last executing test programs: 6.640581667s ago: executing program 0 (id=761): syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file0\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==") listxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.freeze\x00', 0x275a, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040), 0x0, 0x0, 0x0) 6.396738041s ago: executing program 0 (id=764): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000840)={0x44, &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000500)={0x0, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.107917096s ago: executing program 0 (id=779): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) ppoll(&(0x7f0000000200)=[{r0, 0xe180}], 0x1, 0x0, 0x0, 0x0) 3.589702034s ago: executing program 2 (id=785): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000440), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x143442, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000000)={0x4, 0x7fd, 0x3, 0x9, 0x2, [0x9, 0x82000021, 0xfffffffd, 0x8]}) 3.277070739s ago: executing program 2 (id=786): syz_mount_image$bfs(&(0x7f0000000540), &(0x7f00000006c0)='./bus\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYRES64, @ANYRES64=0x0], 0x1, 0xa0, &(0x7f0000000600)="$eJzs17GJAkEABdB/Gxx7yTZwwXWwNdwVcRUYGhopgjZkK5ZgamRgajIiuyIsaGCyCu/BMHw+Az+d7WnznSYpq6SUsk6nXMzmi+ln7nvU8R6q/q6T/DRdPvwlv0k++n53XE6uZ/D8vx5hMwAA8Jwq7TC3t5/d/muUUQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv5BwAAP//ToEaBw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) 2.997362634s ago: executing program 0 (id=791): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x800700, &(0x7f0000000340)={[{@grpjquota}, {@discard}, {@norecovery}, {@noinit_itable}, {@test_dummy_encryption}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@jqfmt_vfsold}, {@dioread_lock}, {@noblock_validity}, {@nouid32}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1") chdir(&(0x7f0000000400)='./file0\x00') rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 2.816561166s ago: executing program 1 (id=793): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c) syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[], 0x0) 2.808187676s ago: executing program 2 (id=794): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0xf, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 2.660127799s ago: executing program 2 (id=796): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$cgroup2(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800010, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) 2.649148799s ago: executing program 1 (id=797): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000003c0)=0x6, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000040)=[@in={0x2, 0x4e23, @remote}], 0x10) 2.5576069s ago: executing program 2 (id=798): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x3, 0x75, 0x46, 0x40, 0x93a, 0x2623, 0x163f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x9, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x13, 0x0, 0x2, 0x87, 0x55, 0xe0, 0x0, [], [{{0x9, 0x5, 0x7, 0x10, 0x3ff, 0x8, 0x8, 0xa}}, {{0x9, 0x5, 0x4, 0x4, 0x200, 0x7, 0x8, 0x5}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 2.458410732s ago: executing program 1 (id=800): syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000a00)=ANY=[@ANYBLOB='hide,dmode=0x0000000000000009,overriderockperm,utf8,map=acorn,iocharset=iso8859-1,mode=0x00000000000000c9,cruft,map=off,check=strict,overriderockperm,block=0x0000000000000200,cruft,nocompress,cruft,session=0x000000000000002e,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c7362736563746f723d3078303030303030303030303030303030332c00d4215a15701bca521647652b2623aac16363b7c886c8e01c34c1be48fac31ff64fd975416483f623de07f461566ca6ee1f45ee43de3a417c9f293dce66ea364d3d2e284b815c568722445db6e7bc85745e23605586296a7c3b961a6202dc4d36efbb967e286625378fc6af8ffdc648cbda4797ab0d6ad05169b0e2236e6cbf8f752dbf0496b0ba34761d90d049f3be85f3c0c0e38b6daad6f29cb7ee0f1aea54884f0983e098cd5497ff80c97d0fcc"], 0x1, 0xa2f, &(0x7f00000018c0)="$eJzs3c1vXFdfB/DvHduJH/chydOGUqK2nqQkdVvj2A5NiLooiT1JXPyCbEdqxKIpjYOiGAotSG2F1FRCrFqBBGIBu4oVq0rdUBaoGwQ7umKBhPovVKzCyujOjO2xPeNxjGO76edjzcx9+d1zfnfuy/HM3JkTflxWjm8YW1mp33Y5fvMf9yFjDrGrk99/+dUX5e2zBzmSnrxe/FPSn6Sa9CZ5LumbmJyfm+lS0P3kdpJvkyLJ0TQed+R2ir/Mz9fHv03x92W9HR3Zacl0s8JP2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBgVE5Ojo2PFkUzN3ny72pBUt5iYnJ8rsrKydc7qMg3f1Hv9Lr7pWm9SlLf096929f3cyfXZzyapnsnzjbHn6x2Spz+fPPXsiTee6a2sLt8pm/+Xozsv9sOPP7n/7vLy0gdt5xbFHmZ1yDT2keu12amFuamZK9dr1amFuerlixdHz9+4tlC9NjVdW7i1sFibqU7M164szs1XhyZeqY5dvnyhWhu5NXdz9vrkyHRtdeKlXx8fHb1YfWvkd2pX5hfmZs+/NbIwcWNqenpq9no9ppxdxlwqd8TfnlqsLtauzFSrd+8tL13YlFlPNu2/ZdBYt/Upg8a7BY2Pjo+PjY2Pj33W7D17bcLF1y+/fml0tHd0k2yJeEw7LYfLzzpv5r0/icMuVRrtfzKdqczmZt5Ote3fRCYzn7nMdJjftNr+nz1f27batLT/zVa+t2X+qfLuTF5sjvZ3aP875LJ/fx/m43yS+3k3y1nOUj448Iz29+96apnNVBYyl6nM5Ep9SrU5pZrLuZiLGc07uZHBLKQ31zKV6dSykFtZyGJq9T1qIvOp5UoWM5f5VDOUibySasZyOZdzIdXUMpJbmcvNzOZ6JnOlXsrd3Ks/7xe2yXEtaGwnQePbBG1pzB+5/a9t/ueEJ1Bl2638GM7isDsrzfb/SPfQoYn9SAgAAADYc7/67zl28ul/+++kyAv1z+WvTU3XRg86LQAAAGAP1S/Xe7586CuHXkjh9T8AAAA8aYr6d+yKJAMZbAytfhPKmwAAAADwhKh//v9iisH1CV7/AwAAwBOm+2/sd40ohld//rd6p/F4pxnRGCsGrk1N10Ym5qbfGMu5+q8M1L9psKW0nqToq3/94NWcbkSdHmg8DqyXWNbZX0aNjbwxlldzprkiQy+VDy8NtYkcb0S+3Ih8uTWyJxsiL5SRAPCkO7NNe7zT9v/VDDcihk/Vm/zeUxva4J56yzqqZQWAw2Ktj53/bXZp1qb9b0a82Kn9/41tXv+XEU/n7mDjkoKRvJf3s5w7GU7zioPBdqWu9kbQuAxhuMu7AQPNSxa+u1TJ8Jb3A/rX1rU1dinjGW77jkBLucVqDhcacT2PZxsAwH47s207vNb+927X/g9v//q/pc11SSEAHAZrPdg/6sDgzoMPeh0BgI200gAAAAAAAAAAAAAAAAAAAAAAAAAAALD3dvQD/v9xLlleXkp221lAm4Hv/vWff6ljzOdPJf2PkuH2A5XsTc6Hf6AnyUHV/mYeealyGx+Wp87AxoEDPjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwL4qkp930SnI0yWiS8/uf1ePz4KAT2CvV3S1WPMzDfJRje50OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPXfP3/ytpPD7VmJTeSnI2ye0kv3vQOT6K/i7zH+5THofPH9TvW37/v5L0ZaVIb2Ozp+ibmJyfmyl3heJoOf/7L7/6orx1LPLT1YGtvSqUBZQ1bOhcollDy5S+jUv9or7UwOTSh/f/5P0/qk5ere+YVxevTU/OXJ//rfXAZ4uvG10gtHaDsJrvn539l79qmXykWfnX5Zq2t7nea/V6J7fW+yvtlu5Q7w7cW14aL2tarL29+Kd/WGmd9XROJy8NJUMba/r98tahptObn8+Nih+KvyiO5W9zu779y2ejWCnKTXS8vv4/u3tveWnkvfeX76zl9Om9j1oKOJHBJHc2HmVdchqsn0/aqu91lb6y1tF6UHl3skt522opcWz9ed2wDr+o7zIDj7QO1c7rUNfleW9mdGFzRivlQfLXf/xMzm27pY+2KfFclxrbKn4o/qu4kf/Mn7f0/1Ept//ZtD062xRRj2zZU1rnbTi8KmfX13y8dcY7m8vseFTyGHye38tvrm3/Ssv5v7mtOhw3a+ejN1smdjhuVg+tbY6Llhq3HBdN3Y6LrUfqPxzf0qKsqx9GJze1SM2zT6dlmnmebER1yPOX81rSe+qRziivdTmjdFt+t8f/3xVD+Z880P8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+BVJT7vpleRskhNJjpfj1WRlc8yDXdRXGSh2k+ae2U3OPz5FxxUtHuZhPsqx/c4IAAAAAAAAgMfj6uT3X371RXmrfx7fk1+rNOdUk94kJ4q/6ZuYnJ+b6VJQX3J79SP9/vYhHSbndnn38/Xxb8ux57rUd7CXDwDAj9r/BQAA//+CGm1g") openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) pipe(0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000020000001d"], 0x0) 2.413852392s ago: executing program 0 (id=801): set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) r0 = syz_io_uring_setup(0x1104, &(0x7f00000006c0)={0x0, 0x203, 0x1000, 0xfffffffe, 0x21e}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1fc, 0x0, 0x1}) io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0) 2.282310285s ago: executing program 2 (id=802): connect$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r0, 0x5607, 0x2c) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCL_BLANKSCREEN(r1, 0x541c, &(0x7f0000000000)) 2.281400135s ago: executing program 1 (id=803): bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'gre0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYBLOB="400000001000210400"/20, @ANYRES32=r1, @ANYBLOB="00000000000001002000128008000100677265001400028006000f00aa00000006000e"], 0x40}}, 0x0) 1.894534441s ago: executing program 32 (id=802): connect$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r0, 0x5607, 0x2c) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCL_BLANKSCREEN(r1, 0x541c, &(0x7f0000000000)) 1.849488051s ago: executing program 1 (id=805): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) 1.635438345s ago: executing program 0 (id=807): bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, 0x0, 0x8000000000000003, {0x0, 0xf0, 0x3}}, 0x18) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 617.40918ms ago: executing program 3 (id=809): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmsg$inet6(r0, &(0x7f0000000440)={&(0x7f0000000240)={0xa, 0x4e22, 0x3, @remote, 0x1}, 0x1c, &(0x7f0000000600)=[{&(0x7f0000000340)="ce", 0x1}], 0x1}, 0x44044) sendto$inet6(r0, &(0x7f0000000280)="f9", 0x1, 0x20000040, &(0x7f0000000040)={0xa, 0x0, 0x2, @private2}, 0x1c) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)={0x0, 0xfffe, 0x10, 0xaf9}, &(0x7f00000010c0)=0x18) 528.768572ms ago: executing program 3 (id=810): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000640)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x0, @remote, 0x5}, 0x1c, 0x0}}], 0x1, 0x400c000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="08000000000000005002"]) 337.373165ms ago: executing program 3 (id=811): sigaltstack(&(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xfffffffffffffefa}, &(0x7f0000000080)={&(0x7f0000000040)}) r0 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setsig(r0, 0xa, 0x11) mkdirat(0xffffffffffffff9c, &(0x7f0000000b00)='./file1\x00', 0x189) 270.339626ms ago: executing program 3 (id=812): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="011b26b67000fddbdf2507"], 0x58}, 0x1, 0x0, 0x0, 0x5}, 0x404c044) syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r0) 205.266647ms ago: executing program 3 (id=813): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x1000840, &(0x7f0000000a40)={[{@fat=@sys_immutable}, {@numtail}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@shortname_mixed}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@fat=@codepage={'codepage', 0x3d, '949'}}, {@numtail}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@numtail}]}, 0x3, 0x356, &(0x7f0000000200)="$eJzs3U9oI9UfAPBvdrJJu7C/9vCDRUEYvQladise9NSydGExF5Xgn4MY3K5KUxcaDHYPzdaLeBQ86smbBz142LMIinjz4NUVxD940OOCiyPJTJJpk3a7QnYtfj6H8O1732/ee5mhmU6b15dXYqMWcTmNiLm5SlRXzq/EzUosRhJD12JSbUobAHA83Myy+CPLHbGkMuMpAQAzNnj/f/V0qeXtLw/Lz7z7A8CxV/z8P39YztxBHVdmMiUAYMYm7v8/tKe7tvdX/dXSXwUAAMfVsy+8+NRqI+KZNJ2L2Hyn2+w248lx/+rleD3asR5nYyFuReQXCv2HyuDxwsXG2tk0TXvx82I0+xXdZsRmr9vMrxRWk0F9Pc7FQiwW9cXVRpZlyYXPGmvn0oGIuNYbjB+blW7zZJwqxv/+VKzHcqTx/4n6iIuNteW0eILm5rC+F7E7vm/Rn/9SLMS3r8SVaMel6NcOL2saazvn0vR81thT323W5y6NXoUD74AAAAAAAAAAAAAAAAAAAAAAAMA/spSOLI72v8nG+/csLU3pH+yPk9cX+wPt5vsDZfUssuz3tx5tvpvEnv2B9u/P021W48S9XToAAAAAAAAAAAAAAAAAAAD8a3S2a9Fqt9e3OttXN8pBb6uzfSIi+i1vfP3JF/MxmXOboFqMUepKi6arG60sGSZnyZ6cIkj6gw9bPr4+mnE5pz5axdRp1A/uardPP/jjB+OWB5LhM/81zkli+gKTfdMoB5v/y6d0Jy/UKFi+Tc6NLMsOKt95abIqKhHVOz9whwdZP/jqp9fue6xz5vFBy+dZ7uFHFp678f5Hv2602v2RY3AEa1udW9lGq/h6+sl2cJCUzp9K5EGlfCZUDyvfLYL5iP6hbCXf/fb8/e99c7TRs3LLm1Nyknw5n+7vquVBJR+03DU/bayTU07+GQRnPlxpXd/54ZejVpW+SdioAwAAAAAAAAAAAAAAAAAA7orSZ8ULxYd9Tx5W9cTTs58ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANw94///Xwp2J1qOEvzZi8mu+vpWJ6J2r5cJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3N8BAAD//zGNaeE=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000003700)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df30b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c067603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e741030000000000000000000055f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff0520152e9f0119467f61288bf042a8f3c2e0f8b49b92aa0fcfa75afc265489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280000051e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a08a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de4a2bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x28042, 0x0) 116.236149ms ago: executing program 3 (id=814): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000600)=ANY=[], 0x47, 0xc23, &(0x7f0000000c80)="$eJzs3V1sXOlZB/DnnWPHY29pvd0220K3jFTURi6J8tXEVVDldF1DpTRb1XHFXtXjj6SjdcaR7dBsgWJABYmbir1B3CCLsgKpF1yxXOLSRWqFkFDVi3KBZIl2tRdc+KISEmhrdGbesceJE083m9je/H6r2f+ZM8+ZvB+TM8dSXp8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI++7nLp8+kg24FAPA4XZ380ulzvv8B4Ilyzc//AAAAAAAAAAAAAABw2KUo4nikGHptM023nrdVrzSat+9MjU/sfdhgihSVKFr15aN65uy585+6cHG0kw8+/p324Xhh8trl2vOLN28tzS8vz8/VppqN2cW5+Z7f4WGPv9tIawBqN1+6PXcsIs6eOrfr5TvDbww8dXz40sWTF0Y7tVPjExOTXTV9/W/7T7/H/VZ4HIsi6pHireE3Uz0iKvHwY7HPZ+dRG2x1YqTVianxiVZHFhr15kr5YqrkqkpEreugsc4YPYa5eChjEatl88sGj5Tdm7xVX6rPLMzXvlhfWmmsNBabqdJubdmfWlRiNEWsRcTGwL1v1x9FfDRSvHJ6M81ERNEZh0+2Fgbv357KI+hjD8p21voj1ipHYM4OsYEo4mqk+NnrJ2K2HLP8iI9HfKHM1yJeLfMzEan8YJyP+OkenyOOpr4o4t8ixWLaTHOt80HnvHLly7XPN68vdtV2zitH/vvhcTrk56ZqFDHTOuNvprd/sQMAAAAAAAAAAAAAAADAO20wivh2pPjj536nta44WuvS33dp9D0v/mb3mvFn93mfsvZURKxWeluT25+XDqdK+d8j6Bg9qUYR38jr//7woBsDAAAAAAAAAAAAAAAAAADwRCvixUjxlZMn0lp031O80bxRu1afWWjfFbZz79/OPdO3tra2aqmdYzmnc67mXMu5nnMjZ1Ty8TnHck7nXM25lnM950bOKPLxOcdyTudcLfMPtrbW8vP1nBs5oy8fn3Ms53TO1ZxrOddzbuSMQ3LvXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAd5NKFPHzSPGtr22mSBExFjEd7VwfOOjWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAClairiVKRYf7Haer5WibgWET/f2trqPCJis8yHddB9BQAAAAAAAAAAAAAAAAAAgEMrFfGxSPHM/26mWkTcGX5j4Knjw5cunrwwWkQRqSzprn9h8trl2vOLN28tzS8vz8/VppqN2cW5+V7/uOqVRvP2nanxiUfSmX0NPuL2D1afX7z18lLjxldX9nx9qHp5ZnllqT6798sxGJWI6e49I60GT41PtBq90Kg3W4emyn0aWIkY67UzAAAAAAAAAAAAAAAAAAAAHBpDqYjPRYqf/Of51Fk33tde8/9L7WfFdu2rv7fzuwAW7sqO7t8f0Mt26rWhI62F97Wp8YmJya7dff33lpZtSqmIZyPFJ175UGs9fIqhPdfGl3XvLetuns91w79S1q3uqqqOTI1P1K4uNk9eXlhYnK2v1GcW5muTt+qzPf/iAAAAAAAAAAAAAAAAAAAAAHiAoVTEjyLFf//dv6fOfefz+v++9rOu9f+/0VpC31JNu3Nba23/e1tr+9vb77s0OvTR5+63/1Gs/y/blFIR34wU5370odb99Dvr/6fvqi3r/jRSvPncR3Jd5VhZV+90p/2O1xsL86fL2r+KFL/6Vqc2WrU3cu0zO7VnytrBSPEXm7trv5prP7BTe7asPREpvvdfe9d+cKf2XFn7k0jxj39b69QOlbW/m2uP79Seml1cmNtvWMv5/06k+Jurv5U6fb7v/Hf9/ofVu3LbPXP+4O13av6Hu/at5nn9kzz/9X3m/0Kk+E71I7muPfYz+fWnW//fmf9PRIr/+Nfdtddz7ft3as/02q2DVs7/tyPFd//yx9t9zvOfR3Znhrrn/5f7duf2p+SA5v/prn3DuV2zv+BYPImWX/76S/WFhfmlQ7rx1uFoho2H28iXDW9ExKFoj419Nw76zMTjUH7//1mk+L/jRepcx+Tv//e0n+1c//3PN3a+/y/dldsO6Pv//V37LuWrlv6+iOrKzVv9z0ZUl1/++snGzfqN+RvzzbNnTn/60xfOnD5zof9Y5+JuZ6vnsXs3KOf/B5Hih3//w+2fY3Zf/+19/T90V247oPl/prtPu65reh6KJ1I5/38dKZ7+7I+3f9580PV/5+f/Ex/bndt//w5o/j/QtW84t6vxC44FAAAAAAAAAADAUTKUivjzSPHbf/TrqbOGqJd//zd3V247oH//dbxr39xjWtfQ8yADABwi5fXfByPFP219f3st9+7rv/i1Tm339d/9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoojfjxRDr22m9YHyeVv1SqN5+87U+MTehw2mSFGJolVfPqpnzp47/6kLF0c7+eDj32kfjhcmr12uPb9489bS/PLy/FxtqtmYXZyb7/kdHvb4u420BqB286Xbc9evL9fOnjq36+U7w28MPHV8+NLFkxdGO7VT4xMTk101ff1v+0+/R7rP/mNRxPcjxVvDb6bvDkRU4uHHYp/PzqM22OrESKsTU+MTrY4sNOrNlfLFVMlVlYha10FjnTF6DHPxUMYiVsvmlw0eKbs3eau+VJ9ZmK99sb600lhpLDZTpd3asj+1qMRoiliLiI2Be9+uP4r4ZqR45fRm+ueBiKIzDp+8Ovml0+f2b0/lEfSxB2U7a/0Ra5UjMGeH2EAU8Q+R4mevn4jvDUT0RfsRH4/4QpmvRbxa5mciUvnBOB/x0z0+RxxNfVHE+UixmDbT6wPl+aBzXrny5drnm9cXu2o755Uj//3wOB3yc1M1ivhB64y/mf7F32sAAAAAAAAAAAAAAACAQ6SItUjxlZMnUmt98Paa4kbzRu1afWahvayvs/avs2Z6a2trq5baOZZzOudqzrWc6zk3ckYlH59zLOd0ztWcaznXc27kjCIfn3Ms53TO1ZxrOddzbuSMvnx8zrGc0zlXc67lXM+5kTMOydo9AAAAAAAAAAAAAAAAAADg3aUSResu7t/62mbaGmjfX3o62rnufqDvev8fAAD//5YXb/E=") creat(&(0x7f0000000340)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) ioctl$BLKFLSBUF(r0, 0x1261, 0x0) 0s ago: executing program 1 (id=815): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd27, 0xfffffffc, {0x0, 0x0, 0x12, r1, {0x7ff8}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20002001}, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180100002b000100000000000000000008"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) kernel console output (not intermixed with test programs): .938098][ T5772] cgroup: Unknown subsys name 'net' [ 62.070579][ T5772] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.408339][ T5772] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 64.780756][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.791498][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.796107][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.806859][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.807867][ T5790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.821880][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.829937][ T5789] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.830731][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.841122][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.846453][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.852143][ T5789] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.859393][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.865668][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.873269][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 64.881789][ T5789] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.887015][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.893941][ T5789] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.905876][ T5783] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.908093][ T5789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.915091][ T5783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.935071][ T5783] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.947738][ T5783] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.955508][ T5783] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 64.962904][ T5783] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.354055][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 65.408728][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 65.512443][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 65.561921][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.569362][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.577087][ T5785] bridge_slave_0: entered allmulticast mode [ 65.583944][ T5785] bridge_slave_0: entered promiscuous mode [ 65.592481][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.599880][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.607583][ T5781] bridge_slave_0: entered allmulticast mode [ 65.614532][ T5781] bridge_slave_0: entered promiscuous mode [ 65.652239][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.659569][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.667047][ T5785] bridge_slave_1: entered allmulticast mode [ 65.673715][ T5785] bridge_slave_1: entered promiscuous mode [ 65.680845][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.688167][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.695400][ T5781] bridge_slave_1: entered allmulticast mode [ 65.702071][ T5781] bridge_slave_1: entered promiscuous mode [ 65.793168][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.809886][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.833310][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.879017][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.888670][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 65.900022][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.907551][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.914922][ T5784] bridge_slave_0: entered allmulticast mode [ 65.921563][ T5784] bridge_slave_0: entered promiscuous mode [ 65.932219][ T5781] team0: Port device team_slave_0 added [ 65.940713][ T5781] team0: Port device team_slave_1 added [ 65.978453][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.985699][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.992810][ T5784] bridge_slave_1: entered allmulticast mode [ 65.999763][ T5784] bridge_slave_1: entered promiscuous mode [ 66.040592][ T5785] team0: Port device team_slave_0 added [ 66.080038][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.087099][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.113437][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.127623][ T5785] team0: Port device team_slave_1 added [ 66.136168][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.143125][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.169139][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.183671][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.228124][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.258409][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.265499][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.291536][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.304524][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.311474][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.337560][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.392909][ T5784] team0: Port device team_slave_0 added [ 66.410913][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.418160][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.425463][ T5792] bridge_slave_0: entered allmulticast mode [ 66.432120][ T5792] bridge_slave_0: entered promiscuous mode [ 66.440893][ T5784] team0: Port device team_slave_1 added [ 66.471788][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.479002][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.486906][ T5792] bridge_slave_1: entered allmulticast mode [ 66.493538][ T5792] bridge_slave_1: entered promiscuous mode [ 66.529244][ T5781] hsr_slave_0: entered promiscuous mode [ 66.535663][ T5781] hsr_slave_1: entered promiscuous mode [ 66.567501][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.574660][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.600791][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.626924][ T5785] hsr_slave_0: entered promiscuous mode [ 66.633265][ T5785] hsr_slave_1: entered promiscuous mode [ 66.639547][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 66.647590][ T5785] Cannot create hsr debugfs directory [ 66.655548][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.665523][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.672488][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.698563][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.732363][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.806173][ T5784] hsr_slave_0: entered promiscuous mode [ 66.814487][ T5784] hsr_slave_1: entered promiscuous mode [ 66.820516][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 66.828658][ T5784] Cannot create hsr debugfs directory [ 66.848951][ T5792] team0: Port device team_slave_0 added [ 66.861000][ T5792] team0: Port device team_slave_1 added [ 66.931403][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.938758][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.965237][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.981710][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.988974][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.995424][ T5791] Bluetooth: hci2: command tx timeout [ 67.015560][ T5783] Bluetooth: hci0: command tx timeout [ 67.020650][ T5789] Bluetooth: hci1: command tx timeout [ 67.026813][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.031686][ T5787] Bluetooth: hci3: command tx timeout [ 67.146816][ T5792] hsr_slave_0: entered promiscuous mode [ 67.152992][ T5792] hsr_slave_1: entered promiscuous mode [ 67.160280][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.167933][ T5792] Cannot create hsr debugfs directory [ 67.371750][ T5781] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 67.382271][ T5781] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 67.420631][ T5781] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 67.430797][ T5781] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 67.485951][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.497263][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.509481][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.518817][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.611620][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 67.624732][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 67.641758][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 67.652712][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 67.730719][ T5792] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 67.741556][ T5792] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 67.761698][ T5792] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 67.771303][ T5792] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 67.900138][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.930791][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.971337][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.982432][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.996757][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.019268][ T2931] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.026524][ T2931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.045628][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.052756][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.082778][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.089915][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.102951][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.126741][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.133845][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.142526][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.149653][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.176520][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.183648][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.265231][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.326710][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.360499][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.367676][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.397102][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.404272][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.767677][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.794993][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.866020][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.913863][ T5781] veth0_vlan: entered promiscuous mode [ 68.923864][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.952045][ T5781] veth1_vlan: entered promiscuous mode [ 68.959999][ T5784] veth0_vlan: entered promiscuous mode [ 68.986631][ T5784] veth1_vlan: entered promiscuous mode [ 69.053847][ T5781] veth0_macvtap: entered promiscuous mode [ 69.074627][ T5789] Bluetooth: hci2: command tx timeout [ 69.074633][ T5783] Bluetooth: hci1: command tx timeout [ 69.079118][ T5785] veth0_vlan: entered promiscuous mode [ 69.080100][ T5791] Bluetooth: hci3: command tx timeout [ 69.092948][ T5785] veth1_vlan: entered promiscuous mode [ 69.096659][ T5787] Bluetooth: hci0: command tx timeout [ 69.116868][ T5784] veth0_macvtap: entered promiscuous mode [ 69.131484][ T5781] veth1_macvtap: entered promiscuous mode [ 69.153805][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.178338][ T5784] veth1_macvtap: entered promiscuous mode [ 69.189363][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.205287][ T5781] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.214719][ T5781] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.223430][ T5781] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.235707][ T5781] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.265767][ T5792] veth0_vlan: entered promiscuous mode [ 69.304727][ T5792] veth1_vlan: entered promiscuous mode [ 69.317960][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.330560][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.342576][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.352784][ T5785] veth0_macvtap: entered promiscuous mode [ 69.364004][ T5785] veth1_macvtap: entered promiscuous mode [ 69.385829][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.396973][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.409187][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.453706][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.462866][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.471921][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.481524][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.518287][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.529024][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.538945][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.549753][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.561442][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.590872][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.602852][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.612813][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.623978][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.635659][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.656695][ T988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.666634][ T988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.680902][ T5792] veth0_macvtap: entered promiscuous mode [ 69.692873][ T5792] veth1_macvtap: entered promiscuous mode [ 69.717066][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.728099][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.737711][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.746940][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.814529][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.822394][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.859587][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.871210][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.883084][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.893596][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.903893][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.914696][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.930353][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.964291][ T2931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.972156][ T2931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.026305][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.042035][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.053234][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.065114][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.075432][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.085946][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.097609][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.107345][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.127487][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.135630][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.143468][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.162262][ T5792] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.173137][ T5792] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.181931][ T5792] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.190982][ T5792] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.343882][ T2931] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.378507][ T2931] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.495578][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.503446][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.521160][ T5870] syz.0.1[5870]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 70.581187][ T988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.585828][ T5870] loop0: detected capacity change from 0 to 2048 [ 70.596703][ T988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.720975][ T5870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.825767][ T5870] EXT4-fs: Ignoring removed orlov option [ 70.831907][ T5870] EXT4-fs (loop0): can't enable nombcache during remount [ 70.849308][ T27] audit: type=1800 audit(1752878802.631:2): pid=5870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 71.034565][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.155164][ T5787] Bluetooth: hci3: command tx timeout [ 71.159525][ T5877] loop3: detected capacity change from 0 to 4096 [ 71.161001][ T5787] Bluetooth: hci1: command tx timeout [ 71.168070][ T5791] Bluetooth: hci0: command tx timeout [ 71.173177][ T5789] Bluetooth: hci2: command tx timeout [ 71.259701][ T5877] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 71.340245][ T5877] ntfs: (device loop3): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 71.409782][ T5877] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 71.466516][ T5877] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 71.542094][ T5877] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 71.595202][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.601767][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.614832][ T5877] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 71.675335][ T5877] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 71.749870][ T5877] ntfs: volume version 3.1. [ 71.806047][ T5877] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 71.833866][ T5877] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 72.173057][ T5881] loop2: detected capacity change from 0 to 32768 [ 72.202046][ T5881] ======================================================= [ 72.202046][ T5881] WARNING: The mand mount option has been deprecated and [ 72.202046][ T5881] and is ignored by this kernel. Remove the mand [ 72.202046][ T5881] option from the mount to silence this warning. [ 72.202046][ T5881] ======================================================= [ 72.464416][ T5881] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 72.749473][ T5940] netlink: 136 bytes leftover after parsing attributes in process `syz.0.17'. [ 72.782651][ T5881] XFS (loop2): Ending clean mount [ 72.784873][ T5940] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 72.811064][ T5943] loop1: detected capacity change from 0 to 256 [ 72.841204][ T5881] XFS (loop2): Quotacheck needed: Please wait. [ 72.961456][ T5881] XFS (loop2): Quotacheck: Done. [ 73.234247][ T5787] Bluetooth: hci1: command tx timeout [ 73.235684][ T5791] Bluetooth: hci3: command tx timeout [ 73.239672][ T5787] Bluetooth: hci0: command tx timeout [ 73.239702][ T5787] Bluetooth: hci2: command tx timeout [ 73.425152][ T5974] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 73.897760][ T5792] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 74.156979][ T6017] xt_bpf: check failed: parse error [ 74.787009][ T6037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29'. [ 75.669184][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 75.731466][ T6060] loop1: detected capacity change from 0 to 32768 [ 75.744812][ T6060] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.39 (6060) [ 75.799522][ T6060] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 75.842112][ T6060] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 75.853754][ T6060] BTRFS info (device loop1): enabling ssd optimizations [ 75.867882][ T6060] BTRFS info (device loop1): using spread ssd allocation scheme [ 75.878994][ T6060] BTRFS info (device loop1): using free space tree [ 75.894457][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 75.909305][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 233, changing to 11 [ 75.921997][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 75.943979][ T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.40 [ 75.963807][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.988698][ T9] usb 3-1: Product: syz [ 75.992908][ T9] usb 3-1: Manufacturer: syz [ 76.002573][ T6060] BTRFS info (device loop1): auto enabling async discard [ 76.033427][ T9] usb 3-1: SerialNumber: syz [ 76.323010][ T9] usbhid 3-1:1.0: can't add hid device: -71 [ 76.341725][ T9] usbhid: probe of 3-1:1.0 failed with error -71 [ 76.365831][ T5781] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 76.367212][ T9] usb 3-1: USB disconnect, device number 2 [ 76.754465][ T6090] loop5: detected capacity change from 0 to 1143 [ 76.812313][ T6092] loop5: detected capacity change from 1143 to 2695 [ 77.403272][ T6102] dlm: non-version read from control device 2147479552 [ 77.438398][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.644386][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 77.655736][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.694060][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 77.740708][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.775251][ T9] usb 1-1: config 0 descriptor?? [ 77.811854][ T9] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 77.827008][ T6108] warning: `syz.2.52' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 77.829750][ T6110] process 'syz.3.54' launched './file2' with NULL argv: empty string added [ 78.194421][ T5143] bcm5974 1-1:0.0: could not read from device [ 78.204754][ T787] usb 1-1: USB disconnect, device number 2 [ 78.226123][ T5143] bcm5974 1-1:0.0: could not read from device [ 78.243706][ T5795] bcm5974 1-1:0.0: could not read from device [ 78.244630][ T6124] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 78.244630][ T6124] The task syz.1.53 (6124) triggered the difference, watch for misbehavior. [ 78.270482][ T5143] bcm5974 1-1:0.0: could not read from device [ 78.374174][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 78.415885][ T6127] loop2: detected capacity change from 0 to 1024 [ 78.570584][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 78.570851][ T5993] hfsplus: b-tree write err: -5, ino 3 [ 78.581274][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 78.588918][ T5792] hfsplus: node 4:3 still has 1 user(s)! [ 78.603564][ T8] usb 4-1: config 0 has no interfaces? [ 78.626845][ T8] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 78.642783][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.652010][ T8] usb 4-1: Product: syz [ 78.656568][ T8] usb 4-1: Manufacturer: syz [ 78.661184][ T8] usb 4-1: SerialNumber: syz [ 78.675325][ T8] usb 4-1: config 0 descriptor?? [ 78.939441][ T28] usb 4-1: USB disconnect, device number 2 [ 79.009975][ T6138] syzkaller1: entered promiscuous mode [ 79.022724][ T6138] syzkaller1: entered allmulticast mode [ 79.574485][ T5820] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 79.678814][ T6162] loop0: detected capacity change from 0 to 4096 [ 79.769313][ T5820] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 79.787676][ T5820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.830019][ T5820] usb 2-1: config 0 descriptor?? [ 79.858887][ T5820] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 80.077587][ T5820] gp8psk: usb in 128 operation failed. [ 80.296903][ T5820] gp8psk: usb in 146 operation failed. [ 80.303699][ T5820] gp8psk: failed to get FW version [ 80.314457][ T5820] gp8psk: FPGA Version = 196 [ 80.344479][ T28] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 80.521109][ T5820] gp8psk: usb in 138 operation failed. [ 80.527079][ T5820] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 80.544748][ T5820] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 80.560799][ T28] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 80.574149][ T28] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.596237][ T5820] usb 2-1: USB disconnect, device number 2 [ 80.604611][ T28] usb 4-1: Product: syz [ 80.608812][ T28] usb 4-1: Manufacturer: syz [ 80.613412][ T28] usb 4-1: SerialNumber: syz [ 80.648984][ T28] usb 4-1: config 0 descriptor?? [ 80.661980][ T28] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 003 [ 81.087805][ T28] (null): failure reading functionality [ 81.105896][ T6197] Invalid ELF header magic: != ELF [ 81.121471][ T28] i2c i2c-1: connected i2c-tiny-usb device [ 81.260081][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.0.92'. [ 81.278049][ T6202] chnl_net:caif_netlink_parms(): no params data found [ 81.352701][ T28] usb 4-1: USB disconnect, device number 3 [ 81.806245][ T786] cfg80211: failed to load regulatory.db [ 82.032115][ T6219] loop0: detected capacity change from 0 to 512 [ 82.097310][ T6219] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 82.119197][ T6209] loop1: detected capacity change from 0 to 32768 [ 82.138985][ T6219] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.169198][ T6209] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 82.268469][ T8] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 82.378953][ T6209] XFS (loop1): Ending clean mount [ 82.395616][ T6209] XFS (loop1): Quotacheck needed: Please wait. [ 82.430759][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 82.497378][ T6209] XFS (loop1): Quotacheck: Done. [ 82.522531][ T8] usb 4-1: unable to get BOS descriptor or descriptor too short [ 82.535422][ T8] usb 4-1: not running at top speed; connect to a high speed hub [ 82.565712][ T8] usb 4-1: config 1 interface 0 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 82.587124][ T8] usb 4-1: config 1 interface 0 has no altsetting 0 [ 82.599890][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 82.618683][ T6234] netlink: 32 bytes leftover after parsing attributes in process `syz.0.100'. [ 82.619350][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.664185][ T8] usb 4-1: Product: syz [ 82.668411][ T8] usb 4-1: Manufacturer: syz [ 82.673019][ T8] usb 4-1: SerialNumber: syz [ 82.710992][ T6217] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 82.850333][ T5781] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 82.952063][ T8] usb 4-1: bad CDC descriptors [ 82.989490][ T8] usb 4-1: USB disconnect, device number 4 [ 83.761537][ T6263] loop3: detected capacity change from 0 to 1024 [ 83.789768][ T6263] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.861096][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.119976][ T6269] bond0: option mode: unable to set because the bond device has slaves [ 84.440628][ T6121] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 84.539073][ T6283] loop1: detected capacity change from 0 to 8192 [ 84.563802][ T6283] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 84.578564][ T6283] UDF-fs: Scanning with blocksize 512 failed [ 84.589383][ T6283] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 84.597821][ T6283] UDF-fs: Scanning with blocksize 1024 failed [ 84.616623][ T6283] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 84.624040][ T6283] UDF-fs: Scanning with blocksize 2048 failed [ 84.647925][ T6121] usb 4-1: Using ep0 maxpacket: 32 [ 84.649956][ T6288] loop0: detected capacity change from 0 to 256 [ 84.662946][ T6288] exfat: Deprecated parameter 'namecase' [ 84.667739][ T6121] usb 4-1: config 0 interface 0 has no altsetting 0 [ 84.682375][ T6121] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 84.696123][ T6121] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.715770][ T6283] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 84.726373][ T6288] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 84.739941][ T6121] usb 4-1: Product: syz [ 84.744467][ T6121] usb 4-1: Manufacturer: syz [ 84.749081][ T6121] usb 4-1: SerialNumber: syz [ 84.770374][ T6121] usb 4-1: config 0 descriptor?? [ 84.792946][ T6121] gs_usb 4-1:0.0: Required endpoints not found [ 85.563398][ T6292] loop0: detected capacity change from 0 to 32768 [ 85.587143][ T6292] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 85.710430][ T6292] XFS (loop0): Ending clean mount [ 85.735576][ T6292] XFS (loop0): Quotacheck needed: Please wait. [ 85.780271][ T6292] XFS (loop0): Quotacheck: Done. [ 85.907107][ T5784] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 86.064573][ T786] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 86.266550][ T786] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 86.275464][ T786] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 86.283634][ T786] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 86.292884][ T786] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 86.303848][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 86.314849][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 86.324683][ T786] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 86.340413][ T786] usb 2-1: string descriptor 0 read error: -22 [ 86.346842][ T786] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 86.356313][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.374807][ T786] usb 2-1: config 0 descriptor?? [ 86.395674][ T786] hub 2-1:0.0: bad descriptor, ignoring hub [ 86.405065][ T786] hub: probe of 2-1:0.0 failed with error -5 [ 86.435186][ T786] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6 [ 86.635402][ T787] usb 2-1: USB disconnect, device number 3 [ 87.150228][ T786] usb 4-1: USB disconnect, device number 5 [ 87.226624][ T6335] loop3: detected capacity change from 0 to 128 [ 87.258058][ T6335] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2 [ 87.517758][ T6344] netlink: 32 bytes leftover after parsing attributes in process `syz.1.142'. [ 87.974858][ T6363] loop5: detected capacity change from 0 to 2975 [ 88.032630][ T6364] loop5: detected capacity change from 2975 to 5119 [ 88.554697][ T6121] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 88.774648][ T6121] usb 2-1: Using ep0 maxpacket: 8 [ 88.796480][ T6121] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 233, changing to 11 [ 88.823846][ T6121] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 88.891588][ T6121] usb 2-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.40 [ 88.912516][ T6121] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.927302][ T6121] usb 2-1: Product: syz [ 88.941751][ T6121] usb 2-1: Manufacturer: syz [ 88.954170][ T6121] usb 2-1: SerialNumber: syz [ 89.210398][ T6121] usbhid 2-1:1.0: can't add hid device: -71 [ 89.218771][ T6121] usbhid: probe of 2-1:1.0 failed with error -71 [ 89.229633][ T6121] usb 2-1: USB disconnect, device number 4 [ 89.372965][ T6391] netlink: 68 bytes leftover after parsing attributes in process `syz.3.163'. [ 89.671647][ T6399] loop3: detected capacity change from 0 to 8192 [ 89.693615][ T6399] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 89.708143][ T6399] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 89.723102][ T6399] REISERFS (device loop3): using ordered data mode [ 89.729895][ T6399] reiserfs: using flush barriers [ 89.737668][ T6399] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 89.755229][ T6399] REISERFS (device loop3): checking transaction log (loop3) [ 89.776417][ T6399] REISERFS (device loop3): Using r5 hash to sort names [ 89.797936][ T6399] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 89.992414][ T6403] loop1: detected capacity change from 0 to 2048 [ 90.099453][ T6403] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.240208][ T6403] EXT4-fs: Ignoring removed orlov option [ 90.271584][ T6403] EXT4-fs (loop1): can't enable nombcache during remount [ 90.284576][ T6410] syz.3.170 uses obsolete (PF_INET,SOCK_PACKET) [ 90.350009][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 90.350023][ T27] audit: type=1800 audit(1752878822.131:3): pid=6403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.168" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 90.420303][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.051744][ T6418] loop3: detected capacity change from 0 to 32768 [ 91.070320][ T6418] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.173 (6418) [ 91.103843][ T6418] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 91.117036][ T6418] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 91.129918][ T6418] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 91.139968][ T6418] BTRFS info (device loop3): use zstd compression, level 3 [ 91.170284][ T6418] BTRFS info (device loop3): using free space tree [ 91.271441][ T6438] tmpfs: Unknown parameter 'nolazytimeÿÿ' [ 91.301644][ T6418] BTRFS info (device loop3): enabling ssd optimizations [ 91.309086][ T6418] BTRFS info (device loop3): auto enabling async discard [ 91.553032][ T5785] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 91.627721][ T6451] netlink: 12 bytes leftover after parsing attributes in process `syz.2.181'. [ 91.734805][ T5774] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 10 /dev/loop3 scanned by udevd (5774) [ 92.260460][ T6457] loop3: detected capacity change from 0 to 32768 [ 92.269358][ T6457] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.180 (6457) [ 92.291148][ T6457] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 92.303164][ T6457] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 92.312660][ T6457] BTRFS info (device loop3): enabling ssd optimizations [ 92.320140][ T6457] BTRFS info (device loop3): using spread ssd allocation scheme [ 92.329244][ T6457] BTRFS info (device loop3): using free space tree [ 92.373094][ T6457] BTRFS info (device loop3): auto enabling async discard [ 92.488754][ T5785] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 92.771388][ T5774] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop3 scanned by udevd (5774) [ 93.014388][ T787] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 93.110017][ T6499] 9pnet: p9_errstr2errno: server reported unknown error 18446 [ 93.216929][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.238116][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 93.271637][ T787] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 93.310240][ T787] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 93.330657][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.355343][ T787] usb 1-1: config 0 descriptor?? [ 93.806894][ T787] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 93.879698][ T787] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 93.941842][ T6501] loop3: detected capacity change from 0 to 32768 [ 94.068771][ T6501] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 94.091207][ T6501] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 94.195425][ T787] usb 1-1: USB disconnect, device number 3 [ 94.246038][ T6514] fido_id[6514]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 94.352315][ T6513] loop2: detected capacity change from 0 to 32768 [ 94.407526][ T6513] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.200 (6513) [ 94.426430][ T6501] XFS (loop3): Ending clean mount [ 94.451559][ T6501] XFS (loop3): Quotacheck needed: Please wait. [ 94.474134][ T6513] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 94.498970][ T6513] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.533418][ T6513] BTRFS info (device loop2): force zlib compression, level 3 [ 94.551245][ T6513] BTRFS info (device loop2): force clearing of disk cache [ 94.562105][ T6501] XFS (loop3): Quotacheck: Done. [ 94.580654][ T6513] BTRFS info (device loop2): setting nodatasum [ 94.587446][ T6513] BTRFS info (device loop2): use zlib compression, level 3 [ 94.596053][ T6513] BTRFS info (device loop2): allowing degraded mounts [ 94.616456][ T6513] BTRFS info (device loop2): enabling disk space caching [ 94.658542][ T27] audit: type=1800 audit(1752878826.441:4): pid=6501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.194" name="file1" dev="loop3" ino=9286 res=0 errno=0 [ 94.694310][ T6513] BTRFS info (device loop2): disk space caching is enabled [ 94.854189][ T6513] BTRFS info (device loop2): enabling ssd optimizations [ 94.896815][ T6513] BTRFS info (device loop2): auto enabling async discard [ 94.919683][ T6513] BTRFS info (device loop2): rebuilding free space tree [ 94.983192][ T6513] BTRFS info (device loop2): disabling free space tree [ 95.004293][ T6513] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 95.024240][ T6513] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 95.096399][ T5785] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 95.194259][ T5792] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 95.887978][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 95.992638][ T6574] loop1: detected capacity change from 0 to 1024 [ 96.090372][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 96.099520][ T8] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 96.123554][ T8] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.138220][ T988] hfsplus: b-tree write err: -5, ino 3 [ 96.144390][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 96.156013][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 96.166776][ T8] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 96.180125][ T8] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 96.189688][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.200344][ T5781] hfsplus: node 4:3 still has 1 user(s)! [ 96.470151][ T8] usb 1-1: usb_control_msg returned -32 [ 96.481193][ T8] usbtmc 1-1:16.0: can't read capabilities [ 96.547866][ T6585] loop1: detected capacity change from 0 to 256 [ 96.571367][ T6585] exfat: Deprecated parameter 'namecase' [ 96.709545][ T6585] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 96.899134][ T6583] loop2: detected capacity change from 0 to 32768 [ 96.913506][ T6583] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.219 (6583) [ 96.943979][ T6583] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 96.966479][ T6583] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 96.985758][ T6583] BTRFS info (device loop2): force clearing of disk cache [ 97.010380][ T6592] loop3: detected capacity change from 0 to 2048 [ 97.016537][ T6583] BTRFS info (device loop2): turning on flush-on-commit [ 97.037924][ T6583] BTRFS info (device loop2): enabling ssd optimizations [ 97.062296][ T6583] BTRFS info (device loop2): using spread ssd allocation scheme [ 97.083804][ T6583] BTRFS info (device loop2): enabling auto defrag [ 97.102087][ T6592] loop3: p1 < > p3 [ 97.109971][ T6583] BTRFS info (device loop2): max_inline at 0 [ 97.118088][ T787] usb 1-1: USB disconnect, device number 4 [ 97.126422][ T6592] loop3: p3 size 134217728 extends beyond EOD, truncated [ 97.138084][ T6583] BTRFS info (device loop2): enabling disk space caching [ 97.175488][ T6583] BTRFS info (device loop2): disk space caching is enabled [ 97.252617][ T6583] BTRFS info (device loop2): auto enabling async discard [ 97.268970][ T6583] BTRFS info (device loop2): rebuilding free space tree [ 97.313728][ T6583] BTRFS info (device loop2): disabling free space tree [ 97.345692][ T6583] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.354392][ T6614] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.366571][ T6583] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 97.488100][ T5795] udevd[5795]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 97.519275][ T27] audit: type=1800 audit(1752878829.301:5): pid=6583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.219" name="file0" dev="loop2" ino=258 res=0 errno=0 [ 97.598931][ T6620] loop1: detected capacity change from 0 to 256 [ 97.633325][ T6620] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 97.660040][ T6620] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 97.675178][ T5792] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 97.680378][ T6620] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 98.127622][ T6633] loop0: detected capacity change from 0 to 512 [ 98.136133][ T6633] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 98.163843][ T6633] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 98.175186][ T6631] syzkaller1: entered promiscuous mode [ 98.180684][ T6631] syzkaller1: entered allmulticast mode [ 98.217843][ T6633] EXT4-fs (loop0): 1 truncate cleaned up [ 98.225596][ T6633] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.369395][ T6633] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.0.232: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 98.416806][ T6633] EXT4-fs error (device loop0) in ext4_delete_entry:2800: Corrupt filesystem [ 98.485878][ T6641] loop1: detected capacity change from 0 to 4096 [ 98.529883][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.578914][ T6644] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.823644][ T6641] NILFS (loop1): unrecognized mount option "ÿÿ18446744073709551615ÿ01777777777777777777777±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(cŸoö—ÈêM ) Ç0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿ" [ 98.984243][ T786] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 99.145109][ T5820] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 99.164227][ T786] usb 1-1: Using ep0 maxpacket: 32 [ 99.181283][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.197104][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.220714][ T786] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 99.233359][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.263593][ T786] usb 1-1: config 0 descriptor?? [ 99.279132][ T786] hub 1-1:0.0: USB hub found [ 99.300166][ T6664] loop2: detected capacity change from 0 to 512 [ 99.322628][ T6664] EXT4-fs: Ignoring removed mblk_io_submit option [ 99.344423][ T6664] ext4: Unknown parameter 'seclabel' [ 99.346106][ T5820] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 99.376171][ T5820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 99.399592][ T6667] @: renamed from vlan0 (while UP) [ 99.407115][ T5820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 99.435504][ T5820] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 99.470903][ T5820] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 99.493087][ T5820] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 99.511933][ T786] hub 1-1:0.0: 1 port detected [ 99.521221][ T5820] usb 4-1: Manufacturer: syz [ 99.537106][ T5820] usb 4-1: config 0 descriptor?? [ 99.565766][ T6669] loop2: detected capacity change from 0 to 2048 [ 99.591694][ T6671] loop1: detected capacity change from 0 to 512 [ 99.603378][ T6669] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.603423][ T6671] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 99.648902][ T6671] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 99.675242][ T6671] EXT4-fs (loop1): 1 truncate cleaned up [ 99.693640][ T6671] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.844224][ T5820] rc_core: IR keymap rc-hauppauge not found [ 99.854014][ T5820] Registered IR keymap rc-empty [ 99.881825][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 99.898674][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.927543][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 99.936268][ T786] usb 1-1: USB disconnect, device number 5 [ 99.986661][ T5820] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 100.011412][ T5820] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input8 [ 100.038719][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.074791][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.124540][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.165235][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.194365][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.224823][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.264302][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.302755][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.330467][ T6687] overlayfs: invalid origin (00000079006e736e7320286c696d6974203130303030303029206d61785f7374617465735f7065725f696e736e203020746f74616c5f73746174657320302070) [ 100.344238][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.384948][ T5820] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 100.420639][ T5820] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 100.430139][ T5820] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 100.445258][ T5820] usb 4-1: USB disconnect, device number 6 [ 100.697824][ T6697] loop0: detected capacity change from 0 to 2048 [ 100.722101][ T6697] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 100.827432][ T6700] loop2: detected capacity change from 0 to 512 [ 100.883526][ T6700] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 100.933362][ T6700] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.129073][ T6706] loop3: detected capacity change from 0 to 1024 [ 101.142960][ T6700] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 101.203540][ T6706] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.218161][ T6710] input: syz0 as /devices/virtual/input/input9 [ 101.366377][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.443031][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 102.033514][ T6732] syzkaller1: entered promiscuous mode [ 102.046260][ T6732] syzkaller1: entered allmulticast mode [ 102.102819][ T6734] netlink: 64 bytes leftover after parsing attributes in process `syz.2.273'. [ 102.120714][ T6731] loop3: detected capacity change from 0 to 8192 [ 102.184678][ T6731] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 102.201602][ T6731] UDF-fs: Scanning with blocksize 512 failed [ 102.228957][ T6731] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 102.249443][ T6731] UDF-fs: Scanning with blocksize 1024 failed [ 102.277412][ T6731] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 102.298650][ T6736] loop2: detected capacity change from 0 to 1024 [ 102.304199][ T6731] UDF-fs: Scanning with blocksize 2048 failed [ 102.323819][ T6731] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 102.418985][ T6718] loop0: detected capacity change from 0 to 40427 [ 102.465705][ T988] hfsplus: b-tree write err: -5, ino 3 [ 102.486834][ T6718] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 102.490503][ T6736] hfsplus: catalog searching failed [ 102.522228][ T6718] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 102.575438][ T6718] F2FS-fs (loop0): Found nat_bits in checkpoint [ 102.721978][ T5792] hfsplus: node 4:3 still has 1 user(s)! [ 102.783974][ T6718] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 102.794686][ T6718] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 103.239231][ T6758] loop2: detected capacity change from 0 to 4096 [ 103.377544][ T6762] loop3: detected capacity change from 0 to 1024 [ 103.392095][ T6762] EXT4-fs: Ignoring removed nomblk_io_submit option [ 103.460562][ T6762] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.862697][ T6772] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input10 [ 103.893235][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.397432][ T27] audit: type=1326 audit(1752878836.181:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69efd8e9a9 code=0x7ffc0000 [ 104.471126][ T27] audit: type=1326 audit(1752878836.201:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f69efd8e9a9 code=0x7ffc0000 [ 104.537598][ T27] audit: type=1326 audit(1752878836.201:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69efd8e9a9 code=0x7ffc0000 [ 104.793048][ T6799] syz.1.299 (6799) used greatest stack depth: 19784 bytes left [ 104.941906][ T6786] loop2: detected capacity change from 0 to 32768 [ 104.980584][ T27] audit: type=1326 audit(1752878836.761:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6805 comm="syz.1.302" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f69efd8e9a9 code=0x0 [ 105.023114][ T6786] XFS (loop2): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 105.044309][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 105.125054][ T6786] XFS (loop2): Ending clean mount [ 105.159693][ T6786] XFS (loop2): Quotacheck needed: Please wait. [ 105.244187][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 105.256391][ T8] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 105.276460][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 105.291048][ T6786] XFS (loop2): Quotacheck: Done. [ 105.292081][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 105.306577][ T8] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 105.323839][ T6786] XFS (loop2): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 105.324133][ T8] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 105.346345][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.569444][ T8] usb 1-1: GET_CAPABILITIES returned 0 [ 105.578521][ T8] usbtmc 1-1:16.0: can't read capabilities [ 105.797702][ T786] usb 1-1: USB disconnect, device number 6 [ 105.976612][ T6833] Zero length message leads to an empty skb [ 106.282162][ T6825] loop3: detected capacity change from 0 to 40427 [ 106.296532][ T6825] F2FS-fs (loop3): heap/no_heap options were deprecated [ 106.722835][ T6845] loop0: detected capacity change from 0 to 8192 [ 106.818988][ T6845] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 106.871116][ T6845] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 106.913941][ T6845] REISERFS (device loop0): using ordered data mode [ 106.926114][ T6845] reiserfs: using flush barriers [ 106.974317][ T6845] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 107.094841][ T6845] REISERFS (device loop0): checking transaction log (loop0) [ 107.190577][ T6845] REISERFS (device loop0): Using r5 hash to sort names [ 107.226887][ T6845] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 107.302270][ T27] audit: type=1800 audit(1752878839.071:10): pid=6845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.316" name="file1" dev="loop0" ino=2 res=0 errno=0 [ 108.733993][ T6909] loop0: detected capacity change from 0 to 256 [ 108.735441][ T5820] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 108.936264][ T5820] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.957920][ T5820] usb 2-1: config 0 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 109.006189][ T5820] usb 2-1: config 0 interface 0 has no altsetting 0 [ 109.025056][ T5820] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.044235][ T5820] usb 2-1: config 0 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 109.075150][ T5820] usb 2-1: config 0 interface 0 has no altsetting 0 [ 109.092217][ T5820] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.102548][ T5820] usb 2-1: config 0 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 109.128529][ T5820] usb 2-1: config 0 interface 0 has no altsetting 0 [ 109.147252][ T5820] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.157655][ T5820] usb 2-1: config 0 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 109.180949][ T5820] usb 2-1: config 0 interface 0 has no altsetting 0 [ 109.195774][ T5820] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.220791][ T5820] usb 2-1: config 0 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 109.254190][ T5820] usb 2-1: config 0 interface 0 has no altsetting 0 [ 109.260866][ T5820] usb 2-1: New USB device found, idVendor=046d, idProduct=c286, bcdDevice= 0.00 [ 109.284145][ T5820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.308509][ T5820] usb 2-1: config 0 descriptor?? [ 109.328480][ T5820] hub 2-1:0.0: Invalid hub with more than one config or interface [ 109.344906][ T6892] loop3: detected capacity change from 0 to 65536 [ 109.357236][ T5820] hub: probe of 2-1:0.0 failed with error -22 [ 109.406563][ T6892] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 109.511005][ T6892] XFS (loop3): Ending clean mount [ 109.513277][ T6923] loop0: detected capacity change from 0 to 1024 [ 109.573528][ T6905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.584929][ T6905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.602752][ T6923] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.607408][ T786] usb 2-1: USB disconnect, device number 5 [ 109.674430][ T27] audit: type=1804 audit(1752878841.451:11): pid=6892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.336" name="/newroot/73/file0/file1" dev="loop3" ino=38 res=1 errno=0 [ 109.745421][ T5820] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 [ 109.778953][ T27] audit: type=1800 audit(1752878841.551:12): pid=6923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.346" name="file1" dev="overlay" ino=15 res=0 errno=0 [ 109.805077][ T5820] XFS (loop3): Unmount and run xfs_repair [ 109.824181][ T5820] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 109.845970][ T5785] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 109.862100][ T5820] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 109.881760][ T5820] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 109.891537][ T5820] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 109.901376][ T5820] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 109.911890][ T5820] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 109.921469][ T5820] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 109.941192][ T5820] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 109.953346][ T5820] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 109.963274][ T8] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74 [ 109.976128][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.003949][ T8] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 110.044712][ T8] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 110.350120][ T6932] sp0: Synchronizing with TNC [ 111.297099][ T6937] loop0: detected capacity change from 0 to 32768 [ 111.496005][ T6939] loop1: detected capacity change from 0 to 40427 [ 111.513820][ T6939] F2FS-fs (loop1): invalid crc value [ 111.527246][ T6937] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 111.545827][ T6939] F2FS-fs (loop1): Found nat_bits in checkpoint [ 111.757824][ T6939] F2FS-fs (loop1): Start checkpoint disabled! [ 111.815568][ T6939] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 112.099336][ T5784] (syz-executor,5784,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 112.152178][ T48] kworker/u4:3: attempt to access beyond end of device [ 112.152178][ T48] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 112.171504][ T48] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 112.179517][ T6958] netlink: 56 bytes leftover after parsing attributes in process `syz.2.361'. [ 112.192405][ T5784] ocfs2: Unmounting device (7,0) on (node local) [ 112.199381][ T48] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 112.361651][ T6960] loop3: detected capacity change from 0 to 4096 [ 112.429462][ T6962] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 112.594675][ T6960] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12 [ 112.638412][ T6960] Remounting filesystem read-only [ 112.679608][ T5785] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 112.704647][ T5785] NILFS (loop3): discard dirty page: offset=0, ino=2 [ 112.714863][ T5785] NILFS (loop3): discard dirty block: blocknr=14, size=4096 [ 112.738446][ T5785] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 112.761488][ T5785] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 112.793159][ T5785] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 112.828328][ T5785] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 112.849919][ T5785] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 112.874666][ T5785] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 112.901349][ T5785] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 112.924174][ T5785] NILFS (loop3): discard dirty block: blocknr=28, size=4096 [ 112.931511][ T5785] NILFS (loop3): discard dirty page: offset=4096, ino=3 [ 112.984140][ T5785] NILFS (loop3): discard dirty block: blocknr=29, size=4096 [ 113.023970][ T5785] NILFS (loop3): discard dirty page: offset=532480, ino=3 [ 113.043072][ T5785] NILFS (loop3): discard dirty block: blocknr=33, size=4096 [ 113.322697][ T6983] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 113.612523][ T6975] loop1: detected capacity change from 0 to 40427 [ 113.635209][ T6975] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 113.657397][ T6975] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 113.690165][ T6975] F2FS-fs (loop1): build fault injection attr: rate: 17008, type: 0x7ffff [ 113.728231][ T6975] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x6 [ 113.768557][ T6975] F2FS-fs (loop1): invalid crc value [ 113.816176][ T6975] F2FS-fs (loop1): Found nat_bits in checkpoint [ 113.953034][ T6975] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 113.975066][ T6975] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 114.053217][ T6975] syz.1.358: attempt to access beyond end of device [ 114.053217][ T6975] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 114.091876][ T27] audit: type=1326 audit(1752878845.871:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6995 comm="syz.3.372" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6c2678e9a9 code=0x0 [ 114.116143][ T5781] syz-executor: attempt to access beyond end of device [ 114.116143][ T5781] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 114.145303][ T5781] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 114.178754][ T5781] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 115.614186][ T787] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 115.741115][ T7015] loop0: detected capacity change from 0 to 40427 [ 115.754578][ T7015] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 115.766307][ T7015] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 115.811233][ T7015] F2FS-fs (loop0): Found nat_bits in checkpoint [ 115.818132][ T787] usb 2-1: Using ep0 maxpacket: 16 [ 115.842055][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.868836][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.897317][ T787] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 115.923180][ T787] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 115.939970][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.964720][ T787] usb 2-1: config 0 descriptor?? [ 115.978486][ T7015] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 115.990738][ T7015] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 116.081287][ T7035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.388'. [ 116.268050][ T7037] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input12 [ 116.399646][ T787] microsoft 0003:045E:07DA.0002: No inputs registered, leaving [ 116.401049][ T5993] kworker/u4:16: attempt to access beyond end of device [ 116.401049][ T5993] loop0: rw=1, sector=45096, nr_sectors = 24 limit=40427 [ 116.444851][ T787] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 116.478056][ T787] microsoft 0003:045E:07DA.0002: no inputs found [ 116.497278][ T787] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway [ 116.597025][ T787] usb 2-1: USB disconnect, device number 6 [ 116.629305][ T7043] fido_id[7043]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 116.732753][ T7047] loop3: detected capacity change from 0 to 1024 [ 116.764256][ T7047] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 116.791860][ T7047] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 116.816645][ T7047] JBD2: no valid journal superblock found [ 116.822431][ T7047] EXT4-fs (loop3): Could not load journal inode [ 116.898089][ T5774] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 117.248668][ T7052] loop3: detected capacity change from 0 to 128 [ 117.275163][ T7052] EXT4-fs: Ignoring removed nobh option [ 117.302535][ T7052] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 117.322579][ T7052] ext4 filesystem being mounted at /91/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 117.475423][ T7052] EXT4-fs: Ignoring sb option on remount [ 117.481141][ T7052] EXT4-fs: Ignoring removed orlov option [ 117.502334][ T7052] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 117.532271][ T7054] loop1: detected capacity change from 0 to 8192 [ 117.549393][ T7052] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 117.569161][ T7054] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 117.588537][ T7052] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro. [ 117.604775][ T7054] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 117.609573][ T7052] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w. [ 117.614600][ T7054] REISERFS (device loop1): using ordered data mode [ 117.629480][ T7054] reiserfs: using flush barriers [ 117.638242][ T7054] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 117.700310][ T7054] REISERFS (device loop1): checking transaction log (loop1) [ 117.724848][ T5785] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 117.736475][ T7054] REISERFS (device loop1): Using r5 hash to sort names [ 117.760468][ T7054] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 117.827007][ T7063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.399'. [ 117.856293][ T7063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.399'. [ 118.507804][ T7082] netlink: 'syz.1.408': attribute type 2 has an invalid length. [ 118.812386][ T7087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.410'. [ 118.829937][ T7073] loop0: detected capacity change from 0 to 32768 [ 118.861615][ T7073] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.403 (7073) [ 118.903414][ T7073] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 118.927294][ T7073] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 118.943063][ T7073] BTRFS info (device loop0): force clearing of disk cache [ 118.950013][ T7071] loop3: detected capacity change from 0 to 32768 [ 118.951524][ T7073] BTRFS info (device loop0): turning on flush-on-commit [ 118.970237][ T7073] BTRFS info (device loop0): enabling ssd optimizations [ 118.993527][ T7073] BTRFS info (device loop0): using spread ssd allocation scheme [ 119.014776][ T7073] BTRFS info (device loop0): enabling auto defrag [ 119.035097][ T7073] BTRFS info (device loop0): max_inline at 0 [ 119.052987][ T7073] BTRFS info (device loop0): enabling disk space caching [ 119.053900][ T7071] XFS (loop3): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 119.060305][ T7073] BTRFS info (device loop0): disk space caching is enabled [ 119.246002][ T7071] XFS (loop3): Ending clean mount [ 119.276538][ T7073] BTRFS info (device loop0): auto enabling async discard [ 119.300739][ T7071] XFS (loop3): Quotacheck needed: Please wait. [ 119.314481][ T7073] BTRFS info (device loop0): rebuilding free space tree [ 119.388574][ T7073] BTRFS info (device loop0): disabling free space tree [ 119.424322][ T7073] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 119.437340][ T7071] XFS (loop3): Quotacheck: Done. [ 119.442804][ T7071] XFS (loop3): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 119.484364][ T7073] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 119.581144][ T27] audit: type=1800 audit(1752878851.361:14): pid=7073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.403" name="file0" dev="loop0" ino=258 res=0 errno=0 [ 119.681026][ T5784] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 120.054740][ T7126] loop1: detected capacity change from 0 to 256 [ 120.144674][ T7126] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.206958][ T7126] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 120.256172][ T7126] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb94faefa, utbl_chksum : 0xe619d30d) [ 120.692451][ T7135] sch_tbf: burst 32854 is lower than device lo mtu (65550) ! [ 120.821875][ T7140] Illegal XDP return value 4294967274 on prog (id 52) dev syz_tun, expect packet loss! [ 121.014288][ T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 121.226174][ T8] usb 4-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 121.275061][ T8] usb 4-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.320879][ T8] usb 4-1: config 0 interface 0 has no altsetting 0 [ 121.354751][ T8] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 121.385327][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.435711][ T8] usb 4-1: config 0 descriptor?? [ 121.814831][ T7144] loop1: detected capacity change from 0 to 32768 [ 121.863977][ T8] waltop 0003:172F:0501.0003: collection stack underflow [ 121.888079][ T7144] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.424 (7144) [ 121.929325][ T8] waltop 0003:172F:0501.0003: item 0 1 0 12 parsing failed [ 121.960165][ T8] waltop: probe of 0003:172F:0501.0003 failed with error -22 [ 122.014087][ C1] sched: RT throttling activated [ 122.032641][ T7144] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 122.063111][ T8] usb 4-1: USB disconnect, device number 7 [ 122.100943][ T7144] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 122.147122][ T7144] BTRFS info (device loop1): force clearing of disk cache [ 122.192021][ T7144] BTRFS info (device loop1): turning on flush-on-commit [ 122.232913][ T7144] BTRFS info (device loop1): enabling ssd optimizations [ 122.272014][ T7144] BTRFS info (device loop1): using spread ssd allocation scheme [ 122.319983][ T7144] BTRFS info (device loop1): enabling auto defrag [ 122.354374][ T7144] BTRFS info (device loop1): max_inline at 0 [ 122.367097][ T7146] loop0: detected capacity change from 0 to 32768 [ 122.383837][ T7144] BTRFS info (device loop1): enabling disk space caching [ 122.415730][ T7146] XFS: noikeep mount option is deprecated. [ 122.438005][ T7144] BTRFS info (device loop1): disk space caching is enabled [ 122.511839][ T7146] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 122.731835][ T7144] BTRFS info (device loop1): auto enabling async discard [ 122.810371][ T7144] BTRFS info (device loop1): rebuilding free space tree [ 122.899540][ T7146] XFS (loop0): Ending clean mount [ 122.991705][ T7144] BTRFS info (device loop1): disabling free space tree [ 123.038539][ T7144] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 123.075428][ T7144] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.210476][ T27] audit: type=1800 audit(1752878854.991:15): pid=7144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.424" name="file0" dev="loop1" ino=258 res=0 errno=0 [ 123.250281][ T5781] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 123.315829][ T5784] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 125.309114][ T28] kernel write not supported for file /225/clear_refs (pid: 28 comm: kworker/1:1) [ 125.570217][ T7220] Bluetooth: MGMT ver 1.22 [ 126.224275][ T28] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 126.343233][ T8] IPVS: starting estimator thread 0... [ 126.362044][ T7246] tipc: Started in network mode [ 126.373330][ T7246] tipc: Node identity ac1414aa, cluster identity 4711 [ 126.383433][ T7246] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 126.391420][ T7246] tipc: Enabled bearer , priority 10 [ 126.444327][ T7247] IPVS: using max 34 ests per chain, 81600 per kthread [ 126.452879][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 126.468443][ T28] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 126.485341][ T28] usb 2-1: config 179 has no interface number 0 [ 126.501992][ T28] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 126.516618][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 126.523582][ T8] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 126.525851][ T28] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 126.559381][ T28] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 126.571384][ T28] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 126.587579][ T28] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 126.615085][ T28] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 126.633583][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.654341][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 126.666734][ T7235] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 126.744315][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 126.762577][ T8] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 126.787800][ T8] usb 4-1: config 0 has no interface number 0 [ 126.793953][ T8] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.794361][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 126.848463][ T8] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.875197][ T8] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 126.906367][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.934353][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 126.956731][ T8] usb 4-1: config 0 descriptor?? [ 127.074497][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 127.113939][ T28] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input13 [ 127.214346][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 127.354243][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 127.428881][ T7235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.484624][ T7235] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.496869][ T5820] tipc: Node number set to 2886997162 [ 127.621242][ T8] input: HID 28bd:0071 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0071.0004/input/input14 [ 127.634477][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 127.876712][ T8] input: HID 28bd:0071 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0071.0004/input/input15 [ 127.904365][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 127.912262][ T6121] usb 2-1: USB disconnect, device number 7 [ 127.912278][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 127.927361][ C1] dummy_hcd dummy_hcd.1: timer fired with no URBs pending? [ 127.934884][ T7267] netlink: 'syz.0.468': attribute type 39 has an invalid length. [ 127.961424][ T8] uclogic 0003:28BD:0071.0004: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.3-1/input1 [ 128.022203][ T8] usb 4-1: USB disconnect, device number 8 [ 128.220879][ T7272] fido_id[7272]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 128.364262][ T7276] batadv_slave_1: entered promiscuous mode [ 128.371165][ T7275] batadv_slave_1: left promiscuous mode [ 128.732012][ T7285] loop1: detected capacity change from 0 to 512 [ 128.792347][ T7285] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.474: iget: bad i_size value: 38620345925642 [ 128.946265][ T7285] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.474: couldn't read orphan inode 15 (err -117) [ 128.989142][ T7285] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.129427][ T7285] EXT4-fs error (device loop1): ext4_check_dx_root:2266: inode #2: comm syz.1.474: Corrupt dir, invalid name_len for '.', running e2fsck is recommended [ 129.266061][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.890368][ T7301] loop1: detected capacity change from 0 to 8192 [ 129.916938][ T7301] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 129.986284][ T7301] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 130.008691][ T7301] REISERFS (device loop1): using ordered data mode [ 130.015559][ T7301] reiserfs: using flush barriers [ 130.024270][ T7301] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 130.061644][ T7301] REISERFS (device loop1): checking transaction log (loop1) [ 130.102552][ T7301] REISERFS (device loop1): Using rupasov hash to sort names [ 130.120994][ T7301] REISERFS (device loop1): using 3.5.x disk format [ 130.163744][ T7301] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 130.215573][ T7301] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 130.246096][ T27] audit: type=1326 audit(1752878862.001:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.308549][ T7301] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 130.337999][ T27] audit: type=1326 audit(1752878862.001:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.369197][ T7301] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 130.423801][ T7301] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 130.447842][ T27] audit: type=1326 audit(1752878862.011:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.534470][ T27] audit: type=1326 audit(1752878862.011:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.572347][ T7301] netlink: 16 bytes leftover after parsing attributes in process `syz.1.481'. [ 130.584336][ T27] audit: type=1326 audit(1752878862.011:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.670763][ T27] audit: type=1326 audit(1752878862.011:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.722933][ T27] audit: type=1326 audit(1752878862.011:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.774317][ T27] audit: type=1326 audit(1752878862.071:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.797214][ T27] audit: type=1326 audit(1752878862.071:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 130.894208][ T27] audit: type=1326 audit(1752878862.071:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7311 comm="syz.3.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c2678e9a9 code=0x7ffc0000 [ 131.554276][ C1] net_ratelimit: 3 callbacks suppressed [ 131.554291][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 132.594654][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 132.710445][ T7360] loop1: detected capacity change from 0 to 512 [ 132.780806][ T7360] EXT4-fs (loop1): 1 orphan inode deleted [ 132.792776][ T7360] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.807359][ T5991] EXT4-fs error (device loop1): ext4_release_dquot:6974: comm kworker/u4:15: Failed to release dquot type 1 [ 132.828080][ T7360] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.872264][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.886766][ T988] EXT4-fs error (device loop1): ext4_release_dquot:6974: comm kworker/u4:5: Failed to release dquot type 1 [ 133.000069][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.006963][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.374958][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 133.601541][ T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 133.635320][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 133.642315][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.642357][ T8] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 133.730032][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 133.764193][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.785104][ T7382] syz.2.514 (7382) used greatest stack depth: 19368 bytes left [ 133.792459][ T8] usb 1-1: Product: syz [ 133.809571][ T8] usb 1-1: Manufacturer: syz [ 133.834435][ T8] usb 1-1: SerialNumber: syz [ 134.287379][ T7392] netlink: 'syz.2.520': attribute type 1 has an invalid length. [ 134.304295][ T7392] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.520'. [ 134.464235][ T6121] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 134.674348][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 134.684448][ T6121] usb 4-1: Using ep0 maxpacket: 16 [ 134.699550][ T6121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.725500][ T6121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.752795][ T6121] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 134.799480][ T6121] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 134.832236][ T6121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.861383][ T6121] usb 4-1: config 0 descriptor?? [ 134.890618][ T8] cdc_ncm 1-1:1.0: bind() failure [ 134.935227][ T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 134.942108][ T8] cdc_ncm 1-1:1.1: bind() failure [ 134.961392][ T8] usb 1-1: USB disconnect, device number 7 [ 135.289777][ T6121] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 135.317914][ T6121] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 135.333952][ T6121] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 135.346579][ T6121] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 135.375398][ T6121] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 135.395342][ T6121] input: HID 0955:7214 Haptics as /devices/virtual/input/input16 [ 135.486385][ T7390] netlink: 'syz.3.519': attribute type 2 has an invalid length. [ 135.502952][ T7390] netlink: 244 bytes leftover after parsing attributes in process `syz.3.519'. [ 135.529611][ T6121] shield 0003:0955:7214.0005: Registered Thunderstrike controller [ 135.559608][ T6121] shield 0003:0955:7214.0005: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0 [ 135.677214][ T6128] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 135.701925][ T6121] usb 4-1: USB disconnect, device number 9 [ 135.714334][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 135.732978][ T6128] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 135.808267][ T6128] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 135.856129][ T6128] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 136.754360][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 137.052767][ T7416] loop0: detected capacity change from 0 to 32768 [ 137.104372][ T7416] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.532 (7416) [ 137.158524][ T7416] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 137.174377][ T7416] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 137.183874][ T7416] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 137.210839][ T7416] BTRFS info (device loop0): use zstd compression, level 3 [ 137.223121][ T7416] BTRFS info (device loop0): using free space tree [ 137.287134][ T7416] BTRFS info (device loop0): enabling ssd optimizations [ 137.305103][ T7416] BTRFS info (device loop0): auto enabling async discard [ 137.794279][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 137.858422][ T5784] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 138.500945][ T7470] syzkaller1: entered promiscuous mode [ 138.527563][ T7470] syzkaller1: entered allmulticast mode [ 138.834345][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 138.985034][ T7485] netlink: 'syz.3.552': attribute type 2 has an invalid length. [ 139.874224][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 140.124523][ T6128] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 140.266379][ T7527] loop0: detected capacity change from 0 to 2048 [ 140.312838][ T7527] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.341540][ T6128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.371519][ T6128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.371896][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 140.371907][ T27] audit: type=1800 audit(1752878872.151:29): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.573" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 140.389609][ T6128] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 140.467638][ T6128] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 140.496004][ T6128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.521698][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.533338][ T6128] usb 2-1: config 0 descriptor?? [ 140.737888][ T7536] loop0: detected capacity change from 0 to 2048 [ 140.742843][ T7538] input: syz0 as /devices/virtual/input/input17 [ 140.769922][ T7536] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 140.795710][ T7536] NILFS (loop0): mounting unchecked fs [ 140.828496][ T5774] udevd[5774]: incorrect nilfs2 checksum on /dev/loop0 [ 140.852637][ T7536] NILFS (loop0): recovery complete [ 140.874272][ T7541] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 140.914333][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 140.967544][ T6128] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 141.002110][ T7536] NILFS error (device loop0): nilfs_readdir: zero-length directory entry [ 141.018172][ T6128] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 141.042916][ T7536] Remounting filesystem read-only [ 141.171293][ T5784] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 141.189726][ T5784] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 141.198787][ T5784] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 141.212674][ T5784] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 141.226866][ T5784] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 141.256287][ T5784] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 141.279156][ T5784] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 141.295315][ T5784] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 141.304048][ T5784] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 141.318965][ T5784] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 141.330481][ T5784] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 141.339873][ T5784] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 141.351695][ T5784] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 141.356452][ T8] usb 2-1: USB disconnect, device number 8 [ 141.359116][ T5784] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 141.386404][ T5784] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 141.397189][ T5784] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 141.821216][ T7562] loop0: detected capacity change from 0 to 1024 [ 141.945393][ T7562] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.957959][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 142.183293][ T7570] capability: warning: `syz.1.589' uses deprecated v2 capabilities in a way that may be insecure [ 142.197799][ T7562] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4036: comm syz.0.587: Allocating blocks 465-513 which overlap fs metadata [ 142.291684][ T7561] EXT4-fs (loop0): pa ffff8880779fa740: logic 1, phys. 145, len 23 [ 142.300398][ T7561] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 3 [ 142.339900][ T7572] netlink: 104 bytes leftover after parsing attributes in process `syz.3.590'. [ 142.427650][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.994350][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 143.425259][ T7576] loop0: detected capacity change from 0 to 32768 [ 143.474938][ T7576] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10 [ 143.688415][ T5776] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10 [ 143.837356][ T7603] loop7: detected capacity change from 0 to 7 [ 143.861291][ T7603] Dev loop7: unable to read RDB block 7 [ 143.898861][ T7603] loop7: unable to read partition table [ 143.919486][ T7603] loop7: partition table beyond EOD, truncated [ 143.944435][ T7603] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5) [ 144.034277][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 144.722679][ T7626] loop1: detected capacity change from 0 to 512 [ 144.810420][ T7626] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.613: corrupted in-inode xattr: invalid ea_ino [ 144.874735][ T7626] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.613: couldn't read orphan inode 15 (err -117) [ 144.920360][ T7626] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.996735][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.074221][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 145.140912][ T7638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.618'. [ 145.742283][ T7662] syz.3.626[7662] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.742457][ T7662] syz.3.626[7662] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.804370][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 146.114261][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 146.161432][ T7674] netlink: 84 bytes leftover after parsing attributes in process `syz.0.631'. [ 146.828785][ T7684] loop1: detected capacity change from 0 to 128 [ 147.154219][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 147.335996][ T7698] syzkaller1: entered promiscuous mode [ 147.342255][ T7698] syzkaller1: entered allmulticast mode [ 147.641399][ T7709] netlink: 96 bytes leftover after parsing attributes in process `syz.0.648'. [ 148.056125][ T7720] capability: warning: `syz.3.653' uses 32-bit capabilities (legacy support in use) [ 148.194231][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 148.407909][ T7732] sctp: [Deprecated]: syz.0.658 (pid 7732) Use of struct sctp_assoc_value in delayed_ack socket option. [ 148.407909][ T7732] Use struct sctp_sack_info instead [ 148.530596][ T6121] kernel write not supported for file /media2 (pid: 6121 comm: kworker/0:4) [ 148.642664][ T7736] syzkaller1: entered promiscuous mode [ 148.648511][ T7736] syzkaller1: entered allmulticast mode [ 149.154365][ T786] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 149.234368][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 149.357652][ T786] usb 2-1: Using ep0 maxpacket: 16 [ 149.401757][ T786] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 149.424903][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.432981][ T786] usb 2-1: Product: syz [ 149.448177][ T786] usb 2-1: Manufacturer: syz [ 149.452837][ T786] usb 2-1: SerialNumber: syz [ 149.473426][ T786] usb 2-1: config 0 descriptor?? [ 149.511978][ T7758] loop0: detected capacity change from 0 to 256 [ 149.547806][ T7760] gretap0: entered promiscuous mode [ 149.553799][ T7758] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 149.579639][ T7760] gretap0: left promiscuous mode [ 149.759525][ T7768] loop0: detected capacity change from 0 to 128 [ 149.799574][ T7768] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 149.857579][ T7768] ext4 filesystem being mounted at /160/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 149.925045][ T786] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 149.965584][ T786] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 150.000313][ T5784] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 150.005971][ T786] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 150.023908][ T786] usb 2-1: media controller created [ 150.088442][ T786] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 150.120622][ T7740] dtv5100: wlen = 0, aborting. [ 150.142558][ T7779] netlink: 'syz.2.678': attribute type 11 has an invalid length. [ 150.191372][ T786] zl10353_read_register: readreg error (reg=127, ret==0) [ 150.215040][ T786] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 150.236772][ T786] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 150.272985][ T786] usb 2-1: USB disconnect, device number 9 [ 150.279090][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 150.359173][ T786] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 150.446441][ T7787] loop0: detected capacity change from 0 to 512 [ 150.507900][ T7787] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.523077][ T7787] ext4 filesystem being mounted at /163/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 150.559454][ T27] audit: type=1800 audit(1752878882.341:30): pid=7787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.681" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 150.630387][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.793048][ T7793] input: syz0 as /devices/virtual/input/input18 [ 151.314255][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 151.894483][ T6121] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 152.029188][ T7838] Bluetooth: MGMT ver 1.22 [ 152.084461][ T6121] usb 3-1: Using ep0 maxpacket: 16 [ 152.100202][ T6121] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 152.114352][ T6121] usb 3-1: config 1 has no interface number 0 [ 152.120638][ T6121] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 152.140021][ T6121] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 152.164258][ T6121] usb 3-1: config 1 interface 105 has no altsetting 0 [ 152.180967][ T6121] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 152.190257][ T6121] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.214156][ T6121] usb 3-1: Product: syz [ 152.218736][ T6121] usb 3-1: Manufacturer: syz [ 152.223942][ T6121] usb 3-1: SerialNumber: syz [ 152.248865][ T7821] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 152.254219][ T5820] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 152.265612][ T7842] loop0: detected capacity change from 0 to 4096 [ 152.273437][ T7842] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 152.294197][ T7821] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 152.354245][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 152.365030][ T7842] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 152.379425][ T7842] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 152.408881][ T7842] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 152.418115][ T7842] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 152.438768][ T7842] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 152.449343][ T7842] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 152.454523][ T5820] usb 4-1: Using ep0 maxpacket: 16 [ 152.480374][ T7842] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 152.489717][ T7842] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 152.531797][ T7842] ntfs: volume version 3.1. [ 152.534662][ T5820] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.564225][ T5820] usb 4-1: config 0 interface 0 has no altsetting 0 [ 152.576568][ T5774] udevd[5774]: failed to send result of seq 12180 to main daemon: Connection refused [ 152.586248][ T5820] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 152.605149][ T5820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.636934][ T5820] usb 4-1: config 0 descriptor?? [ 152.728363][ T7821] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 152.746175][ T7821] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 153.012827][ T7853] binder: 7852:7853 ioctl c0306201 2000000003c0 returned -14 [ 153.061470][ T5820] hid (null): report_id 67708416 is invalid [ 153.098902][ T5820] cougar 0003:060B:500A.0007: usage count exceeds max: fixing up report descriptor [ 153.110918][ T5820] cougar 0003:060B:500A.0007: unexpected long global item [ 153.112856][ T7857] loop0: detected capacity change from 0 to 2048 [ 153.119329][ T5820] cougar 0003:060B:500A.0007: parse failed [ 153.137267][ T5820] cougar: probe of 0003:060B:500A.0007 failed with error -22 [ 153.141996][ T7857] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 153.212386][ T7859] syz.1.715 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 153.363328][ T5820] usb 4-1: USB disconnect, device number 10 [ 153.383555][ T6121] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 153.404282][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 153.404624][ T6121] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 153.480867][ T6121] aqc111 3-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 153.509624][ T6121] usb 3-1: USB disconnect, device number 3 [ 153.519347][ T5776] udevd[5776]: failed to send result of seq 12179 to main daemon: Transport endpoint is not connected [ 153.535669][ T6121] aqc111 3-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 153.656270][ T6121] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 153.670205][ T6121] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 153.680833][ T6121] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 153.818342][ T7868] loop0: detected capacity change from 0 to 32768 [ 153.830176][ T7868] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 153.876580][ T7868] XFS (loop0): Ending clean mount [ 153.883366][ T7868] XFS (loop0): Quotacheck needed: Please wait. [ 153.914520][ T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 153.938792][ T7868] XFS (loop0): Quotacheck: Done. [ 154.048676][ T7883] syzkaller1: entered promiscuous mode [ 154.055027][ T7883] syzkaller1: entered allmulticast mode [ 154.064526][ T5784] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 154.117445][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.139883][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.173144][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 154.196835][ T8] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 154.222035][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.264461][ T8] usb 2-1: config 0 descriptor?? [ 154.265487][ C1] sd 0:0:1:0: [sda] tag#6364 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 154.279923][ C1] sd 0:0:1:0: [sda] tag#6364 CDB: Write(6) 0a 00 00 00 05 00 00 00 02 00 00 00 [ 154.434373][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 154.654224][ T28] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 154.688541][ T8] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 154.701597][ T8] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 154.864162][ T28] usb 4-1: Using ep0 maxpacket: 8 [ 154.872843][ T28] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 154.881983][ T28] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.890251][ T28] usb 4-1: Product: syz [ 154.894532][ T28] usb 4-1: Manufacturer: syz [ 154.900266][ T28] usb 4-1: SerialNumber: syz [ 154.911021][ T28] usb 4-1: config 0 descriptor?? [ 154.997812][ T8] usb 2-1: USB disconnect, device number 10 [ 155.129023][ T28] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 155.362952][ T7907] netlink: 'syz.0.733': attribute type 1 has an invalid length. [ 155.474269][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 155.740592][ T7922] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 155.873683][ T27] kauditd_printk_skb: 14 callbacks suppressed [ 155.873696][ T27] audit: type=1326 audit(1752878887.651:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7925 comm="syz.1.742" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f69efd8e9a9 code=0x0 [ 155.957411][ T28] usb write operation failed. (-71) [ 155.967203][ T28] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 155.980884][ T28] dvbdev: DVB: registering new adapter (Terratec H7) [ 155.988679][ T28] usb 4-1: media controller created [ 155.994957][ T28] usb read operation failed. (-71) [ 156.000739][ T28] usb write operation failed. (-71) [ 156.012152][ T28] dvb_usb_az6007: probe of 4-1:0.0 failed with error -5 [ 156.023413][ T28] usb 4-1: USB disconnect, device number 11 [ 156.205064][ T7941] IPVS: length: 91 != 24 [ 156.386784][ T7945] hugetlbfs: Bad value '0x00000000ffffffff' for mount option 'uid' [ 156.386784][ T7945] [ 156.514223][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 156.869443][ T7968] loop0: detected capacity change from 0 to 1024 [ 156.916517][ T7968] hfsplus: invalid xattr key length: 0 [ 156.958516][ T7968] hfsplus: catalog searching failed [ 156.984192][ T6121] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 157.184232][ T6121] usb 3-1: Using ep0 maxpacket: 32 [ 157.196272][ T6121] usb 3-1: config 0 interface 0 has no altsetting 0 [ 157.216439][ T6121] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 157.232986][ T7972] loop1: detected capacity change from 0 to 32768 [ 157.238442][ T6121] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.248789][ T7972] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.763 (7972) [ 157.266888][ T7972] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 157.271644][ T6121] usb 3-1: Product: syz [ 157.277830][ T7972] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 157.290572][ T7972] BTRFS info (device loop1): using free space tree [ 157.306457][ T6121] usb 3-1: Manufacturer: syz [ 157.311274][ T6121] usb 3-1: SerialNumber: syz [ 157.320570][ T6121] usb 3-1: config 0 descriptor?? [ 157.329182][ T7972] BTRFS info (device loop1): enabling ssd optimizations [ 157.336310][ T7972] BTRFS info (device loop1): auto enabling async discard [ 157.362765][ T27] audit: type=1800 audit(1752878889.141:35): pid=7972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.763" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 157.394295][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 157.466406][ T5781] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 157.561506][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 157.601549][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 157.652221][ T8] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 157.668701][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.677423][ T8] usb 1-1: Product: syz [ 157.681644][ T8] usb 1-1: Manufacturer: syz [ 157.704199][ T8] usb 1-1: SerialNumber: syz [ 157.741616][ T8] usb 1-1: config 0 descriptor?? [ 157.764955][ T6121] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 157.861549][ T8006] loop1: detected capacity change from 0 to 2048 [ 157.881785][ T8006] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 157.919970][ T27] audit: type=1800 audit(1752878889.701:36): pid=8006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.769" name="file1" dev="loop1" ino=1415 res=0 errno=0 [ 158.186514][ T8] airspy 1-1:0.0: Board ID: 00 [ 158.191360][ T8] airspy 1-1:0.0: Firmware version: [ 158.412928][ T6121] usb 3-1: USB disconnect, device number 4 [ 158.414327][ T5820] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 158.594286][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 158.607837][ T5820] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 158.616987][ T5820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.627302][ T5820] usb 4-1: config 0 descriptor?? [ 158.798879][ T8] airspy 1-1:0.0: usb_control_msg() failed -71 request 12 [ 158.812333][ T8] airspy 1-1:0.0: Registered as swradio24 [ 158.822193][ T8] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 158.838684][ T8] usb 1-1: USB disconnect, device number 8 [ 159.634233][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 159.656093][ T5820] usb 4-1: Cannot set autoneg [ 159.660991][ T5820] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 159.678599][ T5820] usb 4-1: USB disconnect, device number 12 [ 159.698014][ T8028] loop8: detected capacity change from 0 to 5 [ 160.560177][ T8047] loop0: detected capacity change from 0 to 512 [ 160.684383][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 160.767206][ T8047] EXT4-fs (loop0): Test dummy encryption mode enabled [ 160.796262][ T8047] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.791: corrupted in-inode xattr: invalid ea_ino [ 160.851628][ T8047] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.791: couldn't read orphan inode 15 (err -117) [ 160.895624][ T8047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.067224][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.068915][ T8068] loop1: detected capacity change from 0 to 1764 [ 161.307414][ T5993] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.471999][ T5993] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.621980][ T5993] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.714351][ C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 161.749513][ T5993] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.934527][ T6121] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 162.039282][ T5993] tipc: Disabling bearer [ 162.061503][ T5993] tipc: Left network mode [ 162.074216][ T5783] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 162.083733][ T5783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 162.095962][ T5783] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 162.109852][ T5783] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 162.130176][ T5783] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 162.140055][ T5783] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 162.147288][ T6121] usb 2-1: Using ep0 maxpacket: 8 [ 162.158485][ T6121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 162.189934][ T6121] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 162.199280][ T6121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.211360][ T6121] usb 2-1: config 0 descriptor?? [ 162.234181][ T6128] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 162.424215][ T6128] usb 1-1: Using ep0 maxpacket: 8 [ 162.437073][ T6128] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 162.453804][ T6128] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 162.468572][ T6121] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 162.479127][ T6128] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 162.491408][ T6128] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 162.505877][ T6128] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 162.524305][ T6128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.763401][ T6128] usb 1-1: GET_CAPABILITIES returned 0 [ 162.780565][ T6128] usbtmc 1-1:16.0: can't read capabilities [ 162.788301][ T8083] chnl_net:caif_netlink_parms(): no params data found [ 162.882649][ T6128] usb 2-1: USB disconnect, device number 11 [ 162.973011][ T8083] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.981721][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.992116][ T8083] bridge_slave_0: entered allmulticast mode [ 163.004185][ T8] usb 1-1: USB disconnect, device number 9 [ 163.008937][ T8083] bridge_slave_0: entered promiscuous mode [ 163.018644][ T8083] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.025874][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.033071][ T8083] bridge_slave_1: entered allmulticast mode [ 163.040508][ T8083] bridge_slave_1: entered promiscuous mode [ 163.090732][ T8083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.106733][ T8083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.171390][ T8083] team0: Port device team_slave_0 added [ 163.275983][ T8083] team0: Port device team_slave_1 added [ 163.386513][ T8083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.393532][ T8083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.424151][ T8083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.457216][ T8083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.472706][ T8103] ================================================================== [ 163.474497][ T8083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.480779][ T8103] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80 [ 163.514280][ T8103] Read of size 8 at addr ffff8880593a20e0 by task syz.3.814/8103 [ 163.522027][ T8103] [ 163.524367][ T8103] CPU: 1 PID: 8103 Comm: syz.3.814 Not tainted 6.6.99-syzkaller #0 [ 163.529286][ T8083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.532248][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.532271][ T8103] Call Trace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 163.556075][ T8103] [ 163.559019][ T8103] dump_stack_lvl+0x16c/0x230 [ 163.563705][ T8103] ? __lock_acquire+0x7c80/0x7c80 [ 163.568738][ T8103] ? show_regs_print_info+0x20/0x20 [ 163.573950][ T8103] ? load_image+0x3b0/0x3b0 [ 163.578475][ T8103] ? __virt_addr_valid+0x469/0x540 [ 163.583603][ T8103] print_report+0xac/0x200 [ 163.588031][ T8103] ? __lock_acquire+0xff/0x7c80 [ 163.592896][ T8103] kasan_report+0x117/0x150 [ 163.597418][ T8103] ? __lock_acquire+0xff/0x7c80 [ 163.602320][ T8103] __lock_acquire+0xff/0x7c80 [ 163.607013][ T8103] ? is_bpf_text_address+0x26/0x2a0 [ 163.612232][ T8103] ? arch_stack_walk+0x160/0x190 [ 163.617182][ T8103] ? verify_lock_unused+0x140/0x140 [ 163.622395][ T8103] ? stack_trace_save+0x9c/0xe0 [ 163.627267][ T8103] ? stack_trace_snprint+0xf0/0xf0 [ 163.632395][ T8103] ? __stack_depot_save+0x1f/0x630 [ 163.637528][ T8103] ? do_syscall_64+0x55/0xb0 [ 163.642128][ T8103] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 163.648216][ T8103] lock_acquire+0x197/0x410 [ 163.652722][ T8103] ? super_lock+0x167/0x360 [ 163.657223][ T8103] ? __might_sleep+0xe0/0xe0 [ 163.661831][ T8103] ? __mutex_trylock_common+0x153/0x250 [ 163.667384][ T8103] ? read_lock_is_recursive+0x20/0x20 [ 163.672772][ T8103] ? trace_raw_output_contention_end+0xd0/0xd0 [ 163.678948][ T8103] down_read+0x46/0x2e0 [ 163.683118][ T8103] ? super_lock+0x167/0x360 [ 163.687629][ T8103] super_lock+0x167/0x360 [ 163.691968][ T8103] ? user_get_super+0x180/0x180 [ 163.696829][ T8103] ? mutex_lock_nested+0x20/0x20 [ 163.701785][ T8103] fs_bdev_sync+0xa4/0x170 [ 163.706211][ T8103] ? fs_bdev_mark_dead+0x1f0/0x1f0 [ 163.711432][ T8103] blkdev_common_ioctl+0x880/0x23d0 [ 163.716651][ T8103] ? tomoyo_path_number_perm+0x4dc/0x590 [ 163.722281][ T8106] netlink: 260 bytes leftover after parsing attributes in process `syz.1.815'. [ 163.731200][ T8103] ? blkdev_bszset+0x1f0/0x1f0 [ 163.731228][ T8103] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 163.731266][ T8103] blkdev_ioctl+0x4eb/0x6f0 [ 163.731287][ T8103] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 163.731309][ T8103] ? bpf_lsm_file_ioctl+0x9/0x10 [ 163.731327][ T8103] ? security_file_ioctl+0x80/0xa0 [ 163.731349][ T8103] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 163.731371][ T8103] __se_sys_ioctl+0xfd/0x170 [ 163.731393][ T8103] do_syscall_64+0x55/0xb0 [ 163.731413][ T8103] ? clear_bhb_loop+0x40/0x90 [ 163.731437][ T8103] ? clear_bhb_loop+0x40/0x90 [ 163.731452][ T8103] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 163.731478][ T8103] RIP: 0033:0x7f6c2678e9a9 [ 163.731504][ T8103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.731520][ T8103] RSP: 002b:00007f6c27638038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.731541][ T8103] RAX: ffffffffffffffda RBX: 00007f6c269b5fa0 RCX: 00007f6c2678e9a9 [ 163.731556][ T8103] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 163.731568][ T8103] RBP: 00007f6c26810d69 R08: 0000000000000000 R09: 0000000000000000 [ 163.731580][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.731592][ T8103] R13: 0000000000000000 R14: 00007f6c269b5fa0 R15: 00007ffce675cda8 [ 163.731613][ T8103] [ 163.731620][ T8103] [ 163.731628][ T8103] Allocated by task 5993: [ 163.731641][ T8103] kasan_set_track+0x4e/0x70 [ 163.731659][ T8103] __kasan_kmalloc+0x8f/0xa0 [ 163.731675][ T8103] __kmalloc_node_track_caller+0xb2/0x230 [ 163.731698][ T8103] kmalloc_reserve+0x117/0x260 [ 163.893012][ T8103] __alloc_skb+0x138/0x2c0 [ 163.897421][ T8103] nsim_dev_trap_report_work+0x293/0xb00 [ 163.903035][ T8103] process_scheduled_works+0xa45/0x15b0 [ 163.908603][ T8103] worker_thread+0xa55/0xfc0 [ 163.913192][ T8103] kthread+0x2fa/0x390 [ 163.917245][ T8103] ret_from_fork+0x48/0x80 [ 163.921643][ T8103] ret_from_fork_asm+0x11/0x20 [ 163.926391][ T8103] [ 163.928705][ T8103] Freed by task 5993: [ 163.932674][ T8103] kasan_set_track+0x4e/0x70 [ 163.937246][ T8103] kasan_save_free_info+0x2e/0x50 [ 163.942252][ T8103] ____kasan_slab_free+0x126/0x1e0 [ 163.947343][ T8103] slab_free_freelist_hook+0x130/0x1b0 [ 163.952784][ T8103] __kmem_cache_free+0xba/0x1f0 [ 163.957620][ T8103] skb_release_data+0x634/0x800 [ 163.962473][ T8103] consume_skb+0xb2/0x110 [ 163.966787][ T8103] nsim_dev_trap_report_work+0x76f/0xb00 [ 163.972415][ T8103] process_scheduled_works+0xa45/0x15b0 [ 163.977941][ T8103] worker_thread+0xa55/0xfc0 [ 163.982508][ T8103] kthread+0x2fa/0x390 [ 163.986554][ T8103] ret_from_fork+0x48/0x80 [ 163.990945][ T8103] ret_from_fork_asm+0x11/0x20 [ 163.995688][ T8103] [ 163.997988][ T8103] Last potentially related work creation: [ 164.003676][ T8103] kasan_save_stack+0x3e/0x60 [ 164.008332][ T8103] __kasan_record_aux_stack+0xaf/0xc0 [ 164.013682][ T8103] insert_work+0x3d/0x310 [ 164.017987][ T8103] __queue_work+0xc39/0x1020 [ 164.022551][ T8103] queue_work_on+0x121/0x1e0 [ 164.027118][ T8103] rcu_core+0xcc4/0x1720 [ 164.031347][ T8103] handle_softirqs+0x280/0x820 [ 164.036099][ T8103] __irq_exit_rcu+0xc7/0x190 [ 164.040665][ T8103] irq_exit_rcu+0x9/0x20 [ 164.044882][ T8103] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 164.050495][ T8103] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 164.056459][ T8103] [ 164.058760][ T8103] Second to last potentially related work creation: [ 164.065316][ T8103] kasan_save_stack+0x3e/0x60 [ 164.069971][ T8103] __kasan_record_aux_stack+0xaf/0xc0 [ 164.075321][ T8103] call_rcu+0x158/0x930 [ 164.079454][ T8103] deactivate_locked_super+0xd3/0x100 [ 164.084809][ T8103] cleanup_mnt+0x429/0x4c0 [ 164.089199][ T8103] task_work_run+0x1ce/0x250 [ 164.093768][ T8103] exit_to_user_mode_loop+0xe6/0x110 [ 164.099029][ T8103] exit_to_user_mode_prepare+0xb1/0x140 [ 164.104553][ T8103] syscall_exit_to_user_mode+0x1a/0x50 [ 164.109994][ T8103] do_syscall_64+0x61/0xb0 [ 164.114409][ T8103] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.120309][ T8103] [ 164.122611][ T8103] The buggy address belongs to the object at ffff8880593a2000 [ 164.122611][ T8103] which belongs to the cache kmalloc-4k of size 4096 [ 164.136645][ T8103] The buggy address is located 224 bytes inside of [ 164.136645][ T8103] freed 4096-byte region [ffff8880593a2000, ffff8880593a3000) [ 164.150509][ T8103] [ 164.152820][ T8103] The buggy address belongs to the physical page: [ 164.159214][ T8103] page:ffffea000164e800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x593a0 [ 164.169341][ T8103] head:ffffea000164e800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 164.178249][ T8103] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 164.186231][ T8103] page_type: 0xffffffff() [ 164.190537][ T8103] raw: 00fff00000000840 ffff888017842140 ffffea00007ad000 dead000000000002 [ 164.194422][ T5783] Bluetooth: hci3: command tx timeout [ 164.199117][ T8103] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 164.199128][ T8103] page dumped because: kasan: bad access detected [ 164.199146][ T8103] page_owner tracks the page as allocated [ 164.225447][ T8103] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7071, tgid 7068 (syz.3.404), ts 118977878673, free_ts 118915329693 [ 164.248094][ T8103] post_alloc_hook+0x1cd/0x210 [ 164.252843][ T8103] get_page_from_freelist+0x195c/0x19f0 [ 164.258372][ T8103] __alloc_pages+0x1e3/0x460 [ 164.262945][ T8103] alloc_slab_page+0x5d/0x170 [ 164.267693][ T8103] new_slab+0x87/0x2e0 [ 164.271772][ T8103] ___slab_alloc+0xc6d/0x12f0 [ 164.276434][ T8103] __kmem_cache_alloc_node+0x1a2/0x260 [ 164.281875][ T8103] __kmalloc+0xa4/0x240 [ 164.286011][ T8103] kmem_alloc+0x13a/0x400 [ 164.290315][ T8103] xfs_init_fs_context+0x25/0x450 [ 164.295324][ T8103] alloc_fs_context+0x64b/0x7c0 [ 164.300162][ T8103] do_new_mount+0x10f/0xa40 [ 164.304647][ T8103] __se_sys_mount+0x2da/0x3c0 [ 164.309298][ T8103] do_syscall_64+0x55/0xb0 [ 164.313689][ T8103] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.319565][ T8103] page last free stack trace: [ 164.324227][ T8103] free_unref_page_prepare+0x7ce/0x8e0 [ 164.329674][ T8103] free_unref_page+0x32/0x2e0 [ 164.334333][ T8103] __unfreeze_partials+0x1cf/0x210 [ 164.339430][ T8103] put_cpu_partial+0x17c/0x250 [ 164.344185][ T8103] __slab_free+0x31d/0x410 [ 164.348591][ T8103] qlist_free_all+0x75/0xe0 [ 164.353076][ T8103] kasan_quarantine_reduce+0x143/0x160 [ 164.358522][ T8103] __kasan_slab_alloc+0x22/0x80 [ 164.363348][ T8103] slab_post_alloc_hook+0x6e/0x4d0 [ 164.368453][ T8103] kmem_cache_alloc+0x11e/0x2e0 [ 164.373296][ T8103] mas_alloc_nodes+0x2f8/0x8c0 [ 164.378036][ T8103] mas_preallocate+0xa44/0x1190 [ 164.382864][ T8103] vma_merge+0x1685/0x2110 [ 164.387260][ T8103] mprotect_fixup+0x47f/0xc90 [ 164.391916][ T8103] do_mprotect_pkey+0x76e/0xc30 [ 164.396766][ T8103] __x64_sys_mprotect+0x80/0x90 [ 164.401600][ T8103] [ 164.403901][ T8103] Memory state around the buggy address: [ 164.409511][ T8103] ffff8880593a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.417549][ T8103] ffff8880593a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.425589][ T8103] >ffff8880593a2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.433623][ T8103] ^ [ 164.440804][ T8103] ffff8880593a2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.448855][ T8103] ffff8880593a2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.456892][ T8103] ================================================================== [ 164.465036][ T8103] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 164.472220][ T8103] CPU: 1 PID: 8103 Comm: syz.3.814 Not tainted 6.6.99-syzkaller #0 [ 164.480086][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.490120][ T8103] Call Trace: [ 164.493376][ T8103] [ 164.496289][ T8103] dump_stack_lvl+0x16c/0x230 [ 164.500950][ T8103] ? show_regs_print_info+0x20/0x20 [ 164.506213][ T8103] ? load_image+0x3b0/0x3b0 [ 164.510698][ T8103] panic+0x2c0/0x710 [ 164.514593][ T8103] ? bpf_jit_dump+0xd0/0xd0 [ 164.519100][ T8103] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 164.524976][ T8103] ? _raw_spin_unlock+0x40/0x40 [ 164.529805][ T8103] ? print_memory_metadata+0x314/0x400 [ 164.535243][ T8103] ? __lock_acquire+0xff/0x7c80 [ 164.540071][ T8103] check_panic_on_warn+0x84/0xa0 [ 164.545001][ T8103] ? __lock_acquire+0xff/0x7c80 [ 164.549831][ T8103] end_report+0x6f/0x140 [ 164.554048][ T8103] kasan_report+0x128/0x150 [ 164.558541][ T8103] ? __lock_acquire+0xff/0x7c80 [ 164.563370][ T8103] __lock_acquire+0xff/0x7c80 [ 164.568025][ T8103] ? is_bpf_text_address+0x26/0x2a0 [ 164.573203][ T8103] ? arch_stack_walk+0x160/0x190 [ 164.578120][ T8103] ? verify_lock_unused+0x140/0x140 [ 164.583305][ T8103] ? stack_trace_save+0x9c/0xe0 [ 164.588133][ T8103] ? stack_trace_snprint+0xf0/0xf0 [ 164.593223][ T8103] ? __stack_depot_save+0x1f/0x630 [ 164.598320][ T8103] ? do_syscall_64+0x55/0xb0 [ 164.602904][ T8103] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.608956][ T8103] lock_acquire+0x197/0x410 [ 164.613438][ T8103] ? super_lock+0x167/0x360 [ 164.617920][ T8103] ? __might_sleep+0xe0/0xe0 [ 164.622485][ T8103] ? __mutex_trylock_common+0x153/0x250 [ 164.628009][ T8103] ? read_lock_is_recursive+0x20/0x20 [ 164.633366][ T8103] ? trace_raw_output_contention_end+0xd0/0xd0 [ 164.639510][ T8103] down_read+0x46/0x2e0 [ 164.643649][ T8103] ? super_lock+0x167/0x360 [ 164.648138][ T8103] super_lock+0x167/0x360 [ 164.652448][ T8103] ? user_get_super+0x180/0x180 [ 164.657276][ T8103] ? mutex_lock_nested+0x20/0x20 [ 164.662194][ T8103] fs_bdev_sync+0xa4/0x170 [ 164.666590][ T8103] ? fs_bdev_mark_dead+0x1f0/0x1f0 [ 164.671677][ T8103] blkdev_common_ioctl+0x880/0x23d0 [ 164.676861][ T8103] ? tomoyo_path_number_perm+0x4dc/0x590 [ 164.682476][ T8103] ? blkdev_bszset+0x1f0/0x1f0 [ 164.687221][ T8103] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 164.692679][ T8103] blkdev_ioctl+0x4eb/0x6f0 [ 164.697161][ T8103] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 164.702599][ T8103] ? bpf_lsm_file_ioctl+0x9/0x10 [ 164.707517][ T8103] ? security_file_ioctl+0x80/0xa0 [ 164.712608][ T8103] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 164.718055][ T8103] __se_sys_ioctl+0xfd/0x170 [ 164.722652][ T8103] do_syscall_64+0x55/0xb0 [ 164.727058][ T8103] ? clear_bhb_loop+0x40/0x90 [ 164.731716][ T8103] ? clear_bhb_loop+0x40/0x90 [ 164.736373][ T8103] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.742252][ T8103] RIP: 0033:0x7f6c2678e9a9 [ 164.746652][ T8103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.766246][ T8103] RSP: 002b:00007f6c27638038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.774651][ T8103] RAX: ffffffffffffffda RBX: 00007f6c269b5fa0 RCX: 00007f6c2678e9a9 [ 164.782600][ T8103] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 164.790550][ T8103] RBP: 00007f6c26810d69 R08: 0000000000000000 R09: 0000000000000000 [ 164.798504][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.806459][ T8103] R13: 0000000000000000 R14: 00007f6c269b5fa0 R15: 00007ffce675cda8 [ 164.814415][ T8103] [ 164.817647][ T8103] Kernel Offset: disabled [ 164.821954][ T8103] Rebooting in 86400 seconds..