last executing test programs: 6.382660603s ago: executing program 1 (id=749): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x46, 0xb6, 0x37, 0x20, 0x572, 0xd811, 0xd134, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x0, 0x0, 0x82, 0x94, 0x16}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8) 3.281687023s ago: executing program 3 (id=773): syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x17, 0x94, 0x3e, 0x10, 0x7af, 0x4, 0x12b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xd, 0x0, 0x0, 0x7, [{{0x9, 0x4, 0x87, 0x4, 0x0, 0x77, 0xc6, 0x67, 0x8}}]}}]}}, 0x0) 3.018496549s ago: executing program 2 (id=775): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, 0x0, 0x0, 0x8000000, 0xd66}}) 2.998470732s ago: executing program 2 (id=776): sched_setscheduler(0x0, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_open_procfs$namespace(r2, &(0x7f0000000180)='ns/cgroup\x00') 1.978251645s ago: executing program 2 (id=777): syz_usb_connect(0x2, 0x3f, &(0x7f0000000140)={{0x12, 0x1, 0x250, 0x38, 0xe2, 0xaa, 0x8, 0x2b73, 0x17, 0xa20e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x2, 0xdb, 0x4, 0x80, 0xe6, [{{0x9, 0x4, 0x0, 0x4, 0x0, 0xff, 0x9e, 0x4d, 0x5}}, {{0x9, 0x4, 0x0, 0x2, 0x2, 0xe2, 0xa5, 0xc6, 0xa, [], [{{0x9, 0x5, 0x4, 0x4, 0x8, 0x9, 0x2, 0x9}}, {{0x9, 0x5, 0x5, 0x0, 0x10, 0x10, 0xf8, 0x7}}]}}]}}]}}, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x6, 0xf1, &(0x7f0000000180)={{0x12, 0x1, 0x300, 0x72, 0x11, 0xb8, 0x40, 0xc52, 0x2433, 0xe1d1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdf, 0x2, 0xa9, 0x4, 0xe0, 0x5, [{{0x9, 0x4, 0x65, 0x4, 0x2, 0xd1, 0x28, 0x44, 0x7, [@generic={0x7f, 0xd, "2e65dd9c04f6b548eacb3a5809dd103bcc39d769b8b3c1f0cab67c11e4dbe089e59bfaf2eedb59385bb4a686ab624cd256663dc34d1dbce6102e3a2b0dc36ac11acbc265169b8eea08b57137e5227432502b7e8c60ece245c20bdfb7bd58e83e472f9d79a5026797c91c499db113db5584ee18be340a9157f4b94d634c"}, @cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, "ef"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x4, 0x3, 0x9}, {0x6, 0x24, 0x1a, 0x8aea, 0x2}, [@network_terminal={0x7, 0x24, 0xa, 0x96, 0x2, 0x8, 0x85}]}], [{{0x9, 0x5, 0x2, 0x1, 0x20, 0x2, 0x6, 0x97, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x8}]}}, {{0x9, 0x5, 0x1, 0x2, 0x20, 0x37, 0x7, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xd3, 0x1}]}}]}}, {{0x9, 0x4, 0x1d, 0x2, 0x0, 0xff, 0xff, 0xff, 0xd}}]}}]}}, &(0x7f0000000bc0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x7, 0x7, 0x7, 0x8, 0x7}, 0x104, &(0x7f0000000900)={0x5, 0xf, 0x104, 0x2, [@ptm_cap={0x3}, @generic={0xfc, 0x10, 0x3, "484aead98fa73331a5473cc1507bdc3bfae55d6f9de6242e0836fcc73ef12a2a835c5b2ae8609fba97b1bbcf0a41e420af4048d0a6cebf1e0b85aaa8f558ce2c0e649d33d6afd4cd670115789c4f87b8f80bf2c2fb1af5dcabfcb38b56f6151ac218ac935194924f5d95486bee0c08115c852861c18db20ed424c227149190fd6e602d6ff91da9a1b16f1f28a1fb65b17d979b23c994bc20241a0e6ead869c904b1f8b9d07c349886e567a003b3264cf89ba5e3c2d843501c29f0219edfe00edbc238c7f68197b73d54616e42d738d30d2c7c4e848647a69b981a26ccedf7ce4abf94eb26ea69f693e8cc10339fa430ee98edb5eeae8c9a234"}]}, 0x5, [{0x4, &(0x7f0000000040)=@lang_id={0x4, 0x3, 0x424}}, {0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2801}}, {0x6, &(0x7f0000000a40)=@string={0x6, 0x3, "04ed2391"}}, {0x4b, &(0x7f0000000a80)=@string={0x4b, 0x3, "76547422671a6545902ae6576dce7318b04e15dcd0c12f07362b251121775703c2b33e169220968105462be518eb151c6a2e5df9d03030991ae7c76a81310c4e7fe9510be2d2aaf5ae"}}, {0x8a, &(0x7f0000000b00)=@string={0x8a, 0x3, "c0c71dd2f8c03d81bb439cdaee18ca1d26d1c2d6b283a504026999c64198869bbae1dfd11dc8ae5635b7d46c408cc61a74cb7a63fefb4c78ee0250005d2c95236074612be8ae2621011c0bc572000aa5e06ae7980cbca960a708b75a7f782818b5631f6abf9c15a4bc5eeac095a3b95250bb5e160883761c439d516de917c1cb8d861e58e7050e97"}}]}) 1.908301449s ago: executing program 1 (id=778): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff00000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20) 1.762658642s ago: executing program 1 (id=779): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000001140)=@abs={0x1, 0x0, 0x4e24}, 0x6e) landlock_create_ruleset(&(0x7f0000000040)={0x420, 0x0, 0x1}, 0x18, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e) 1.748848371s ago: executing program 1 (id=780): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f00004a9000/0x1000)=nil, 0x1000, 0x2000004, 0x30, 0xffffffffffffffff, 0x0) open$dir(&(0x7f00000001c0)='./file0\x00', 0x1901, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x80}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.322574181s ago: executing program 1 (id=783): syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x654, &(0x7f0000000a40)="$eJzs3c9vHGf9B/D3rje2N99+UzdN2hRVitVIgLBI/EMumAsBIeRDhapy4GwlTmNlkxbbRW6FqMvPaw/5A8rBN05I3COVCxe49epjJQSXXjCnRTM7a29tr38Ux2uX1yuafZ6ZZ+Z5Ps9nZ3Z214o2wP+s+Yk0nqSW+YnX1or1zY2Z1ubGzMNuPclIknrS6BSp/avdbn+c3E5nyUvFxqq7Wr9xHi/NvfHJZ5ufdtYa1VLuXz/ouKNZr5aMJxmqypPq785h/Y0e1l1te4ZFwm50EweDdiFJu/SPx50tP/3LM9stPZr7HX3omQ+cA7XOfXOPseRidaEX7wM6d8XOPftcWx90AAAAAHAKnt3KVtZyadBxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHlS/f5/rVrq3fp4at3f/x+utqWqny3Xj7f7k6cVBwAAAAAAAACcoutb2cpaLnXX27Xyb/6vlCtXysf/yztZyWKWczNrWchqVrOcqSRjPR0Nry2sri5PHeHI6X2PnD4k0JGqbJ7MvAEAAAAAAADgS+aXmd/5+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwFtWSoU5TLlW59LPVGktEkw8V+68nfuvXz7MmgAwAAAIBT8OxWtrKWS931dq38zP9C+bl/NO/kUVazlNW0spi75XcBnU/99c2NmdbmxszDYtnb7/f+eawwyh7T+e5h/5GvlXs0cy9L5ZabuZO30srd1MsjC9e68ewf1wdFTLXvVo4Y2d2qLGb+YVXu8f6xJtvPMb9MGSszcmE7I5NVbEU2njs4E8d8dnaPNJX6drBXdo20axJfKOcXq7KYz2/75Xwgdmdiuufse+HgnCdf+9MffnK/9ejB/XsrE2dnSgdbr8qhqmyXj829mZjpycSLX8ZM9DVZZuLq9vp8fpgfZyLjeT3LWcrPspDVLGY8PyhrC9X5XOu55Ptk6vbn1l4/LJLh6gztPFnHi+mV8thLWcqP8lbuZjGvlv+mM5VvZTazmet5hq8e4ZW23ueqb///vsHf+HpVaSb5XVWeDUVen+vJa+9r7ljZ1rtlJ0uXT/5+1PhKVSnG+FVVng27MzHVk4nnD87E78uXlZXWowfL9xfePtpwlz+sKsV19JszdZcozpfLxZNVrn3+7Cjant+3bapsu7LdVt/TdnW7rXOlrve9Uoer93B7e5ou217ct22mbLvW07bf+y0AzryL37g43Px786/Nj5q/bt5vvjb6/ZFvj7w8nAt/vvCdxuTQV+sv1/6Yj/KLnc//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF7fy7nsPFlqtxeVdlXa7/X6fpvNc6f6c2SkO+tIzyaCmPJzkbGT+3+12u9pSOwvxHFxpF0bSfupjNZLs13S9d8sHAzl/BvzCBDx1t1Yfvn1r5d33vrn0cOHNxTcXH83Nzs5Nzs2+OnPr3lJrcbLzOOgogadh56Y/6EgAAAAAAAAAAACAozqZ/zPQTNJ/n/6jj57mVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzan4ijSepZWry5mSxvrkx0yqWbn1nz0aSepLaz5Pax8ntdJaM9XRX6zfO46W5Nz75bPPTnb4a3f3rBx13NOvVkvEkQ1V5Uv3d+a/7q23PsEjYjW7iYND+EwAA//9nMgTf") r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x50007a2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000300), 0x0, 0x0, 0x0) 1.243753844s ago: executing program 4 (id=785): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0) 1.074590817s ago: executing program 3 (id=788): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x36, &(0x7f0000000240)={@multicast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x14, 0x0, @gue={{0x1, 0x0, 0x3, 0x10, 0x0, @void}, "f14979ec8abb5ca4"}}}}}}, 0x0) 1.051133452s ago: executing program 1 (id=789): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000500), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x8000) write$dsp(r0, &(0x7f0000000200)="3a529df598ffb7263c008a006ad2ebe7d88357319d644517bc657731dcbe296dc2e8a1a81cdb8708020098a3e5cfb3b16111e67a4003c274e0099cddf83f650c8827f25fd3228ffd04000000000000000258a4e4a652081b560808328f055491c81e730147c99ae2e8ef94ec783b68a4ffd195f231b694db4d8fe705efaf18a3ddce24479a26c270d8d367b1fa38d38cb64a25561b4c6a4e9f76c59832a0b9739ee15ed044d89d91a23c81eece4eed8a06c46c7f900bcd90ca8123e4982a7a43d85acfd165eafb378a2a206ccf81139ee67a15de4044c46e", 0xffd7) 1.02120376s ago: executing program 4 (id=790): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000001140)=@abs={0x1, 0x0, 0x4e24}, 0x6e) landlock_restrict_self(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e) 851.890625ms ago: executing program 0 (id=791): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000500)=@assoc_value={r2, 0x3ff}, &(0x7f00000001c0)=0x8) 851.162232ms ago: executing program 4 (id=792): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(0xffffffffffffffff, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='ext4_remove_blocks\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r2, r1, 0x0, 0x17, 0xfffffffffffffffe}, 0x16) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r5, 0x0, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) sendmmsg(r7, 0x0, 0x0, 0x2c000011) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000009240)={&(0x7f0000000880)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[], 0xcc}, 0x1, 0x0, 0x0, 0x44000}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=@gettfilter={0x4c, 0x2e, 0x300, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xb, 0xffff}, {0x4, 0xf}, {0xfff1, 0x7}}, [{0x8, 0xb, 0xfff}, {0x8, 0xb, 0x6}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0xc1}, {0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48800}, 0x40000) socket$inet(0x2, 0x2, 0x7f) r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0103000000000000000001"], 0x34}}, 0x0) 835.934247ms ago: executing program 3 (id=793): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b04000000000000000002000000280004802400018009000100686173680000000014000280080002400000001408000140000000000900010073797a30000000000900020073797a320000000014"], 0x7c}}, 0x0) 686.666123ms ago: executing program 3 (id=794): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x804, 0x4) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001bae9ee14d4284d73c826d8bce62cb84c8b765cbac71c46bc4718", @ANYRES16=r1], 0x398}}, 0x0) 682.359186ms ago: executing program 0 (id=795): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f000041c000/0x2000)=nil, 0x2000, 0x8) 590.269743ms ago: executing program 4 (id=796): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r0, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000002c0)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d1d0b90c8997e6917226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb", 0x93}], 0x1}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000a40)="bd2f6aa36cea0e62ac00a4539dd80281164750339fcc3cd1f7bb1b74e98dbbe81e997d4847ee5d06a72e6f1c6b8a873c7ea7760f102483b578526af9775e51b84818d03da7", 0x45}, {&(0x7f0000000740)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669", 0x3b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000b80)="1ee88f78de7d57006d8ffa3f1d92c228a43f6c86558705d98691e6344fa3745cc92c1f80fc01a77c28bb77872fc4", 0x2e}, {&(0x7f0000001bc0)="5c89eeb1aa86c6f680f09cc1c1d4bc5fc6a067d295afd3aa97af3d777b81db48f9ceb270e506af840503c6fbf20760e4cd8df9c220cd0728585229123d5c61507d", 0x41}, {&(0x7f0000000000)="7895517e531a6d009ae7641be4", 0xd}], 0x3}}], 0x3, 0x4) 542.920366ms ago: executing program 2 (id=797): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b040000000000000000020000004c000480240001800b000100736f636b657400001400028008000240000000030800014000000002240001800a000100717565756500000014000280080004401500001006000340001300000900010073797a30000000000900020073797a3200"], 0xa0}}, 0x0) 469.899764ms ago: executing program 3 (id=798): r0 = socket$inet6(0xa, 0x40000080806, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 370.669883ms ago: executing program 0 (id=799): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 365.245594ms ago: executing program 4 (id=800): r0 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0) r1 = socket(0x28, 0x5, 0x0) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r2, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)}}], 0x1, 0x2400c044) close_range(r0, 0xffffffffffffffff, 0x0) 317.526445ms ago: executing program 2 (id=801): r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}) io_uring_enter(r0, 0x7ba2, 0x0, 0x0, 0x0, 0xffffffffffffff80) 284.111995ms ago: executing program 3 (id=802): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x10) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x7151, 0x0) 247.675391ms ago: executing program 0 (id=803): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000001140)=@abs={0x1, 0x0, 0x4e24}, 0x6e) landlock_restrict_self(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e) 204.745416ms ago: executing program 4 (id=804): syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x654, &(0x7f0000000a40)="$eJzs3c9vHGf9B/D3rje2N99+UzdN2hRVitVIgLBI/EMumAsBIeRDhapy4GwlTmNlkxbbRW6FqMvPaw/5A8rBN05I3COVCxe49epjJQSXXjCnRTM7a29tr38Ux2uX1yuafZ6ZZ+Z5Ps9nZ3Z214o2wP+s+Yk0nqSW+YnX1or1zY2Z1ubGzMNuPclIknrS6BSp/avdbn+c3E5nyUvFxqq7Wr9xHi/NvfHJZ5ufdtYa1VLuXz/ouKNZr5aMJxmqypPq785h/Y0e1l1te4ZFwm50EweDdiFJu/SPx50tP/3LM9stPZr7HX3omQ+cA7XOfXOPseRidaEX7wM6d8XOPftcWx90AAAAAHAKnt3KVtZyadBxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHlS/f5/rVrq3fp4at3f/x+utqWqny3Xj7f7k6cVBwAAAAAAAACcoutb2cpaLnXX27Xyb/6vlCtXysf/yztZyWKWczNrWchqVrOcqSRjPR0Nry2sri5PHeHI6X2PnD4k0JGqbJ7MvAEAAAAAAADgS+aXmd/5+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwFtWSoU5TLlW59LPVGktEkw8V+68nfuvXz7MmgAwAAAIBT8OxWtrKWS931dq38zP9C+bl/NO/kUVazlNW0spi75XcBnU/99c2NmdbmxszDYtnb7/f+eawwyh7T+e5h/5GvlXs0cy9L5ZabuZO30srd1MsjC9e68ewf1wdFTLXvVo4Y2d2qLGb+YVXu8f6xJtvPMb9MGSszcmE7I5NVbEU2njs4E8d8dnaPNJX6drBXdo20axJfKOcXq7KYz2/75Xwgdmdiuufse+HgnCdf+9MffnK/9ejB/XsrE2dnSgdbr8qhqmyXj829mZjpycSLX8ZM9DVZZuLq9vp8fpgfZyLjeT3LWcrPspDVLGY8PyhrC9X5XOu55Ptk6vbn1l4/LJLh6gztPFnHi+mV8thLWcqP8lbuZjGvlv+mM5VvZTazmet5hq8e4ZW23ueqb///vsHf+HpVaSb5XVWeDUVen+vJa+9r7ljZ1rtlJ0uXT/5+1PhKVSnG+FVVng27MzHVk4nnD87E78uXlZXWowfL9xfePtpwlz+sKsV19JszdZcozpfLxZNVrn3+7Cjant+3bapsu7LdVt/TdnW7rXOlrve9Uoer93B7e5ou217ct22mbLvW07bf+y0AzryL37g43Px786/Nj5q/bt5vvjb6/ZFvj7w8nAt/vvCdxuTQV+sv1/6Yj/KLnc//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF7fy7nsPFlqtxeVdlXa7/X6fpvNc6f6c2SkO+tIzyaCmPJzkbGT+3+12u9pSOwvxHFxpF0bSfupjNZLs13S9d8sHAzl/BvzCBDx1t1Yfvn1r5d33vrn0cOHNxTcXH83Nzs5Nzs2+OnPr3lJrcbLzOOgogadh56Y/6EgAAAAAAAAAAACAozqZ/zPQTNJ/n/6jj57mVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzan4ijSepZWry5mSxvrkx0yqWbn1nz0aSepLaz5Pax8ntdJaM9XRX6zfO46W5Nz75bPPTnb4a3f3rBx13NOvVkvEkQ1V5Uv3d+a/7q23PsEjYjW7iYND+EwAA//9nMgTf") r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x50007a2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000300), 0x0, 0x0, 0x0) 137.80413ms ago: executing program 0 (id=805): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000500)=@assoc_value={r2, 0x3ff}, &(0x7f00000001c0)=0x8) 74.587128ms ago: executing program 2 (id=806): syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fb505920de0c23003221010203010902120001000600000904"], 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[], 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, 0x0, 0x4000) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) poll(0x0, 0x0, 0x0) 0s ago: executing program 0 (id=807): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x808014, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b048000ecffffff0072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f0378072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd78997da864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4bff1d00"/716], 0x5, 0x55af, &(0x7f0000002080)="$eJzs3M2PE/UbAPBnuizvP37EePDGJMRkN6ENXV6iJ1EhKhFCfDl40m5bmkLb2WxLWTlx8Gg8+J8YTTx59G/woEc9mBgPGhMPJpjOzBIKCALtriyfTzJ9Zp759pnvdyCbPDNJA3hmHU7/+C2JQ7EvIhYi4mAS+X5SbhE3I84UY1+IiCMRUbljS8r87cTuiNgfEYcmxYuaSXnq82Pjo6d+Pf/7N9/t2XXgi6+/39aFA9vqxYjorxX71/tFzDp5uLVQ5hvjbh77J8dlXJuq0c+K/PX2al7hemNzXCOPJzrF+Gzt2nASL/cazUnsdC/n+bVBccHhuLNZZ/KF9EpjPT9utVfz2B1meezcKK67caP423ZjOCrqtMp6H+flYzTajEW+vdEu1rN2NY/NwajMF3WzVntjEsdlLC8XzazXyuex+rh3+b/v7e7g2kY6bq8Pu9kgPVWrv1Srn67W17NWe9Q+WW30W6dPpkud3mRYddRu9M90sqzTa9eaWX85Xeo0m9V6PV06217tNgZpvV47UTtePbVc7h1L37j4ftprpUuT+Fp3cG3U7VXicraeFt9YTldqJ15eTo/W03cvXEovvXPu3IVL73149oOLr1546/Vy0D3TSpdWjq+sVOvHqyv15adu/cP0UdYfd6z/k3LSj7D+pIznp9M//vBktw0KyXZPAODpc0//H3f3/6H/B2buAf1/XHlI/9+/Wh7Pp/+P+/b/len+P2bZ/09aKv3/w/vfyjb0v4vxbPf/c37+AU/k8fr/3TOfBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW+6nxS/fzHcOF8cHyvz/ytRz5XESEZWIuHUfC7F7quZCWWfxH8Yv3jWHb5PIK0yusafc9kfEmXL76//zvgsAAACwc31188hnRbdefJSPAO7q5tmhin/mysGPZlQviYjFw7/MqFpl8vH8jIrl/793xcaMquUPsPbOqFjxyG3XrKr9KwtTYe8dISlCZUunAwAAbInpTuBBXcjNLZkPAAAA8/LpA8++smXzYI7+/PneXBKbrzJvv/LfU4TyheC+qXMAAADAUyjZ7gkAAAAAc5f3/37/DwAAAHa24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/2bmb3MRhKADAL4HAMD8aNJoDzQ6OMUeY5WzhKhyBG1TqBTgDlbroEdpSkbhIaUFCwoEWfZ8Ugx14tiGbZ0sGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC7dVcvp6PQwN0+b0+SYCwAAALDfulpO6zfjpv4ttf9ITb9SvYiIMiL25e69GLRi9lKc6sDnqzdjuI2oI2zbh+n6GhF/0vX4s+tfAQAAAK7Xar6YNNl6U6QlgPtjvjvsdGScQbNoU37/myleERHV+CFTtHJb/M4UrH6++/E/U7R6AetLpmDNklt//71Brk7aeq2X15nM6j+xrpXd9AsAAFxSOxM4kIUAAABwBf5degCcw/vUvtgVu33GtKufNgRHrRoAAADwCRWXHgAAAADQuTr//0jn/xXO/wMAAIDsmvP/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK6Wk5X88Xk0P3ZkXGeN6fJNyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBf25x0FQiAMwmDv+s5k7n9YadDQ2KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN7/7y/+JqXEmmXttLD2PJGunxtapsXduHP1hfP0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCLfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5f982yjcA4I99sZv0+0WEgCIRQEXqAAtN3dLSFSGqiIE/ASlKnRJwKaQZaBVRZYANZe6CYEQICRS2/g+dG6lL2TpkCBITQ9Cd79xzEkhUyJ1LPh/p9fv4fHl/2Yry3HsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDYejtebuZxkj5M9uPi2P3t1YW03txVp+6uP5hJSxo3Kh73U+CV8pNT0/UNBAAAgOMjKfL7iHjY2phL6+Zklv+3inPSnP/bZ/pxkc/vzvs3t1fH85dmivz/l58fvTDoaDLJ+kkbXVzqdc/uHcrYEU1x5D174Blj2cpn116S7A1pvrf2/FYrW8/G1/fuvdvOwhNVjBYAeBJnijoPir+H0rpT58AAODbGSol3kf8nk/WOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAKW2vxvyJuRMTM2OM4tbm9urBfPREPZu6u98vFO3fWy22mTbQiYnGp1z1b4VxGV7Gatz6e7/W6yzduVh2cioh9Xrp9uB9P8uH/5TntiBg6cvrFfdr54BB97WpnT5B/PKPaNZxI53fgyY2hI409C/7OTl8dH4Bed7ldxdI1807qmOBRB8Vn719q8PKXg/eiwl9FAAAcC628pJnow9bGXHqsMRWx891w/v9aKY6hvH/ndv9I/3mR+6fl0YcX75f7Kuf/nYrm9zSYXbn26eyNm7feWLo2f7V7tfvJm+c6b3XOX7pw4dJsdq1kdjGarpgAAADwD7TzUs7/m1N79/9PluL4m/3/cv7/2TedL8p9JQfn/+NHM8vR9nj3r+6RAAAAHEftQfTcq7//1tjnjEa7HZ/Pr6wsd/qPg+fn+o+VDvcJnchLOf9PpuoeFQAAAFCFrbXG0P7/lVIch9z////3L/1YbjPJ/j9AXI+I7pmF670r1U1npFXxReWso3bdMwUAAKAuE3kp7/+3svv/m4NbHpoR8frpiD/y7/DHIfP/5PJXP5T7Kt//f77SWY6e5nR/PbJ6OmJsuu4RAQAA8F82npc02f+1tTH30U8n32+7/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgan8GAAD//0ZZLTI=") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000680)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) chdir(&(0x7f0000002340)='./bus\x00') mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) link(&(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='./file1/file0\x00') syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f00000001c0)=ANY=[@ANYRES16, @ANYRES8, @ANYRESHEX, @ANYRESOCT, @ANYRES8, @ANYRESOCT, @ANYRES64, @ANYRES32, @ANYRES8, @ANYRES8=0x0], 0x1, 0x0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): 121.017328][ T5903] usb 5-1: SerialNumber: syz [ 121.295282][ T5903] usb 5-1: selecting invalid altsetting 0 [ 121.322099][ T5903] usb 5-1: selecting invalid altsetting 0 [ 121.407199][ T6750] loop3: detected capacity change from 0 to 256 [ 121.439760][ T5903] usb 5-1: USB disconnect, device number 5 [ 121.469912][ T6750] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 121.739510][ T6759] netlink: 8 bytes leftover after parsing attributes in process `syz.1.223'. [ 121.940333][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 122.287242][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.306932][ T5868] udevd[5868]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 122.407559][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 122.452217][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.491831][ T6768] netlink: 32 bytes leftover after parsing attributes in process `syz.1.225'. [ 122.514833][ T9] usb 1-1: Product: syz [ 122.519080][ T9] usb 1-1: Manufacturer: syz [ 122.530686][ T9] usb 1-1: SerialNumber: syz [ 122.561202][ T6770] loop4: detected capacity change from 0 to 512 [ 122.603024][ T6770] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent [ 122.951750][ T6782] loop3: detected capacity change from 0 to 512 [ 122.976763][ T6782] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 124.122094][ T6809] loop2: detected capacity change from 0 to 256 [ 124.170289][ T6809] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 124.564366][ T6814] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 124.794000][ T6814] loop3: detected capacity change from 0 to 256 [ 124.950594][ T5903] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 125.484406][ T6814] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 126.318933][ T5903] usb 5-1: unable to get BOS descriptor or descriptor too short [ 126.334472][ T9] cdc_ncm 1-1:1.0: bind() failure [ 126.342704][ T9] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 126.349635][ T9] cdc_ncm 1-1:1.1: bind() failure [ 126.363933][ T5903] usb 5-1: not running at top speed; connect to a high speed hub [ 126.392710][ T9] usb 1-1: USB disconnect, device number 2 [ 126.441980][ T5903] usb 5-1: config 219 has 1 interface, different from the descriptor's value: 2 [ 126.451575][ T5903] usb 5-1: config 219 interface 0 has no altsetting 0 [ 126.459163][ T5903] usb 5-1: config 219 interface 0 has no altsetting 1 [ 126.469051][ T5903] usb 5-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e [ 126.480246][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.491932][ T5903] usb 5-1: Product: syz [ 126.500154][ T5903] usb 5-1: Manufacturer: syz [ 126.508171][ T5903] usb 5-1: SerialNumber: syz [ 126.540445][ T6824] loop3: detected capacity change from 0 to 256 [ 126.592821][ T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 126.755219][ T5903] usb 5-1: selecting invalid altsetting 0 [ 126.762512][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 126.780925][ T5903] usb 5-1: selecting invalid altsetting 0 [ 126.791895][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.853689][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.875875][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 126.889173][ T8] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 126.950709][ T6834] xt_bpf: check failed: parse error [ 127.621669][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.643479][ T8] usb 3-1: config 0 descriptor?? [ 127.693230][ T5903] usb 5-1: USB disconnect, device number 6 [ 127.699618][ T6838] loop3: detected capacity change from 0 to 512 [ 127.731044][ T6838] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 127.807974][ T6838] EXT4-fs (loop3): warning: maximal mount count reached, running e2fsck is recommended [ 127.873719][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 127.876403][ T6838] EXT4-fs error (device loop3): ext4_orphan_get:1388: comm syz.3.249: inode #15: comm syz.3.249: iget: illegal inode # [ 127.879926][ T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 127.906142][ T6848] capability: warning: `syz.1.252' uses deprecated v2 capabilities in a way that may be insecure [ 127.921340][ T8] usb 3-1: USB disconnect, device number 5 [ 127.933397][ T6838] EXT4-fs (loop3): Remounting filesystem read-only [ 127.944066][ T6838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.029654][ T6850] loop4: detected capacity change from 0 to 4096 [ 128.043622][ T6850] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 128.055788][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 128.164765][ T6850] ntfs3(loop4): Failed to initialize $Extend/$Reparse. [ 128.223347][ T6850] ntfs3(loop4): ino=5, "/" directory corrupted [ 128.272337][ T5845] ntfs3(loop4): ino=1a, ntfs_sync_fs failed, -22. [ 128.354634][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.497862][ T6859] loop0: detected capacity change from 0 to 256 [ 129.352815][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 129.619452][ T29] audit: type=1326 audit(1730320117.967:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.643538][ T29] audit: type=1326 audit(1730320117.967:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.667012][ T29] audit: type=1326 audit(1730320117.967:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.691591][ T29] audit: type=1326 audit(1730320117.967:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.692544][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.715181][ T5899] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 129.734312][ T5936] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 129.759785][ T6882] loop3: detected capacity change from 0 to 512 [ 129.762960][ T29] audit: type=1326 audit(1730320117.967:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.768648][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 129.797033][ T29] audit: type=1326 audit(1730320117.967:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.822695][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.825357][ T29] audit: type=1326 audit(1730320117.967:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.835011][ T6882] EXT4-fs error (device loop3): ext4_orphan_get:1388: inode #15: comm syz.3.266: casefold flag without casefold feature [ 129.854712][ T29] audit: type=1326 audit(1730320117.967:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.3.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42b597e719 code=0x7ffc0000 [ 129.897426][ T6882] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.266: couldn't read orphan inode 15 (err -117) [ 129.914308][ T5936] usb 3-1: unable to get BOS descriptor or descriptor too short [ 129.917448][ T8] usb 2-1: Product: syz [ 129.922730][ T5936] usb 3-1: not running at top speed; connect to a high speed hub [ 129.926481][ T8] usb 2-1: Manufacturer: syz [ 129.935728][ T5899] usb 1-1: Using ep0 maxpacket: 8 [ 129.937667][ T5899] usb 1-1: config 0 has no interfaces? [ 129.940440][ T8] usb 2-1: SerialNumber: syz [ 129.945730][ T5899] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 129.945757][ T5899] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.947021][ T5936] usb 3-1: config 219 has 1 interface, different from the descriptor's value: 2 [ 129.973502][ T6882] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.984852][ T5899] usb 1-1: config 0 descriptor?? [ 130.002022][ T5936] usb 3-1: config 219 interface 0 has no altsetting 0 [ 130.009936][ T5936] usb 3-1: config 219 interface 0 has no altsetting 1 [ 130.039358][ T5936] usb 3-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e [ 130.052482][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.060530][ T5936] usb 3-1: Product: syz [ 130.072907][ T5936] usb 3-1: Manufacturer: syz [ 130.077589][ T5936] usb 3-1: SerialNumber: syz [ 130.295582][ T5899] usb 1-1: USB disconnect, device number 3 [ 130.333378][ T5936] usb 3-1: selecting invalid altsetting 0 [ 130.339441][ T5936] usb 3-1: selecting invalid altsetting 0 [ 130.396622][ T5936] usb 3-1: USB disconnect, device number 6 [ 130.627079][ T5868] udevd[5868]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 130.711435][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.892735][ T5936] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 131.002632][ T5903] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 131.092720][ T5936] usb 5-1: Using ep0 maxpacket: 16 [ 131.113924][ T5936] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.141428][ T5936] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.162635][ T5903] usb 4-1: Using ep0 maxpacket: 8 [ 131.171879][ T5936] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 131.177833][ T5903] usb 4-1: config 36 has an invalid interface number: 44 but max is 0 [ 131.190190][ T5936] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 131.231186][ T5903] usb 4-1: config 36 has no interface number 0 [ 131.247669][ T5936] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.247792][ T5903] usb 4-1: config 36 interface 44 has no altsetting 0 [ 131.271017][ T5936] usb 5-1: config 0 descriptor?? [ 131.297865][ T5903] usb 4-1: New USB device found, idVendor=0711, idProduct=0902, bcdDevice=ad.ea [ 131.312011][ T8] cdc_ncm 2-1:1.0: bind() failure [ 131.323889][ T8] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 131.349966][ T8] cdc_ncm 2-1:1.1: bind() failure [ 131.362602][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.380216][ T8] usb 2-1: USB disconnect, device number 2 [ 131.389783][ T5903] usb 4-1: Product: syz [ 131.396373][ T5903] usb 4-1: Manufacturer: syz [ 131.407551][ T5903] usb 4-1: SerialNumber: syz [ 131.497016][ T5936] usbhid 5-1:0.0: can't add hid device: -71 [ 131.517777][ T5936] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 131.565444][ T5936] usb 5-1: USB disconnect, device number 7 [ 131.639734][ T5903] sisusb 4-1:36.44: Invalid USB2VGA device [ 131.652038][ T5903] sisusb 4-1:36.44: probe with driver sisusb failed with error -22 [ 131.671749][ T5903] usb 4-1: USB disconnect, device number 5 [ 132.979484][ T6918] loop1: detected capacity change from 0 to 256 [ 132.998477][ T6918] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 133.172866][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.179481][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.240397][ T6914] loop0: detected capacity change from 0 to 4096 [ 133.280468][ T6914] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 133.968826][ T6914] ntfs3(loop0): ino=0, attr_set_size [ 134.006594][ T6922] ntfs3(loop0): ino=0, attr_set_size [ 134.082770][ T6914] ntfs3(loop0): ino=0, attr_set_size [ 134.096393][ T6914] ntfs3(loop0): no free space to extend mft [ 134.210670][ T6926] bridge0: port 3(erspan0) entered blocking state [ 134.218156][ T6926] bridge0: port 3(erspan0) entered disabled state [ 134.224875][ T6926] erspan0: entered allmulticast mode [ 134.231179][ T6926] erspan0: entered promiscuous mode [ 134.238063][ T6926] bridge0: port 3(erspan0) entered blocking state [ 134.244622][ T6926] bridge0: port 3(erspan0) entered forwarding state [ 134.445580][ T6929] loop0: detected capacity change from 0 to 256 [ 134.576642][ T6929] FAT-fs (loop0): Directory bread(block 64) failed [ 134.592557][ T6929] FAT-fs (loop0): Directory bread(block 65) failed [ 134.613938][ T6929] FAT-fs (loop0): Directory bread(block 66) failed [ 134.692739][ T6929] FAT-fs (loop0): Directory bread(block 67) failed [ 134.790121][ T6934] loop3: detected capacity change from 0 to 4096 [ 134.836968][ T6934] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 134.891346][ T6929] FAT-fs (loop0): Directory bread(block 68) failed [ 134.970717][ T6929] FAT-fs (loop0): Directory bread(block 69) failed [ 135.058642][ T6929] FAT-fs (loop0): Directory bread(block 70) failed [ 135.165445][ T6929] FAT-fs (loop0): Directory bread(block 71) failed [ 135.231079][ T6929] FAT-fs (loop0): Directory bread(block 72) failed [ 135.279439][ T6929] FAT-fs (loop0): Directory bread(block 73) failed [ 135.286434][ T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 135.334650][ T6934] ntfs3(loop3): Failed to load $MFT (-22). [ 135.452782][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 135.470427][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.608220][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 135.625729][ T8] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 135.633060][ T6941] warning: `syz.3.288' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 135.634878][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.361644][ T8] usb 2-1: config 0 descriptor?? [ 137.052703][ T5936] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 137.242779][ T5936] usb 5-1: Using ep0 maxpacket: 16 [ 137.252039][ T5936] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.289872][ T5936] usb 5-1: config 0 has no interfaces? [ 137.310819][ T5936] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=d8.08 [ 137.346426][ T5936] usb 5-1: New USB device strings: Mfr=40, Product=98, SerialNumber=3 [ 137.355253][ T5936] usb 5-1: Product: syz [ 137.359452][ T5936] usb 5-1: Manufacturer: syz [ 137.364225][ T5936] usb 5-1: SerialNumber: syz [ 137.373545][ T5936] usb 5-1: config 0 descriptor?? [ 137.490733][ T6962] loop3: detected capacity change from 0 to 128 [ 137.531453][ T6962] omfs: sysblock size (-58445445) is out of range [ 138.049530][ T6946] loop4: detected capacity change from 0 to 512 [ 138.135569][ T6959] loop2: detected capacity change from 0 to 1024 [ 138.320468][ T6959] hfsplus: extend alloc file! (8192,65536,366) [ 138.422127][ T6964] syz.4.290[6964] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.422493][ T6964] syz.4.290[6964] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.434271][ T6964] syz.4.290[6964] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.342780][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 139.380612][ T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 139.477042][ T8] usb 2-1: USB disconnect, device number 3 [ 139.671814][ T6971] syz.0.296 uses obsolete (PF_INET,SOCK_PACKET) [ 139.860338][ T6975] netlink: 8 bytes leftover after parsing attributes in process `syz.1.298'. [ 140.402978][ T5849] usb 5-1: USB disconnect, device number 8 [ 142.006855][ T6997] loop0: detected capacity change from 0 to 40427 [ 142.042793][ T5936] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 142.129541][ T6997] F2FS-fs (loop0): Found nat_bits in checkpoint [ 142.182538][ T6978] loop2: detected capacity change from 0 to 40427 [ 142.189493][ T6997] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 142.198479][ T6978] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 142.210742][ T6978] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 142.244270][ T6978] F2FS-fs (loop2): invalid crc value [ 142.324567][ T6978] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 142.379972][ T5936] usb 2-1: Using ep0 maxpacket: 16 [ 142.391671][ T5936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.392932][ T5903] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 142.402813][ T5936] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 142.424234][ T5936] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 142.433369][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.444114][ T5936] usb 2-1: config 0 descriptor?? [ 142.457846][ T6978] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 142.465667][ T6978] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 142.602619][ T5903] usb 5-1: Using ep0 maxpacket: 16 [ 142.624261][ T7018] No such timeout policy "syz0" [ 142.641995][ T5903] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 142.681588][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 142.723025][ T5903] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 142.748900][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.763426][ T5903] usb 5-1: Product: syz [ 142.767738][ T5903] usb 5-1: Manufacturer: syz [ 142.777583][ T5903] usb 5-1: SerialNumber: syz [ 143.343739][ T5903] usb 5-1: config 0 descriptor?? [ 143.356404][ T5903] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 143.365849][ T5903] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 143.402527][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 143.552789][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 143.577618][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.595906][ T9] usb 4-1: config 0 has no interfaces? [ 143.607828][ T9] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=d8.08 [ 143.626209][ T9] usb 4-1: New USB device strings: Mfr=40, Product=98, SerialNumber=3 [ 143.640175][ T9] usb 4-1: Product: syz [ 143.648639][ T9] usb 4-1: Manufacturer: syz [ 143.655070][ T9] usb 4-1: SerialNumber: syz [ 143.668101][ T9] usb 4-1: config 0 descriptor?? [ 143.899997][ T6289] syz-executor: attempt to access beyond end of device [ 143.899997][ T6289] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 143.916912][ T7020] loop3: detected capacity change from 0 to 512 [ 143.957151][ T6289] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 143.997403][ T5903] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 144.004696][ T5903] em28xx 5-1:0.0: Config register raw data: 0xb1 [ 144.014580][ T5903] em28xx 5-1:0.0: I2S Audio (3 sample rate(s)) [ 144.032124][ T5903] em28xx 5-1:0.0: No AC97 audio processor [ 144.166032][ T7028] loop2: detected capacity change from 0 to 512 [ 144.207207][ T7028] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent [ 144.439314][ T7031] syz.3.313[7031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.439410][ T7031] syz.3.313[7031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.451287][ T7031] syz.3.313[7031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.011644][ T5903] usb 5-1: USB disconnect, device number 9 [ 145.344438][ T7042] loop4: detected capacity change from 0 to 1024 [ 145.365322][ T5936] usbhid 2-1:0.0: can't add hid device: -71 [ 145.390592][ T7042] macsec0: entered promiscuous mode [ 145.396800][ T5936] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 145.423334][ T5936] usb 2-1: USB disconnect, device number 4 [ 145.448211][ T7042] veth1_macvtap: left promiscuous mode [ 145.513804][ T5859] Bluetooth: hci2: unexpected cc 0x2007 length: 100 > 2 [ 145.534445][ T7042] macsec0 (unregistering): left promiscuous mode [ 145.601324][ T7049] loop1: detected capacity change from 0 to 128 [ 145.975578][ T7056] loop0: detected capacity change from 0 to 64 [ 146.010736][ T7052] loop4: detected capacity change from 0 to 2048 [ 146.112164][ T5936] usb 4-1: USB disconnect, device number 6 [ 146.132697][ T7052] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 146.174064][ T7056] netlink: 104 bytes leftover after parsing attributes in process `syz.0.326'. [ 146.237578][ T5846] FAT-fs (loop1): error, invalid access to FAT (entry 0x000002ff) [ 146.244155][ T6236] udevd[6236]: incorrect nilfs2 checksum on /dev/loop4 [ 146.246633][ T5846] FAT-fs (loop1): Filesystem has been set read-only [ 146.383991][ T7059] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.718394][ T7064] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=18) [ 146.744677][ T7044] loop2: detected capacity change from 0 to 40427 [ 146.783170][ T7044] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 146.789195][ T7066] loop0: detected capacity change from 0 to 1024 [ 146.790940][ T7044] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 146.814051][ T7044] F2FS-fs (loop2): invalid crc value [ 146.851428][ T7044] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 146.855379][ T7064] Remounting filesystem read-only [ 147.020532][ T7044] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 147.043676][ T7044] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 147.083246][ T5845] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 147.239048][ T7072] loop0: detected capacity change from 0 to 512 [ 147.287831][ T7072] EXT4-fs (loop0): blocks per group (95) and clusters per group (32768) inconsistent [ 147.457102][ T7061] loop1: detected capacity change from 0 to 32768 [ 147.492371][ T7058] loop3: detected capacity change from 0 to 40427 [ 148.031904][ T7058] F2FS-fs (loop3): Found nat_bits in checkpoint [ 148.052894][ T7061] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 148.279795][ T7083] loop4: detected capacity change from 0 to 512 [ 148.292731][ T7058] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 148.640335][ T7083] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #15: comm syz.4.333: casefold flag without casefold feature [ 148.729475][ T5846] ocfs2: Unmounting device (7,1) on (node local) [ 148.748605][ T7083] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.333: couldn't read orphan inode 15 (err -117) [ 148.770421][ T7083] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.978060][ T7097] No such timeout policy "syz0" [ 149.091660][ T5936] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 149.245755][ T5845] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.267082][ T5936] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.352693][ T5936] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 149.361808][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.407922][ T5936] usb 1-1: Product: syz [ 149.420859][ T5936] usb 1-1: Manufacturer: syz [ 149.433015][ T5936] usb 1-1: SerialNumber: syz [ 149.552848][ T5859] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 149.563335][ T5859] Bluetooth: hci2: Injecting HCI hardware error event [ 149.581901][ T5859] Bluetooth: hci2: hardware error 0x00 [ 150.440754][ T5849] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 150.672003][ T7108] loop1: detected capacity change from 0 to 4096 [ 150.678560][ T5849] usb 5-1: Using ep0 maxpacket: 16 [ 150.694424][ T5849] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 150.712900][ T5849] usb 5-1: config 0 has no interfaces? [ 150.730666][ T7108] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 150.739951][ T5849] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=d8.08 [ 150.749361][ T5849] usb 5-1: New USB device strings: Mfr=40, Product=98, SerialNumber=3 [ 150.771463][ T5849] usb 5-1: Product: syz [ 150.791332][ T5849] usb 5-1: Manufacturer: syz [ 150.806647][ T5847] syz-executor: attempt to access beyond end of device [ 150.806647][ T5847] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 150.812103][ T5849] usb 5-1: SerialNumber: syz [ 150.846696][ T5847] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 150.849858][ T5849] usb 5-1: config 0 descriptor?? [ 150.939057][ T5936] cdc_ncm 1-1:1.0: bind() failure [ 150.953717][ T7108] ntfs3(loop1): ino=0, attr_set_size [ 150.956301][ T5936] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 150.968726][ T7108] ntfs3(loop1): ino=0, attr_set_size [ 150.988869][ T5936] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 151.019044][ T5936] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 151.087165][ T7103] loop4: detected capacity change from 0 to 512 [ 151.093875][ T5936] usb 1-1: USB disconnect, device number 4 [ 151.354601][ T7116] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 151.420721][ T7118] syz.4.337[7118] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.421193][ T7118] syz.4.337[7118] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.433649][ T7118] syz.4.337[7118] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.498346][ T7116] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -1 [ 151.694182][ T5859] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 152.255464][ T7122] loop3: detected capacity change from 0 to 512 [ 152.271558][ T1147] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.298511][ T7122] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 152.583303][ T47] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 152.636203][ T1147] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.746317][ T47] usb 1-1: config 95 has an invalid interface number: 208 but max is 0 [ 152.771125][ T47] usb 1-1: config 95 has no interface number 0 [ 152.779224][ T1147] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.798268][ T47] usb 1-1: config 95 interface 208 has no altsetting 0 [ 152.844331][ T47] usb 1-1: New USB device found, idVendor=090a, idProduct=1050, bcdDevice= 1.00 [ 152.854705][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.868804][ T47] usb 1-1: Product: syz [ 152.874347][ T47] usb 1-1: Manufacturer: syz [ 152.879620][ T47] usb 1-1: SerialNumber: syz [ 152.931491][ T1147] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.004771][ T5849] usb 5-1: USB disconnect, device number 10 [ 153.084258][ T5857] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 153.125197][ T5857] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 153.154818][ T5857] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 153.181998][ T5857] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 153.192204][ T5857] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 153.201164][ T47] usb-storage 1-1:95.208: USB Mass Storage device detected [ 153.208731][ T5857] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 153.226738][ T7131] loop4: detected capacity change from 0 to 512 [ 153.283763][ T7131] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #15: comm syz.4.347: casefold flag without casefold feature [ 153.365517][ T7131] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.347: couldn't read orphan inode 15 (err -117) [ 153.408760][ T47] usb 1-1: USB disconnect, device number 5 [ 153.425381][ T7131] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.825859][ T7126] loop1: detected capacity change from 0 to 40427 [ 153.863784][ T7126] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 153.870965][ T1147] bridge0: port 4(vlan2) entered disabled state [ 153.871637][ T7126] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 153.903995][ T7126] F2FS-fs (loop1): invalid crc value [ 153.917047][ T7126] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 153.944314][ T1147] erspan0: left allmulticast mode [ 153.983500][ T1147] erspan0: left promiscuous mode [ 153.988691][ T1147] bridge0: port 3(erspan0) entered disabled state [ 154.024304][ T1147] bridge_slave_1: left allmulticast mode [ 154.046720][ T5845] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.069084][ T1147] bridge_slave_1: left promiscuous mode [ 154.097768][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.174184][ T1147] bridge_slave_0: left allmulticast mode [ 154.216256][ T1147] bridge_slave_0: left promiscuous mode [ 154.216280][ T7126] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 154.221976][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.237032][ T7126] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 154.439846][ T1147] ip6gretap0: left allmulticast mode [ 154.445710][ T1147] ip6gretap0: left promiscuous mode [ 155.263812][ T7156] loop3: detected capacity change from 0 to 4096 [ 155.292714][ T5857] Bluetooth: hci6: command tx timeout [ 155.299536][ T7156] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 155.590062][ T7156] ntfs3(loop3): ino=0, attr_set_size [ 155.944007][ T7167] loop3: detected capacity change from 0 to 128 [ 156.011163][ T5859] block nbd4: Receive control failed (result -32) [ 156.012253][ T7162] block nbd4: shutting down sockets [ 156.684196][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.841397][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.860191][ T1147] bond0 (unregistering): Released all slaves [ 156.968141][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.350'. [ 157.000700][ T7150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.024452][ T7177] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 157.062568][ T7150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.084718][ T7150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.129372][ T5847] FAT-fs (loop3): error, invalid access to FAT (entry 0x000002ff) [ 157.140904][ T7150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 157.214610][ T5847] FAT-fs (loop3): Filesystem has been set read-only [ 157.375009][ T5859] Bluetooth: hci6: command tx timeout [ 157.707405][ T7128] chnl_net:caif_netlink_parms(): no params data found [ 157.995190][ T29] audit: type=1326 audit(1730320146.337:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.0.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1970b7e719 code=0x7ffc0000 [ 158.025620][ T29] audit: type=1326 audit(1730320146.377:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.0.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1970b7e719 code=0x7ffc0000 [ 158.075522][ T29] audit: type=1326 audit(1730320146.407:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.0.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f1970b7e719 code=0x7ffc0000 [ 158.126218][ T29] audit: type=1326 audit(1730320146.407:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.0.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1970b7e719 code=0x7ffc0000 [ 158.186089][ T29] audit: type=1326 audit(1730320146.407:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.0.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1970b7e719 code=0x7ffc0000 [ 158.216384][ T29] audit: type=1326 audit(1730320146.427:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.0.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f1970b7e719 code=0x7ffc0000 [ 158.216392][ T7179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.355'. [ 158.348366][ T7204] overlayfs: missing 'lowerdir' [ 158.445277][ T7206] bridge0: port 4(erspan0) entered blocking state [ 158.451936][ T7206] bridge0: port 4(erspan0) entered disabled state [ 158.479046][ T7206] erspan0: entered allmulticast mode [ 158.492067][ T5903] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 158.500408][ T5903] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 158.517975][ T5903] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 158.529861][ T7206] erspan0: entered promiscuous mode [ 158.539274][ T7206] bridge0: port 4(erspan0) entered blocking state [ 158.545880][ T7206] bridge0: port 4(erspan0) entered forwarding state [ 158.681071][ T7128] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.697846][ T7128] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.715996][ T7128] bridge_slave_0: entered allmulticast mode [ 158.735946][ T7128] bridge_slave_0: entered promiscuous mode [ 158.773610][ T7128] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.797703][ T7128] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.815511][ T7128] bridge_slave_1: entered allmulticast mode [ 158.833438][ T7128] bridge_slave_1: entered promiscuous mode [ 158.943247][ T1147] hsr_slave_0: left promiscuous mode [ 158.960823][ T1147] hsr_slave_1: left promiscuous mode [ 158.975609][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 158.997819][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 159.013332][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 159.032278][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 159.071739][ T1147] veth1_macvtap: left promiscuous mode [ 159.092502][ T1147] veth0_macvtap: left promiscuous mode [ 159.112581][ T1147] veth1_vlan: left promiscuous mode [ 159.117937][ T1147] veth0_vlan: left promiscuous mode [ 159.182534][ T5849] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 159.350174][ T5849] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 159.372094][ T7221] loop3: detected capacity change from 0 to 512 [ 159.387016][ T7221] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 159.392448][ T5849] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 159.408377][ T5849] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 159.419203][ T5849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.453286][ T5859] Bluetooth: hci6: command tx timeout [ 159.513883][ T7223] loop4: detected capacity change from 0 to 128 [ 159.758543][ T5900] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 159.917137][ T5900] usb 2-1: Using ep0 maxpacket: 16 [ 159.925539][ T5900] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 160.013240][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 160.058439][ T5849] usb 1-1: language id specifier not provided by device, defaulting to English [ 160.084686][ T5900] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 160.084760][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.084796][ T5900] usb 2-1: Product: syz [ 160.084830][ T5900] usb 2-1: Manufacturer: syz [ 160.084846][ T5900] usb 2-1: SerialNumber: syz [ 160.127085][ T5900] usb 2-1: config 0 descriptor?? [ 160.177524][ T5900] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 160.177576][ T5900] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 160.287089][ T5849] usb 1-1: USB disconnect, device number 6 [ 160.788584][ T5845] FAT-fs (loop4): error, invalid access to FAT (entry 0x000002ff) [ 160.802586][ T5845] FAT-fs (loop4): Filesystem has been set read-only [ 160.837733][ T5900] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 160.845556][ T5900] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 161.175122][ T1147] team0 (unregistering): Port device team_slave_1 removed [ 161.232478][ T47] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 161.279599][ T1147] team0 (unregistering): Port device team_slave_0 removed [ 161.443170][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 161.494423][ T5900] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 161.512043][ T5900] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 161.538527][ T5859] Bluetooth: hci6: command tx timeout [ 161.572730][ T47] usb 5-1: Using ep0 maxpacket: 16 [ 161.711003][ T47] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.905263][ T47] usb 5-1: config 0 has no interfaces? [ 162.132876][ T5900] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 162.139567][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 162.145008][ T5900] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 162.152002][ T5900] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 162.152591][ T47] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=d8.08 [ 162.158958][ T5900] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 162.173252][ T47] usb 5-1: New USB device strings: Mfr=40, Product=98, SerialNumber=3 [ 162.176629][ T8] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 162.204099][ T47] usb 5-1: Product: syz [ 162.204140][ T8] usb 1-1: config 0 has no interface number 0 [ 162.208311][ T47] usb 5-1: Manufacturer: syz [ 162.208332][ T47] usb 5-1: SerialNumber: syz [ 162.223923][ T47] usb 5-1: config 0 descriptor?? [ 162.227064][ T5900] usb 2-1: USB disconnect, device number 5 [ 162.248815][ T8] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 162.259275][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.269785][ T8] usb 1-1: Product: syz [ 162.301781][ T8] usb 1-1: Manufacturer: syz [ 162.306704][ T8] usb 1-1: SerialNumber: syz [ 162.327912][ T8] usb 1-1: config 0 descriptor?? [ 162.338740][ T8] smsc95xx v2.0.0 [ 162.460104][ T7228] loop4: detected capacity change from 0 to 512 [ 162.804123][ T7240] syz.4.371[7240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.804477][ T7240] syz.4.371[7240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.816272][ T7240] syz.4.371[7240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 163.409114][ T8] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 163.431405][ T8] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 163.498175][ T7243] loop1: detected capacity change from 0 to 4096 [ 163.519938][ T7243] ntfs3(loop1): ino=3, Correct links count -> 2. [ 163.533737][ T7128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.545879][ T7128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.593636][ T7238] netlink: 8 bytes leftover after parsing attributes in process `syz.3.375'. [ 163.735681][ T7128] team0: Port device team_slave_0 added [ 163.750483][ T7128] team0: Port device team_slave_1 added [ 163.825300][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.856419][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.921400][ T7128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.982876][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.017933][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.073242][ T7128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.102643][ T47] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 164.180991][ T7128] hsr_slave_0: entered promiscuous mode [ 164.188404][ T7128] hsr_slave_1: entered promiscuous mode [ 164.199769][ T7128] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.208659][ T7128] Cannot create hsr debugfs directory [ 164.252884][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 164.267767][ T47] usb 4-1: config 0 has no interfaces? [ 164.279290][ T47] usb 4-1: New USB device found, idVendor=0df6, idProduct=005b, bcdDevice=bb.35 [ 164.292448][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.310984][ T47] usb 4-1: Product: syz [ 164.321172][ T47] usb 4-1: Manufacturer: syz [ 164.331327][ T47] usb 4-1: SerialNumber: syz [ 164.360905][ T47] usb 4-1: config 0 descriptor?? [ 164.617887][ T7248] team_slave_0: entered promiscuous mode [ 164.624078][ T7248] team_slave_1: entered promiscuous mode [ 164.631809][ T7248] vlan2: entered promiscuous mode [ 164.637721][ T7248] team0: entered promiscuous mode [ 164.646610][ T7248] team0: Device vlan2 is already an upper device of the team interface [ 164.665122][ T9] usb 5-1: USB disconnect, device number 11 [ 164.683497][ T7248] team0: left promiscuous mode [ 164.693251][ T7248] team_slave_0: left promiscuous mode [ 164.698846][ T7248] team_slave_1: left promiscuous mode [ 164.863214][ T7272] loop4: detected capacity change from 0 to 512 [ 164.918651][ T9] usb 4-1: USB disconnect, device number 7 [ 164.931351][ T7272] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent [ 165.716209][ T7284] loop1: detected capacity change from 0 to 128 [ 166.241498][ T7288] loop4: detected capacity change from 0 to 4096 [ 166.342725][ T7288] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 166.352374][ T7128] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 166.427757][ T7128] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 166.497675][ T7128] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 166.501229][ T7128] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 166.580031][ T8] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 166.580189][ T8] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 166.584271][ T8] usb 1-1: USB disconnect, device number 7 [ 166.688403][ T7288] ntfs3(loop4): ino=0, attr_set_size [ 166.817559][ T7294] ntfs3(loop4): ino=0, attr_set_size [ 166.853739][ T7293] TCP: out of memory -- consider tuning tcp_mem [ 166.944111][ T7128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.022351][ T7128] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.040153][ T5846] FAT-fs (loop1): error, invalid access to FAT (entry 0x000002ff) [ 167.064834][ T5846] FAT-fs (loop1): Filesystem has been set read-only [ 167.068167][ T7298] loop0: detected capacity change from 0 to 256 [ 167.093411][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.100631][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.126349][ T7298] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 167.182471][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.189650][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.231704][ T7305] loop1: detected capacity change from 0 to 256 [ 168.529475][ T7305] FAT-fs (loop1): Directory bread(block 64) failed [ 168.536178][ T7305] FAT-fs (loop1): Directory bread(block 65) failed [ 168.711664][ T7305] FAT-fs (loop1): Directory bread(block 66) failed [ 168.740676][ T7305] FAT-fs (loop1): Directory bread(block 67) failed [ 168.802577][ T7305] FAT-fs (loop1): Directory bread(block 68) failed [ 168.809353][ T7305] FAT-fs (loop1): Directory bread(block 69) failed [ 168.834016][ T7305] FAT-fs (loop1): Directory bread(block 70) failed [ 168.840856][ T7305] FAT-fs (loop1): Directory bread(block 71) failed [ 168.848512][ T7305] FAT-fs (loop1): Directory bread(block 72) failed [ 168.855520][ T7305] FAT-fs (loop1): Directory bread(block 73) failed [ 169.167132][ T7320] netlink: 24 bytes leftover after parsing attributes in process `syz.4.390'. [ 169.205464][ T7320] netlink: 32 bytes leftover after parsing attributes in process `syz.4.390'. [ 170.080897][ T7128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.135939][ T7345] loop4: detected capacity change from 0 to 4096 [ 170.162095][ T7345] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 170.266899][ T7345] ntfs3(loop4): ino=0, attr_set_size [ 170.280409][ T7128] veth0_vlan: entered promiscuous mode [ 170.293352][ T7356] loop1: detected capacity change from 0 to 64 [ 170.324516][ T7128] veth1_vlan: entered promiscuous mode [ 170.571267][ T7128] veth0_macvtap: entered promiscuous mode [ 170.913632][ T7128] veth1_macvtap: entered promiscuous mode [ 171.220151][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.321969][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.335267][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.345838][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.355880][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.370677][ T7370] loop4: detected capacity change from 0 to 256 [ 171.380152][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.405141][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.409145][ T7370] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 171.471771][ T7375] bridge0: port 4(erspan0) entered disabled state [ 171.478477][ T7375] bridge0: port 3(vlan0) entered disabled state [ 171.484959][ T7375] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.492471][ T7375] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.660882][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.677988][ T7373] loop0: detected capacity change from 0 to 4096 [ 171.695367][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.739574][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.757317][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.801325][ T7128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.358236][ T7128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.427376][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.505154][ T7128] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.518512][ T7128] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.528595][ T7128] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.537514][ T7128] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.740922][ T7388] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 172.786886][ T29] audit: type=1800 audit(1730320161.137:45): pid=7373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.404" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 172.873561][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.874299][ T7373] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 172.881405][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.914807][ T7373] Remounting filesystem read-only [ 173.025042][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.073028][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.101310][ T6289] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 173.448791][ T7410] loop0: detected capacity change from 0 to 4096 [ 173.480322][ T7410] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 173.594970][ T7410] ntfs3(loop0): ino=0, attr_set_size [ 173.642586][ T5899] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 173.992506][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 174.047017][ T5899] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.220921][ T5899] usb 4-1: config 0 has no interfaces? [ 174.416996][ T5899] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=d8.08 [ 174.559998][ T5899] usb 4-1: New USB device strings: Mfr=40, Product=98, SerialNumber=3 [ 174.605025][ T5899] usb 4-1: Product: syz [ 174.646749][ T5899] usb 4-1: Manufacturer: syz [ 174.679341][ T5899] usb 4-1: SerialNumber: syz [ 174.708356][ T5899] usb 4-1: config 0 descriptor?? [ 174.796124][ T7437] loop2: detected capacity change from 0 to 512 [ 174.860025][ T7437] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.416: casefold flag without casefold feature [ 174.889688][ T7434] loop1: detected capacity change from 0 to 4096 [ 174.899984][ T7437] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.416: couldn't read orphan inode 15 (err -117) [ 174.914612][ T7434] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 174.939505][ T7437] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.961171][ T7413] loop3: detected capacity change from 0 to 512 [ 175.018077][ T7434] ntfs3(loop1): ino=0, attr_set_size [ 175.073451][ T7434] ntfs3(loop1): ino=0, attr_set_size [ 175.403375][ T7453] syz.3.412[7453] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 175.403466][ T7453] syz.3.412[7453] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 175.416169][ T7453] syz.3.412[7453] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 176.255613][ T7128] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.302568][ T8] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 176.473922][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.498669][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 176.522862][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.530922][ T8] usb 5-1: Product: syz [ 176.553074][ T8] usb 5-1: Manufacturer: syz [ 176.559102][ T8] usb 5-1: SerialNumber: syz [ 176.792607][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 176.953159][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 176.974096][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.012517][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.026245][ T9] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 177.036103][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.053973][ T9] usb 1-1: config 0 descriptor?? [ 177.188625][ T5903] usb 4-1: USB disconnect, device number 8 [ 177.414328][ T7500] loop3: detected capacity change from 0 to 1024 [ 177.429122][ T7500] EXT4-fs: Ignoring removed oldalloc option [ 177.448174][ T7502] loop1: detected capacity change from 0 to 256 [ 177.493629][ T7500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.563949][ T7502] FAT-fs (loop1): Directory bread(block 64) failed [ 177.586152][ T7502] FAT-fs (loop1): Directory bread(block 65) failed [ 177.598689][ T8] cdc_ncm 5-1:1.0: failed to get mac address [ 177.612678][ T7502] FAT-fs (loop1): Directory bread(block 66) failed [ 177.625085][ T7502] FAT-fs (loop1): Directory bread(block 67) failed [ 177.625782][ T8] cdc_ncm 5-1:1.0: bind() failure [ 177.635372][ T7502] FAT-fs (loop1): Directory bread(block 68) failed [ 177.644202][ T7502] FAT-fs (loop1): Directory bread(block 69) failed [ 177.659795][ T7502] FAT-fs (loop1): Directory bread(block 70) failed [ 177.661649][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.667086][ T7502] FAT-fs (loop1): Directory bread(block 71) failed [ 177.683937][ T7502] FAT-fs (loop1): Directory bread(block 72) failed [ 177.690514][ T7502] FAT-fs (loop1): Directory bread(block 73) failed [ 177.699157][ T9] ft260 0003:0403:6030.0003: failed to retrieve chip version [ 177.729182][ T9] ft260 0003:0403:6030.0003: probe with driver ft260 failed with error -71 [ 177.761188][ T8] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 177.773224][ T9] usb 1-1: USB disconnect, device number 8 [ 177.781916][ T8] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 177.802103][ T8] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 177.840182][ T8] usb 5-1: USB disconnect, device number 12 [ 177.879711][ T7507] loop2: detected capacity change from 0 to 512 [ 177.951716][ T7507] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.433: casefold flag without casefold feature [ 177.975211][ T7507] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.433: couldn't read orphan inode 15 (err -117) [ 178.339959][ T7507] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.898010][ T7522] loop0: detected capacity change from 0 to 64 [ 178.957588][ T7524] loop4: detected capacity change from 0 to 2239 [ 179.026488][ T7524] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1fffff [ 179.046109][ T7522] netlink: 104 bytes leftover after parsing attributes in process `syz.0.436'. [ 179.074416][ T7524] syz.4.437: attempt to access beyond end of device [ 179.074416][ T7524] loop4: rw=12288, sector=4096, nr_sectors = 8 limit=2239 [ 179.107105][ T7524] syz.4.437: attempt to access beyond end of device [ 179.107105][ T7524] loop4: rw=12288, sector=8192, nr_sectors = 8 limit=2239 [ 179.139852][ T7524] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 179.365471][ T7128] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.482654][ T5849] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 179.489745][ T7545] loop2: detected capacity change from 0 to 256 [ 179.566695][ T7545] FAT-fs (loop2): Directory bread(block 64) failed [ 179.588748][ T7545] FAT-fs (loop2): Directory bread(block 65) failed [ 179.603785][ T7545] FAT-fs (loop2): Directory bread(block 66) failed [ 179.623448][ T7545] FAT-fs (loop2): Directory bread(block 67) failed [ 179.644328][ T5849] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.653086][ T7545] FAT-fs (loop2): Directory bread(block 68) failed [ 179.661860][ T7545] FAT-fs (loop2): Directory bread(block 69) failed [ 179.677224][ T5849] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 179.699637][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.708233][ T5849] usb 2-1: Product: syz [ 179.718158][ T5849] usb 2-1: Manufacturer: syz [ 179.720027][ T7545] FAT-fs (loop2): Directory bread(block 70) failed [ 179.723346][ T5849] usb 2-1: SerialNumber: syz [ 179.732607][ T7545] FAT-fs (loop2): Directory bread(block 71) failed [ 179.740912][ T7545] FAT-fs (loop2): Directory bread(block 72) failed [ 179.768212][ T7545] FAT-fs (loop2): Directory bread(block 73) failed [ 179.784172][ T7549] loop3: detected capacity change from 0 to 4096 [ 179.816630][ T7553] loop4: detected capacity change from 0 to 4096 [ 179.875674][ T7549] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 179.907435][ T7549] ntfs3(loop3): It is recommened to use chkdsk. [ 180.142822][ T59] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 180.350161][ T59] usb 1-1: config 201 has an invalid interface number: 249 but max is 0 [ 180.362496][ T59] usb 1-1: config 201 has no interface number 0 [ 180.368864][ T59] usb 1-1: config 201 interface 249 has no altsetting 0 [ 180.432195][ T59] usb 1-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 180.458286][ T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.517293][ T59] usb 1-1: Product: syz [ 180.584723][ T59] usb 1-1: Manufacturer: syz [ 180.589460][ T59] usb 1-1: SerialNumber: syz [ 180.634475][ T7557] loop3: detected capacity change from 0 to 64 [ 180.829942][ T7557] netlink: 104 bytes leftover after parsing attributes in process `syz.3.451'. [ 180.866126][ T59] ath6kl: Failed to submit usb control message: -71 [ 180.873178][ T59] ath6kl: unable to send the bmi data to the device: -71 [ 180.880290][ T59] ath6kl: Unable to send get target info: -71 [ 180.963521][ T59] ath6kl: Failed to init ath6kl core: -71 [ 180.971588][ T59] ath6kl_usb 1-1:201.249: probe with driver ath6kl_usb failed with error -71 [ 181.021056][ T59] usb 1-1: USB disconnect, device number 9 [ 181.092953][ T7565] loop3: detected capacity change from 0 to 128 [ 181.178178][ T7569] loop2: detected capacity change from 0 to 512 [ 181.221144][ T7569] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.456: casefold flag without casefold feature [ 181.259429][ T7569] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.456: couldn't read orphan inode 15 (err -117) [ 181.278405][ T7569] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.662575][ T59] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 181.732097][ T7585] loop3: detected capacity change from 0 to 256 [ 181.779110][ T7585] FAT-fs (loop3): Directory bread(block 64) failed [ 181.786176][ T7585] FAT-fs (loop3): Directory bread(block 65) failed [ 181.793084][ T7585] FAT-fs (loop3): Directory bread(block 66) failed [ 181.800026][ T7585] FAT-fs (loop3): Directory bread(block 67) failed [ 181.811632][ T7585] FAT-fs (loop3): Directory bread(block 68) failed [ 181.821029][ T7585] FAT-fs (loop3): Directory bread(block 69) failed [ 181.830499][ T7585] FAT-fs (loop3): Directory bread(block 70) failed [ 181.838428][ T7585] FAT-fs (loop3): Directory bread(block 71) failed [ 181.847375][ T7585] FAT-fs (loop3): Directory bread(block 72) failed [ 181.854282][ T59] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.864687][ T59] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 181.877932][ T7585] FAT-fs (loop3): Directory bread(block 73) failed [ 181.884601][ T59] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 181.902468][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.932509][ T59] usb 5-1: config 0 descriptor?? [ 182.150465][ T7128] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.161418][ T59] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 182.351271][ T7590] loop0: detected capacity change from 0 to 1024 [ 182.361518][ T7590] hfsplus: Bad value for 'session' [ 182.721367][ T7594] loop0: detected capacity change from 0 to 64 [ 182.782767][ T7594] netlink: 104 bytes leftover after parsing attributes in process `syz.0.464'. [ 182.847450][ T5849] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 182.854102][ T5849] cdc_ncm 2-1:1.0: bind() failure [ 182.863214][ T5849] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 182.870056][ T5849] cdc_ncm 2-1:1.1: bind() failure [ 182.889022][ T5849] usb 2-1: USB disconnect, device number 6 [ 182.912088][ T5899] usb 5-1: USB disconnect, device number 13 [ 182.943308][ T7599] loop3: detected capacity change from 0 to 512 [ 182.954351][ T7599] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 183.072263][ T7603] Process accounting resumed [ 183.231185][ T7608] loop2: detected capacity change from 0 to 128 [ 183.977656][ T7629] loop3: detected capacity change from 0 to 256 [ 184.119791][ T7629] FAT-fs (loop3): Directory bread(block 64) failed [ 184.123262][ T7636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.479'. [ 184.135391][ T7629] FAT-fs (loop3): Directory bread(block 65) failed [ 184.142024][ T7629] FAT-fs (loop3): Directory bread(block 66) failed [ 184.178084][ T7629] FAT-fs (loop3): Directory bread(block 67) failed [ 184.192568][ T7629] FAT-fs (loop3): Directory bread(block 68) failed [ 184.199154][ T7629] FAT-fs (loop3): Directory bread(block 69) failed [ 184.212551][ T7629] FAT-fs (loop3): Directory bread(block 70) failed [ 184.219816][ T7629] FAT-fs (loop3): Directory bread(block 71) failed [ 184.232626][ T7629] FAT-fs (loop3): Directory bread(block 72) failed [ 184.239208][ T7629] FAT-fs (loop3): Directory bread(block 73) failed [ 184.252511][ T5849] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 184.618701][ T5849] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.665608][ T5849] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 184.703105][ T5849] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.855099][ T5849] usb 5-1: Product: syz [ 184.859336][ T5849] usb 5-1: Manufacturer: syz [ 184.911291][ T5849] usb 5-1: SerialNumber: syz [ 185.402834][ T7650] process 'syz.0.485' launched './file0' with NULL argv: empty string added [ 185.467483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 185.493230][ T7638] loop2: detected capacity change from 0 to 40427 [ 185.538355][ T7638] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 185.548024][ T7638] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 185.576548][ T7638] F2FS-fs (loop2): invalid crc value [ 185.597199][ T7638] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 185.699160][ T7656] loop3: detected capacity change from 0 to 4096 [ 185.724007][ T7638] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 185.736244][ T7656] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 185.754166][ T7638] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 185.820896][ T7656] ntfs3(loop3): ino=0, attr_set_size [ 185.883885][ T7656] ntfs3(loop3): ino=0, attr_set_size [ 186.399183][ T7649] loop1: detected capacity change from 0 to 40427 [ 186.419722][ T5161] Bluetooth: hci3: command 0x0406 tx timeout [ 186.425968][ T5865] Bluetooth: hci1: command 0x0406 tx timeout [ 186.476513][ T7649] F2FS-fs (loop1): Found nat_bits in checkpoint [ 186.534709][ T7649] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 187.275426][ T7687] loop3: detected capacity change from 0 to 128 [ 187.511320][ T7688] No such timeout policy "syz0" [ 187.598835][ T5849] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 187.605220][ T5849] cdc_ncm 5-1:1.0: bind() failure [ 187.614023][ T5849] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 187.620989][ T5849] cdc_ncm 5-1:1.1: bind() failure [ 187.641742][ T5849] usb 5-1: USB disconnect, device number 14 [ 188.314075][ T7691] loop0: detected capacity change from 0 to 64 [ 188.380089][ T5847] FAT-fs (loop3): error, invalid access to FAT (entry 0x000002ff) [ 188.389093][ T5846] syz-executor: attempt to access beyond end of device [ 188.389093][ T5846] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 188.413149][ T5846] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 188.432824][ T5847] FAT-fs (loop3): Filesystem has been set read-only [ 188.605847][ T7697] loop0: detected capacity change from 0 to 64 [ 188.998114][ T7704] loop0: detected capacity change from 0 to 4096 [ 189.069585][ T7709] loop3: detected capacity change from 0 to 256 [ 189.143871][ T7709] FAT-fs (loop3): Directory bread(block 64) failed [ 189.171681][ T7709] FAT-fs (loop3): Directory bread(block 65) failed [ 189.205588][ T7709] FAT-fs (loop3): Directory bread(block 66) failed [ 189.227104][ T7709] FAT-fs (loop3): Directory bread(block 67) failed [ 189.234127][ T29] audit: type=1326 audit(2000000015.510:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7710 comm="syz.2.498" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf4a77e719 code=0x0 [ 189.268396][ T7712] loop1: detected capacity change from 0 to 1024 [ 189.279095][ T7709] FAT-fs (loop3): Directory bread(block 68) failed [ 189.286573][ T7709] FAT-fs (loop3): Directory bread(block 69) failed [ 189.295261][ T7709] FAT-fs (loop3): Directory bread(block 70) failed [ 189.302953][ T7709] FAT-fs (loop3): Directory bread(block 71) failed [ 189.311302][ T7709] FAT-fs (loop3): Directory bread(block 72) failed [ 189.319104][ T7709] FAT-fs (loop3): Directory bread(block 73) failed [ 189.379477][ T29] audit: type=1804 audit(2000000015.660:47): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.495" name=2F6E6577726F6F742F3131332F6275732F65D059BB2BF4B3A673A2E19C dev="loop1" ino=27 res=1 errno=0 [ 190.078768][ T7719] loop1: detected capacity change from 0 to 4096 [ 190.392285][ T7727] loop2: detected capacity change from 0 to 128 [ 190.471919][ T7715] loop0: detected capacity change from 0 to 40427 [ 190.555783][ T7728] loop3: detected capacity change from 0 to 64 [ 190.607423][ T7724] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 190.731616][ T29] audit: type=1800 audit(2000000016.990:48): pid=7719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.506" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 190.868551][ T7715] F2FS-fs (loop0): Found nat_bits in checkpoint [ 191.063199][ T29] audit: type=1804 audit(2000000017.210:49): pid=7734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.509" name="/newroot/120/bus/file1" dev="loop3" ino=5 res=1 errno=0 [ 191.063239][ T29] audit: type=1804 audit(2000000017.300:50): pid=7728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.509" name="/newroot/120/bus/file1" dev="loop3" ino=5 res=1 errno=0 [ 191.186908][ T7728] syz.3.509: attempt to access beyond end of device [ 191.186908][ T7728] loop3: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 191.187331][ T7728] Buffer I/O error on dev loop3, logical block 512, async page read [ 191.187837][ T7728] syz.3.509: attempt to access beyond end of device [ 191.187837][ T7728] loop3: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 191.187923][ T7728] Buffer I/O error on dev loop3, logical block 56576, async page read [ 191.343532][ T7741] loop1: detected capacity change from 0 to 64 [ 191.352660][ T7715] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 191.891486][ T7749] TCP: out of memory -- consider tuning tcp_mem [ 192.025669][ T7128] FAT-fs (loop2): error, invalid access to FAT (entry 0x000002ff) [ 192.033888][ T7128] FAT-fs (loop2): Filesystem has been set read-only [ 192.391726][ T7758] loop1: detected capacity change from 0 to 4096 [ 192.432699][ T7758] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 192.553859][ T8] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 192.593590][ T7758] ntfs3(loop1): ino=0, attr_set_size [ 192.599725][ T7766] No such timeout policy "syz0" [ 192.705244][ T7758] ntfs3(loop1): ino=0, attr_set_size [ 192.725571][ T8] usb 5-1: unable to get BOS descriptor or descriptor too short [ 192.737648][ T7758] ntfs3(loop1): ino=0, attr_set_size [ 192.756328][ T8] usb 5-1: not running at top speed; connect to a high speed hub [ 192.784258][ T8] usb 5-1: config 219 has 1 interface, different from the descriptor's value: 2 [ 192.819945][ T8] usb 5-1: config 219 interface 0 has no altsetting 0 [ 192.848500][ T8] usb 5-1: config 219 interface 0 has no altsetting 1 [ 192.875178][ T8] usb 5-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e [ 192.907705][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.944128][ T8] usb 5-1: Product: syz [ 192.965254][ T8] usb 5-1: Manufacturer: syz [ 192.981182][ T8] usb 5-1: SerialNumber: syz [ 193.113690][ T7770] loop1: detected capacity change from 0 to 4096 [ 193.146906][ T7771] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 193.178830][ T29] audit: type=1800 audit(2000000019.460:51): pid=7770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.521" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 193.203782][ T7770] NILFS error (device loop1): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 193.229248][ T7770] Remounting filesystem read-only [ 193.269270][ T8] usb 5-1: selecting invalid altsetting 0 [ 193.277060][ T8] usb 5-1: selecting invalid altsetting 0 [ 193.374057][ T8] usb 5-1: USB disconnect, device number 15 [ 193.412899][ T7774] netlink: 4 bytes leftover after parsing attributes in process `syz.2.522'. [ 193.432094][ T5856] udevd[5856]: setting mode of /dev/snd/controlC3 to 020660 failed: No such file or directory [ 193.479511][ T7776] loop3: detected capacity change from 0 to 64 [ 193.486762][ T5856] udevd[5856]: setting owner of /dev/snd/controlC3 to uid=0, gid=29 failed: No such file or directory [ 193.694316][ T7781] TCP: out of memory -- consider tuning tcp_mem [ 194.177633][ T6289] syz-executor: attempt to access beyond end of device [ 194.177633][ T6289] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 194.211226][ T6289] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 194.270554][ T7804] loop2: detected capacity change from 0 to 64 [ 194.352559][ T5903] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 194.524350][ T5903] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 194.552178][ T5903] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 194.559469][ T7810] TCP: out of memory -- consider tuning tcp_mem [ 194.579036][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.585448][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.587188][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.599899][ T5903] usb 4-1: Product: syz [ 194.604267][ T5903] usb 4-1: Manufacturer: syz [ 194.608892][ T5903] usb 4-1: SerialNumber: syz [ 194.830998][ T7784] loop1: detected capacity change from 0 to 40427 [ 194.929007][ T7784] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 195.015028][ T7784] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 195.027289][ T7784] F2FS-fs (loop1): invalid crc value [ 195.045858][ T7820] netlink: 104 bytes leftover after parsing attributes in process `syz.4.543'. [ 195.053452][ T7784] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 195.147521][ T7824] xt_bpf: check failed: parse error [ 195.957019][ T7784] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 196.016216][ T7784] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 196.167811][ T7841] loop2: detected capacity change from 0 to 64 [ 196.308947][ T7835] loop0: detected capacity change from 0 to 40427 [ 196.561671][ T7848] netlink: 'syz.4.550': attribute type 10 has an invalid length. [ 196.585877][ T7848] bridge0: port 3(erspan0) entered disabled state [ 196.592648][ T7848] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.600199][ T7848] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.618240][ T7848] bridge0: port 3(erspan0) entered blocking state [ 196.624913][ T7848] bridge0: port 3(erspan0) entered forwarding state [ 196.631972][ T7848] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.639245][ T7848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.646744][ T7848] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.648193][ T7835] F2FS-fs (loop0): Found nat_bits in checkpoint [ 196.653964][ T7848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.661730][ T7848] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 196.761785][ T7835] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 196.792777][ T5849] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 196.974823][ T5849] usb 3-1: config 0 has an invalid descriptor of length 100, skipping remainder of the config [ 197.000970][ T5849] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 197.026848][ T7851] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.031556][ T5849] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10 [ 197.051236][ T7851] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.062517][ T5849] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64 [ 197.080749][ T7851] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 197.090106][ T5849] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x7A, changing to 0xA [ 197.105020][ T7851] bridge0: port 3(erspan0) entered disabled state [ 197.111782][ T7851] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.114268][ T5849] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 18403, setting to 64 [ 197.119016][ T7851] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.149607][ T7851] bond0 (unregistering): Released all slaves [ 197.168817][ T5849] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 197.210582][ T5849] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 197.220491][ T5849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.238065][ T5849] usb 3-1: Product: syz [ 197.250549][ T5849] usb 3-1: Manufacturer: syz [ 197.261447][ T5849] usb 3-1: SerialNumber: syz [ 197.285523][ T5849] usb 3-1: config 0 descriptor?? [ 197.306588][ T7844] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 197.315333][ T7844] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 197.457065][ T7854] No such timeout policy "syz0" [ 197.975951][ T7856] loop4: detected capacity change from 0 to 512 [ 197.998001][ T5903] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 198.004162][ T5903] cdc_ncm 4-1:1.0: bind() failure [ 198.014141][ T5903] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 198.020978][ T5903] cdc_ncm 4-1:1.1: bind() failure [ 198.032705][ T7856] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent [ 198.041520][ T5903] usb 4-1: USB disconnect, device number 9 [ 198.053765][ T6289] syz-executor: attempt to access beyond end of device [ 198.053765][ T6289] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 198.078282][ T6289] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 199.268503][ T5903] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 199.407136][ T7865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.555'. [ 199.664316][ T5849] rc_core: IR keymap rc-snapstream-firefly not found [ 199.671082][ T5849] Registered IR keymap rc-empty [ 199.685438][ T5849] rc rc0: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 199.778132][ T5849] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input5 [ 199.852632][ T5859] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 199.872892][ T5859] Bluetooth: hci5: Injecting HCI hardware error event [ 199.881158][ T5857] Bluetooth: hci5: hardware error 0x00 [ 199.891843][ T5903] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.914724][ T5849] input: syz syz mouse as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6 [ 200.296677][ T5903] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 200.306877][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.319252][ T7869] loop4: detected capacity change from 0 to 1024 [ 200.325916][ T5903] usb 4-1: Product: syz [ 200.366763][ T5903] usb 4-1: Manufacturer: syz [ 200.371420][ T5903] usb 4-1: SerialNumber: syz [ 200.521910][ T5849] usb 3-1: USB disconnect, device number 7 [ 200.521963][ C1] ati_remote 3-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 201.118992][ T7883] fuse: Unknown parameter '0x0000000000000005' [ 201.302655][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 201.472583][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 201.500844][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.531949][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.553205][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 201.576698][ T9] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 201.592715][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.616140][ T9] usb 2-1: config 0 descriptor?? [ 201.657306][ T7890] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.660123][ T7892] loop2: detected capacity change from 0 to 4096 [ 201.676770][ T7890] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.682628][ T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 201.705981][ T7890] bond0 (unregistering): Released all slaves [ 201.712335][ T7892] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 201.747443][ T7892] ntfs3(loop2): ino=0, attr_set_size [ 201.754563][ T7892] ntfs3(loop2): ino=0, attr_set_size [ 201.767141][ T5903] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 201.774651][ T5903] cdc_ncm 4-1:1.0: setting rx_max = 16384 [ 201.865844][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.909603][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 201.929234][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.950586][ T8] usb 5-1: Product: syz [ 201.959294][ T8] usb 5-1: Manufacturer: syz [ 201.991556][ T8] usb 5-1: SerialNumber: syz [ 202.000585][ T5903] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 202.026713][ T5903] usb 4-1: USB disconnect, device number 10 [ 202.049947][ T5903] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 202.078471][ T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input7 [ 202.092649][ T5857] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 202.158039][ T9] shield 0003:0955:7214.0004: Registered Thunderstrike controller [ 202.185844][ T9] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 202.196896][ T5900] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 202.268956][ T5902] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 202.286901][ T5899] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 202.292894][ T9] usb 2-1: USB disconnect, device number 7 [ 202.300656][ T5902] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 202.320833][ T5902] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 202.338834][ T5902] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 202.354989][ T5900] usb 1-1: Using ep0 maxpacket: 32 [ 202.369533][ T5900] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 202.390838][ T5900] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 202.402202][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 202.417395][ T5900] usb 1-1: Product: syz [ 202.421574][ T5900] usb 1-1: Manufacturer: syz [ 202.426454][ T5900] usb 1-1: SerialNumber: syz [ 202.433209][ T5900] usb 1-1: config 0 descriptor?? [ 202.438825][ T7896] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 202.462533][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 202.469807][ T5899] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 202.482142][ T5899] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 202.493759][ T5899] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 202.504279][ T5899] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 202.519914][ T5899] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 202.549590][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.775131][ T5899] usb 3-1: usb_control_msg returned -32 [ 202.782205][ T7898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.801653][ T5899] usbtmc 3-1:16.0: can't read capabilities [ 202.809131][ T7898] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.865070][ T5899] usb 3-1: USB disconnect, device number 8 [ 202.917729][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 203.094541][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 203.134292][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 203.184173][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 203.199861][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 203.214263][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 203.223759][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.043682][ T9] usb 4-1: config 0 descriptor?? [ 204.288201][ T8] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 204.294515][ T8] cdc_ncm 5-1:1.0: bind() failure [ 204.314413][ T8] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 204.331870][ T8] cdc_ncm 5-1:1.1: bind() failure [ 204.353245][ T8] usb 5-1: USB disconnect, device number 16 [ 204.362618][ T5849] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 204.532714][ T5849] usb 3-1: Using ep0 maxpacket: 32 [ 204.554182][ T5849] usb 3-1: config 0 has an invalid interface number: 9 but max is 0 [ 204.580096][ T5849] usb 3-1: config 0 has no interface number 0 [ 204.592064][ T9] plantronics 0003:047F:FFFF.0005: ignoring exceeding usage max [ 204.605091][ T9] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 204.610870][ T5849] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 204.622953][ T5849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.631043][ T5849] usb 3-1: Product: syz [ 204.635447][ T5849] usb 3-1: Manufacturer: syz [ 204.640076][ T5849] usb 3-1: SerialNumber: syz [ 204.648006][ T5849] usb 3-1: config 0 descriptor?? [ 204.713576][ T7923] netlink: 12 bytes leftover after parsing attributes in process `syz.1.576'. [ 204.747771][ T9] plantronics 0003:047F:FFFF.0005: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 204.849489][ T7902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 205.093988][ T7902] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.316558][ T9] usb 4-1: USB disconnect, device number 11 [ 205.353833][ T5849] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 205.410179][ T7928] netlink: 36 bytes leftover after parsing attributes in process `syz.1.578'. [ 205.473656][ T5903] usb 1-1: USB disconnect, device number 10 [ 205.679478][ T7933] loop0: detected capacity change from 0 to 4096 [ 205.753422][ T7936] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 205.799673][ T7933] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 205.819302][ T7933] Remounting filesystem read-only [ 206.889981][ T7942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.583'. [ 206.903950][ T7951] netlink: 40 bytes leftover after parsing attributes in process `syz.1.585'. [ 207.070555][ T5849] gspca_topro: Sensor cx0342 [ 207.092542][ T5903] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 207.131253][ T7955] loop3: detected capacity change from 0 to 512 [ 207.143511][ T7955] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 207.151480][ T7958] loop0: detected capacity change from 0 to 512 [ 207.155098][ T7959] loop1: detected capacity change from 0 to 64 [ 207.250337][ T8] usb 3-1: USB disconnect, device number 9 [ 207.256512][ T5903] usb 5-1: Using ep0 maxpacket: 16 [ 207.291628][ T5903] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 207.345609][ T7958] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 207.360634][ T5903] usb 5-1: config 0 has no interface number 0 [ 207.369904][ T7958] EXT4-fs (loop0): orphan cleanup on readonly fs [ 207.408187][ T5903] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 207.439954][ T7958] Quota error (device loop0): dq_insert_tree: Quota tree root isn't allocated! [ 207.513983][ T7958] Quota error (device loop0): qtree_write_dquot: Error -5 occurred while creating quota [ 207.859593][ T7958] EXT4-fs error (device loop0): ext4_acquire_dquot:6879: comm syz.0.587: Failed to acquire dquot type 1 [ 208.036137][ T7958] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.587: bg 0: block 40: padding at end of block bitmap is not set [ 208.110396][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.118592][ T5903] usb 5-1: Product: syz [ 208.123265][ T5903] usb 5-1: Manufacturer: syz [ 208.128097][ T5903] usb 5-1: SerialNumber: syz [ 208.135407][ T5903] usb 5-1: config 0 descriptor?? [ 208.146724][ T5903] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 208.194175][ T7958] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 208.221314][ T7958] EXT4-fs (loop0): 1 truncate cleaned up [ 208.292845][ T7958] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 208.440263][ T6289] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.613042][ T5849] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 208.634013][ T5899] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 208.738893][ T7984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'. [ 208.802760][ T5849] usb 2-1: Using ep0 maxpacket: 32 [ 208.811763][ T5899] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 208.833562][ T5899] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 208.845420][ T5849] usb 2-1: unable to get BOS descriptor or descriptor too short [ 208.858504][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.875599][ T5849] usb 2-1: config 253 has an invalid interface number: 93 but max is 0 [ 208.885354][ T5849] usb 2-1: config 253 has no interface number 0 [ 208.891669][ T5849] usb 2-1: config 253 interface 93 has no altsetting 0 [ 208.903427][ T5899] usb 4-1: config 0 descriptor?? [ 208.917534][ T5899] pwc: Askey VC010 type 2 USB webcam detected. [ 208.927226][ T5849] usb 2-1: New USB device found, idVendor=13d8, idProduct=0022, bcdDevice=db.6d [ 208.938094][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.946879][ T5849] usb 2-1: Product: syz [ 208.956252][ T5849] usb 2-1: Manufacturer: syz [ 208.961462][ T5849] usb 2-1: SerialNumber: syz [ 209.030171][ T7966] loop2: detected capacity change from 0 to 40427 [ 209.060765][ T7966] F2FS-fs (loop2): Found nat_bits in checkpoint [ 209.135868][ T5899] pwc: send_video_command error -71 [ 209.154166][ T5899] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 209.154527][ T7966] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 209.170977][ T5899] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 209.403111][ T5903] gspca_spca1528: reg_w err -71 [ 209.407949][ T5849] usb 2-1: selecting invalid altsetting 3 [ 209.408019][ T5849] comedi comedi0: could not set alternate setting 3 in high speed [ 209.408037][ T5849] usbduxsigma 2-1:253.93: driver 'usbduxsigma' failed to auto-configure device. [ 209.410961][ T5899] usb 4-1: USB disconnect, device number 12 [ 209.438295][ T5849] usbduxsigma 2-1:253.93: probe with driver usbduxsigma failed with error -22 [ 209.448096][ T5903] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71 [ 209.452352][ T5849] usb 2-1: USB disconnect, device number 8 [ 209.903794][ T5899] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 209.958622][ T5903] usb 5-1: USB disconnect, device number 17 [ 210.069796][ T7128] syz-executor: attempt to access beyond end of device [ 210.069796][ T7128] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 210.090586][ T7128] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 210.100290][ T5899] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 210.132489][ T5899] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 210.152475][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.194258][ T5899] usb 4-1: config 0 descriptor?? [ 210.208756][ T5899] pwc: Askey VC010 type 2 USB webcam detected. [ 210.215168][ T8002] loop0: detected capacity change from 0 to 64 [ 210.246957][ T8004] Process accounting resumed [ 210.327072][ T8006] loop4: detected capacity change from 0 to 512 [ 210.377694][ T8006] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent [ 211.214377][ T5899] pwc: recv_control_msg error -32 req 02 val 2b00 [ 211.227170][ T5899] pwc: recv_control_msg error -32 req 02 val 2700 [ 211.251547][ T5899] pwc: recv_control_msg error -32 req 02 val 2c00 [ 211.307360][ T5899] pwc: recv_control_msg error -32 req 04 val 1000 [ 211.354907][ T5899] pwc: recv_control_msg error -32 req 04 val 1300 [ 211.382703][ T5899] pwc: recv_control_msg error -32 req 04 val 1400 [ 211.434861][ T5899] pwc: recv_control_msg error -32 req 02 val 2000 [ 211.445957][ T5899] pwc: recv_control_msg error -32 req 02 val 2100 [ 211.459494][ T5899] pwc: recv_control_msg error -32 req 04 val 1500 [ 211.469073][ T5899] pwc: recv_control_msg error -32 req 02 val 2500 [ 211.476303][ T5899] pwc: recv_control_msg error -32 req 02 val 2400 [ 211.484154][ T5899] pwc: recv_control_msg error -32 req 02 val 2600 [ 211.703127][ T5899] pwc: recv_control_msg error -71 req 02 val 2800 [ 211.712363][ T5899] pwc: recv_control_msg error -71 req 04 val 1100 [ 211.722681][ T5899] pwc: recv_control_msg error -71 req 04 val 1200 [ 211.743360][ T5899] pwc: Registered as video103. [ 211.751189][ T5899] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8 [ 211.761382][ T8010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.787205][ T5899] usb 4-1: USB disconnect, device number 13 [ 211.863673][ T8010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 211.894876][ T8010] bond0 (unregistering): Released all slaves [ 211.957566][ T8027] netlink: 40 bytes leftover after parsing attributes in process `syz.2.599'. [ 211.993275][ T5903] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 212.155700][ T5903] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.191205][ T5903] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 212.222570][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.250500][ T5903] usb 5-1: Product: syz [ 212.261455][ T5903] usb 5-1: Manufacturer: syz [ 212.267455][ T5903] usb 5-1: SerialNumber: syz [ 212.321332][ T8045] Process accounting resumed [ 212.383437][ T47] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 212.585924][ T47] usb 3-1: unable to get BOS descriptor or descriptor too short [ 212.599346][ T47] usb 3-1: not running at top speed; connect to a high speed hub [ 212.618916][ T47] usb 3-1: config 219 has 1 interface, different from the descriptor's value: 2 [ 212.630243][ T47] usb 3-1: config 219 interface 0 has no altsetting 0 [ 212.648871][ T47] usb 3-1: config 219 interface 0 has no altsetting 1 [ 212.671834][ T47] usb 3-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e [ 212.683302][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.711911][ T47] usb 3-1: Product: syz [ 212.719073][ T47] usb 3-1: Manufacturer: syz [ 212.728807][ T47] usb 3-1: SerialNumber: syz [ 212.782795][ T5936] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 212.959812][ T5936] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 212.988453][ T5936] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 213.007397][ T47] usb 3-1: selecting invalid altsetting 0 [ 213.030355][ T47] usb 3-1: selecting invalid altsetting 0 [ 213.043098][ T5936] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 213.073211][ T5936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.086653][ T47] usb 3-1: USB disconnect, device number 10 [ 213.138004][ T5936] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 213.177837][ T5936] usb 4-1: invalid MIDI out EP 0 [ 213.251637][ T8064] loop0: detected capacity change from 0 to 8 [ 213.320407][ T8066] netlink: 'syz.1.623': attribute type 10 has an invalid length. [ 213.354786][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 213.380734][ T8066] bridge0: left allmulticast mode [ 213.480760][ T5936] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 213.559501][ T8064] SQUASHFS error: xz decompression failed, data probably corrupt [ 213.568519][ T5936] usb 4-1: USB disconnect, device number 14 [ 213.578861][ T6236] udevd[6236]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 213.622302][ T8064] SQUASHFS error: Failed to read block 0x108: -5 [ 213.670340][ T8064] SQUASHFS error: Unable to read metadata cache entry [106] [ 213.705951][ T8064] SQUASHFS error: Unable to read inode 0x11f [ 214.355970][ T8089] loop3: detected capacity change from 0 to 128 [ 214.829269][ T5903] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 214.835548][ T5903] cdc_ncm 5-1:1.0: bind() failure [ 214.859836][ T5903] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 214.872764][ T5903] cdc_ncm 5-1:1.1: bind() failure [ 214.889297][ T8100] netlink: 'syz.3.636': attribute type 10 has an invalid length. [ 214.890461][ T5903] usb 5-1: USB disconnect, device number 18 [ 214.956480][ T8100] bridge0: port 4(erspan0) entered blocking state [ 214.963143][ T8100] bridge0: port 4(erspan0) entered forwarding state [ 214.969995][ T8100] bridge0: port 3(vlan0) entered blocking state [ 214.976445][ T8100] bridge0: port 3(vlan0) entered forwarding state [ 214.983234][ T8100] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.990394][ T8100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.997866][ T8100] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.005089][ T8100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.039090][ T8100] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 215.387408][ T8101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.401985][ T8101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.420232][ T8101] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 215.430633][ T8101] bridge0: port 4(erspan0) entered disabled state [ 215.437471][ T8101] bridge0: port 3(vlan0) entered disabled state [ 215.443973][ T8101] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.451182][ T8101] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.461916][ T8101] bond0 (unregistering): Released all slaves [ 215.487324][ T8106] vlan1: entered allmulticast mode [ 215.909631][ T8126] loop0: detected capacity change from 0 to 128 [ 216.048126][ T8130] xt_bpf: check failed: parse error [ 216.970554][ T8123] loop2: detected capacity change from 0 to 40427 [ 217.026278][ T8123] F2FS-fs (loop2): Found nat_bits in checkpoint [ 217.062571][ T5903] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 217.106898][ T8144] netlink: 'syz.3.651': attribute type 11 has an invalid length. [ 217.122222][ T8123] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 217.217818][ T5903] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.254452][ T5903] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 217.264407][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 217.285477][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.310528][ T5903] usb 1-1: Product: syz [ 217.334569][ T5903] usb 1-1: Manufacturer: syz [ 217.339356][ T5903] usb 1-1: SerialNumber: syz [ 217.922547][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 217.932371][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.944171][ T7128] syz-executor: attempt to access beyond end of device [ 217.944171][ T7128] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 217.945943][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.968935][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 217.969456][ T7128] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 217.983098][ T9] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 217.998729][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.059280][ T9] usb 2-1: config 0 descriptor?? [ 218.500773][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 218.507082][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 218.520210][ T9] usb 2-1: USB disconnect, device number 9 [ 218.706914][ T47] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 218.903555][ T47] usb 3-1: Using ep0 maxpacket: 16 [ 218.937580][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.948720][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.959598][ T47] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 218.981756][ T47] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 219.001100][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.020548][ T47] usb 3-1: config 0 descriptor?? [ 219.136579][ T8151] loop1: detected capacity change from 0 to 256 [ 219.169640][ T8151] FAT-fs (loop1): Directory bread(block 64) failed [ 219.176611][ T8151] FAT-fs (loop1): Directory bread(block 65) failed [ 219.199398][ T8151] FAT-fs (loop1): Directory bread(block 66) failed [ 219.207676][ T8151] FAT-fs (loop1): Directory bread(block 67) failed [ 219.215143][ T8151] FAT-fs (loop1): Directory bread(block 68) failed [ 219.221904][ T8151] FAT-fs (loop1): Directory bread(block 69) failed [ 219.240822][ T8151] FAT-fs (loop1): Directory bread(block 70) failed [ 219.247854][ T8151] FAT-fs (loop1): Directory bread(block 71) failed [ 219.254741][ T8151] FAT-fs (loop1): Directory bread(block 72) failed [ 219.261345][ T8151] FAT-fs (loop1): Directory bread(block 73) failed [ 219.545929][ T47] microsoft 0003:045E:07DA.0006: ignoring exceeding usage max [ 219.558805][ T47] HID 045e:07da: Invalid code 65791 type 1 [ 219.568274][ T47] HID 045e:07da: Invalid code 768 type 1 [ 219.577981][ T47] HID 045e:07da: Invalid code 769 type 1 [ 219.583733][ T47] HID 045e:07da: Invalid code 770 type 1 [ 219.589431][ T47] HID 045e:07da: Invalid code 771 type 1 [ 219.595297][ T47] HID 045e:07da: Invalid code 772 type 1 [ 219.601072][ T47] HID 045e:07da: Invalid code 773 type 1 [ 219.606859][ T47] HID 045e:07da: Invalid code 774 type 1 [ 219.612964][ T47] HID 045e:07da: Invalid code 775 type 1 [ 219.619182][ T47] HID 045e:07da: Invalid code 776 type 1 [ 219.718692][ T47] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0006/input/input9 [ 219.883444][ T47] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 220.013206][ T47] usb 3-1: USB disconnect, device number 11 [ 220.245958][ T5903] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS [ 220.252714][ T5903] cdc_ncm 1-1:1.0: bind() failure [ 220.261406][ T5903] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 220.268372][ T5903] cdc_ncm 1-1:1.1: bind() failure [ 220.303949][ T5903] usb 1-1: USB disconnect, device number 11 [ 221.045449][ T5903] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 221.218344][ T5903] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.237297][ T5903] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 221.246527][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.267648][ T5903] usb 3-1: config 0 descriptor?? [ 221.298799][ T5903] pwc: Askey VC010 type 2 USB webcam detected. [ 221.504438][ T5903] pwc: send_video_command error -71 [ 221.509714][ T5903] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 221.520418][ T5903] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 221.544324][ T5903] usb 3-1: USB disconnect, device number 12 [ 221.566623][ T8158] netlink: 8 bytes leftover after parsing attributes in process `syz.1.654'. [ 221.580160][ T8173] netlink: 4 bytes leftover after parsing attributes in process `syz.0.655'. [ 222.057725][ T8189] netlink: 12 bytes leftover after parsing attributes in process `syz.0.658'. [ 222.072487][ T47] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 222.321939][ T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.476011][ T47] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 222.636278][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.646852][ T8192] loop4: detected capacity change from 0 to 256 [ 222.697726][ T47] usb 3-1: config 0 descriptor?? [ 222.736058][ T47] pwc: Askey VC010 type 2 USB webcam detected. [ 222.776583][ T8195] loop3: detected capacity change from 0 to 64 [ 222.784313][ T8192] FAT-fs (loop4): Directory bread(block 64) failed [ 222.799336][ T8192] FAT-fs (loop4): Directory bread(block 65) failed [ 222.806458][ T8192] FAT-fs (loop4): Directory bread(block 66) failed [ 222.813255][ T8192] FAT-fs (loop4): Directory bread(block 67) failed [ 222.820046][ T8192] FAT-fs (loop4): Directory bread(block 68) failed [ 222.827041][ T8192] FAT-fs (loop4): Directory bread(block 69) failed [ 222.833851][ T8192] FAT-fs (loop4): Directory bread(block 70) failed [ 222.840515][ T8192] FAT-fs (loop4): Directory bread(block 71) failed [ 222.848001][ T8192] FAT-fs (loop4): Directory bread(block 72) failed [ 222.854951][ T8192] FAT-fs (loop4): Directory bread(block 73) failed [ 222.952821][ T8202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.668'. [ 223.249161][ T47] pwc: recv_control_msg error -32 req 02 val 2b00 [ 223.262966][ T47] pwc: recv_control_msg error -32 req 02 val 2700 [ 223.287847][ T47] pwc: recv_control_msg error -32 req 02 val 2c00 [ 223.309873][ T47] pwc: recv_control_msg error -32 req 04 val 1000 [ 223.762938][ T47] pwc: recv_control_msg error -32 req 04 val 1300 [ 223.784396][ T47] pwc: recv_control_msg error -32 req 04 val 1400 [ 224.020742][ T47] pwc: recv_control_msg error -71 req 02 val 2100 [ 224.033522][ T47] pwc: recv_control_msg error -71 req 04 val 1500 [ 224.044604][ T47] pwc: recv_control_msg error -71 req 02 val 2500 [ 224.070221][ T47] pwc: recv_control_msg error -71 req 02 val 2400 [ 224.093129][ T47] pwc: recv_control_msg error -71 req 02 val 2600 [ 224.125632][ T47] pwc: recv_control_msg error -71 req 02 val 2900 [ 224.143832][ T47] pwc: recv_control_msg error -71 req 02 val 2800 [ 224.164709][ T47] pwc: recv_control_msg error -71 req 04 val 1100 [ 224.187280][ T47] pwc: recv_control_msg error -71 req 04 val 1200 [ 224.196117][ T47] pwc: Registered as video103. [ 224.202056][ T47] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10 [ 224.241160][ T47] usb 3-1: USB disconnect, device number 13 [ 224.433141][ T5936] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 224.515755][ T47] IPVS: starting estimator thread 0... [ 224.526731][ T8240] tipc: Started in network mode [ 224.533714][ T8240] tipc: Node identity ac1414aa, cluster identity 4711 [ 224.541352][ T8240] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 224.550690][ T8240] tipc: Enabled bearer , priority 10 [ 224.605735][ T8243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.682'. [ 224.612689][ T8241] IPVS: using max 18 ests per chain, 43200 per kthread [ 224.636098][ T5936] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 224.642600][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 224.647464][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.673169][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 224.687506][ T5936] usb 2-1: Product: syz [ 224.693546][ T5936] usb 2-1: Manufacturer: syz [ 224.698255][ T5936] usb 2-1: SerialNumber: syz [ 224.706094][ T5936] usb 2-1: config 0 descriptor?? [ 224.785455][ T8247] TCP: out of memory -- consider tuning tcp_mem [ 224.804106][ T9] usb 4-1: too many configurations: 13, using maximum allowed: 8 [ 224.812777][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 224.823252][ T9] usb 4-1: config 0 has no interfaces? [ 224.845252][ T9] usb 4-1: config 0 has no interfaces? [ 224.858168][ T9] usb 4-1: config 0 has no interfaces? [ 224.866676][ T9] usb 4-1: config 0 has no interfaces? [ 224.873657][ T9] usb 4-1: config 0 has no interfaces? [ 224.881593][ T9] usb 4-1: config 0 has no interfaces? [ 224.893435][ T9] usb 4-1: config 0 has no interfaces? [ 224.905299][ T9] usb 4-1: config 0 has no interfaces? [ 224.916997][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 224.928653][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.943352][ T5849] usb 2-1: USB disconnect, device number 10 [ 224.946160][ T9] usb 4-1: Product: syz [ 224.957346][ T9] usb 4-1: Manufacturer: syz [ 224.962226][ T9] usb 4-1: SerialNumber: syz [ 224.962496][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 224.979599][ T9] usb 4-1: config 0 descriptor?? [ 225.100255][ T8252] input: syz0 as /devices/virtual/input/input11 [ 225.102514][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 225.200230][ T5936] usb 4-1: USB disconnect, device number 15 [ 225.232495][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 225.372520][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 225.512505][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 225.657176][ T5849] tipc: Node number set to 2886997162 [ 225.792498][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 226.015756][ T8290] netlink: 8 bytes leftover after parsing attributes in process `syz.2.693'. [ 226.030653][ T5936] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 226.227249][ T5936] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 226.239455][ T5936] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 226.945236][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10 [ 226.956585][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64 [ 226.967734][ T5936] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 226.986383][ T5936] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 227.023497][ T5936] usb 1-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 227.032792][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.052679][ T5936] usb 1-1: Product: syz [ 227.056910][ T5936] usb 1-1: Manufacturer: syz [ 227.064544][ T5936] usb 1-1: SerialNumber: syz [ 227.077663][ T5936] usb 1-1: config 0 descriptor?? [ 227.169768][ T8314] loop1: detected capacity change from 0 to 128 [ 227.286988][ T8274] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 227.294941][ T5857] Bluetooth: hci1: command 0x0406 tx timeout [ 227.303951][ T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 227.310300][ T9] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 227.346854][ T5936] ati_remote 1-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints [ 227.403946][ T8318] xt_bpf: check failed: parse error [ 227.895758][ T5936] usb 1-1: USB disconnect, device number 12 [ 228.094837][ T8323] loop4: detected capacity change from 0 to 1024 [ 228.302359][ T8331] loop3: detected capacity change from 0 to 512 [ 228.364820][ T8337] loop4: detected capacity change from 0 to 64 [ 228.408182][ T8331] EXT4-fs error (device loop3): ext4_orphan_get:1388: inode #15: comm syz.3.704: casefold flag without casefold feature [ 228.428814][ T8331] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.704: couldn't read orphan inode 15 (err -117) [ 228.520167][ T8331] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.556237][ T8344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.707'. [ 228.879102][ T8358] loop2: detected capacity change from 0 to 128 [ 229.216461][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.637940][ T8386] net_ratelimit: 4 callbacks suppressed [ 229.637960][ T8386] TCP: out of memory -- consider tuning tcp_mem [ 229.692473][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 229.869872][ T8399] netlink: 16 bytes leftover after parsing attributes in process `syz.3.721'. [ 229.933847][ T8348] loop0: detected capacity change from 0 to 40427 [ 230.065421][ T8348] F2FS-fs (loop0): Found nat_bits in checkpoint [ 230.172776][ T9] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 230.264282][ T5857] Bluetooth: hci3: command 0x0406 tx timeout [ 230.732497][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 230.792836][ T8348] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 230.864427][ T9] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 230.990914][ T8422] loop3: detected capacity change from 0 to 128 [ 231.028476][ T8425] Process accounting resumed [ 231.381400][ T8434] TCP: out of memory -- consider tuning tcp_mem [ 231.602661][ T5900] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 231.772630][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 231.783386][ T5900] usb 2-1: Using ep0 maxpacket: 32 [ 231.817115][ T5900] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 231.872546][ T5900] usb 2-1: config 0 has no interface number 0 [ 231.897999][ T5900] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 231.909643][ T6289] syz-executor: attempt to access beyond end of device [ 231.909643][ T6289] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 231.932920][ T6289] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 231.939863][ T6289] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 231.948325][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.948901][ T5936] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 231.960895][ T5900] usb 2-1: Product: syz [ 231.969213][ T5900] usb 2-1: Manufacturer: syz [ 231.974176][ T5900] usb 2-1: SerialNumber: syz [ 232.045460][ T5900] usb 2-1: config 0 descriptor?? [ 232.103080][ T5900] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 232.112212][ T5900] usb 2-1: selecting invalid altsetting 1 [ 232.118585][ T5900] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 232.174048][ T5900] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 232.185586][ T5900] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 232.194509][ T5900] usb 2-1: media controller created [ 232.218373][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 232.411773][ T5900] usb 2-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)... [ 232.424378][ T5900] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered. [ 232.505626][ T5900] DVB: Unable to find symbol mxl5005s_attach() [ 232.655454][ T5900] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 232.812546][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 233.504548][ T5900] usb 2-1: USB disconnect, device number 11 [ 233.852481][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 233.947548][ T8477] xt_bpf: check failed: parse error [ 234.512251][ T8446] loop3: detected capacity change from 0 to 40427 [ 234.644258][ T8482] Process accounting resumed [ 234.768640][ T8446] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-4) [ 234.790536][ T8497] loop1: detected capacity change from 0 to 64 [ 234.812614][ T9] Bluetooth: hci6: Opcode 0x0c1a failed: -110 [ 234.812952][ T5857] Bluetooth: hci6: command 0x0c1a tx timeout [ 234.822477][ T9] Bluetooth: hci6: Error when powering off device on rfkill (-110) [ 234.892490][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 234.993112][ T8496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.745'. [ 235.932488][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 236.455693][ T8539] loop0: detected capacity change from 0 to 64 [ 236.473218][ T5900] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 236.542665][ T5902] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 236.711528][ T5902] usb 4-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00 [ 236.885680][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.972658][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 236.992859][ T5900] usb 2-1: Using ep0 maxpacket: 32 [ 237.020108][ T5900] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 237.052293][ T5902] usb 4-1: config 0 descriptor?? [ 237.069100][ T5900] usb 2-1: config 0 has no interface number 0 [ 237.096710][ T5902] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input12 [ 237.129604][ T5900] usb 2-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=d1.34 [ 237.160225][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.178276][ T5900] usb 2-1: Product: syz [ 237.182710][ T5900] usb 2-1: Manufacturer: syz [ 237.187492][ T5900] usb 2-1: SerialNumber: syz [ 237.203654][ T5900] usb 2-1: config 0 descriptor?? [ 237.221369][ T5900] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state. [ 237.229321][ T5900] usb 2-1: setting power ON [ 237.268146][ T5900] dvb-usb: bulk message failed: -22 (2/0) [ 237.413231][ T5900] dvb-usb: bulk message failed: -22 (1/0) [ 237.416599][ T5207] bcm5974 4-1:0.0: could not read from device [ 237.444223][ T5902] usb 4-1: USB disconnect, device number 16 [ 237.453825][ T5207] bcm5974 4-1:0.0: could not read from device [ 237.509259][ T5207] bcm5974 4-1:0.0: could not read from device [ 237.577657][ T5900] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 237.589912][ T5900] dvbdev: DVB: registering new adapter (Mygica D689 DMB-TH) [ 237.597961][ T5900] usb 2-1: media controller created [ 237.619400][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 237.713590][ T5900] cxusb: set interface failed [ 237.732935][ T5900] dvb-usb: bulk message failed: -22 (3/0) [ 237.739930][ T5900] cxusb: clear tuner gpio failed [ 237.748259][ T5900] dvb-usb: no frontend was attached by 'Mygica D689 DMB-TH' [ 237.813623][ T5900] rc_core: IR keymap rc-d680-dmb not found [ 237.819903][ T5900] Registered IR keymap rc-empty [ 237.840609][ T5900] rc rc0: Mygica D689 DMB-TH as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 237.869886][ T5900] input: Mygica D689 DMB-TH as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input13 [ 237.881873][ T5900] dvb-usb: schedule remote query interval to 100 msecs. [ 237.889338][ T5900] usb 2-1: setting power OFF [ 237.894361][ T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 237.902835][ T5900] dvb-usb: bulk message failed: -22 (2/0) [ 237.908678][ T5900] dvb-usb: Mygica D689 DMB-TH successfully initialized and connected. [ 237.995992][ T5900] dvb-usb: bulk message failed: -22 (1/0) [ 238.022476][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 238.032660][ T59] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 238.063191][ T8574] loop2: detected capacity change from 0 to 64 [ 238.063857][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 238.095128][ T9] usb 5-1: config index 0 descriptor too short (expected 2870, got 54) [ 238.113380][ T5902] dvb-usb: bulk message failed: -22 (1/0) [ 238.122646][ T9] usb 5-1: config 0 has too many interfaces: 52, using maximum allowed: 32 [ 238.140534][ T9] usb 5-1: config 0 has an invalid interface number: 150 but max is 51 [ 238.181658][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.206678][ T59] usb 1-1: Using ep0 maxpacket: 32 [ 238.218035][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 52 [ 238.222090][ T59] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 238.237252][ T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.241699][ T9] usb 5-1: config 0 has no interface number 0 [ 238.245800][ T59] usb 1-1: Product: syz [ 238.251775][ T5900] dvb-usb: bulk message failed: -22 (1/0) [ 238.256187][ T59] usb 1-1: Manufacturer: syz [ 238.266750][ T59] usb 1-1: SerialNumber: syz [ 238.275398][ T59] usb 1-1: config 0 descriptor?? [ 238.284414][ T59] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 238.290764][ T9] usb 5-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 238.310319][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.337557][ T9] usb 5-1: config 0 descriptor?? [ 238.372647][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 238.422734][ T5936] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 238.589882][ T47] usb 5-1: USB disconnect, device number 20 [ 238.617925][ T5936] usb 4-1: Using ep0 maxpacket: 16 [ 238.648639][ T5936] usb 4-1: config 13 has an invalid interface number: 135 but max is 0 [ 238.665983][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 238.678425][ T5936] usb 4-1: config 13 has no interface number 0 [ 238.685644][ T5936] usb 4-1: config 13 interface 135 has no altsetting 0 [ 238.702153][ T5936] usb 4-1: New USB device found, idVendor=07af, idProduct=0004, bcdDevice= 1.2b [ 238.713731][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.721861][ T5936] usb 4-1: Product: syz [ 238.774209][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 239.062482][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 239.447819][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 239.456449][ T5936] usb 4-1: Manufacturer: syz [ 239.461208][ T5936] usb 4-1: SerialNumber: syz [ 239.466900][ T59] gspca_ov534_9: reg_w failed -110 [ 239.503483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 239.529210][ T5899] usb 2-1: USB disconnect, device number 12 [ 239.616280][ T5899] dvb-usb: Mygica D689 DMB-TH successfully deinitialized and disconnected. [ 239.735206][ T5936] usb-storage 4-1:13.135: USB Mass Storage device detected [ 239.758635][ T5936] usb-storage 4-1:13.135: Quirks match for vid 07af pid 0004: 4 [ 239.772717][ T5902] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 239.851829][ T5936] usb 4-1: USB disconnect, device number 17 [ 239.882494][ T59] gspca_ov534_9: Unknown sensor 0000 [ 239.882569][ T59] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22 [ 239.902376][ T59] usb 1-1: USB disconnect, device number 13 [ 239.939931][ T5902] usb 3-1: unable to get BOS descriptor or descriptor too short [ 239.956322][ T5902] usb 3-1: not running at top speed; connect to a high speed hub [ 239.966527][ T5902] usb 3-1: config 219 has 1 interface, different from the descriptor's value: 2 [ 239.980406][ T5902] usb 3-1: config 219 interface 0 has no altsetting 0 [ 239.988093][ T5902] usb 3-1: config 219 interface 0 has no altsetting 1 [ 239.997428][ T5902] usb 3-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e [ 240.007430][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.016184][ T5902] usb 3-1: Product: syz [ 240.041351][ T5902] usb 3-1: Manufacturer: syz [ 240.052776][ T5902] usb 3-1: SerialNumber: syz [ 240.092538][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 240.144280][ T8603] TCP: out of memory -- consider tuning tcp_mem [ 240.214407][ T8608] loop1: detected capacity change from 0 to 1024 [ 240.346424][ T5902] usb 3-1: selecting invalid altsetting 0 [ 240.389939][ T5902] usb 3-1: selecting invalid altsetting 0 [ 240.474729][ T5902] usb 3-1: USB disconnect, device number 14 [ 240.775176][ T5868] udevd[5868]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 240.788714][ T8632] netlink: 4 bytes leftover after parsing attributes in process `syz.3.794'. [ 240.963178][ T8636] TCP: out of memory -- consider tuning tcp_mem [ 241.132503][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 241.378774][ T8653] loop4: detected capacity change from 0 to 1024 [ 241.450099][ T8659] ================================================================== [ 241.458218][ T8659] BUG: KASAN: slab-out-of-bounds in skb_copy_and_csum_bits+0x433/0x9c0 [ 241.466504][ T8659] Write of size 1144 at addr ffff88807d9e4624 by task syz.3.802/8659 [ 241.474676][ T8659] [ 241.477044][ T8659] CPU: 0 UID: 0 PID: 8659 Comm: syz.3.802 Not tainted 6.12.0-rc5-next-20241030-syzkaller #0 [ 241.487145][ T8659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 241.497235][ T8659] Call Trace: [ 241.500530][ T8659] [ 241.503473][ T8659] dump_stack_lvl+0x241/0x360 [ 241.508174][ T8659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.513397][ T8659] ? __pfx__printk+0x10/0x10 [ 241.518010][ T8659] ? _printk+0xd5/0x120 [ 241.522195][ T8659] ? __virt_addr_valid+0x183/0x530 [ 241.527328][ T8659] ? __virt_addr_valid+0x183/0x530 [ 241.532454][ T8659] print_report+0x169/0x550 [ 241.536978][ T8659] ? __virt_addr_valid+0x183/0x530 [ 241.542111][ T8659] ? __virt_addr_valid+0x183/0x530 [ 241.547246][ T8659] ? __virt_addr_valid+0x45f/0x530 [ 241.552379][ T8659] ? __phys_addr+0xba/0x170 [ 241.556915][ T8659] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 241.562491][ T8659] kasan_report+0x143/0x180 [ 241.567011][ T8659] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 241.572580][ T8659] kasan_check_range+0x282/0x290 [ 241.577535][ T8659] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 241.583098][ T8659] __asan_memcpy+0x40/0x70 [ 241.587531][ T8659] skb_copy_and_csum_bits+0x433/0x9c0 [ 241.592920][ T8659] __ip_append_data+0x2fc1/0x40f0 [ 241.597972][ T8659] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 241.603539][ T8659] ? __pfx___ip_append_data+0x10/0x10 [ 241.608926][ T8659] ? lockdep_hardirqs_on+0x99/0x150 [ 241.614147][ T8659] ip_append_data+0x14c/0x190 [ 241.618841][ T8659] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 241.624848][ T8659] udp_sendmsg+0x52c/0x2a50 [ 241.629376][ T8659] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 241.634936][ T8659] ? __pfx_udp_sendmsg+0x10/0x10 [ 241.639899][ T8659] ? __mutex_trylock_common+0x183/0x2e0 [ 241.645475][ T8659] ? __pfx_aa_sk_perm+0x10/0x10 [ 241.650341][ T8659] ? sock_rps_record_flow+0x1a/0x400 [ 241.655646][ T8659] ? inet_sendmsg+0x2ba/0x390 [ 241.660354][ T8659] __sock_sendmsg+0x1a6/0x270 [ 241.665045][ T8659] sock_sendmsg+0x134/0x200 [ 241.669565][ T8659] ? __pfx_sock_sendmsg+0x10/0x10 [ 241.674616][ T8659] ? iov_iter_bvec+0x4e/0x180 [ 241.679316][ T8659] splice_to_socket+0xa10/0x10b0 [ 241.684276][ T8659] ? __pfx_lock_release+0x10/0x10 [ 241.689322][ T8659] ? __pfx_splice_to_socket+0x10/0x10 [ 241.694725][ T8659] ? __lock_acquire+0x1397/0x2100 [ 241.699776][ T8659] ? bpf_lsm_file_permission+0x9/0x10 [ 241.705170][ T8659] ? security_file_permission+0x74/0x280 [ 241.710846][ T8659] ? rw_verify_area+0x1c3/0x6f0 [ 241.715728][ T8659] ? __pfx_splice_to_socket+0x10/0x10 [ 241.721124][ T8659] do_splice+0xd68/0x18e0 [ 241.725488][ T8659] ? __pfx_lock_release+0x10/0x10 [ 241.730642][ T8659] ? pipe_clear_nowait+0x196/0x220 [ 241.735786][ T8659] ? __pfx_do_splice+0x10/0x10 [ 241.740656][ T8659] __se_sys_splice+0x331/0x4a0 [ 241.745443][ T8659] ? __pfx___se_sys_splice+0x10/0x10 [ 241.750796][ T8659] ? do_syscall_64+0x100/0x230 [ 241.755598][ T8659] ? __x64_sys_splice+0x21/0xf0 [ 241.760476][ T8659] do_syscall_64+0xf3/0x230 [ 241.765213][ T8659] ? clear_bhb_loop+0x35/0x90 [ 241.769910][ T8659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.775828][ T8659] RIP: 0033:0x7f42b597e719 [ 241.780314][ T8659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.799953][ T8659] RSP: 002b:00007f42b3df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 241.808413][ T8659] RAX: ffffffffffffffda RBX: 00007f42b5b36130 RCX: 00007f42b597e719 [ 241.816411][ T8659] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 241.824402][ T8659] RBP: 00007f42b59f132e R08: 0000000000007151 R09: 0000000000000000 [ 241.832395][ T8659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.840396][ T8659] R13: 0000000000000000 R14: 00007f42b5b36130 R15: 00007ffd40f54df8 [ 241.848401][ T8659] [ 241.851432][ T8659] [ 241.853763][ T8659] Allocated by task 8659: [ 241.858102][ T8659] kasan_save_track+0x3f/0x80 [ 241.862811][ T8659] __kasan_slab_alloc+0x66/0x80 [ 241.867696][ T8659] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 241.873614][ T8659] kmalloc_reserve+0xa8/0x2a0 [ 241.878308][ T8659] __alloc_skb+0x1f3/0x440 [ 241.882742][ T8659] __ip_append_data+0x2da7/0x40f0 [ 241.887780][ T8659] ip_append_data+0x14c/0x190 [ 241.890517][ T8661] loop0: detected capacity change from 0 to 40427 [ 241.892453][ T8659] udp_sendmsg+0x52c/0x2a50 [ 241.892477][ T8659] __sock_sendmsg+0x1a6/0x270 [ 241.892494][ T8659] sock_sendmsg+0x134/0x200 [ 241.912673][ T8659] splice_to_socket+0xa10/0x10b0 [ 241.917649][ T8659] do_splice+0xd68/0x18e0 [ 241.920757][ T8661] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 241.922024][ T8659] __se_sys_splice+0x331/0x4a0 [ 241.934508][ T8659] do_syscall_64+0xf3/0x230 [ 241.939052][ T8659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.942718][ T8661] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 241.944956][ T8659] [ 241.944965][ T8659] The buggy address belongs to the object at ffff88807d9e4600 [ 241.944965][ T8659] which belongs to the cache skbuff_small_head of size 640 [ 241.962311][ T8661] F2FS-fs (loop0): invalid crc value [ 241.970067][ T8659] The buggy address is located 36 bytes inside of [ 241.970067][ T8659] allocated 640-byte region [ffff88807d9e4600, ffff88807d9e4880) [ 241.970094][ T8659] [ 241.970099][ T8659] The buggy address belongs to the physical page: [ 241.970119][ T8659] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d9e4 [ 241.970141][ T8659] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 241.970158][ T8659] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 241.970180][ T8659] page_type: f5(slab) [ 242.007730][ T8661] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 242.015429][ T8659] raw: 00fff00000000040 ffff888141a9aa00 dead000000000100 dead000000000122 [ 242.015448][ T8659] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 242.015465][ T8659] head: 00fff00000000040 ffff888141a9aa00 dead000000000100 dead000000000122 [ 242.015480][ T8659] head: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 242.063958][ T8661] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 242.071932][ T8659] head: 00fff00000000002 ffffea0001f67901 ffffffffffffffff 0000000000000000 [ 242.071952][ T8659] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 242.071962][ T8659] page dumped because: kasan: bad access detected [ 242.071984][ T8659] page_owner tracks the page as allocated [ 242.071991][ T8659] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5992, tgid 5988 (syz.0.21), ts 72772652827, free_ts 72564244055 [ 242.079184][ T8661] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 242.087643][ T8659] post_alloc_hook+0x1f3/0x230 [ 242.087668][ T8659] get_page_from_freelist+0x3725/0x3870 [ 242.087692][ T8659] __alloc_pages_noprof+0x292/0x710 [ 242.151777][ T8659] alloc_pages_mpol_noprof+0x3e8/0x680 [ 242.157238][ T8659] alloc_slab_page+0x6a/0x140 [ 242.161939][ T8659] allocate_slab+0x5a/0x2f0 [ 242.166454][ T8659] ___slab_alloc+0xcd1/0x14b0 [ 242.171120][ T8659] __slab_alloc+0x58/0xa0 [ 242.175436][ T8659] kmem_cache_alloc_node_noprof+0x269/0x380 [ 242.181316][ T8659] kmalloc_reserve+0xa8/0x2a0 [ 242.186006][ T8659] __alloc_skb+0x1f3/0x440 [ 242.190412][ T8659] skb_copy+0x19d/0x9c0 [ 242.194571][ T8659] mac80211_hwsim_tx_frame_no_nl+0x106b/0x18d0 [ 242.200714][ T8659] mac80211_hwsim_tx_frame+0x1cc/0x220 [ 242.202521][ C1] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 242.206166][ T8659] mac80211_hwsim_beacon_tx+0x3bf/0x850 [ 242.218629][ T8659] __iterate_interfaces+0x297/0x570 [ 242.223834][ T8659] page last free pid 5990 tgid 5984 stack trace: [ 242.230167][ T8659] free_unref_page+0xcfb/0xf20 [ 242.234956][ T8659] tlb_finish_mmu+0x11f/0x200 [ 242.239625][ T8659] exit_mmap+0x4d5/0xcb0 [ 242.243852][ T8659] __mmput+0x115/0x390 [ 242.247932][ T8659] exit_mm+0x220/0x310 [ 242.251984][ T8659] do_exit+0x9b2/0x28e0 [ 242.256128][ T8659] do_group_exit+0x207/0x2c0 [ 242.260748][ T8659] get_signal+0x16a3/0x1740 [ 242.265264][ T8659] arch_do_signal_or_restart+0x96/0x860 [ 242.270801][ T8659] syscall_exit_to_user_mode+0xc9/0x370 [ 242.276337][ T8659] do_syscall_64+0x100/0x230 [ 242.280916][ T8659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.286827][ T8659] [ 242.289136][ T8659] Memory state around the buggy address: [ 242.294749][ T8659] ffff88807d9e4780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 242.302807][ T8659] ffff88807d9e4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 242.310871][ T8659] >ffff88807d9e4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 242.318917][ T8659] ^ [ 242.322973][ T8659] ffff88807d9e4900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 242.331057][ T8659] ffff88807d9e4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 242.339111][ T8659] ================================================================== [ 242.348547][ T8659] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 242.355776][ T8659] CPU: 0 UID: 0 PID: 8659 Comm: syz.3.802 Not tainted 6.12.0-rc5-next-20241030-syzkaller #0 [ 242.365840][ T8659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 242.376237][ T8659] Call Trace: [ 242.379513][ T8659] [ 242.382437][ T8659] dump_stack_lvl+0x241/0x360 [ 242.387121][ T8659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.392316][ T8659] ? __pfx__printk+0x10/0x10 [ 242.396905][ T8659] ? vscnprintf+0x5d/0x90 [ 242.401231][ T8659] panic+0x349/0x880 [ 242.405127][ T8659] ? check_panic_on_warn+0x21/0xb0 [ 242.410232][ T8659] ? __pfx_panic+0x10/0x10 [ 242.414646][ T8659] ? mark_lock+0x9a/0x360 [ 242.418970][ T8659] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 242.424859][ T8659] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 242.430747][ T8659] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 242.437071][ T8659] ? print_report+0x502/0x550 [ 242.441741][ T8659] check_panic_on_warn+0x86/0xb0 [ 242.446680][ T8659] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 242.452217][ T8659] end_report+0x77/0x160 [ 242.456464][ T8659] kasan_report+0x154/0x180 [ 242.460963][ T8659] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 242.466513][ T8659] kasan_check_range+0x282/0x290 [ 242.471441][ T8659] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 242.476984][ T8659] __asan_memcpy+0x40/0x70 [ 242.481396][ T8659] skb_copy_and_csum_bits+0x433/0x9c0 [ 242.486765][ T8659] __ip_append_data+0x2fc1/0x40f0 [ 242.491793][ T8659] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 242.497347][ T8659] ? __pfx___ip_append_data+0x10/0x10 [ 242.502719][ T8659] ? lockdep_hardirqs_on+0x99/0x150 [ 242.507927][ T8659] ip_append_data+0x14c/0x190 [ 242.512606][ T8659] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 242.518146][ T8659] udp_sendmsg+0x52c/0x2a50 [ 242.522653][ T8659] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 242.528191][ T8659] ? __pfx_udp_sendmsg+0x10/0x10 [ 242.533136][ T8659] ? __mutex_trylock_common+0x183/0x2e0 [ 242.538680][ T8659] ? __pfx_aa_sk_perm+0x10/0x10 [ 242.543526][ T8659] ? sock_rps_record_flow+0x1a/0x400 [ 242.548808][ T8659] ? inet_sendmsg+0x2ba/0x390 [ 242.553481][ T8659] __sock_sendmsg+0x1a6/0x270 [ 242.558157][ T8659] sock_sendmsg+0x134/0x200 [ 242.562671][ T8659] ? __pfx_sock_sendmsg+0x10/0x10 [ 242.567742][ T8659] ? iov_iter_bvec+0x4e/0x180 [ 242.572442][ T8659] splice_to_socket+0xa10/0x10b0 [ 242.577398][ T8659] ? __pfx_lock_release+0x10/0x10 [ 242.582432][ T8659] ? __pfx_splice_to_socket+0x10/0x10 [ 242.587986][ T8659] ? __lock_acquire+0x1397/0x2100 [ 242.593016][ T8659] ? bpf_lsm_file_permission+0x9/0x10 [ 242.598383][ T8659] ? security_file_permission+0x74/0x280 [ 242.604014][ T8659] ? rw_verify_area+0x1c3/0x6f0 [ 242.608865][ T8659] ? __pfx_splice_to_socket+0x10/0x10 [ 242.614233][ T8659] do_splice+0xd68/0x18e0 [ 242.618572][ T8659] ? __pfx_lock_release+0x10/0x10 [ 242.623591][ T8659] ? pipe_clear_nowait+0x196/0x220 [ 242.628713][ T8659] ? __pfx_do_splice+0x10/0x10 [ 242.633496][ T8659] __se_sys_splice+0x331/0x4a0 [ 242.638283][ T8659] ? __pfx___se_sys_splice+0x10/0x10 [ 242.643569][ T8659] ? do_syscall_64+0x100/0x230 [ 242.648334][ T8659] ? __x64_sys_splice+0x21/0xf0 [ 242.653185][ T8659] do_syscall_64+0xf3/0x230 [ 242.657691][ T8659] ? clear_bhb_loop+0x35/0x90 [ 242.662359][ T8659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.668261][ T8659] RIP: 0033:0x7f42b597e719 [ 242.672671][ T8659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.692272][ T8659] RSP: 002b:00007f42b3df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 242.700685][ T8659] RAX: ffffffffffffffda RBX: 00007f42b5b36130 RCX: 00007f42b597e719 [ 242.708672][ T8659] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 242.716639][ T8659] RBP: 00007f42b59f132e R08: 0000000000007151 R09: 0000000000000000 [ 242.724615][ T8659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 242.732587][ T8659] R13: 0000000000000000 R14: 00007f42b5b36130 R15: 00007ffd40f54df8 [ 242.740557][ T8659] [ 242.743865][ T8659] Kernel Offset: disabled [ 242.748186][ T8659] Rebooting in 86400 seconds..