lD75Tm58bO1l+tXnvyVX0dvtg8hgYljKfdMrr6z51ovylj064biHZ0a3+UN9/UrA3azf8X5rOEzxD2Dm+Op+tm+QGej6XcfumfgOYwxtOQjCa+3+LmfvTpnj7IxX0roz9ubnVxXtIGhadpKvjvTxSm8v029icZffl3GBtMM9MaF7shis3aWE9GHx2tjl3rYjdGsTkbe0hGP5+pH7spih2wsR/IaPb3TBjbZ2OfdLHpKHbH2Zmp8ZYV8Apn+/8rMlr/YsaEdenKy3WzXZXYW+9F/f212g3dp89vtP9PxZZdc+3wrm2vZ7YEbS9or1799npdRl9/t9XFLbSVpFu/Lvgftdc3ZDT5S3Vsn4tdH8Vml1ywHcLW/9syyhXvVMrG1b+rgdj1P1b/T9S2jhbV/7rYspTbb09zDh2SSpcunxubmsrPkSBBYgmJHq2IbCySCPvlh9/OMndMaAt7/f9MRm+e+LUy3nHXfzesjsZ/f12Jrv97azfUouv/+tiyvW40kuiW/Pnp2URa8kuXLj9XmB6bzE/miwO57J7+PTsHs4lkOLaLUg0X1SMp4e7VLnz4VeX+rHr8V3/831e7oRbV/waXzXCfUSfVlMNf9Wz9/yajt368U7mPtvV/sxJRPf4P77OeeWrhtXJ+tqj+N8aWpdx+/9eE4wYAAAAAAAAAAAAAAACATpcwnm7IyD/dbcLfRi1l/t89P5hq0fyvdGzZeJt+r9BwoQJAB/Dk6QsZbVPZXLUL1kpH4694pP0bAAD//3VdHM0=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 7m2.845065484s ago: executing program 1 (id=15264): r0 = epoll_create(0x8) fcntl$getown(r0, 0x9) 7m2.131104667s ago: executing program 1 (id=15276): r0 = socket(0x11, 0x2, 0x0) sendmmsg(r0, &(0x7f0000000480)=[{{&(0x7f0000000400)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, 0x0}}, {{&(0x7f00000001c0)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000001c40)=ANY=[], 0x3}}], 0x2, 0x0) 7m1.7356063s ago: executing program 32 (id=15276): r0 = socket(0x11, 0x2, 0x0) sendmmsg(r0, &(0x7f0000000480)=[{{&(0x7f0000000400)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, 0x0}}, {{&(0x7f00000001c0)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000001c40)=ANY=[], 0x3}}], 0x2, 0x0) 3.524090666s ago: executing program 2 (id=21508): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r0, 0xae03, 0x8f) 3.314834603s ago: executing program 2 (id=21511): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="0e00"}) 3.101216339s ago: executing program 2 (id=21515): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee20009058217"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 2.328609174s ago: executing program 3 (id=21525): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x8}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f0000000140)=""/224}, 0x20) 2.105493731s ago: executing program 3 (id=21528): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) 1.965482916s ago: executing program 4 (id=21529): r0 = socket$can_raw(0x1d, 0x3, 0x1) sendto$packet(r0, 0x0, 0x0, 0x8000, 0x0, 0x0) 1.84646959s ago: executing program 3 (id=21531): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="680000001014010026bd3000fbdbdf25080004"], 0x68}, 0x1, 0x0, 0x0, 0x48051}, 0x20010014) 1.724906104s ago: executing program 4 (id=21533): r0 = syz_open_dev$swradio(&(0x7f0000000100), 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x101, 0xb, 0x4, 0x0, 0xf}) 1.599606298s ago: executing program 3 (id=21535): mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) 1.441165603s ago: executing program 4 (id=21538): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x80c42, 0x0) read(r0, &(0x7f0000000040)=""/148, 0xffffff96) 1.416480603s ago: executing program 3 (id=21539): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x1, &(0x7f0000000300)={[{@heartbeat_none}, {@heartbeat_none}, {@dir_resv_level}, {@barrier={'barrier', 0x3d, 0x2}}, {@coherency_full}, {@localflocks}, {@coherency_full}, {@inode64}]}, 0x1, 0x4421, &(0x7f0000004500)="$eJzs3c9PHGUfAPBnBt63UNsKtYeamLiJTTRqCPSk0kRKaSm0WFNtY7xsF9i26MI2sBgPPeCtiScTD8ZDo4k3Tg0Hr/VP8OKxnpvowYuJSSNmd2eBGXbDSliwzeeTlNl5fu9+d5595jB94kTl9txSbm4pV1jIlWduLp3OfVYuLc8XQ7xPDrp/2tOJOIn9wbly7sIH10+H8NPsL4/X19fXQ1V3aGpoy+s//7g7s/XYEGfqVNtt3tpe+TiEcGLbuKq6Qggf/RhCFEI4m6SNJsfeEMKxUM+7fvfLG7k9Gs2DR8Uz+SdT99aGT02u3l9r/d6jEL4tvfjmrfnfXuka/vX1PeoeAAAAAAAAAAAAAAAAAICn3PjVK9feHxwKD6PQvRptf153PDm2ej52fc+83Pk3CwAAAAAAAAAAAAAAAAAAAP9Rm8//56LjTZ7/H0uOIy3qr7/b+THSORPvXRk7PziU7P8ebct/K0n6/WxX6G+y73t2//ezmfrN93/f3s9uNcbX6LcvRPFA6jyOBwZC+D7Z+P1kdDgulZcqb9wsLy/M7tkwnlrp+Nd3709FJ9nQv934j2ba7/z+/y9s+zZVz2/s3VfsmZaOf1fLcj98EbUV/3OZevsRf3YvHf/uWlrv1gIj9QmgGv+vuneO/1im/U7F/1gIIRdVx5pLzQDVNUw1vdV6hbR0/P9XS0tNnckH2er6/ysT//OZ9g9q/l/J/hDRVDr+/6+l9aRKbF7//fHO1/+FTPsHEf/q+Ff8/rclHf9D9cTuVJHaJ9nu/D+eab9T8b8WJ+M8FqW+AatRPb3V/1dHWjr+PdvyN+//4rbWfxcz9ffr/q/Rb+P+rzH9vxbV7/9oLh3/3pbl2r3+JzL1Oj3/j9TWf+xWOv6Ha2nptXNf7W+78Z/MtN+p+NdWJT2N+G/OJ38fqqd/Z/3XlnT8n6snxltLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fFen4H2lZrhr/n9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/9VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8synSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5stNUb3S4WFivTxUIlhDCepL8Ujjbamp6rzBfuhBAubuQ9H5cX79wuLORn5xbfGRwcHAwTG2Poj4qfV4oLlXrv9dwQJjfq9kVbBlfLvrQxliPRJ+XlxYVCqZZ+eUudUnmmUNpSZyrJ+zr0R5XF5YWZQqWYL5VvNfo7SCPJcWzi6odXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6lh8NvfxNC6K6fxSGEXJS8iJJ/KQ8eFc/kn0zdWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//z8QH1I=") syz_mount_image$msdos(&(0x7f0000000940), &(0x7f0000001cc0)='.\x00', 0x1a4a438, &(0x7f0000000300)=ANY=[], 0xb, 0x0, &(0x7f0000000300)) 1.136363252s ago: executing program 0 (id=21543): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x38) 1.126306963s ago: executing program 2 (id=21544): r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) pread64(r0, &(0x7f0000001500)=""/4075, 0xfeb, 0x7fff) 1.003988027s ago: executing program 5 (id=21545): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002060207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000005c0)={r0}, 0xc) 877.108051ms ago: executing program 0 (id=21546): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0) 871.511861ms ago: executing program 2 (id=21547): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000019880)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x2a8, 0x258, 0x258, 0x2a8, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private0, [], [], 'geneve0\x00', '\x00', {0xff}, {}, 0x11}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x7}}, @common=@inet=@multiport={{0x50}, {0x0, 0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@ipv6={@private0, @empty, [0x0, 0x0, 0xff000000], [], 'pim6reg0\x00', 'erspan0\x00', {}, {}, 0x32}, 0x0, 0xf8, 0x118, 0x0, {}, [@common=@hl={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x2001}}, {0x28}}}}, 0x3d8) 805.185003ms ago: executing program 5 (id=21548): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsuid(0xee01) 744.485725ms ago: executing program 0 (id=21549): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f0000000040)=0x24, 0x4) 629.785469ms ago: executing program 0 (id=21550): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x6, 0x4, 0x24b5, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380), &(0x7f00000002c0), 0xcbea, r0}, 0x38) 564.920971ms ago: executing program 5 (id=21551): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x109000, 0x0) ioctl$COMEDI_CHANINFO(r0, 0x80306403, &(0x7f0000000300)={0x9, 0x0, 0x0, 0x0}) 474.690424ms ago: executing program 2 (id=21552): mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x6931b000) syz_clone(0x1069000, 0x0, 0x0, 0x0, 0x0, 0x0) 436.840055ms ago: executing program 4 (id=21553): r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_udp_int(r0, 0x11, 0x1, 0x0, &(0x7f0000000040)) 357.960158ms ago: executing program 5 (id=21554): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) 305.50813ms ago: executing program 0 (id=21555): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x128, 0x150, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x14, 0x59d18d412dbffcb8, 0x5}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x6, 0x3}, {0x2, 0x1}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [0x0, 0x0, 0x0, 0xffffff00], 'erspan0\x00', 'gre0\x00', {0xff}}, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x4, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x350) 185.183323ms ago: executing program 0 (id=21556): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000580)=ANY=[@ANYBLOB="e0000000130001", @ANYBLOB="88636d1161e8c0d60f3341a5429f1ae690440a965fedc2aa899bf66dbc9d0c43808ce0a91c4dd59637b3b5e78a1cd7031f5216288a82f2b8810fecd88656b0e602", @ANYRES64], 0xe0}, 0x1, 0x0, 0x0, 0x44000}, 0x800) 139.463315ms ago: executing program 4 (id=21557): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000300)={0xffffffffffffff5e, 0x0, 0x0}) 98.046566ms ago: executing program 5 (id=21558): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000001200)={'wlan1\x00', @random="f7280200e700"}) 65.679017ms ago: executing program 3 (id=21559): r0 = syz_open_dev$video(&(0x7f0000000580), 0x10001, 0x20400) ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f00000005c0)={0x2, "1898efe12602264e5329ea767c2a971f5a255b196a633fb7b93bae0f92c8aa56", 0x7e3e52ee274e9ef1, 0x2, 0x3, 0x0, 0x410, 0x8}) 413.869µs ago: executing program 4 (id=21560): r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r0, 0x0, 0xd0, 0x0, &(0x7f00000001c0)) 0s ago: executing program 5 (id=21561): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@security={'security\x00', 0xe, 0x4, 0x340, 0xffffffff, 0xd0, 0x1c8, 0xd0, 0xffffffff, 0xffffffff, 0x298, 0x298, 0x298, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x37}, @ipv4={'\x00', '\xff\xff', @remote}, [0xffffffff, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xff000000, 0xffffff00], 'syz_tun\x00', 'dummy0\x00', {}, {}, 0x70, 0x5c, 0x1}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xb}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1b, 0x9, 0xfff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0) kernel console output (not intermixed with test programs): 2 [ 1870.976461][T15440] netlink: 292 bytes leftover after parsing attributes in process `syz.5.19419'. [ 1871.163466][T15446] netlink: 188 bytes leftover after parsing attributes in process `syz.3.19423'. [ 1871.529953][T15459] netlink: 'syz.4.19429': attribute type 2 has an invalid length. [ 1871.561777][T15459] netlink: 'syz.4.19429': attribute type 2 has an invalid length. [ 1871.635566][T15459] netlink: 'syz.4.19429': attribute type 1 has an invalid length. [ 1871.679316][T15459] netlink: 32 bytes leftover after parsing attributes in process `syz.4.19429'. [ 1872.475864][ T8582] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1872.702368][ T8582] usb 6-1: Using ep0 maxpacket: 32 [ 1872.709515][ T8582] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1872.754651][ T8582] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1872.790532][ T8582] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1872.833486][ T8582] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1872.865098][ T8582] usb 6-1: config 0 descriptor?? [ 1872.889393][ T8582] hub 6-1:0.0: USB hub found [ 1873.104049][ T8582] hub 6-1:0.0: 5 ports detected [ 1873.114231][ T8582] hub 6-1:0.0: insufficient power available to use all downstream ports [ 1873.324879][ T8582] hub 6-1:0.0: hub_hub_status failed (err = -71) [ 1873.338596][ T8582] hub 6-1:0.0: config failed, can't get hub status (err -71) [ 1873.381064][ T8582] usbhid 6-1:0.0: can't add hid device: -71 [ 1873.398190][ T8582] usbhid: probe of 6-1:0.0 failed with error -71 [ 1873.454216][ T8582] usb 6-1: USB disconnect, device number 20 [ 1873.794957][T15503] loop4: detected capacity change from 0 to 40427 [ 1873.815791][T15503] F2FS-fs (loop4): Fix alignment : internally, start(4096) end(16896) block(12288) [ 1873.852062][T15503] F2FS-fs (loop4): Corrupted extension count (157 + 1 > 64) [ 1873.921682][T15503] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 1873.957309][T15503] F2FS-fs (loop4): invalid crc value [ 1874.019321][T15503] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1874.199682][T15503] F2FS-fs (loop4): recover fsync data on readonly fs [ 1874.234046][T15503] F2FS-fs (loop4): Try to recover 2th superblock, ret: -30 [ 1874.293408][T15503] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1874.419652][T15503] F2FS-fs (loop4): Try to recover all the superblocks, ret: 0 [ 1874.550262][T15547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1874.600263][T15547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1874.646266][T15547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1874.688921][T15547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1874.698849][T15547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1874.774568][T15547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1875.164469][T15565] QAT: failed to copy from user cfg_data. [ 1875.487722][T15576] loop5: detected capacity change from 0 to 1024 [ 1876.148012][T15561] loop0: detected capacity change from 0 to 32768 [ 1876.235117][T15561] ERROR: (device loop0): dtSearch: stack overrun! [ 1876.235117][T15561] [ 1876.240408][T15561] ERROR: (device loop0): remounting filesystem as read-only [ 1876.240429][T15561] btstack dump: [ 1876.240437][T15561] bn = 0, index = 4 [ 1876.240451][T15561] bn = 0, index = 4 [ 1876.240461][T15561] bn = 0, index = 4 [ 1876.240474][T15561] bn = 0, index = 4 [ 1876.240484][T15561] bn = 0, index = 4 [ 1876.240496][T15561] bn = 0, index = 4 [ 1876.240506][T15561] bn = 0, index = 4 [ 1876.240517][T15561] bn = 0, index = 0 [ 1876.240548][T15561] jfs_lookup: dtSearch returned -5 [ 1877.102773][T15622] netlink: 'syz.0.19508': attribute type 1 has an invalid length. [ 1877.220628][T15628] netlink: 276 bytes leftover after parsing attributes in process `syz.4.19511'. [ 1877.663797][T15645] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1877.812779][T21282] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1878.068960][T21282] usb 4-1: Using ep0 maxpacket: 16 [ 1878.081194][T21282] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1878.116713][T21282] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1878.133741][T15665] netlink: 'syz.4.19529': attribute type 13 has an invalid length. [ 1878.139365][T15661] loop5: detected capacity change from 0 to 1764 [ 1878.171905][T21282] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1878.197910][T21282] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1878.225699][T21282] usb 4-1: Product: syz [ 1878.236610][T21282] usb 4-1: Manufacturer: syz [ 1878.241796][T21282] usb 4-1: SerialNumber: syz [ 1878.251489][T15661] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1878.274377][T21282] r8152-cfgselector 4-1: config 0 descriptor?? [ 1878.490107][T15675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.19534'. [ 1878.513154][T21282] usbip-host 4-1: 4-1 is not in match_busid table... skip! [ 1878.530419][T15675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.19534'. [ 1878.743565][T21282] usb 4-1: USB disconnect, device number 42 [ 1879.153330][T15698] netlink: 20 bytes leftover after parsing attributes in process `syz.4.19546'. [ 1879.372247][T15707] loop2: detected capacity change from 0 to 512 [ 1879.430663][T15707] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1879.542819][T15717] netlink: 20 bytes leftover after parsing attributes in process `syz.0.19554'. [ 1879.553516][T15707] EXT4-fs (loop2): 1 truncate cleaned up [ 1879.559731][T15717] netlink: 36 bytes leftover after parsing attributes in process `syz.0.19554'. [ 1879.560867][T15707] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 1879.762126][ T4299] EXT4-fs (loop2): unmounting filesystem. [ 1880.065568][T15727] loop2: detected capacity change from 0 to 1024 [ 1880.092979][T15730] loop5: detected capacity change from 0 to 736 [ 1880.149923][T15727] hfsplus: request for non-existent node 211 in B*Tree [ 1880.183324][T15727] hfsplus: request for non-existent node 211 in B*Tree [ 1880.647563][ T8582] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 1880.733371][ T5609] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1880.791866][T15719] loop4: detected capacity change from 0 to 32768 [ 1880.863973][ T8582] usb 1-1: Using ep0 maxpacket: 16 [ 1880.871599][ T8582] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1880.922518][ T8582] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1880.948826][ T5609] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1880.968588][ T5609] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1880.978107][ T5609] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1880.982888][T15719] XFS (loop4): Mounting V5 Filesystem [ 1880.997899][ T8582] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1881.015473][ T5609] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1881.020736][T15741] loop2: detected capacity change from 0 to 32768 [ 1881.058122][ T8582] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1881.089862][ T8582] usb 1-1: Product: syz [ 1881.094128][ T8582] usb 1-1: Manufacturer: syz [ 1881.105242][ T8582] usb 1-1: SerialNumber: syz [ 1881.113757][ T8582] r8152-cfgselector 1-1: config 0 descriptor?? [ 1881.183241][T15741] XFS (loop2): Mounting V5 Filesystem [ 1881.206895][T15719] XFS (loop4): Ending clean mount [ 1881.227830][T15766] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1881.245780][T15719] XFS (loop4): Quotacheck needed: Please wait. [ 1881.341835][ T8582] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 1881.395768][T15719] XFS (loop4): Quotacheck: Done. [ 1881.414709][T15741] XFS (loop2): Ending clean mount [ 1881.430879][T15741] XFS (loop2): Quotacheck needed: Please wait. [ 1881.542672][ T4288] XFS (loop4): Unmounting Filesystem [ 1881.575902][ T8582] usb 1-1: USB disconnect, device number 27 [ 1881.582639][T15741] XFS (loop2): Quotacheck: Done. [ 1881.875514][ T4299] XFS (loop2): Unmounting Filesystem [ 1882.130599][ T5609] stv0680 4-1:4.0: STV(e): camera ping failed!! [ 1882.277133][T15777] loop4: detected capacity change from 0 to 2048 [ 1882.329906][T15777] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1882.345386][ T5609] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 1882.378307][ T5609] stv0680 4-1:4.0: last error: 0, command = 0x0 [ 1882.440400][ T5609] usb 4-1: USB disconnect, device number 43 [ 1883.400177][T15814] netlink: 'syz.4.19594': attribute type 2 has an invalid length. [ 1883.452111][T15814] netlink: 'syz.4.19594': attribute type 1 has an invalid length. [ 1883.552805][T15812] loop2: detected capacity change from 0 to 8192 [ 1883.606830][T15816] loop3: detected capacity change from 0 to 4096 [ 1883.617913][T15812] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1883.698366][T15812] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 1883.708861][T15812] REISERFS (device loop2): using ordered data mode [ 1883.715585][T15812] reiserfs: using flush barriers [ 1883.734205][T15812] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7 [ 1883.751732][T15812] REISERFS (device loop2): checking transaction log (loop2) [ 1883.796456][T15812] REISERFS (device loop2): Using r5 hash to sort names [ 1883.812793][T15812] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 1883.828695][T15812] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 1883.901676][T15816] ntfs3: loop3: Failed to load $Extend. [ 1883.963138][T15816] ntfs3: loop3: ino=5, "/" directory corrupted [ 1884.160415][ T4290] Trying to write to read-only block-device loop3 [ 1884.450878][T15841] netlink: 'syz.4.19608': attribute type 1 has an invalid length. [ 1884.498538][T15841] netlink: 'syz.4.19608': attribute type 2 has an invalid length. [ 1884.552717][T15843] loop2: detected capacity change from 0 to 1024 [ 1884.631762][T15843] __quota_error: 4 callbacks suppressed [ 1884.631784][T15843] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5 [ 1884.648803][T15843] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 1884.658433][T15843] EXT4-fs error (device loop2): ext4_acquire_dquot:6841: comm syz.2.19604: Failed to acquire dquot type 0 [ 1884.757977][T15843] EXT4-fs error (device loop2): mb_free_blocks:1839: group 0, inode 13: block 160:freeing already freed block (bit 10); block bitmap corrupt. [ 1884.821755][T15843] EXT4-fs (loop2): 1 truncate cleaned up [ 1884.827602][T15843] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1884.887552][T15843] Quota error (device loop2): do_check_range: Getting block 64 out of range 0-5 [ 1884.919938][T15861] device ip6gre3 entered promiscuous mode [ 1885.066478][ T4299] EXT4-fs (loop2): unmounting filesystem. [ 1885.239768][T15872] loop0: detected capacity change from 0 to 128 [ 1885.267691][T15873] device netdevsim0 left promiscuous mode [ 1885.295223][T15872] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1885.458323][T15872] EXT4-fs warning (device loop0): ext4_group_extend:1899: can't read last block, resize aborted [ 1885.473198][T15878] netlink: 'syz.4.19623': attribute type 29 has an invalid length. [ 1885.524612][T15878] netlink: 'syz.4.19623': attribute type 29 has an invalid length. [ 1885.668071][ T4292] EXT4-fs (loop0): unmounting filesystem. [ 1886.548153][T15912] loop3: detected capacity change from 0 to 4096 [ 1886.636600][ T4477] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1886.959437][T15935] xt_CONNSECMARK: invalid mode: 0 [ 1887.046148][T15938] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1887.131202][T15943] netlink: 'syz.5.19656': attribute type 13 has an invalid length. [ 1887.139286][T15943] netlink: 'syz.5.19656': attribute type 12 has an invalid length. [ 1887.638542][T15957] Process accounting resumed [ 1887.897811][T15973] [U] .h0FwZ,iqgҏV2sO [ 1887.918005][T15973] [U] ` w*BBOLhU [ 1887.922610][T15973] [U] w$n|#%o.z\̧mРw [ 1887.967161][T15973] [U] R{ꫢ S [ 1888.425733][T15986] device ip6gre1 entered promiscuous mode [ 1888.679960][T15969] loop3: detected capacity change from 0 to 32768 [ 1888.697936][T15994] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1888.819132][T15996] netlink: 763 bytes leftover after parsing attributes in process `syz.0.19682'. [ 1889.103524][T16004] loop2: detected capacity change from 0 to 512 [ 1889.138637][ T4477] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by udevd (4477) [ 1889.196084][T16004] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1889.249407][T16004] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 1889.313648][T16011] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1889.377954][T16011] overlayfs: missing 'lowerdir' [ 1889.384474][T16004] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=84ec018, mo2=0002] [ 1889.451180][T16004] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3861: comm syz.2.19686: Allocating blocks 41-42 which overlap fs metadata [ 1889.474486][T16004] Quota error (device loop2): write_blk: dquota write failed [ 1889.481952][T16004] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5 [ 1889.577866][T16004] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3861: comm syz.2.19686: Allocating blocks 41-42 which overlap fs metadata [ 1889.614304][T16026] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19694'. [ 1889.666774][T16004] Quota error (device loop2): write_blk: dquota write failed [ 1889.674364][T16004] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 1889.714972][T16029] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1889.735082][T16004] EXT4-fs error (device loop2): ext4_acquire_dquot:6841: comm syz.2.19686: Failed to acquire dquot type 1 [ 1889.750530][T16032] netlink: 'syz.5.19706': attribute type 29 has an invalid length. [ 1889.770747][T16004] EXT4-fs error (device loop2): mb_free_blocks:1839: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 1889.788868][T16032] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19706'. [ 1889.825328][T16004] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #12: comm syz.2.19686: corrupted inode contents [ 1889.886476][T16004] EXT4-fs error (device loop2): ext4_dirty_inode:6156: inode #12: comm syz.2.19686: mark_inode_dirty error [ 1889.961611][T16004] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #12: comm syz.2.19686: corrupted inode contents [ 1889.993963][T16004] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #12: comm syz.2.19686: mark_inode_dirty error [ 1890.047834][T16004] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #12: comm syz.2.19686: corrupted inode contents [ 1890.087333][T16004] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 1890.110340][T16004] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #12: comm syz.2.19686: corrupted inode contents [ 1890.167281][T16004] EXT4-fs error (device loop2): ext4_truncate:4325: inode #12: comm syz.2.19686: mark_inode_dirty error [ 1890.208136][T16004] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 1890.265418][T16004] EXT4-fs (loop2): 1 truncate cleaned up [ 1890.271173][T16004] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1890.345656][T16004] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3861: comm syz.2.19686: Allocating blocks 41-42 which overlap fs metadata [ 1890.509779][T16004] Quota error (device loop2): write_blk: dquota write failed [ 1890.545423][T16053] netlink: 36 bytes leftover after parsing attributes in process `syz.3.19708'. [ 1890.548212][T16004] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 1890.609327][T16004] EXT4-fs error (device loop2): ext4_acquire_dquot:6841: comm syz.2.19686: Failed to acquire dquot type 1 [ 1890.818621][ T4299] EXT4-fs (loop2): unmounting filesystem. [ 1891.149986][T16073] loop5: detected capacity change from 0 to 64 [ 1891.784399][T16065] loop4: detected capacity change from 0 to 32768 [ 1891.871041][T16065] ERROR: (device loop4): dbAllocAG: unable to allocate blocks [ 1891.871041][T16065] [ 1891.902757][T16065] ERROR: (device loop4): remounting filesystem as read-only [ 1892.029577][T16101] loop3: detected capacity change from 0 to 512 [ 1892.042181][T16101] /dev/loop3: Can't open blockdev [ 1892.159874][ T26] audit: type=1326 audit(1827.704:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16102 comm="syz.4.19733" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x0 [ 1892.955637][T16131] netlink: 24 bytes leftover after parsing attributes in process `syz.3.19747'. [ 1893.131003][T16138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.19751'. [ 1893.156469][T16138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.19751'. [ 1893.182835][T16138] netlink: 48 bytes leftover after parsing attributes in process `syz.3.19751'. [ 1893.509497][T16146] loop4: detected capacity change from 0 to 4096 [ 1893.538937][T16146] EXT4-fs: Ignoring removed mblk_io_submit option [ 1893.596037][T16146] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1893.664554][T16146] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1893.758854][ T4288] EXT4-fs (loop4): unmounting filesystem. [ 1894.382497][T16186] loop3: detected capacity change from 0 to 1024 [ 1894.401388][T16186] /dev/loop3: Can't open blockdev [ 1894.406022][T16182] loop4: detected capacity change from 0 to 1024 [ 1894.415271][T16185] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1895.017394][T16204] vivid-000: ================= START STATUS ================= [ 1895.054894][T16204] vivid-000: Generate PTS: true [ 1895.063210][T16204] vivid-000: Generate SCR: true [ 1895.074136][T16204] tpg source WxH: 320x180 (R'G'B) [ 1895.105586][T16204] tpg field: 1 [ 1895.116430][T16204] tpg crop: 320x180@0x0 [ 1895.134089][T16204] tpg compose: 320x180@0x0 [ 1895.138680][T16204] tpg colorspace: 3 [ 1895.143669][T16204] tpg transfer function: 5/2 [ 1895.148500][T16204] tpg quantization: 2/2 [ 1895.182221][T16204] tpg RGB range: 0/2 [ 1895.193025][T16204] vivid-000: ================== END STATUS ================== [ 1896.027449][T16243] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1896.371787][T16257] netlink: 'syz.5.19803': attribute type 1 has an invalid length. [ 1896.408808][T16257] netlink: 'syz.5.19803': attribute type 2 has an invalid length. [ 1896.455646][T16257] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19803'. [ 1896.486756][T16261] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19805'. [ 1897.279642][T16287] loop2: detected capacity change from 0 to 512 [ 1897.304034][T16249] loop0: detected capacity change from 0 to 32768 [ 1897.353253][T16287] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1897.430684][T16249] XFS (loop0): Mounting V5 Filesystem [ 1897.439625][T16296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19819'. [ 1897.449251][T16296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19819'. [ 1897.474609][T16296] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 1897.510188][ T4299] EXT4-fs (loop2): unmounting filesystem. [ 1897.550069][ T8569] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 1897.677930][T16249] XFS (loop0): Ending clean mount [ 1897.756663][ T8569] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1897.795766][ T8569] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1897.819999][ T8569] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1897.855253][ T8569] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1897.866543][ T8569] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1897.885915][ T8569] usb 4-1: config 0 descriptor?? [ 1897.919501][ T8569] hub 4-1:0.0: USB hub found [ 1897.949055][ T4292] XFS (loop0): Unmounting Filesystem [ 1898.117905][ T8569] hub 4-1:0.0: 9 ports detected [ 1898.125314][ T8569] hub 4-1:0.0: insufficient power available to use all downstream ports [ 1898.338323][ T8569] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 1898.379167][ T8569] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 1898.400762][T16314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19827'. [ 1898.425796][T16281] loop5: detected capacity change from 0 to 32768 [ 1898.427272][ T8569] usb 4-1: USB disconnect, device number 44 [ 1898.491160][T16281] ERROR: (device loop5): dbAllocNext: Corrupt dmap page [ 1898.491160][T16281] [ 1898.535771][T16281] ERROR: (device loop5): remounting filesystem as read-only [ 1898.547391][T16281] ialloc: diAlloc returned -5! [ 1898.697386][T16318] loop2: detected capacity change from 0 to 8 [ 1898.738931][T16318] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 1898.844061][T16324] netlink: 'syz.0.19824': attribute type 3 has an invalid length. [ 1899.052542][T16327] netlink: 'syz.5.19833': attribute type 1 has an invalid length. [ 1899.163466][T16334] loop0: detected capacity change from 0 to 1024 [ 1899.301733][T16334] EXT4-fs error (device loop0): ext4_map_blocks:637: inode #3: block 2: comm syz.0.19835: lblock 2 mapped to illegal pblock 2 (length 1) [ 1899.331896][T16334] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 1899.360168][T16334] EXT4-fs error (device loop0): ext4_map_blocks:637: inode #3: block 48: comm syz.0.19835: lblock 0 mapped to illegal pblock 48 (length 1) [ 1899.447332][T16344] overlayfs: conflicting options: userxattr,redirect_dir=follow [ 1899.473465][T16334] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 1899.507338][T16334] EXT4-fs error (device loop0): ext4_acquire_dquot:6841: comm syz.0.19835: Failed to acquire dquot type 0 [ 1899.543140][T16346] loop5: detected capacity change from 0 to 1024 [ 1899.551671][T16334] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5952: Corrupt filesystem [ 1899.589756][T16334] EXT4-fs error (device loop0): ext4_evict_inode:281: inode #11: comm syz.0.19835: mark_inode_dirty error [ 1899.665492][T16334] EXT4-fs warning (device loop0): ext4_evict_inode:284: couldn't mark inode dirty (err -117) [ 1899.710638][T16334] EXT4-fs (loop0): 1 orphan inode deleted [ 1899.716562][T16334] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1899.733934][T16348] loop4: detected capacity change from 0 to 4096 [ 1899.742600][ T4344] EXT4-fs error (device loop0): ext4_map_blocks:637: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 1899.801902][ T4344] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 1899.823900][T16348] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1899.860900][ T4344] EXT4-fs error (device loop0): ext4_release_dquot:6877: comm kworker/u4:7: Failed to release dquot type 0 [ 1899.881447][T16348] NILFS (loop4): mounting unchecked fs [ 1899.887106][T16348] NILFS (loop4): recovery required for readonly filesystem [ 1899.914108][T16334] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 1899.985876][T16348] NILFS (loop4): write access will be enabled during recovery [ 1900.066733][T16348] NILFS (loop4): norecovery option specified, skipping roll-forward recovery [ 1900.085163][ T4292] EXT4-fs (loop0): unmounting filesystem. [ 1900.193818][T16348] NILFS (loop4): the device already has a read-only mount. [ 1900.200135][T10170] udevd[10170]: incorrect nilfs2 checksum on /dev/loop4 [ 1900.253158][T16362] netlink: 'syz.0.19849': attribute type 12 has an invalid length. [ 1900.583609][T16370] loop0: detected capacity change from 0 to 2048 [ 1900.638238][T16370] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1900.668183][T16376] autofs4:pid:16376:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.2), cmd(0xc0189374) [ 1900.725059][T16376] autofs4:pid:16376:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374) [ 1901.283244][T16401] netlink: 172 bytes leftover after parsing attributes in process `syz.4.19867'. [ 1901.315610][T16401] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19867'. [ 1901.355027][T16401] netlink: 172 bytes leftover after parsing attributes in process `syz.4.19867'. [ 1901.411310][T16401] netlink: 100 bytes leftover after parsing attributes in process `syz.4.19867'. [ 1901.453502][T16401] netlink: 32 bytes leftover after parsing attributes in process `syz.4.19867'. [ 1901.910721][T16422] loop4: detected capacity change from 0 to 64 [ 1902.121466][T16428] Cannot find add_set index 65532 as target [ 1902.254324][T16434] loop2: detected capacity change from 0 to 256 [ 1902.275729][T16436] netlink: 'syz.3.19884': attribute type 1 has an invalid length. [ 1902.309486][T16434] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1902.321300][T16436] netlink: 'syz.3.19884': attribute type 1 has an invalid length. [ 1902.371247][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.406306][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.415894][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.440226][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.491293][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.502524][ T8582] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1902.524964][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.565155][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.588535][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.604854][ T26] audit: type=1400 audit(1837.464:480): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=2626200D3A950D02494F07333A pid=16443 comm="syz.2.19888" [ 1902.625654][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.657002][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19885'. [ 1902.710644][ T8582] usb 6-1: Using ep0 maxpacket: 8 [ 1902.720134][ T8582] usb 6-1: config 0 has an invalid interface number: 31 but max is 0 [ 1902.750478][ T8582] usb 6-1: config 0 has no interface number 0 [ 1902.784683][ T8582] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1902.800382][T16438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge3: link becomes ready [ 1902.812764][ T8582] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1902.831732][ T8582] usb 6-1: Product: syz [ 1902.836287][ T8582] usb 6-1: Manufacturer: syz [ 1902.840933][ T8582] usb 6-1: SerialNumber: syz [ 1902.870408][ T8582] usb 6-1: config 0 descriptor?? [ 1903.111783][ T8582] usb 6-1: USB disconnect, device number 21 [ 1903.275049][T16440] loop4: detected capacity change from 0 to 32768 [ 1903.293822][T16440] [ 1903.293822][T16440] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1903.293822][T16440] [ 1903.489680][ T4343] [ 1903.489680][ T4343] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1903.489680][ T4343] [ 1903.523824][ T4343] [ 1903.523824][ T4343] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1903.523824][ T4343] [ 1903.572428][ T4288] [ 1903.572428][ T4288] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1903.572428][ T4288] [ 1903.650637][ T106] [ 1903.650637][ T106] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1903.650637][ T106] [ 1903.676556][T16466] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1903.720822][ T4288] [ 1903.720822][ T4288] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1903.720822][ T4288] [ 1903.882431][T16473] netlink: 'syz.4.19898': attribute type 1 has an invalid length. [ 1903.890411][T16473] netlink: 'syz.4.19898': attribute type 1 has an invalid length. [ 1904.041771][T16481] loop2: detected capacity change from 0 to 128 [ 1904.071256][T16480] loop0: detected capacity change from 0 to 512 [ 1904.093998][T16481] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 1904.248463][T16480] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1904.301540][T16480] EXT4-fs (loop0): unmounting filesystem. [ 1904.385947][ T4299] EXT4-fs (loop2): unmounting filesystem. [ 1904.934395][ T26] audit: type=1400 audit(1839.642:481): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=16505 comm="syz.0.19917" [ 1905.300929][T16522] sctp: [Deprecated]: syz.2.19924 (pid 16522) Use of int in max_burst socket option. [ 1905.300929][T16522] Use struct sctp_assoc_value instead [ 1905.316056][T16519] loop3: detected capacity change from 0 to 512 [ 1905.323168][T16519] /dev/loop3: Can't open blockdev [ 1906.174508][T16551] loop2: detected capacity change from 0 to 64 [ 1906.963566][T16582] netlink: 'syz.2.19952': attribute type 1 has an invalid length. [ 1906.971509][T16582] netlink: 'syz.2.19952': attribute type 1 has an invalid length. [ 1907.166080][T16590] loop5: detected capacity change from 0 to 64 [ 1907.402104][ T8569] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1907.556476][T22993] Bluetooth: hci4: Malformed Event: 0x13 [ 1907.615924][ T8569] usb 5-1: Using ep0 maxpacket: 32 [ 1907.624021][ T8569] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1907.670524][ T8569] usb 5-1: config 0 has no interface number 0 [ 1907.704499][ T8569] usb 5-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1907.737601][T16610] __nla_validate_parse: 186 callbacks suppressed [ 1907.737621][T16610] netlink: 12 bytes leftover after parsing attributes in process `syz.2.19966'. [ 1907.742954][ T8569] usb 5-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1907.772123][T16610] netlink: 580 bytes leftover after parsing attributes in process `syz.2.19966'. [ 1907.805608][ T8569] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1907.854522][ T8569] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1907.869177][ T8569] usb 5-1: Product: syz [ 1907.901933][ T8569] usb 5-1: Manufacturer: syz [ 1907.920061][ T8569] usb 5-1: SerialNumber: syz [ 1907.954051][ T8569] usb 5-1: config 0 descriptor?? [ 1908.000344][ T8569] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1908.197163][T16627] VFS: could not find a valid V7 on nullb0. [ 1908.204698][ T8569] usb 5-1: qt2_setup_urbs - submit read urb failed -90 [ 1908.225967][ T8569] quatech2: probe of 5-1:0.51 failed with error -90 [ 1908.529673][ T8569] usb 5-1: USB disconnect, device number 38 [ 1909.231118][T21380] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 1909.348845][ T8569] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1909.437847][T21380] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1909.471144][T21380] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7 [ 1909.486869][T21380] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 119, changing to 7 [ 1909.508740][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20000'. [ 1909.531433][T21380] usb 1-1: string descriptor 0 read error: -22 [ 1909.537778][T21380] usb 1-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 1909.562669][ T8569] usb 4-1: Using ep0 maxpacket: 32 [ 1909.570320][ T8569] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 1909.595592][ T8569] usb 4-1: config 0 has no interface number 0 [ 1909.601944][ T8569] usb 4-1: config 0 interface 132 has no altsetting 0 [ 1909.609282][T21380] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1909.663976][ T8569] usb 4-1: New USB device found, idVendor=0525, idProduct=9901, bcdDevice=39.75 [ 1909.714073][ T8569] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1909.722201][ T8569] usb 4-1: Product: syz [ 1909.745489][T16682] netlink: 260 bytes leftover after parsing attributes in process `syz.2.20003'. [ 1909.772241][ T8569] usb 4-1: Manufacturer: syz [ 1909.800690][ T8569] usb 4-1: SerialNumber: syz [ 1909.820386][ T8569] usb 4-1: config 0 descriptor?? [ 1909.943333][T16687] loop4: detected capacity change from 0 to 24 [ 1910.008288][T16687] romfs: read error for inode 0x8000 [ 1910.049079][ T8569] cdc_subset: probe of 4-1:0.132 failed with error -71 [ 1910.089720][T21380] usb 1-1: 2:0: failed to get current value for ch 0 (-71) [ 1910.105462][ T8569] usb 4-1: USB disconnect, device number 45 [ 1910.121427][T21380] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1910.173703][T21380] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1910.233003][T21380] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1910.283011][T21380] usb 1-1: USB disconnect, device number 28 [ 1910.478058][T16700] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20011'. [ 1911.338208][T16727] loop5: detected capacity change from 0 to 4096 [ 1911.404201][T16727] NILFS (loop5): invalid segment: Checksum error in segment payload [ 1911.406819][T16733] netlink: 60 bytes leftover after parsing attributes in process `syz.3.20028'. [ 1911.446285][T16727] NILFS (loop5): trying rollback from an earlier position [ 1911.452836][T16733] netlink: 60 bytes leftover after parsing attributes in process `syz.3.20028'. [ 1911.513801][T16727] NILFS (loop5): recovery complete [ 1911.520918][T16738] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1911.552474][T21380] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 1911.768355][T21380] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1911.792710][T21380] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1911.837615][T16748] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.20034'. [ 1911.841841][T21380] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1911.899949][T21380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1911.930107][T21380] usb 1-1: SerialNumber: syz [ 1911.974477][T21380] usb 1-1: 0:2 : does not exist [ 1912.108865][ T8582] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1912.138492][T16756] netlink: 28 bytes leftover after parsing attributes in process `syz.3.20039'. [ 1912.314196][ T8582] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1912.354460][ T8582] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1912.377771][ T8582] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1912.404313][T21398] usb 1-1: USB disconnect, device number 29 [ 1912.438830][ T8582] usb 3-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 1912.479407][ T8582] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1912.500095][ T8582] usb 3-1: Product: syz [ 1912.510285][ T8582] usb 3-1: Manufacturer: syz [ 1912.514970][ T8582] usb 3-1: SerialNumber: syz [ 1912.549810][ T8582] usb 3-1: config 0 descriptor?? [ 1912.783426][ T8582] usb 3-1: USB disconnect, device number 47 [ 1913.793827][T16799] loop2: detected capacity change from 0 to 4096 [ 1913.826131][T16799] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 1915.041238][T16853] loop2: detected capacity change from 0 to 1024 [ 1915.112397][T16853] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.20086: Invalid block bitmap block 0 in block_group 0 [ 1915.228712][T16853] Quota error (device loop2): write_blk: dquota write failed [ 1915.302560][T16853] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 1915.350055][T16853] EXT4-fs error (device loop2): ext4_acquire_dquot:6841: comm syz.2.20086: Failed to acquire dquot type 0 [ 1915.453427][T16853] EXT4-fs error (device loop2): ext4_free_blocks:6220: comm syz.2.20086: Freeing blocks not in datazone - block = 0, count = 4096 [ 1915.473528][T16867] loop3: detected capacity change from 0 to 4096 [ 1915.521922][T16853] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.20086: Invalid inode bitmap blk 0 in block_group 0 [ 1915.547212][ T46] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-7 [ 1915.567719][ T46] EXT4-fs error (device loop2): ext4_release_dquot:6877: comm kworker/u4:3: Failed to release dquot type 0 [ 1915.584725][ T4477] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1915.603809][T16853] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 1915.625514][T16853] EXT4-fs (loop2): 1 orphan inode deleted [ 1915.639117][T16853] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1915.768567][T16853] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 1915.964479][ T4299] EXT4-fs (loop2): unmounting filesystem. [ 1916.048708][T16881] loop3: detected capacity change from 0 to 64 [ 1916.342194][T16887] loop2: detected capacity change from 0 to 4096 [ 1916.381777][T16887] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1916.418490][T16887] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1916.469789][T16887] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1916.534032][T16887] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1916.583362][T16887] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1916.687235][T16887] ntfs: volume version 3.1. [ 1916.698309][T16887] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1916.740935][T16887] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1916.773003][T16905] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20111'. [ 1918.231766][T16955] loop0: detected capacity change from 0 to 256 [ 1918.319987][T16955] FAT-fs (loop0): Directory bread(block 64) failed [ 1918.359799][T16955] FAT-fs (loop0): Directory bread(block 65) failed [ 1918.414472][T16955] FAT-fs (loop0): Directory bread(block 66) failed [ 1918.478289][T16955] FAT-fs (loop0): Directory bread(block 67) failed [ 1918.506395][T16955] FAT-fs (loop0): Directory bread(block 68) failed [ 1918.513021][T16955] FAT-fs (loop0): Directory bread(block 69) failed [ 1918.566671][T16955] FAT-fs (loop0): Directory bread(block 70) failed [ 1918.570581][T16964] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20139'. [ 1918.620099][T16966] loop2: detected capacity change from 0 to 1024 [ 1918.627556][T16955] FAT-fs (loop0): Directory bread(block 71) failed [ 1918.634542][T16955] FAT-fs (loop0): Directory bread(block 72) failed [ 1918.663130][T16966] EXT4-fs: Ignoring removed bh option [ 1918.664038][T16968] loop5: detected capacity change from 0 to 512 [ 1918.675415][T16955] FAT-fs (loop0): Directory bread(block 73) failed [ 1918.703691][T16968] EXT4-fs: Ignoring removed bh option [ 1918.733991][T16970] loop3: detected capacity change from 0 to 736 [ 1918.764263][T16966] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 1918.801593][T16968] EXT4-fs error (device loop5): ext4_orphan_get:1405: inode #15: comm syz.5.20141: iget: bad extra_isize 957 (inode size 256) [ 1918.820748][T16966] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz.2.20140: directory missing '.' [ 1918.864228][ T4299] EXT4-fs (loop2): unmounting filesystem. [ 1918.914169][T16968] EXT4-fs error (device loop5): ext4_orphan_get:1410: comm syz.5.20141: couldn't read orphan inode 15 (err -117) [ 1919.020184][T16968] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1919.217931][ T6416] EXT4-fs (loop5): unmounting filesystem. [ 1919.227444][T16984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20146'. [ 1919.610432][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 1919.616924][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1919.776962][T17001] Process accounting paused [ 1920.311513][T17022] IPVS: set_ctl: invalid protocol: 46 127.0.0.1:20001 [ 1920.592223][T17024] xt_CT: No such helper "syz0" [ 1920.967348][T17045] vivid-000: disconnect [ 1920.982020][T17044] vivid-000: reconnect [ 1921.209582][T17056] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744072924056005) [ 1921.248409][T17060] xt_policy: neither incoming nor outgoing policy selected [ 1921.255991][T17056] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 1921.521982][T17067] Cannot find del_set index 4 as target [ 1921.539197][T17069] netlink: 100 bytes leftover after parsing attributes in process `syz.5.20189'. [ 1922.118069][T17091] loop0: detected capacity change from 0 to 256 [ 1922.902732][T21398] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 1923.129420][T21398] usb 6-1: config 0 has an invalid interface number: 117 but max is 0 [ 1923.144635][T21398] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1923.178973][T21398] usb 6-1: config 0 has no interface number 0 [ 1923.204986][T21398] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1923.240307][T21398] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1923.286993][T21398] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1923.329114][T21398] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1923.358827][T21398] usb 6-1: Product: syz [ 1923.385044][T21398] usb 6-1: Manufacturer: syz [ 1923.389719][T21398] usb 6-1: SerialNumber: syz [ 1923.410801][T21398] usb 6-1: config 0 descriptor?? [ 1923.725414][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 1923.725432][ T26] audit: type=1326 audit(1857.197:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17144 comm="syz.2.20225" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55cd19ce59 code=0x7ffc0000 [ 1923.756977][ C0] vkms_vblank_simulate: vblank timer overrun [ 1923.893686][T21398] usb 6-1: USB disconnect, device number 22 [ 1923.914813][ T26] audit: type=1326 audit(1857.272:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17144 comm="syz.2.20225" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f55cd19ce59 code=0x7ffc0000 [ 1923.996640][ T26] audit: type=1326 audit(1857.272:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17144 comm="syz.2.20225" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55cd19ce59 code=0x7ffc0000 [ 1924.031486][T17153] netlink: 34 bytes leftover after parsing attributes in process `syz.2.20230'. [ 1924.084235][ T26] audit: type=1326 audit(1857.272:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17144 comm="syz.2.20225" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55cd19ce59 code=0x7ffc0000 [ 1924.237470][T17162] netlink: 16 bytes leftover after parsing attributes in process `syz.2.20234'. [ 1924.281731][T17162] netlink: 16 bytes leftover after parsing attributes in process `syz.2.20234'. [ 1924.707135][T17180] xt_l2tp: wrong L2TP version: 0 [ 1924.718958][T17181] netlink: 'syz.2.20243': attribute type 10 has an invalid length. [ 1924.772471][T17181] netlink: 40 bytes leftover after parsing attributes in process `syz.2.20243'. [ 1924.809972][T17181] 8021q: adding VLAN 0 to HW filter on device team0 [ 1924.833215][T17181] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1924.864274][T17181] bridge0: port 3(team0) entered blocking state [ 1924.885035][T17186] loop4: detected capacity change from 0 to 16 [ 1924.903034][T17181] bridge0: port 3(team0) entered disabled state [ 1924.916889][T17186] erofs: (device loop4): mounted with root inode @ nid 36. [ 1924.926903][T17181] bridge0: port 3(team0) entered blocking state [ 1924.933462][T17181] bridge0: port 3(team0) entered forwarding state [ 1924.958741][T17186] syz.4.20245: attempt to access beyond end of device [ 1924.958741][T17186] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1924.975337][T17181] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1925.019654][T17186] erofs: (device loop4): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89 [ 1925.040729][T17186] erofs: (device loop4): z_erofs_readahead: readahead error at page 9 @ nid 89 [ 1925.060941][T17186] erofs: (device loop4): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89 [ 1925.092815][T17186] erofs: (device loop4): z_erofs_readahead: readahead error at page 8 @ nid 89 [ 1925.138519][T17186] syz.4.20245: attempt to access beyond end of device [ 1925.138519][T17186] loop4: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 1925.169728][T17186] syz.4.20245: attempt to access beyond end of device [ 1925.169728][T17186] loop4: rw=524288, sector=32, nr_sectors = 24 limit=16 [ 1925.231016][T17186] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1925.310871][ T26] audit: type=1800 audit(1858.693:491): pid=17186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.20245" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 1925.596612][T17204] loop5: detected capacity change from 0 to 256 [ 1925.967076][T17210] loop5: detected capacity change from 0 to 256 [ 1926.056139][T17210] FAT-fs (loop5): Directory bread(block 64) failed [ 1926.084727][T17210] FAT-fs (loop5): Directory bread(block 65) failed [ 1926.106459][T17210] FAT-fs (loop5): Directory bread(block 66) failed [ 1926.129182][T17209] loop3: detected capacity change from 0 to 4096 [ 1926.165288][T17210] FAT-fs (loop5): Directory bread(block 67) failed [ 1926.172028][T17210] FAT-fs (loop5): Directory bread(block 68) failed [ 1926.177829][T17209] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 1926.231652][T17210] FAT-fs (loop5): Directory bread(block 69) failed [ 1926.269221][T17210] FAT-fs (loop5): Directory bread(block 70) failed [ 1926.293177][T17210] FAT-fs (loop5): Directory bread(block 71) failed [ 1926.333618][T17210] FAT-fs (loop5): Directory bread(block 72) failed [ 1926.351820][T17210] FAT-fs (loop5): Directory bread(block 73) failed [ 1926.603754][ T5609] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1926.828406][ T5609] usb 1-1: Using ep0 maxpacket: 32 [ 1926.847016][ T5609] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1926.872559][ T5609] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 68, changing to 7 [ 1926.918540][ T5609] usb 1-1: string descriptor 0 read error: -22 [ 1926.935472][ T5609] usb 1-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 1926.955691][ T5609] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1927.040301][T17241] device wlan0 entered promiscuous mode [ 1927.114325][T17243] netlink: 'syz.3.20272': attribute type 10 has an invalid length. [ 1927.149635][T17243] netlink: 40 bytes leftover after parsing attributes in process `syz.3.20272'. [ 1927.201198][T17243] device team0 entered promiscuous mode [ 1927.222501][ T5609] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1927.245418][T17243] device team_slave_0 entered promiscuous mode [ 1927.252229][T17243] device team_slave_1 entered promiscuous mode [ 1927.278035][T17243] 8021q: adding VLAN 0 to HW filter on device team0 [ 1927.306096][T17243] bridge0: port 3(team0) entered blocking state [ 1927.324829][T17243] bridge0: port 3(team0) entered disabled state [ 1927.485941][ T5609] usb 1-1: USB disconnect, device number 30 [ 1927.747581][T17265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20284'. [ 1927.760078][ T4477] udevd[4477]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1927.775964][ T8582] usb 6-1: new full-speed USB device number 23 using dummy_hcd [ 1927.993112][ T8582] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1928.016244][ T8582] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1928.025210][ T8582] usb 6-1: config 1 has no interface number 0 [ 1928.069433][ T8582] usb 6-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1928.136764][ T8582] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1928.153050][ T8582] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1928.180064][ T8582] usb 6-1: Product: syz [ 1928.197780][ T8582] usb 6-1: Manufacturer: syz [ 1928.226739][ T8582] usb 6-1: SerialNumber: syz [ 1928.262726][ T8582] usb 6-1: selecting invalid altsetting 1 [ 1928.706765][ T8582] cdc_ncm 6-1:1.1: failed GET_NTB_PARAMETERS [ 1928.721898][ T8582] cdc_ncm 6-1:1.1: bind() failure [ 1928.743895][ T8582] usb 6-1: USB disconnect, device number 23 [ 1929.057476][T17305] loop4: detected capacity change from 0 to 512 [ 1929.104096][T17305] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1929.264633][T17314] loop0: detected capacity change from 0 to 256 [ 1929.269350][ T4288] EXT4-fs (loop4): unmounting filesystem. [ 1929.336388][T17314] FAT-fs (loop0): Directory bread(block 64) failed [ 1929.354225][T17314] FAT-fs (loop0): Directory bread(block 65) failed [ 1929.396857][T17314] FAT-fs (loop0): Directory bread(block 66) failed [ 1929.406996][T17314] FAT-fs (loop0): Directory bread(block 67) failed [ 1929.449086][T17314] FAT-fs (loop0): Directory bread(block 68) failed [ 1929.510243][T17314] FAT-fs (loop0): Directory bread(block 69) failed [ 1929.535226][T17314] FAT-fs (loop0): Directory bread(block 70) failed [ 1929.556504][T17314] FAT-fs (loop0): Directory bread(block 71) failed [ 1929.563280][T17314] FAT-fs (loop0): Directory bread(block 72) failed [ 1929.620620][T17314] FAT-fs (loop0): Directory bread(block 73) failed [ 1930.321017][T17338] loop2: detected capacity change from 0 to 4096 [ 1930.793905][T17351] device netdevsim0 entered promiscuous mode [ 1930.861522][T17351] IPv6: ADDRCONF(NETDEV_CHANGE): netdevsim0: link becomes ready [ 1930.934587][T17351] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1931.066027][T17360] loop3: detected capacity change from 0 to 4096 [ 1931.078548][T17364] netlink: 'syz.0.20330': attribute type 10 has an invalid length. [ 1931.100819][T17360] /dev/loop3: Can't open blockdev [ 1931.132842][T17364] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20330'. [ 1931.184588][T17364] 8021q: adding VLAN 0 to HW filter on device team0 [ 1931.192701][T17364] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1931.786574][T17385] netlink: 'syz.4.20342': attribute type 3 has an invalid length. [ 1931.796182][T17387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20341'. [ 1932.103511][T17398] loop4: detected capacity change from 0 to 256 [ 1932.163418][T17398] FAT-fs (loop4): Directory bread(block 64) failed [ 1932.185224][T17398] FAT-fs (loop4): Directory bread(block 65) failed [ 1932.235036][T17398] FAT-fs (loop4): Directory bread(block 66) failed [ 1932.261208][T17398] FAT-fs (loop4): Directory bread(block 67) failed [ 1932.320826][T17398] FAT-fs (loop4): Directory bread(block 68) failed [ 1932.364108][T17398] FAT-fs (loop4): Directory bread(block 69) failed [ 1932.374863][T17398] FAT-fs (loop4): Directory bread(block 70) failed [ 1932.382888][T17398] FAT-fs (loop4): Directory bread(block 71) failed [ 1932.401052][T17398] FAT-fs (loop4): Directory bread(block 72) failed [ 1932.410601][T17398] FAT-fs (loop4): Directory bread(block 73) failed [ 1932.630543][T17415] loop3: detected capacity change from 0 to 128 [ 1932.738105][ T6639] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1932.802832][T17417] loop0: detected capacity change from 0 to 4096 [ 1932.841489][T17417] EXT4-fs: Ignoring removed bh option [ 1932.906286][T17417] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1933.058420][T17427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.20361'. [ 1933.115366][T17427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.20361'. [ 1933.212894][ T4292] EXT4-fs (loop0): unmounting filesystem. [ 1933.650221][T17451] loop2: detected capacity change from 0 to 256 [ 1933.782760][T17451] FAT-fs (loop2): Directory bread(block 64) failed [ 1933.789464][T17451] FAT-fs (loop2): Directory bread(block 65) failed [ 1933.867752][T17451] FAT-fs (loop2): Directory bread(block 66) failed [ 1933.874763][T17451] FAT-fs (loop2): Directory bread(block 67) failed [ 1933.906369][T17451] FAT-fs (loop2): Directory bread(block 68) failed [ 1933.929961][T17451] FAT-fs (loop2): Directory bread(block 69) failed [ 1933.938949][T17451] FAT-fs (loop2): Directory bread(block 70) failed [ 1933.959857][T17451] FAT-fs (loop2): Directory bread(block 71) failed [ 1933.970760][T17451] FAT-fs (loop2): Directory bread(block 72) failed [ 1933.995709][T17451] FAT-fs (loop2): Directory bread(block 73) failed [ 1935.140121][T17506] openvswitch: netlink: IP tunnel dst address not specified [ 1935.375214][T17514] kAFS: unable to lookup cell '@mTsyz0' [ 1935.463931][T17520] netlink: 'syz.3.20407': attribute type 1 has an invalid length. [ 1935.917397][T17539] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1936.224598][T17549] kAFS: unable to lookup cell ' [ 1936.224598][T17549] $)-.ײfYǝa2s [ 1936.224598][T17549] ' [ 1936.552613][T21398] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 1936.779490][T21398] usb 4-1: Using ep0 maxpacket: 32 [ 1936.807814][T21398] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1936.837282][T17569] dlm: no locking on control device [ 1936.842968][T21398] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1936.870066][T21398] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1936.923345][T21398] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 1936.942978][T21398] usb 4-1: Product: syz [ 1936.947313][T21398] usb 4-1: Manufacturer: syz [ 1936.998446][T21398] hub 4-1:4.0: USB hub found [ 1937.216733][T21398] hub 4-1:4.0: 2 ports detected [ 1937.430856][T21398] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 1937.437304][T21398] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 1937.537495][T21398] usb 4-1: USB disconnect, device number 46 [ 1937.736074][T17563] loop4: detected capacity change from 0 to 32768 [ 1937.798565][T17563] ea_get: invalid extended attribute [ 1937.833579][T17563] ffff88804199f230: 04 00 00 00 .... [ 1937.855022][T17593] loop0: detected capacity change from 0 to 512 [ 1937.979921][T17593] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1938.454353][ T4292] EXT4-fs (loop0): unmounting filesystem. [ 1938.471770][T17604] kAFS: unable to lookup cell '' [ 1938.568663][T17585] loop5: detected capacity change from 0 to 32768 [ 1938.718227][T17585] XFS (loop5): Mounting V5 Filesystem [ 1938.771072][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1938.886353][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1938.923730][T17627] netlink: 12 bytes leftover after parsing attributes in process `syz.4.20454'. [ 1938.960706][T17585] XFS (loop5): Ending clean mount [ 1939.003273][T17627] netlink: 12 bytes leftover after parsing attributes in process `syz.4.20454'. [ 1939.013088][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.077014][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.087037][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.147725][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.159801][T17631] lo speed is unknown, defaulting to 1000 [ 1939.185663][T17631] lo speed is unknown, defaulting to 1000 [ 1939.191965][T17631] lo speed is unknown, defaulting to 1000 [ 1939.216126][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.226074][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.296843][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.319938][T17621] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 1939.677408][T17631] infiniband syz2: set active [ 1939.682360][T21380] lo speed is unknown, defaulting to 1000 [ 1939.685061][T17645] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 1939.696471][T17631] infiniband syz2: added lo [ 1939.882278][T17631] RDS/IB: syz2: added [ 1939.924239][T17631] smc: adding ib device syz2 with port count 1 [ 1939.930506][T17631] smc: ib device syz2 port 1 has pnetid [ 1939.961185][T21380] lo speed is unknown, defaulting to 1000 [ 1939.975577][ T6416] XFS (loop5): Unmounting Filesystem [ 1939.981075][T17631] lo speed is unknown, defaulting to 1000 [ 1940.181160][T17654] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (34) [ 1940.495914][T17631] lo speed is unknown, defaulting to 1000 [ 1940.877703][T17631] lo speed is unknown, defaulting to 1000 [ 1940.966585][T17672] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20457'. [ 1941.187492][ T26] audit: type=1326 audit(1873.528:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17681 comm="syz.5.20480" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cfcb9ce59 code=0x7ffc0000 [ 1941.197978][T17631] lo speed is unknown, defaulting to 1000 [ 1941.259104][ T26] audit: type=1326 audit(1873.528:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17681 comm="syz.5.20480" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cfcb9ce59 code=0x7ffc0000 [ 1941.323448][ T26] audit: type=1326 audit(1873.566:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17681 comm="syz.5.20480" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f2cfcb9ce59 code=0x7ffc0000 [ 1941.377054][ T5609] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 1941.420326][ T26] audit: type=1326 audit(1873.566:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17681 comm="syz.5.20480" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cfcb9ce59 code=0x7ffc0000 [ 1941.489594][T17690] netlink: 'syz.0.20485': attribute type 2 has an invalid length. [ 1941.505724][ T26] audit: type=1326 audit(1873.566:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17681 comm="syz.5.20480" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cfcb9ce59 code=0x7ffc0000 [ 1941.537160][T17690] netlink: 224 bytes leftover after parsing attributes in process `syz.0.20485'. [ 1941.599197][ T5609] usb 5-1: config index 0 descriptor too short (expected 897, got 27) [ 1941.603582][T17631] lo speed is unknown, defaulting to 1000 [ 1941.634967][ T5609] usb 5-1: config 2 has an invalid interface number: 1 but max is -1 [ 1941.643220][ T5609] usb 5-1: config 2 has an invalid interface number: 1 but max is -1 [ 1941.682445][ T5609] usb 5-1: config 2 has 1 interface, different from the descriptor's value: 0 [ 1941.698244][ T5609] usb 5-1: config 2 has no interface number 0 [ 1941.717758][ T5609] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=20.da [ 1941.744898][ T5609] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1941.763182][ T5609] usb 5-1: Product: syz [ 1941.774988][ T5609] usb 5-1: Manufacturer: syz [ 1941.790641][ T5609] usb 5-1: SerialNumber: syz [ 1941.963827][T17702] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1942.025053][ T5609] cdc_ncm 5-1:2.1: CDC Union missing and no IAD found [ 1942.072297][ T5609] cdc_ncm 5-1:2.1: bind() failure [ 1942.079660][ T5609] usb 5-1: no audio or video endpoints found [ 1942.095201][ T5609] usb 5-1: USB disconnect, device number 39 [ 1942.271828][T17712] loop5: detected capacity change from 0 to 256 [ 1942.380571][T17712] FAT-fs (loop5): Directory bread(block 64) failed [ 1942.402038][T17712] FAT-fs (loop5): Directory bread(block 65) failed [ 1942.446950][T17712] FAT-fs (loop5): Directory bread(block 66) failed [ 1942.468177][T17712] FAT-fs (loop5): Directory bread(block 67) failed [ 1942.474917][T17712] FAT-fs (loop5): Directory bread(block 68) failed [ 1942.510925][T17712] FAT-fs (loop5): Directory bread(block 69) failed [ 1942.521926][T17712] FAT-fs (loop5): Directory bread(block 70) failed [ 1942.550425][T17712] FAT-fs (loop5): Directory bread(block 71) failed [ 1942.575812][T17712] FAT-fs (loop5): Directory bread(block 72) failed [ 1942.621240][T17712] FAT-fs (loop5): Directory bread(block 73) failed [ 1942.652037][T17724] loop2: detected capacity change from 0 to 1764 [ 1942.997715][ T26] audit: type=1326 audit(1875.220:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17731 comm="syz.4.20507" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1943.117670][ T26] audit: type=1326 audit(1875.248:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17731 comm="syz.4.20507" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1943.216877][ T26] audit: type=1326 audit(1875.258:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17731 comm="syz.4.20507" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1943.312526][ T26] audit: type=1326 audit(1875.258:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17731 comm="syz.4.20507" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1943.444244][ T26] audit: type=1326 audit(1875.258:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17731 comm="syz.4.20507" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1943.561618][T17750] loop3: detected capacity change from 0 to 128 [ 1943.597405][T17750] /dev/loop3: Can't open blockdev [ 1944.560841][T17789] netlink: 'syz.0.20534': attribute type 21 has an invalid length. [ 1944.661265][ T5609] usb 4-1: new full-speed USB device number 47 using dummy_hcd [ 1944.861530][ T5609] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1944.884629][ T5609] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 4 [ 1944.929699][ T5609] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1944.971160][ T5609] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 1944.981574][ T5609] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7 [ 1945.006717][ T5609] usb 4-1: Product: syz [ 1945.010981][ T5609] usb 4-1: Manufacturer: syz [ 1945.016524][ T5609] usb 4-1: SerialNumber: syz [ 1945.032103][ T5609] usb 4-1: config 0 descriptor?? [ 1945.063618][ T5609] usb 4-1: no audio or video endpoints found [ 1945.160780][T17813] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1945.269957][T21282] usb 4-1: USB disconnect, device number 47 [ 1945.320803][T17815] netlink: 'syz.2.20547': attribute type 2 has an invalid length. [ 1945.340517][T17815] net_ratelimit: 4108 callbacks suppressed [ 1945.340536][T17815] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 1945.409959][T21380] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 1945.603730][T21380] usb 5-1: Using ep0 maxpacket: 32 [ 1945.611291][T21380] usb 5-1: config 0 has an invalid interface number: 151 but max is 0 [ 1945.684234][T21380] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1945.711968][T21380] usb 5-1: config 0 has no interface number 0 [ 1945.737181][T21380] usb 5-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1945.744504][T17829] loop5: detected capacity change from 0 to 4096 [ 1945.778611][T21380] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 1945.820922][T21380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1945.850109][T21380] usb 5-1: Product: syz [ 1945.856671][T21380] usb 5-1: Manufacturer: syz [ 1945.869297][T21380] usb 5-1: SerialNumber: syz [ 1945.910816][T21380] usb 5-1: config 0 descriptor?? [ 1946.197323][T17835] loop3: detected capacity change from 0 to 4096 [ 1946.250092][T17835] /dev/loop3: Can't open blockdev [ 1946.314568][T10170] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1946.401260][T21380] usb 5-1: USB disconnect, device number 40 [ 1946.662264][ T6639] udevd[6639]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1946.985736][T17860] loop3: detected capacity change from 0 to 512 [ 1947.037725][T17860] /dev/loop3: Can't open blockdev [ 1947.180646][T17866] loop0: detected capacity change from 0 to 128 [ 1947.271711][T17866] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 1947.408357][T17874] loop2: detected capacity change from 0 to 764 [ 1947.507290][T17874] Symlink component flag not implemented [ 1947.508673][T17872] loop3: detected capacity change from 0 to 4096 [ 1947.512982][T17874] Symlink component flag not implemented [ 1947.548164][T17872] EXT4-fs: Ignoring removed bh option [ 1947.568240][T17872] /dev/loop3: Can't open blockdev [ 1949.428955][T17948] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20612'. [ 1949.465327][T17948] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20612'. [ 1949.537065][T17952] netlink: 36 bytes leftover after parsing attributes in process `syz.5.20614'. [ 1949.923562][T17963] loop3: detected capacity change from 0 to 256 [ 1950.277863][T17979] loop5: detected capacity change from 0 to 8 [ 1950.711600][T17990] netlink: 'syz.3.20633': attribute type 6 has an invalid length. [ 1951.302849][T17973] loop2: detected capacity change from 0 to 32768 [ 1951.382065][T17973] JBD2: Ignoring recovery information on journal [ 1951.441852][T18018] loop5: detected capacity change from 0 to 128 [ 1951.561040][T17973] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 1951.694110][T17973] (syz.2.20624,17973,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #4097: rec_len % 4 != 0 - offset=0, inode=18446673704965378049, rec_len=255, name_len=1 [ 1951.742849][T17973] (syz.2.20624,17973,0):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 1951.777917][T17973] (syz.2.20624,17973,0):ocfs2_mknod:298 ERROR: status = -2 [ 1951.828812][T17973] (syz.2.20624,17973,0):ocfs2_mknod:502 ERROR: status = -2 [ 1951.886004][T17973] (syz.2.20624,17973,0):ocfs2_create:676 ERROR: status = -2 [ 1952.053933][ T4299] ocfs2: Unmounting device (7,2) on (node local) [ 1952.154100][T18032] Process accounting resumed [ 1952.223368][T18036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1952.274566][T18036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1952.316710][T18036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1952.337431][T18036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1952.524914][T18048] xt_cgroup: path and classid specified [ 1952.862970][T18057] loop5: detected capacity change from 0 to 2048 [ 1952.923028][T18057] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1953.040810][T18065] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1953.180786][T18061] loop4: detected capacity change from 0 to 8192 [ 1953.618477][T18082] netlink: 16 bytes leftover after parsing attributes in process `syz.2.20677'. [ 1954.144295][T18095] loop2: detected capacity change from 0 to 4096 [ 1954.197452][T18095] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 1954.716901][T21380] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 1954.935388][T21380] usb 5-1: Using ep0 maxpacket: 8 [ 1954.949936][T21380] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1954.987914][T21380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1955.012507][T18129] netlink: 36 bytes leftover after parsing attributes in process `syz.2.20700'. [ 1955.021754][T21380] usb 5-1: Product: syz [ 1955.026081][T21380] usb 5-1: Manufacturer: syz [ 1955.041078][T21380] usb 5-1: SerialNumber: syz [ 1955.054306][T21380] usb 5-1: config 0 descriptor?? [ 1955.086269][T21380] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1955.518273][T21380] gspca_sq930x: ucbus_write failed -71 [ 1955.524394][T21380] sq930x: probe of 5-1:0.0 failed with error -71 [ 1955.582576][T21380] usb 5-1: USB disconnect, device number 41 [ 1955.672516][T18151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20710'. [ 1956.289463][T21282] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1956.514382][T21282] usb 6-1: Using ep0 maxpacket: 32 [ 1956.523233][T21282] usb 6-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1956.540705][T21282] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1956.572522][T21282] usb 6-1: config 0 descriptor?? [ 1956.587034][T18180] loop0: detected capacity change from 0 to 4096 [ 1956.587344][T21282] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1956.629050][T18180] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 1956.746833][T18190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.20729'. [ 1957.019918][T21282] gspca_sq930x: ucbus_write failed -71 [ 1957.025612][T21282] sq930x: probe of 6-1:0.0 failed with error -71 [ 1957.070490][T21282] usb 6-1: USB disconnect, device number 24 [ 1957.190868][T18201] netlink: 12 bytes leftover after parsing attributes in process `syz.3.20735'. [ 1957.230635][T18201] netlink: 20 bytes leftover after parsing attributes in process `syz.3.20735'. [ 1957.284346][T18201] netlink: 20 bytes leftover after parsing attributes in process `syz.3.20735'. [ 1957.680072][T18217] netlink: 108 bytes leftover after parsing attributes in process `syz.2.20743'. [ 1958.139362][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 1958.139379][ T26] audit: type=1326 audit(1889.373:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.0.20754" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1958.169589][ T5609] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1958.239208][ T26] audit: type=1326 audit(1889.383:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.0.20754" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1958.311129][ T26] audit: type=1326 audit(1889.383:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.0.20754" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1958.334825][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.373814][ T26] audit: type=1326 audit(1889.383:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.0.20754" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1958.420465][ T5609] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1958.446527][ T5609] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1958.454117][T18248] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 1958.464535][ T5609] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 32768, setting to 1024 [ 1958.495485][ T26] audit: type=1326 audit(1889.383:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.0.20754" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1958.521385][ T5609] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1958.534686][ T5609] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 1958.544279][ T26] audit: type=1326 audit(1889.383:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.0.20754" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1958.568141][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.597785][ T5609] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1958.630825][ T5609] usb 3-1: config 0 descriptor?? [ 1958.688442][ T26] audit: type=1326 audit(1889.383:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.0.20754" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1958.767243][ T26] audit: type=1326 audit(1889.439:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18239 comm="syz.3.20752" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73bf9ce59 code=0x7ffc0000 [ 1958.809709][ T26] audit: type=1326 audit(1889.448:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18239 comm="syz.3.20752" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73bf9ce59 code=0x7ffc0000 [ 1958.833545][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.874892][T18261] netlink: 'syz.4.20764': attribute type 2 has an invalid length. [ 1958.885707][ T26] audit: type=1326 audit(1889.448:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18239 comm="syz.3.20752" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73bf9ce59 code=0x7ffc0000 [ 1958.909414][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.909912][T18261] netlink: 119 bytes leftover after parsing attributes in process `syz.4.20764'. [ 1958.952615][T21282] usb 3-1: USB disconnect, device number 48 [ 1958.973972][T18265] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1958.987011][T18265] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1958.995125][T18265] batman_adv: batadv0: Interface deactivated: netdevsim0 [ 1959.008742][T18265] batman_adv: batadv0: Removing interface: netdevsim0 [ 1959.139110][T18269] netlink: 12 bytes leftover after parsing attributes in process `syz.5.20768'. [ 1959.165297][T18270] netlink: 16 bytes leftover after parsing attributes in process `syz.4.20767'. [ 1959.312914][T18274] netlink: 'syz.0.20770': attribute type 28 has an invalid length. [ 1959.475312][T18280] netlink: 'syz.5.20773': attribute type 1 has an invalid length. [ 1959.566277][T18285] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1959.573845][T18285] IPv6: NLM_F_CREATE should be set when creating new route [ 1959.581109][T18285] IPv6: NLM_F_CREATE should be set when creating new route [ 1959.732820][T18292] loop2: detected capacity change from 0 to 256 [ 1959.827607][T18292] FAT-fs (loop2): Directory bread(block 64) failed [ 1959.867564][T18292] FAT-fs (loop2): Directory bread(block 65) failed [ 1959.885230][T18292] FAT-fs (loop2): Directory bread(block 66) failed [ 1959.926400][T18292] FAT-fs (loop2): Directory bread(block 67) failed [ 1959.958689][T18292] FAT-fs (loop2): Directory bread(block 68) failed [ 1959.976374][T18300] loop3: detected capacity change from 0 to 64 [ 1959.979815][T18292] FAT-fs (loop2): Directory bread(block 69) failed [ 1960.043462][T18292] FAT-fs (loop2): Directory bread(block 70) failed [ 1960.060086][T18300] kAFS: unparsable volume name [ 1960.070738][T18292] FAT-fs (loop2): Directory bread(block 71) failed [ 1960.095522][T18292] FAT-fs (loop2): Directory bread(block 72) failed [ 1960.130407][T18292] FAT-fs (loop2): Directory bread(block 73) failed [ 1960.306232][T18292] FAT-fs (loop2): error, invalid access to FAT (entry 0x00006a61) [ 1960.566272][T18318] xt_socket: unknown flags 0x4c [ 1961.081747][T21282] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1961.113324][T18338] loop5: detected capacity change from 0 to 2048 [ 1961.139249][T18341] __nla_validate_parse: 1 callbacks suppressed [ 1961.139270][T18341] netlink: 28 bytes leftover after parsing attributes in process `syz.2.20804'. [ 1961.150618][T18338] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1961.210044][T18341] netlink: 24 bytes leftover after parsing attributes in process `syz.2.20804'. [ 1961.239084][T18341] device vlan0 entered promiscuous mode [ 1961.283097][T18343] netlink: 'syz.0.20805': attribute type 32 has an invalid length. [ 1961.306613][T21282] usb 4-1: Using ep0 maxpacket: 32 [ 1961.315325][T18345] netlink: 132 bytes leftover after parsing attributes in process `syz.4.20806'. [ 1961.316608][T21282] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 32 [ 1961.382864][T21282] usb 4-1: New USB device found, idVendor=0499, idProduct=105c, bcdDevice= 0.40 [ 1961.418071][T21282] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1961.447077][T21282] usb 4-1: Product: syz [ 1961.461802][T21282] usb 4-1: Manufacturer: syz [ 1961.488171][T21282] usb 4-1: SerialNumber: syz [ 1961.495727][T18325] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1961.566114][T18353] netlink: 'syz.5.20811': attribute type 1 has an invalid length. [ 1961.809410][T21282] usb 4-1: USB disconnect, device number 48 [ 1962.143883][ T4645] udevd[4645]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1962.588935][T18390] x_tables: duplicate entry at hook 3 [ 1962.760859][T18395] netlink: 20 bytes leftover after parsing attributes in process `syz.4.20834'. [ 1962.879009][ T8582] usb 4-1: new low-speed USB device number 49 using dummy_hcd [ 1963.048949][T18407] netlink: 'syz.0.20837': attribute type 1 has an invalid length. [ 1963.064716][T18407] netlink: 228 bytes leftover after parsing attributes in process `syz.0.20837'. [ 1963.075001][T21398] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1963.085586][ T8582] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1963.101478][ T8582] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1023, setting to 0 [ 1963.141696][ T8582] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 241, changing to 4 [ 1963.178464][ T8582] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 16, setting to 0 [ 1963.234792][ T8582] usb 4-1: string descriptor 0 read error: -22 [ 1963.244335][ T8582] usb 4-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= 0.40 [ 1963.273399][ T8582] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1963.297991][T21398] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1963.305176][ T8582] usb 4-1: low speed audio streaming not supported [ 1963.322331][ T8582] usb 4-1: low speed audio streaming not supported [ 1963.329314][T21398] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1963.355958][T21398] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1963.411654][ T8582] usb 4-1: selecting invalid altsetting 1 [ 1963.423331][T21398] usb 3-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 1963.426925][ T8582] usb_set_interface error [ 1963.463949][ T8582] snd-usb-us122l: probe of 4-1:1.1 failed with error -22 [ 1963.464923][T21398] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1963.523131][T21398] usb 3-1: Product: syz [ 1963.528920][ T8582] usb 4-1: USB disconnect, device number 49 [ 1963.531655][T21398] usb 3-1: Manufacturer: syz [ 1963.549385][T21398] usb 3-1: SerialNumber: syz [ 1963.573587][T21398] usblp0: Disabling reads from problematic bidirectional printer [ 1963.675540][T18427] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 1963.795667][T21398] usblp 3-1:4.0: usblp0: USB Unidirectional printer dev 49 if 0 alt 0 proto 1 vid 0x03F0 pid 0x0004 [ 1963.850079][T21398] usb 3-1: USB disconnect, device number 49 [ 1963.880362][T21398] usblp0: removed [ 1964.045079][T21380] usb 6-1: new full-speed USB device number 25 using dummy_hcd [ 1964.168509][T18444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1964.176536][T18444] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1964.184695][T18444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1964.192192][T18444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1964.240954][T21380] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1964.254716][T21380] usb 6-1: not running at top speed; connect to a high speed hub [ 1964.264589][T21380] usb 6-1: config 4 has an invalid interface number: 147 but max is 0 [ 1964.278740][T21380] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1964.289590][T21380] usb 6-1: config 4 has no interface number 0 [ 1964.305967][T21380] usb 6-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 1964.317494][T21282] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1964.326589][T21380] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1964.339474][T21380] usb 6-1: Product: syz [ 1964.343794][T21380] usb 6-1: Manufacturer: syz [ 1964.349997][T21380] usb 6-1: SerialNumber: syz [ 1964.515555][T21282] usb 1-1: Using ep0 maxpacket: 16 [ 1964.525106][T21282] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1964.558485][T21282] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1964.571833][T21282] usb 1-1: Product: syz [ 1964.576073][T21282] usb 1-1: Manufacturer: syz [ 1964.596084][T21380] usb 6-1: Found UVC 0.00 device syz (04f2:b746) [ 1964.601159][T21282] usb 1-1: SerialNumber: syz [ 1964.612289][T21380] usb 6-1: No valid video chain found. [ 1964.619739][T21282] usb 1-1: config 0 descriptor?? [ 1964.638197][T21380] usb 6-1: USB disconnect, device number 25 [ 1965.244936][T18480] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1965.525258][T18491] netlink: 'syz.2.20878': attribute type 1 has an invalid length. [ 1965.895651][T21282] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1965.998791][T18512] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20889'. [ 1966.103376][T21282] usb 4-1: Using ep0 maxpacket: 8 [ 1966.111287][T21282] usb 4-1: config 2 has an invalid interface number: 31 but max is 0 [ 1966.131844][T21282] usb 4-1: config 2 has no interface number 0 [ 1966.138031][T21282] usb 4-1: config 2 interface 31 has no altsetting 0 [ 1966.141776][T21380] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1966.170862][T21282] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1966.206302][T21282] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1966.214378][T21282] usb 4-1: Product: syz [ 1966.231080][T21282] usb 4-1: Manufacturer: syz [ 1966.236140][T21282] usb 4-1: SerialNumber: syz [ 1966.366324][T21380] usb 5-1: Using ep0 maxpacket: 8 [ 1966.376216][T21380] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 1966.415628][T21380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1966.437191][T21380] usb 5-1: Product: syz [ 1966.445353][T21380] usb 5-1: Manufacturer: syz [ 1966.450409][T21380] usb 5-1: SerialNumber: syz [ 1966.484928][T21380] usb 5-1: config 0 descriptor?? [ 1966.523436][T21380] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 1966.709196][T21282] ch9200: probe of 4-1:2.31 failed with error -22 [ 1966.724623][T21282] usb 4-1: USB disconnect, device number 50 [ 1966.983255][T21380] gspca_sonixj: reg_r err -71 [ 1966.991846][T21380] sonixj: probe of 5-1:0.0 failed with error -71 [ 1967.024426][T21380] usb 5-1: USB disconnect, device number 42 [ 1967.120095][T18547] [U] ^H [ 1967.256648][T21380] usb 1-1: USB disconnect, device number 31 [ 1967.365757][T18557] loop2: detected capacity change from 0 to 1024 [ 1967.446071][T18557] hfsplus: invalid file type 0120411 for inode 2 [ 1967.459310][T18557] hfsplus: failed to load root directory [ 1967.777588][T18574] netlink: 'syz.4.20918': attribute type 27 has an invalid length. [ 1968.309671][T18597] loop2: detected capacity change from 0 to 1024 [ 1968.370940][T18597] EXT4-fs (loop2): bad geometry: first data block 0 is beyond end of filesystem (0) [ 1968.463033][ T5609] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1968.687790][ T5609] usb 6-1: Using ep0 maxpacket: 32 [ 1968.694935][ T5609] usb 6-1: config 4 has an invalid interface number: 128 but max is 0 [ 1968.720307][ T5609] usb 6-1: config 4 has no interface number 0 [ 1968.748338][ T5609] usb 6-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1968.781808][ T5609] usb 6-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1968.800740][ T5609] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1968.833019][ T5609] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1968.887534][ T5609] hub 6-1:4.128: USB hub found [ 1969.063565][T21282] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 1969.112357][ T5609] hub 6-1:4.128: 19 ports detected [ 1969.126249][ T5609] hub 6-1:4.128: Using single TT (err -22) [ 1969.143596][ T5609] hub 6-1:4.128: insufficient power available to use all downstream ports [ 1969.228686][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 1969.228705][ T26] audit: type=1326 audit(1899.740:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1969.258701][ C1] vkms_vblank_simulate: vblank timer overrun [ 1969.303601][T21282] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1969.317188][ T26] audit: type=1326 audit(1899.778:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1969.327499][T18632] loop4: detected capacity change from 0 to 2048 [ 1969.343888][ T5609] hub 6-1:4.128: hub_hub_status failed (err = -71) [ 1969.362918][T21282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1969.375922][ T5609] hub 6-1:4.128: config failed, can't get hub status (err -71) [ 1969.394354][ T26] audit: type=1326 audit(1899.778:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1969.418069][ C1] vkms_vblank_simulate: vblank timer overrun [ 1969.426428][T21282] usb 1-1: config 0 descriptor?? [ 1969.441621][ T26] audit: type=1326 audit(1899.778:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1dd7f9cbc2 code=0x7ffc0000 [ 1969.469762][ T5609] usb 6-1: USB disconnect, device number 26 [ 1969.476949][T18632] loop4: p4 < > [ 1969.543395][ T26] audit: type=1326 audit(1899.806:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1dd7f5d68e code=0x7ffc0000 [ 1969.625742][ T26] audit: type=1326 audit(1899.834:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f1dd7f9cc87 code=0x7ffc0000 [ 1969.649405][ C1] vkms_vblank_simulate: vblank timer overrun [ 1969.658634][ T26] audit: type=1326 audit(1899.834:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1dd7f5d68e code=0x7ffc0000 [ 1969.705325][ T26] audit: type=1326 audit(1899.834:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1dd7f9caeb code=0x7ffc0000 [ 1969.781494][ T26] audit: type=1326 audit(1899.899:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f1dd7f5d68e code=0x7ffc0000 [ 1969.848194][ T26] audit: type=1326 audit(1899.899:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18630 comm="syz.4.20946" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1dd7f9caeb code=0x7ffc0000 [ 1969.912497][T21282] [drm:udl_init] *ERROR* Selecting channel failed [ 1969.945875][T21282] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [ 1969.973519][T21282] [drm] Initialized udl on minor 2 [ 1969.999654][T21282] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1970.025096][T21282] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1970.046690][T21282] usb 1-1: USB disconnect, device number 32 [ 1970.056400][T18653] device bridge10 entered promiscuous mode [ 1970.064042][ T5609] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1970.067166][ T5609] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1970.085784][ T5609] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1970.168734][T18656] netlink: 196 bytes leftover after parsing attributes in process `syz.2.20959'. [ 1970.198270][T18656] netlink: 196 bytes leftover after parsing attributes in process `syz.2.20959'. [ 1970.208734][T18656] netlink: 19 bytes leftover after parsing attributes in process `syz.2.20959'. [ 1970.411511][T18666] netlink: 16 bytes leftover after parsing attributes in process `syz.4.20962'. [ 1971.047720][T18696] loop5: detected capacity change from 0 to 512 [ 1971.086318][T18696] EXT4-fs: Ignoring removed bh option [ 1971.233376][T18696] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1971.262580][T18696] EXT4-fs error (device loop5): ext4_acquire_dquot:6841: comm syz.5.20978: Failed to acquire dquot type 1 [ 1971.317432][T21380] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 1971.361113][T18696] EXT4-fs (loop5): Remounting filesystem read-only [ 1971.507720][ T6416] EXT4-fs (loop5): unmounting filesystem. [ 1971.537566][T21380] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 1971.554560][T21380] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1971.608222][T21380] usb 5-1: config 0 has no interface number 0 [ 1971.636179][T21380] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1971.669287][T21380] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1971.702038][T21380] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1971.735177][T21380] usb 5-1: config 0 interface 52 has no altsetting 0 [ 1971.774119][T21380] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00 [ 1971.811941][T21380] usb 5-1: New USB device strings: Mfr=0, Product=234, SerialNumber=34 [ 1971.828095][T21380] usb 5-1: Product: syz [ 1971.841707][T21380] usb 5-1: SerialNumber: syz [ 1971.879617][T21380] usb 5-1: config 0 descriptor?? [ 1972.108908][T21380] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 1972.131095][T21380] synaptics_usb: probe of 5-1:0.52 failed with error -5 [ 1972.135649][T18739] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1972.330268][T18745] loop0: detected capacity change from 0 to 2048 [ 1972.359103][T21380] usb 5-1: USB disconnect, device number 43 [ 1972.392007][T18749] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1972.430742][T18750] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 1972.446264][T18752] netlink: 'syz.3.21004': attribute type 32 has an invalid length. [ 1972.487441][T18745] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1972.580022][T18745] Remounting filesystem read-only [ 1972.592868][T18745] NILFS error (device loop0): nilfs_bmap_last_key: broken bmap (inode number=16) [ 1972.630213][T18745] NILFS (loop0): error -5 truncating bmap (ino=16) [ 1972.781653][ T4292] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 1973.103540][T18765] loop0: detected capacity change from 0 to 4096 [ 1973.104480][T18770] netlink: 10 bytes leftover after parsing attributes in process `syz.3.21013'. [ 1973.157980][T18765] ntfs: volume version 3.1. [ 1973.957639][T18800] loop5: detected capacity change from 0 to 764 [ 1974.801342][T18841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.21048'. [ 1975.624058][T18871] loop3: detected capacity change from 0 to 8 [ 1975.695171][T18871] /dev/loop3: Can't open blockdev [ 1975.968901][T18883] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1975.987713][T18883] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1976.027003][T18883] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1976.039624][T18883] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1976.463015][T18901] loop4: detected capacity change from 0 to 764 [ 1976.598265][T18908] netlink: 5 bytes leftover after parsing attributes in process `syz.5.21081'. [ 1977.027519][T18922] loop3: detected capacity change from 0 to 256 [ 1977.797153][T18957] netlink: 'syz.2.21104': attribute type 3 has an invalid length. [ 1977.835856][T18957] netlink: 3 bytes leftover after parsing attributes in process `syz.2.21104'. [ 1977.876131][T18955] loop0: detected capacity change from 0 to 2048 [ 1977.978065][T18955] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1978.173662][ T4292] EXT4-fs (loop0): unmounting filesystem. [ 1978.189443][ T5609] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 1978.276083][T18978] ieee802154 phy0 wpan0: encryption failed: -22 [ 1978.298290][T18980] loop2: detected capacity change from 0 to 64 [ 1978.413557][ T5609] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1978.456570][ T5609] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1978.500320][ T5609] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1978.557454][ T5609] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1978.582793][ T5609] usb 6-1: SerialNumber: syz [ 1978.605119][ T5609] usb 6-1: 0:2 : does not exist [ 1978.633873][ T5609] usb 6-1: unit 64 not found! [ 1978.877168][ T8582] usb 6-1: USB disconnect, device number 27 [ 1979.096525][T22993] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1979.105957][T22993] Bluetooth: hci4: Injecting HCI hardware error event [ 1979.125109][T22993] Bluetooth: hci4: hardware error 0x00 [ 1979.205762][T19016] netlink: 20 bytes leftover after parsing attributes in process `syz.2.21131'. [ 1980.412037][ T5609] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1980.541163][T19076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.21161'. [ 1980.611715][T19079] loop5: detected capacity change from 0 to 164 [ 1980.630202][ T5609] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1980.667631][ T5609] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1980.695243][ T5609] usb 4-1: config 0 descriptor?? [ 1980.703326][T19079] Symlink component flag not implemented [ 1980.728723][T19079] Symlink component flag not implemented (7) [ 1981.128939][T19096] netlink: 'syz.5.21171': attribute type 39 has an invalid length. [ 1981.146495][ T5609] [drm:udl_init] *ERROR* Selecting channel failed [ 1981.180519][ T5609] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2 [ 1981.193347][ T5609] [drm] Initialized udl on minor 2 [ 1981.225101][ T5609] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1981.233415][ T5609] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1981.271184][ T5609] usb 4-1: USB disconnect, device number 51 [ 1981.278225][T21398] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1981.295981][T21398] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1981.310669][T22993] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1981.318063][T21398] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1981.670840][T19114] loop2: detected capacity change from 0 to 2048 [ 1981.706923][T19114] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1981.773076][ T26] kauditd_printk_skb: 38 callbacks suppressed [ 1981.773094][ T26] audit: type=1326 audit(1911.472:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1981.789949][T19114] syz.2.21180: attempt to access beyond end of device [ 1981.789949][T19114] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1981.834751][T19121] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1981.876013][ T26] audit: type=1326 audit(1911.500:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1981.899701][ C1] vkms_vblank_simulate: vblank timer overrun [ 1982.025021][ T26] audit: type=1326 audit(1911.500:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1982.057731][T19114] syz.2.21180: attempt to access beyond end of device [ 1982.057731][T19114] loop2: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 1982.127427][T19114] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=3) [ 1982.136437][ T26] audit: type=1326 audit(1911.500:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1982.243762][ T26] audit: type=1326 audit(1911.500:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1982.362480][ T26] audit: type=1326 audit(1911.500:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1982.453778][ T26] audit: type=1326 audit(1911.500:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1982.544311][ T26] audit: type=1326 audit(1911.500:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1982.633448][ T26] audit: type=1326 audit(1911.500:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19119 comm="syz.4.21183" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f1dd7f9ce59 code=0x7ffc0000 [ 1983.025086][T19168] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21206'. [ 1983.067878][ T5609] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 1983.293250][T19178] ieee802154 phy0 wpan0: encryption failed: -22 [ 1983.300692][ T5609] usb 5-1: Using ep0 maxpacket: 16 [ 1983.311238][ T5609] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1983.321458][ T5609] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1983.348241][ T5609] usb 5-1: Product: syz [ 1983.352541][ T5609] usb 5-1: Manufacturer: syz [ 1983.379042][ T5609] usb 5-1: SerialNumber: syz [ 1983.400393][ T5609] r8152-cfgselector 5-1: config 0 descriptor?? [ 1983.785026][T19197] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21221'. [ 1983.816195][T19197] netlink: 20 bytes leftover after parsing attributes in process `syz.3.21221'. [ 1983.836642][T19197] netlink: 20 bytes leftover after parsing attributes in process `syz.3.21221'. [ 1983.865964][ T5609] r8152-cfgselector 5-1: Unknown version 0x0000 [ 1983.878138][ T5609] r8152-cfgselector 5-1: bad CDC descriptors [ 1983.921441][ T5609] r8152-cfgselector 5-1: Unknown version 0x0000 [ 1983.942549][ T5609] r8152-cfgselector 5-1: USB disconnect, device number 44 [ 1984.527509][T19226] device batadv_slave_0 entered promiscuous mode [ 1984.827760][T19237] netlink: 7 bytes leftover after parsing attributes in process `syz.4.21238'. [ 1984.897670][T19237] netlink: 7 bytes leftover after parsing attributes in process `syz.4.21238'. [ 1984.982287][ T8582] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1985.214768][ T8582] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1985.245756][ T8582] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1985.282664][ T8582] usb 6-1: config 0 descriptor?? [ 1985.301204][T19213] loop3: detected capacity change from 0 to 40427 [ 1985.335937][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 1985.342521][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1985.642561][T19263] netlink: 'syz.2.21253': attribute type 1 has an invalid length. [ 1985.723031][ T8582] [drm:udl_init] *ERROR* Selecting channel failed [ 1985.752425][ T8582] [drm] Initialized udl 0.0.1 20120220 for 6-1:0.0 on minor 2 [ 1985.781266][ T8582] [drm] Initialized udl on minor 2 [ 1985.798393][ T8582] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1985.835872][ T8582] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 1985.876743][ T8582] usb 6-1: USB disconnect, device number 28 [ 1985.894578][ T8569] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1985.921926][ T8569] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1985.929944][ T8569] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 1985.948522][T19212] Process accounting paused [ 1986.022772][T19275] loop4: detected capacity change from 0 to 256 [ 1986.056962][T19278] loop3: detected capacity change from 0 to 64 [ 1986.402313][T19287] loop2: detected capacity change from 0 to 2048 [ 1986.439417][T19287] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1986.472540][T19287] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1986.967516][T19305] loop3: detected capacity change from 0 to 128 [ 1987.088066][ T4477] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1987.176545][T19311] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1987.188100][T19290] loop5: detected capacity change from 0 to 32768 [ 1987.244353][T19290] JBD2: Ignoring recovery information on journal [ 1987.375558][T19290] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 1987.497678][T19323] netlink: 168 bytes leftover after parsing attributes in process `syz.2.21278'. [ 1987.507193][T19290] (syz.5.21264,19290,1):ocfs2_reflink_ioctl:4426 ERROR: status = -14 [ 1987.612844][ T6416] ocfs2: Unmounting device (7,5) on (node local) [ 1987.974951][T19340] netlink: 'syz.5.21287': attribute type 10 has an invalid length. [ 1988.231274][T19348] netlink: 144 bytes leftover after parsing attributes in process `syz.5.21293'. [ 1988.315545][T19354] loop4: detected capacity change from 0 to 512 [ 1988.330939][ T5609] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1988.338601][T19354] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1988.359904][T19354] EXT4-fs: Ignoring removed bh option [ 1988.414776][T19356] netlink: 'syz.5.21295': attribute type 1 has an invalid length. [ 1988.470280][T19354] EXT4-fs error (device loop4): mb_free_blocks:1839: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 1988.546641][ T5609] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1988.549146][T19354] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #11: comm syz.4.21292: corrupted inode contents [ 1988.561648][ T5609] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1988.576330][ T5609] usb 3-1: Product: syz [ 1988.580540][ T5609] usb 3-1: Manufacturer: syz [ 1988.585591][ T5609] usb 3-1: SerialNumber: syz [ 1988.592491][ T5609] r8152-cfgselector 3-1: config 0 descriptor?? [ 1988.623240][T19354] EXT4-fs error (device loop4): ext4_dirty_inode:6156: inode #11: comm syz.4.21292: mark_inode_dirty error [ 1988.675226][T19354] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.21292: invalid indirect mapped block 1 (level 1) [ 1988.704615][T19354] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #11: comm syz.4.21292: corrupted inode contents [ 1988.737268][T19354] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 1988.759269][T19354] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #11: comm syz.4.21292: corrupted inode contents [ 1988.819405][T19354] EXT4-fs error (device loop4): ext4_truncate:4325: inode #11: comm syz.4.21292: mark_inode_dirty error [ 1988.852999][T19354] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 1988.866398][T19354] EXT4-fs (loop4): 1 truncate cleaned up [ 1988.872133][T19354] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1989.053892][ T5609] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1989.062209][T19354] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.21292: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0 [ 1989.071558][ T5609] r8152-cfgselector 3-1: USB disconnect, device number 50 [ 1989.153736][T19374] netlink: 16 bytes leftover after parsing attributes in process `syz.0.21303'. [ 1989.202023][T19374] IPv6: NLM_F_CREATE should be specified when creating new route [ 1989.219141][ T4288] EXT4-fs (loop4): unmounting filesystem. [ 1989.228267][T19374] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1989.235583][T19374] IPv6: NLM_F_CREATE should be set when creating new route [ 1989.242984][T19374] IPv6: NLM_F_CREATE should be set when creating new route [ 1989.254579][T19364] loop5: detected capacity change from 0 to 32768 [ 1989.300123][T19364] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.21298 (19364) [ 1989.343762][T19364] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1989.367043][T19364] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 1989.390951][T19364] BTRFS info (device loop5): using free space tree [ 1989.742867][T19364] BTRFS info (device loop5): enabling ssd optimizations [ 1989.896960][ T6416] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1989.998625][T19416] loop2: detected capacity change from 0 to 64 [ 1990.009164][T19404] loop0: detected capacity change from 0 to 4096 [ 1990.093024][T19404] ntfs: volume version 3.1. [ 1990.100314][T19404] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1990.122552][T19404] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1990.187872][T19404] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 1990.262799][T19404] ntfs: (device loop0): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 1990.327905][T19404] ntfs: (device loop0): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 1990.349268][T19404] ntfs: (device loop0): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 1990.431646][T19404] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Found already allocated name in phase 2. Please run chkdsk and if that doesn't find any errors please report you saw this message to linux-ntfs-dev@lists.sourceforge.net. [ 1990.531874][T19404] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 1990.541912][T19404] ntfs: (device loop0): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 1990.878681][T19445] 9pnet_fd: p9_fd_create_tcp (19445): problem connecting socket to 127.0.0.1 [ 1991.040759][T19448] loop5: detected capacity change from 0 to 4096 [ 1991.063427][T19448] ntfs3: loop5: ino=3, Correct links count -> 2. [ 1991.152333][T21380] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1991.369752][T21380] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7 [ 1991.422031][T21380] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 119, changing to 7 [ 1991.451063][T21380] usb 5-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= 0.40 [ 1991.500603][T21380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1991.520009][T21380] usb 5-1: Product: syz [ 1991.537767][T21380] usb 5-1: Manufacturer: syz [ 1991.553356][T21380] usb 5-1: SerialNumber: syz [ 1991.817045][T21380] usb 5-1: Can't get UAC3 power state for id 10 [ 1991.851496][T21380] usb 5-1: 2:0: failed to get current value for ch 0 (-71) [ 1991.896766][T21380] usb 5-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1991.948551][ T26] audit: type=1326 audit(1920.979:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19482 comm="syz.0.21342" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69fe19ce59 code=0x7ffc0000 [ 1991.963490][T21380] usb 5-1: USB disconnect, device number 45 [ 1992.283673][T19496] loop0: detected capacity change from 0 to 256 [ 1992.295663][T10169] udevd[10169]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1992.296361][T19496] exfat: Deprecated parameter 'namecase' [ 1992.322483][T21282] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1992.384438][T19496] exfat: Deprecated parameter 'utf8' [ 1992.400760][T19496] exfat: Deprecated parameter 'namecase' [ 1992.433744][T19496] exfat: Deprecated parameter 'utf8' [ 1992.476389][T19496] exfat: Deprecated parameter 'utf8' [ 1992.503949][T19501] netlink: 20 bytes leftover after parsing attributes in process `syz.2.21352'. [ 1992.535608][T19496] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36332e94, utbl_chksum : 0xe619d30d) [ 1992.536947][T19501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21352'. [ 1992.557137][T21282] usb 4-1: Using ep0 maxpacket: 8 [ 1992.564628][T21282] usb 4-1: config 0 has an invalid interface number: 7 but max is 0 [ 1992.587518][T21282] usb 4-1: config 0 has no interface number 0 [ 1992.593693][T21282] usb 4-1: config 0 interface 7 has no altsetting 0 [ 1992.642353][T21282] usb 4-1: New USB device found, idVendor=05da, idProduct=0094, bcdDevice=c3.32 [ 1992.668937][T21282] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1992.686836][T21282] usb 4-1: Product: syz [ 1992.695854][T21282] usb 4-1: Manufacturer: syz [ 1992.706560][T21282] usb 4-1: SerialNumber: syz [ 1992.714596][T21282] usb 4-1: config 0 descriptor?? [ 1992.963589][T21282] usb 4-1: bad CDC descriptors [ 1992.971673][T21282] usb 4-1: bad CDC descriptors [ 1992.990498][T21282] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out. [ 1993.032276][T21282] usb 4-1: USB disconnect, device number 52 [ 1993.454669][T19531] loop5: detected capacity change from 0 to 2048 [ 1993.483884][T19531] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 1993.497961][T19536] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 1993.511316][T19531] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1993.568932][T19531] UDF-fs: error (device loop5): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned lenght of impUse field [ 1994.268786][T19532] loop4: detected capacity change from 0 to 32768 [ 1994.302077][T19532] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.21366 (19532) [ 1994.346441][T19532] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1994.381395][T19532] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 1994.413877][T19532] BTRFS info (device loop4): using free space tree [ 1994.581719][T19578] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21385'. [ 1994.616287][T19578] netlink: 20 bytes leftover after parsing attributes in process `syz.2.21385'. [ 1994.746103][T19532] BTRFS info (device loop4): enabling ssd optimizations [ 1994.853940][ T4288] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1994.862924][T19598] loop2: detected capacity change from 0 to 512 [ 1994.932502][T19598] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1994.984863][T19598] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 1995.029207][T19598] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 1995.087935][T19598] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 1995.155802][T19598] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 1995.198797][T19598] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1995.231717][T19598] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.21390: bg 0: block 34: padding at end of block bitmap is not set [ 1995.351129][T19598] EXT4-fs error (device loop2): ext4_acquire_dquot:6841: comm syz.2.21390: Failed to acquire dquot type 1 [ 1995.433886][T19598] EXT4-fs (loop2): 1 truncate cleaned up [ 1995.570646][T21282] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1995.667011][T19598] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1995.694859][T19598] EXT4-fs (loop2): unmounting filesystem. [ 1995.773710][T21282] usb 4-1: Using ep0 maxpacket: 32 [ 1995.781137][T21282] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1995.848473][T21282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1995.880276][T21282] usb 4-1: config 0 descriptor?? [ 1995.906649][T21282] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1996.344626][T21282] gspca_sunplus: reg_w_riv err -71 [ 1996.349883][T21282] sunplus: probe of 4-1:0.0 failed with error -71 [ 1996.379959][T21282] usb 4-1: USB disconnect, device number 53 [ 1996.996500][T19670] loop2: detected capacity change from 0 to 2048 [ 1997.020978][T19670] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1997.046207][T19670] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1997.091081][T19670] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned lenght of impUse field [ 1997.358795][T19686] netlink: 'syz.3.21430': attribute type 3 has an invalid length. [ 1997.410592][T19686] netlink: 232 bytes leftover after parsing attributes in process `syz.3.21430'. [ 1997.659362][T19698] netlink: 32 bytes leftover after parsing attributes in process `syz.3.21438'. [ 1997.934585][T21282] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 1998.150371][T21282] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 1998.169416][T21282] usb 5-1: config 1 has no interface number 0 [ 1998.194666][T19724] ieee802154 phy0 wpan0: encryption failed: -22 [ 1998.201996][T21282] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 1998.212081][T21282] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 8 [ 1998.279306][T21282] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 1998.321988][T21282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1998.330110][T21282] usb 5-1: Product: syz [ 1998.354394][T21282] usb 5-1: Manufacturer: syz [ 1998.359608][T21282] usb 5-1: SerialNumber: syz [ 1998.387694][T19696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1998.414805][T19696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1998.589519][T19619] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1998.666240][T19696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1998.684060][T19696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1998.706782][T21282] usb 5-1: No status endpoint found [ 1998.792788][T19619] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1998.827541][T19619] usb 6-1: config 129 has an invalid interface number: 135 but max is 0 [ 1998.847294][T19619] usb 6-1: config 129 has an invalid interface number: 5 but max is 0 [ 1998.873044][T19619] usb 6-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 1998.890657][T19619] usb 6-1: config 129 has no interface number 0 [ 1998.897082][T19619] usb 6-1: config 129 has no interface number 1 [ 1998.903974][T19619] usb 6-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1998.920749][T19619] usb 6-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 1998.943967][T21282] usb 5-1: USB disconnect, device number 46 [ 1998.950586][T19619] usb 6-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 1999.012843][T19619] usb 6-1: config 129 interface 135 has no altsetting 0 [ 1999.038003][T19619] usb 6-1: config 129 interface 5 has no altsetting 0 [ 1999.052856][T19619] usb 6-1: string descriptor 0 read error: -22 [ 1999.068180][T19619] usb 6-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00 [ 1999.082878][T19619] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1999.083113][T19758] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 1999.133868][T19758] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 1999.165251][T19619] usb 6-1: MIDIStreaming interface descriptor not found [ 1999.425212][T21282] usb 6-1: USB disconnect, device number 29 [ 1999.534600][T19769] netlink: 168 bytes leftover after parsing attributes in process `syz.2.21473'. [ 1999.770151][T19777] loop0: detected capacity change from 0 to 256 [ 1999.823245][T19777] FAT-fs (loop0): Directory bread(block 64) failed [ 1999.841022][T19777] FAT-fs (loop0): Directory bread(block 65) failed [ 1999.869499][T19777] FAT-fs (loop0): Directory bread(block 66) failed [ 1999.886246][T19777] FAT-fs (loop0): Directory bread(block 67) failed [ 1999.906152][T19777] FAT-fs (loop0): Directory bread(block 68) failed [ 1999.912766][T19777] FAT-fs (loop0): Directory bread(block 69) failed [ 1999.917061][T19761] loop3: detected capacity change from 0 to 32768 [ 1999.930579][T19777] FAT-fs (loop0): Directory bread(block 70) failed [ 1999.963004][T19777] FAT-fs (loop0): Directory bread(block 71) failed [ 1999.973132][T19777] FAT-fs (loop0): Directory bread(block 72) failed [ 2000.002037][T19777] FAT-fs (loop0): Directory bread(block 73) failed [ 2000.006670][ T4477] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 2000.823043][T19809] netlink: 60 bytes leftover after parsing attributes in process `syz.5.21493'. [ 2000.890419][T19812] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21495'. [ 2001.080483][ T5609] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 2001.228407][T19827] loop0: detected capacity change from 0 to 16 [ 2001.262967][T19827] erofs: (device loop0): mounted with root inode @ nid 36. [ 2001.327523][ T5609] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2001.358665][ T5609] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2001.388666][ T5609] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2001.412684][ T5609] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2001.443545][ T5609] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2001.471780][ T5609] usb 4-1: config 0 descriptor?? [ 2001.489354][T19835] netlink: 'syz.4.21506': attribute type 1 has an invalid length. [ 2001.498880][ T5609] hub 4-1:0.0: USB hub found [ 2001.720031][ T5609] hub 4-1:0.0: 9 ports detected [ 2001.727403][ T5609] hub 4-1:0.0: insufficient power available to use all downstream ports [ 2001.768381][T19847] netlink: 'syz.5.21512': attribute type 2 has an invalid length. [ 2001.942082][ T5609] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 2001.952804][ T5609] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 2002.032286][ T5609] usb 4-1: USB disconnect, device number 54 [ 2002.181630][T21282] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 2002.384804][T21282] usb 3-1: Using ep0 maxpacket: 32 [ 2002.395846][T21282] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 2002.426029][T21282] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 2002.446968][T21282] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 2002.467058][T21282] usb 3-1: config 1 has no interface number 0 [ 2002.483146][T21282] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2002.554545][T21282] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2002.578512][T21282] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 2002.631720][T21282] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 2002.652847][T21282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2002.709076][T21282] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 2002.751226][T19871] syz.0.21523 (19871): drop_caches: 2 [ 2002.870936][T19879] loop5: detected capacity change from 0 to 16 [ 2002.908394][T21282] snd_usb_pod 3-1:1.1: cannot start listening: -90 [ 2002.913351][T19879] erofs: (device loop5): mounted with root inode @ nid 36. [ 2002.941109][T21282] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 2002.979264][T21282] snd_usb_pod: probe of 3-1:1.1 failed with error -90 [ 2003.170828][T21282] usb 3-1: USB disconnect, device number 51 [ 2003.241485][T19888] x_tables: ip_tables: osf match: only valid for protocol 6 [ 2004.376764][T19919] xt_CT: No such helper "snmp_trap" [ 2004.533893][T19903] loop3: detected capacity change from 0 to 32768 [ 2004.587576][T19903] ocfs2: Readonly device (7,3) detected. Cluster services will not be used for this mount. Recovery will be skipped. [ 2004.643000][T19903] ocfs2: Mounting device (7,3) on (node local, slot 65535) with ordered data mode. [ 2004.704862][T19938] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2004.881819][ T4290] INFO: trying to register non-static key. [ 2004.887711][ T4290] The code is fine but needs lockdep annotation, or maybe [ 2004.894935][ T4290] you didn't initialize this object before use? [ 2004.901209][ T4290] turning off the locking correctness validator. [ 2004.907567][ T4290] CPU: 1 PID: 4290 Comm: syz-executor Not tainted syzkaller #0 [ 2004.915235][ T4290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2004.925426][ T4290] Call Trace: [ 2004.928820][ T4290] [ 2004.931879][ T4290] dump_stack_lvl+0x188/0x24e [ 2004.936610][ T4290] ? show_regs_print_info+0x12/0x12 [ 2004.941854][ T4290] ? load_image+0x400/0x400 [ 2004.946399][ T4290] ? _find_next_bit+0x11e/0x130 [ 2004.951293][ T4290] ? __is_module_percpu_address+0x279/0x3b0 [ 2004.957316][ T4290] ? is_kernel_percpu_address+0x18f/0x1b0 [ 2004.963178][ T4290] assign_lock_key+0x201/0x230 [ 2004.968077][ T4290] ? SOFTIRQ_verbose+0x10/0x10 [ 2004.972920][ T4290] ? verify_lock_unused+0x140/0x140 [ 2004.978174][ T4290] ? deref_stack_reg+0x19f/0x230 [ 2004.983194][ T4290] register_lock_class+0x21d/0x870 [ 2004.988440][ T4290] ? mark_lock+0x94/0x320 [ 2004.992815][ T4290] ? is_dynamic_key+0x260/0x260 [ 2004.997806][ T4290] ? __lock_acquire+0x13cf/0x7d10 [ 2005.002876][ T4290] ? __lock_acquire+0x7d10/0x7d10 [ 2005.007962][ T4290] __lock_acquire+0x16f/0x7d10 [ 2005.012963][ T4290] ? is_bpf_text_address+0x28b/0x2a0 [ 2005.018338][ T4290] ? kernel_text_address+0x9c/0xd0 [ 2005.023519][ T4290] ? verify_lock_unused+0x140/0x140 [ 2005.029240][ T4290] ? stack_trace_save+0xf0/0xf0 [ 2005.034236][ T4290] ? arch_stack_walk+0xf2/0x140 [ 2005.039181][ T4290] ? verify_lock_unused+0x140/0x140 [ 2005.044608][ T4290] ? stack_trace_save+0xa6/0xf0 [ 2005.049519][ T4290] lock_acquire+0x1bb/0x4a0 [ 2005.054069][ T4290] ? ocfs2_mark_lockres_freeing+0x159/0x600 [ 2005.060038][ T4290] ? memset+0x1e/0x40 [ 2005.064062][ T4290] ? read_lock_is_recursive+0x10/0x10 [ 2005.069565][ T4290] ? seqcount_lockdep_reader_access+0x127/0x1d0 [ 2005.075852][ T4290] ? lockdep_hardirqs_on+0x94/0x140 [ 2005.081358][ T4290] _raw_spin_lock_irqsave+0xb0/0x100 [ 2005.086687][ T4290] ? ocfs2_mark_lockres_freeing+0x159/0x600 [ 2005.092836][ T4290] ? _raw_spin_lock+0x40/0x40 [ 2005.097687][ T4290] ? ktime_get+0x247/0x270 [ 2005.102189][ T4290] ocfs2_mark_lockres_freeing+0x159/0x600 [ 2005.107933][ T4290] ? kasan_quarantine_put+0xd4/0x220 [ 2005.113240][ T4290] ? ocfs2_dlm_shutdown+0x240/0x240 [ 2005.118464][ T4290] ? ocfs2_journal_shutdown+0x673/0xc20 [ 2005.124024][ T4290] ? ocfs2_journal_init+0xdb0/0xdb0 [ 2005.129259][ T4290] ? __kmem_cache_free+0xb6/0x1f0 [ 2005.134300][ T4290] ocfs2_dlm_shutdown+0x36/0x240 [ 2005.139257][ T4290] ocfs2_dismount_volume+0x47f/0x940 [ 2005.144555][ T4290] ? ocfs2_enable_quotas+0x490/0x490 [ 2005.149850][ T4290] ? clear_inode+0x150/0x150 [ 2005.154455][ T4290] ? ocfs2_free_inode+0x20/0x20 [ 2005.159314][ T4290] generic_shutdown_super+0x130/0x340 [ 2005.164701][ T4290] kill_block_super+0x7c/0xe0 [ 2005.169397][ T4290] deactivate_locked_super+0x93/0xf0 [ 2005.174783][ T4290] cleanup_mnt+0x42c/0x4b0 [ 2005.179211][ T4290] ? lockdep_hardirqs_on+0x94/0x140 [ 2005.184425][ T4290] task_work_run+0x1d0/0x260 [ 2005.189031][ T4290] ? task_work_cancel+0x220/0x220 [ 2005.194083][ T4290] ? exit_to_user_mode_loop+0x3b/0x110 [ 2005.199671][ T4290] exit_to_user_mode_loop+0xe6/0x110 [ 2005.205002][ T4290] exit_to_user_mode_prepare+0xee/0x180 [ 2005.210565][ T4290] syscall_exit_to_user_mode+0x16/0x40 [ 2005.216126][ T4290] do_syscall_64+0x58/0xa0 [ 2005.220586][ T4290] ? clear_bhb_loop+0x60/0xb0 [ 2005.225278][ T4290] ? clear_bhb_loop+0x60/0xb0 [ 2005.229970][ T4290] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2005.235911][ T4290] RIP: 0033:0x7fb73bf9e097 [ 2005.240429][ T4290] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 2005.260058][ T4290] RSP: 002b:00007ffc5d28f608 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2005.268667][ T4290] RAX: 0000000000000000 RBX: 00007fb73c0321ca RCX: 00007fb73bf9e097 [ 2005.276755][ T4290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5d28f6c0 [ 2005.284737][ T4290] RBP: 00007ffc5d28f6c0 R08: 00007ffc5d2906c0 R09: 00000000ffffffff [ 2005.292721][ T4290] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc5d290750 [ 2005.300707][ T4290] R13: 00007fb73c0321ca R14: 00000000001d7e7f R15: 00007ffc5d290790 [ 2005.308698][ T4290] [ 2005.316073][ T4290] ocfs2: Unmounting device (7,3) on (node local)