last executing test programs: 20.053067201s ago: executing program 1 (id=834): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000480)={0x0, 0xd4fd, 0x700, 0x1, 0x2f0}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) 19.912234329s ago: executing program 1 (id=836): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) llistxattr(0x0, 0x0, 0x0) 18.826490272s ago: executing program 1 (id=843): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x11, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x11}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x1200000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 17.584880055s ago: executing program 1 (id=852): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000080)={[{@usebackuproot}, {@nodatasum}, {@ssd_spread}, {@user_subvol_rm}, {@flushoncommit}, {@compress_force}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=") madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_clone(0x2000000, 0x0, 0x60, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 15.117259339s ago: executing program 1 (id=861): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x7, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x10000009, 0xffff, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0xb, 0x9, 0x1, 0x5f461e2f, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xff7fffff, 0xe, 0x0, 0x71, 0x2, 0x406, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0x9, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x43, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0xbcf5, 0x1, 0x2, 0x2, 0x9, 0x40, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0xc, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x8, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x0, 0x0, 0x1f0, 0xfffffffd, 0x3, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x1, 0x200, 0x82, 0x2, 0xcc52, 0x81, 0x1000, 0xa1, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7fb, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x4, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x40005, 0x0, 0x3, 0x80ce7, 0xe3, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x3f, 0x100, 0x9602, 0x10000004, 0x5, 0xffff, 0x6, 0x1, 0x10080, 0x7, 0x8, 0xb, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000014640000000c0a050000000000000000000a0000060900020073797a31000000000900010073797a310000000038000380340000800400018014000b80100001148c9d8dbd7db32f00040002800c000440000000000000000f0c0005"], 0xd0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 13.730851619s ago: executing program 1 (id=873): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000140)={{0xe566c797b7515b9, 0xffff1000, 0xf000, 0x9, 0x7f, 0x80, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0xd000, 0x2000, 0x10, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0xfa, 0x5}, {0xf000, 0x8000000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x4, 0x5, 0x4, 0x92, 0x80}, {0x10000, 0xeeef0000, 0xc, 0x7, 0x1, 0x40, 0x2, 0x0, 0x4, 0x29, 0x9, 0x9}, {0xeeee8000, 0xdddd0000, 0xe, 0x9, 0x5, 0x2, 0x3, 0xf1, 0x2, 0x6e, 0x2, 0x8}, {0x4000, 0xdddd1000, 0xe, 0x2, 0xad, 0x2, 0x5, 0x5, 0x1, 0xe, 0x6, 0xa}, {0x10000, 0x10000, 0xb, 0x2, 0xcd, 0x5, 0x5, 0x26, 0x8, 0x6, 0xff, 0x6}, {0x1, 0xf000, 0xd, 0xe, 0x13, 0x3d, 0xff, 0x0, 0x7f, 0x1, 0x0, 0x8}, {0x80a0000, 0x5}, {0xffffffff, 0x4}, 0xe000001e, 0x0, 0x6000, 0x21, 0x5, 0x1400, 0x7000, 0x1, [0x6, 0x2, 0x3, 0x3]}) 13.314036874s ago: executing program 32 (id=873): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000140)={{0xe566c797b7515b9, 0xffff1000, 0xf000, 0x9, 0x7f, 0x80, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0xd000, 0x2000, 0x10, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0xfa, 0x5}, {0xf000, 0x8000000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x4, 0x5, 0x4, 0x92, 0x80}, {0x10000, 0xeeef0000, 0xc, 0x7, 0x1, 0x40, 0x2, 0x0, 0x4, 0x29, 0x9, 0x9}, {0xeeee8000, 0xdddd0000, 0xe, 0x9, 0x5, 0x2, 0x3, 0xf1, 0x2, 0x6e, 0x2, 0x8}, {0x4000, 0xdddd1000, 0xe, 0x2, 0xad, 0x2, 0x5, 0x5, 0x1, 0xe, 0x6, 0xa}, {0x10000, 0x10000, 0xb, 0x2, 0xcd, 0x5, 0x5, 0x26, 0x8, 0x6, 0xff, 0x6}, {0x1, 0xf000, 0xd, 0xe, 0x13, 0x3d, 0xff, 0x0, 0x7f, 0x1, 0x0, 0x8}, {0x80a0000, 0x5}, {0xffffffff, 0x4}, 0xe000001e, 0x0, 0x6000, 0x21, 0x5, 0x1400, 0x7000, 0x1, [0x6, 0x2, 0x3, 0x3]}) 4.235668973s ago: executing program 0 (id=929): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000240)="03", 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r0}, &(0x7f00000005c0)=""/66, 0x42, &(0x7f0000000340)={&(0x7f0000000280)={'crc32c-generic\x00'}, &(0x7f0000000400)="da84f3ad0710669dac31c3dbf65e97c8e35b3a1af664caec8c35021882ae0a676c0ee0e546ed6625b8", 0x29}) 4.140880629s ago: executing program 0 (id=931): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000340)=ANY=[], 0x27) 4.031324765s ago: executing program 0 (id=934): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0) 3.743159042s ago: executing program 0 (id=937): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x30}]}]}, 0x28}}, 0x0) 3.504514556s ago: executing program 0 (id=941): r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000106a05044000000000000109022d000100000080090400fd02030000000921050000012205000905810300004000010905020008"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_read_part_table(0x5ab, &(0x7f0000000000)="$eJzs0rFLm2kYAPD3C5fL3cFd5BAcT7hwk9yBN+iQcCcSQxYVseLQueBQB6GDUEmJzlb/gUqtQuki7qGT2EKpkE7iWFzaQSi4ZPpKyKugSBFSwZbfb8n7Pu/zvE8+njfwTcuEkzRNkxBCmrtuzU/nqzsvymPV/smRqekQkpAkIez99/G39kkSM85u3Y37ibivZmOg5+2f72qFH85ubGTSWLqV//L/hhB2Svv55ZWFyupiae6wsnT8773/Qwjl+fWhzWJtpq84Gx9K4+oH8+PX7l9oDm8f/BwPm9nzvIGk207cRpfnv9FbP6q3xv96/uCfgd+P9mprce6n5g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANywndJ+fnllobK6WJo7DL90go/L8+tDm8XaTF9xNtMJNTIX6wovQ0jTNO2+/8OTD4PtVWnusLJ0XGgObx+kE5+e/Pp39lWzNfg65g0klwrTfLetuQV2Ssd/dFad+W/01o/qrfEQx11bi4vTi/Nvdf3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDvVnms2j85MjUdQhLuhhBGMz1b7Xia65wnMW83/k7EeDU32Hz6ZjQbw88mY7yRCeFRCOH++62zs/YV2Sub527oo7i2zwEAAP//vmV1tA==") syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) 3.435068479s ago: executing program 3 (id=942): prlimit64(0x0, 0xe, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x4b1, &(0x7f0000000580)="$eJzs3c1vG9UWAPBju2mTNO/1473FaxevFa1UoGrcJmoSoW66QkIqoHbBsgqJG5U4cRQ7pYmySCUWsEdQiRVi0T8AwZauWHYLXcEaqYKQEiFRychjO82XgwVpLGV+P2nqO3OnPvfGOlfjOzOeAFLrdO2fTERfRDyKiCP11Y07nK6/rC4vjtWWTFSrN37OJPutLC+ONXdt/r/DEbEUEd0Rcf31iHczW+OW5xcmR4vFwmxjPV+ZmsmX5xcu3J4anShMFKYHhweGR4aGhkcu71pfP7h79a1Pfrv64RffPfjhvcxXZ2vN6mvUre/Hbqp3vSuOrdt2ICKuvIhgHZBr9Ken0w3hb6l9fv+JiDNJ/h+JXPJpAmlQrVarz6qHWlUvVYF9K5scA2ey/RFRL2ez/f31Y/j/Rm+2WCpXzt8qzU2P14+Vj0ZX9tbtYuFi47vC0ejK1NYvJeXn6wOb1gcjkmPgj3M9yXr/WKk4vrdDHbDJ4U35/zRXz38gJXzlh/SS/5Be8h/SS/5Desl/SC/5D+kl/yG95D+kl/yH9JL/kF7yH1Lp7WvXakt1tXH/+/id+bnJ0p0L44XyZP/U3Fj/WGl2pn+iVJpI7tmZ+qv3K5ZKM4MxPXc3XymUK/ny/MLNqdLcdOVmcl//zULXnvQKaMexUw8fZyJi6bWeZKk52KiTq7C/VauZ6PQ9yEBn5Do9AAEdY+oP0st3fGCbn+jdoLtVxczutwXYG9lONwDomHMnnP+DtDL/D+ll/h/SyzE+YP4f0sf8P6RXX4vnf/1r3bO7LkbEvyPi+1zXoeazvoD9IPtTpnH8f+7I2b7NtQczvyenCA5GxPuf3fj07milMnuptv2Xte2V+43tA51oP9CuZp428xgASK+V5cWx5rKXcZ9crV+EUIu72ljqNQcac5PdyTnK3pXMhmsVMrt07cLSvYj4X8TT5cWx5tKMUH/eef3MR+9Kbkv8443XTP0tkvYeSJ6bvjfxT6yL//918U/+478KpMPD2vhzcbvxL5vkdKzl38bxp2+Xrp1ojn+rW8a/7Nr4l2sx/p1qM8aV/DsrLePfizi5bfxmvO4k1ub4tbadazP+tx/9+qhVXfXz+vtsF7+pVspXpmby5fmFC8nvyE0UpgeHB4ZHhoaGRy7nkznqfHOmeqvHLz37Zqf+97aIv1P/a9teabP/f9z/+vzpHeK/fGb7z//4DvF7IuLVNuO/8eWP11vV1eKPt+h/dof4tW2Dbca/8eDJm23uCgDsgfL8wuRosViYVVBQUFgrdHpkAl6050nf6ZYAAAAAAAAAAAAA7dqLy4k73UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP3gzwAAAP//TX/YDQ==") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000001c0)={0x4, 0x58, 0x4, 0x0, 0x7, 0x9, 0xfffffffffffffffa, 0x17, 0x6}) quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f00000002c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000200)={0xffff, 0x5, 0x800077, 0x412, 0x6, 0x40006, 0x1000, 0xf67, 0x12}) 3.047304273s ago: executing program 3 (id=947): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmmsg$unix(r1, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 2.552335211s ago: executing program 3 (id=951): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, &(0x7f0000002140)=ANY=[@ANYBLOB="02020c"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.126009466s ago: executing program 2 (id=953): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f00000058c0)) 1.703652771s ago: executing program 2 (id=955): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='./file1\x00', 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f626172726965722c63726561746f723d5c5d07842c63726561746f723dbd3cfff52c6e6c733d63703433372c756d61736b3d30303030303030303030303030303030303030303033372c6e6f6465636f6d706f73652c00"], 0x1, 0x6a4, &(0x7f0000000cc0)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000040)=""/40, 0x28) getdents64(r0, 0xfffffffffffffffe, 0x29) 1.409760408s ago: executing program 2 (id=957): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvlan1\x00', 0x0}) sendto$packet(r0, &(0x7f00000001c0)="330520000a00160006007ef52f555f2ab34eb67eabe2dffebf30f8784f997bea54fefe7117599e7dae76f98691ffb71675553f", 0x33, 0x801, &(0x7f0000000000)={0x11, 0x8, r1, 0x1, 0x5f, 0x6, @local}, 0x14) 1.258426977s ago: executing program 2 (id=960): r0 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000380)={0xc, 0x8, 0x144, {&(0x7f0000001140)}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000500)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x1, @loopback, 0x100009}, {0xa, 0x4e22, 0xfffffffc, @mcast1}, r1}}, 0x48) 1.160428782s ago: executing program 0 (id=961): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 979.830133ms ago: executing program 2 (id=962): setresuid(0x0, 0xee00, 0x0) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='children\x00') syz_clone3(&(0x7f0000000080)={0x204901600, &(0x7f0000000040), 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) 880.770958ms ago: executing program 4 (id=963): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={0x0, 0xdff9}, 0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0x82, &(0x7f0000001200)=@assoc_value, 0x8) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) 708.933429ms ago: executing program 4 (id=964): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(r0, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="380000005304"], 0x38}, 0x1, 0x0, 0x0, 0x28040800}, 0xc000) 622.812034ms ago: executing program 2 (id=965): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x75, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x6, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x7, {0x7, 0x0, "392cdaab4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 542.897998ms ago: executing program 4 (id=966): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e21, 0x400d, @remote, 0xb5}, 0x1c) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 443.979014ms ago: executing program 4 (id=967): setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0x3f7ff, 0x4) r0 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x40045702, &(0x7f0000000000)) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x1, 0x7c, 0x3f6, 0x1, 0x1}) 341.8127ms ago: executing program 4 (id=968): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r0, 0xe0ffff, 0x19, 0x3) execveat(r0, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x100) 340.71987ms ago: executing program 3 (id=969): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/nf_conntrack_expect\x00') ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000080)=r1) 67.378976ms ago: executing program 3 (id=970): r0 = io_uring_setup(0x4c0c, &(0x7f0000000140)={0x0, 0xce39, 0x12, 0x2, 0x326}) r1 = eventfd2(0x6, 0x80800) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000340)=r1, 0x1) io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0) 38.079318ms ago: executing program 3 (id=971): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x0, @empty, 0xfffffff5}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000480)={&(0x7f00000001c0)={0xa, 0x4e24, 0x80001800, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000240)="a5", 0x1}], 0x1}, 0x24000001) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000180)={0x0, 0x7e84}, 0x8) 0s ago: executing program 4 (id=972): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000e00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r0}, 0xc) kernel console output (not intermixed with test programs): 218][ T48] veth0_macvtap: left promiscuous mode [ 100.607575][ T48] veth1_vlan: left promiscuous mode [ 100.614719][ T48] veth0_vlan: left promiscuous mode [ 100.727713][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 100.734969][ T8] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 100.751369][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.793933][ T8] pvrusb2: Hardware description: Terratec Grabster AV400 [ 100.819356][ T8] pvrusb2: ********** [ 100.824676][ T8] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 100.845457][ T8] pvrusb2: Important functionality might not be entirely working. [ 100.855087][ T8] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 100.873706][ T8] pvrusb2: ********** [ 101.017858][ T2320] pvrusb2: Invalid write control endpoint [ 101.154213][ T2320] pvrusb2: Invalid write control endpoint [ 101.169813][ T2320] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 101.183380][ T2320] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 101.193031][ T2320] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 101.206569][ T2320] pvrusb2: Device being rendered inoperable [ 101.228073][ T2320] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 101.239040][ T2320] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 101.247715][ T8] usb 4-1: USB disconnect, device number 3 [ 101.280115][ T2320] pvrusb2: Attached sub-driver cx25840 [ 101.298083][ T2320] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 101.311380][ T2320] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 101.562597][ T5775] Bluetooth: hci1: command tx timeout [ 101.604268][ T48] team0 (unregistering): Port device team_slave_1 removed [ 101.650533][ T48] team0 (unregistering): Port device team_slave_0 removed [ 101.693297][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.750204][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.240261][ T48] bond0 (unregistering): Released all slaves [ 102.252517][ T6062] loop3: detected capacity change from 0 to 32768 [ 102.307035][ T6062] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 102.441559][ T6062] XFS (loop3): Ending clean mount [ 102.447725][ T5981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.468626][ T5981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.493751][ T6062] XFS (loop3): Quotacheck needed: Please wait. [ 102.603396][ T5981] team0: Port device team_slave_0 added [ 102.620028][ T6062] XFS (loop3): Quotacheck: Done. [ 102.667052][ T5981] team0: Port device team_slave_1 added [ 102.778964][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.815469][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.864486][ T5771] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 102.898355][ T5981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.953632][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.962709][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.008201][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 103.051332][ T5981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.238110][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 103.249730][ T9] usb 1-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 103.270996][ T5981] hsr_slave_0: entered promiscuous mode [ 103.295559][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 103.304277][ T9] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 103.337597][ T5981] hsr_slave_1: entered promiscuous mode [ 103.346526][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.368941][ T5981] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.389566][ T9] usb 1-1: config 0 descriptor?? [ 103.403539][ T5981] Cannot create hsr debugfs directory [ 103.637767][ T5775] Bluetooth: hci1: command tx timeout [ 103.673122][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 103.715103][ T9] usbhid: probe of 1-1:0.0 failed with error -71 [ 103.762738][ T9] usb 1-1: USB disconnect, device number 2 [ 104.429203][ T6106] loop3: detected capacity change from 0 to 512 [ 104.556744][ T6106] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.642717][ T6106] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 104.662545][ T5981] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 104.689505][ T5981] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 104.742355][ T5981] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 104.768237][ T6106] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.73: bg 0: block 217: padding at end of block bitmap is not set [ 104.797097][ T5981] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 104.811854][ T6106] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 104.935248][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.132420][ T5981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.184542][ T5981] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.207330][ T6100] loop1: detected capacity change from 0 to 32768 [ 105.248050][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.255656][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.324431][ T6100] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 105.356997][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.365443][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.444254][ T6100] JBD2: Ignoring recovery information on journal [ 105.628025][ T6112] loop0: detected capacity change from 0 to 32768 [ 105.687281][ T6100] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 105.715493][ T5775] Bluetooth: hci1: command tx timeout [ 105.766660][ T6112] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 106.084333][ T6112] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 106.158382][ T6112] XFS (loop0): Starting recovery (logdev: internal) [ 106.209605][ T6112] XFS (loop0): Ending recovery (logdev: internal) [ 106.269277][ T6100] syz.1.72 (6100) used greatest stack depth: 19216 bytes left [ 106.282303][ T6112] XFS (loop0): Quotacheck needed: Please wait. [ 106.307136][ T5981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.312876][ T6112] XFS (loop0): Quotacheck: Done. [ 106.402582][ T5772] ocfs2: Unmounting device (7,1) on (node local) [ 106.491016][ T5981] veth0_vlan: entered promiscuous mode [ 106.557694][ T5981] veth1_vlan: entered promiscuous mode [ 106.683191][ T5981] veth0_macvtap: entered promiscuous mode [ 106.723699][ T5981] veth1_macvtap: entered promiscuous mode [ 106.793582][ T5981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.835817][ T5981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.860914][ T5981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.890586][ T5981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.925362][ T5981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.952901][ T5981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.991346][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.037098][ T5981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.075371][ T5981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.107437][ T5767] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 107.139840][ T5981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.154741][ T5981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.180554][ T5981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.197123][ T5981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.212368][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.234212][ T5981] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.250109][ T5981] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.261422][ T5981] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.274866][ T5981] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.632637][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.673905][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.708734][ T27] kernel write not supported for file /amidi2 (pid: 27 comm: kworker/1:1) [ 107.789365][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.829491][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.843366][ T28] audit: type=1326 audit(1770728616.318:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 107.928239][ T28] audit: type=1326 audit(1770728616.318:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 107.929371][ T5757] kernel read not supported for file /video37 (pid: 5757 comm: kworker/1:3) [ 108.015512][ T28] audit: type=1326 audit(1770728616.318:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.113548][ T6197] loop3: detected capacity change from 0 to 512 [ 108.135397][ T28] audit: type=1326 audit(1770728616.368:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.161555][ T6197] EXT4-fs: Ignoring removed nomblk_io_submit option [ 108.213835][ T28] audit: type=1326 audit(1770728616.368:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.247422][ T28] audit: type=1326 audit(1770728616.368:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.311422][ T28] audit: type=1326 audit(1770728616.368:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.430432][ T28] audit: type=1326 audit(1770728616.368:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.454326][ T28] audit: type=1326 audit(1770728616.368:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.478497][ T6197] EXT4-fs error (device loop3): ext4_iget_extra_inode:4732: inode #15: comm syz.3.90: corrupted in-inode xattr: e_value size too large [ 108.482837][ T28] audit: type=1326 audit(1770728616.388:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.0.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 108.549913][ T6197] EXT4-fs (loop3): Remounting filesystem read-only [ 108.559933][ T6197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.777088][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.915182][ T6220] loop1: detected capacity change from 0 to 2048 [ 109.007671][ T6225] loop0: detected capacity change from 0 to 1024 [ 109.028434][ T6220] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.046255][ T6225] EXT4-fs: Ignoring removed nobh option [ 109.091858][ T6225] EXT4-fs: Ignoring removed bh option [ 109.132392][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.180632][ T6233] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.226995][ T6225] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 109.369671][ T6225] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.460616][ T6241] capability: warning: `syz.1.100' uses 32-bit capabilities (legacy support in use) [ 109.528774][ T6241] program syz.1.100 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.569031][ T6225] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4047: comm syz.0.98: Allocating blocks 417-513 which overlap fs metadata [ 109.637659][ T6248] EXT4-fs (loop0): pa ffff888076e33828: logic 15984, phys. 113, len 25 [ 109.647357][ T6248] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5388: group 0, free 19, pa_free 25 [ 109.688891][ T6250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.103'. [ 109.752115][ T6252] netlink: 96 bytes leftover after parsing attributes in process `syz.2.104'. [ 109.794967][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.329029][ T6275] loop1: detected capacity change from 0 to 16 [ 110.408192][ T6275] erofs: (device loop1): mounted with root inode @ nid 36. [ 110.554503][ T6280] loop2: detected capacity change from 0 to 1024 [ 110.591061][ T6275] capability: warning: `syz.1.111' uses deprecated v2 capabilities in a way that may be insecure [ 110.660639][ T6280] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 110.785580][ T6280] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.863569][ T6280] EXT4-fs (loop2): Online resizing not supported with bigalloc [ 111.086930][ T5981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 111.469221][ T6307] netlink: 8 bytes leftover after parsing attributes in process `syz.3.119'. [ 111.527602][ T6307] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.539472][ T6307] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.847786][ T6318] loop0: detected capacity change from 0 to 128 [ 112.456154][ T6311] loop2: detected capacity change from 0 to 32768 [ 112.502799][ T6311] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 112.625808][ T6311] XFS (loop2): Ending clean mount [ 112.868406][ T6356] loop3: detected capacity change from 0 to 128 [ 112.896143][ T5981] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 113.214487][ T6362] Bluetooth: MGMT ver 1.22 [ 113.382394][ T6367] netlink: 28 bytes leftover after parsing attributes in process `syz.3.136'. [ 113.480806][ T6370] loop1: detected capacity change from 0 to 1024 [ 113.682232][ T3493] hfsplus: b-tree write err: -5, ino 4 [ 113.893578][ T6380] loop0: detected capacity change from 0 to 4096 [ 113.927496][ T6380] __ntfs_warning: 8 callbacks suppressed [ 113.927511][ T6380] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 114.034079][ T6380] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 114.078514][ T6380] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 114.156876][ T6380] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 114.211533][ T6380] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 114.262032][ T6380] ntfs: (device loop0): check_mft_mirror(): Failed to read $MFTMirr. [ 114.273844][ T6380] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 114.304112][ T6380] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 114.375432][ T6380] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 114.425926][ T6380] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 114.492237][ T6380] ntfs: volume version 3.1. [ 115.377185][ T6425] program syz.2.159 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 115.835654][ T5852] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 115.904453][ T6443] loop2: detected capacity change from 0 to 512 [ 116.048681][ T5852] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 116.070086][ T5852] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 116.103392][ T5852] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 116.146790][ T5852] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 116.180237][ T5852] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 116.234036][ T5852] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 116.244565][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 116.285495][ T5852] usb 2-1: Product: syz [ 116.290025][ T5852] usb 2-1: Manufacturer: syz [ 116.320867][ T5852] cdc_wdm 2-1:1.0: skipping garbage [ 116.327552][ T5852] cdc_wdm 2-1:1.0: skipping garbage [ 116.352503][ T5852] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 116.365919][ T5852] cdc_wdm 2-1:1.0: Unknown control protocol [ 116.557484][ T6459] option changes via remount are deprecated (pid=6457 comm=syz.2.174) [ 116.575359][ T6459] cgroup: option or name mismatch, new: 0x0 "nofavordynmods", old: 0x0 "" [ 116.685745][ T2132] usb 2-1: USB disconnect, device number 3 [ 116.685750][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 116.701014][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 116.707318][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 116.858142][ T6469] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.868095][ T6469] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.879110][ T6469] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.885809][ T5852] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 116.888747][ T6469] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.906145][ T6469] vxlan0: entered promiscuous mode [ 116.911422][ T6469] vxlan0: entered allmulticast mode [ 116.923454][ T6472] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 116.923454][ T6472] The task syz.2.180 (6472) triggered the difference, watch for misbehavior. [ 117.076684][ T5852] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 117.087621][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.098671][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.112518][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.122250][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.132231][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.143788][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.151995][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.162094][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.173609][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.183283][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.193043][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.206377][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.214450][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.224199][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.240037][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.248934][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.258794][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.269874][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.277051][ T8] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 117.287479][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.297211][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.309591][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.318994][ T5852] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.330028][ T5852] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.342345][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.353546][ T5852] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 117.363792][ T5852] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 117.373744][ T5852] usb 4-1: Product: syz [ 117.378718][ T5852] usb 4-1: Manufacturer: syz [ 117.383604][ T5852] usb 4-1: SerialNumber: syz [ 117.391778][ T5852] usb 4-1: config 0 descriptor?? [ 117.404463][ T5852] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 117.468094][ T8] usb 1-1: unable to get BOS descriptor set [ 117.496938][ T8] usb 1-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 117.510803][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 117.525090][ T8] usb 1-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 117.543597][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 117.563546][ T8] usb 1-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 117.582405][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 117.602716][ T8] usb 1-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 117.637396][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 117.663074][ T8] usb 1-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 117.686252][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 117.728537][ T8] usb 1-1: string descriptor 0 read error: -22 [ 117.745773][ T8] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 117.760705][ C0] usb 4-1: yurex_control_callback - control failed: -71 [ 117.771202][ T5852] usb 4-1: USB disconnect, device number 4 [ 117.786892][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.805705][ T5852] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 117.822471][ T8] usb 1-1: invalid UAC_HEADER (v1) [ 117.947313][ T8] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 118.106788][ T5757] usb 1-1: USB disconnect, device number 3 [ 118.235139][ T6483] loop2: detected capacity change from 0 to 32768 [ 118.260356][ T6483] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.185 (6483) [ 118.325672][ T6483] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 118.337748][ T6483] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 118.349646][ T6483] BTRFS info (device loop2): turning off barriers [ 118.358206][ T6483] BTRFS info (device loop2): setting nodatasum [ 118.366223][ T6483] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 118.376455][ T6483] BTRFS info (device loop2): use zstd compression, level 3 [ 118.385225][ T6483] BTRFS info (device loop2): using free space tree [ 118.787598][ T5981] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 118.809888][ T6506] netlink: 32 bytes leftover after parsing attributes in process `syz.1.189'. [ 119.208619][ T6518] netlink: 32 bytes leftover after parsing attributes in process `syz.1.195'. [ 119.225562][ T6520] process 'syz.0.196' launched './file0' with NULL argv: empty string added [ 119.529063][ T6528] loop0: detected capacity change from 0 to 1024 [ 119.596905][ T6528] hfsplus: bad catalog entry type [ 119.694497][ T62] hfsplus: b-tree write err: -5, ino 4 [ 120.122728][ T6548] loop0: detected capacity change from 0 to 2048 [ 120.185522][ T6548] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 120.307028][ T6550] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 120.308759][ T6548] bio_check_eod: 23 callbacks suppressed [ 120.308775][ T6548] syz.0.206: attempt to access beyond end of device [ 120.308775][ T6548] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 120.688938][ T6562] loop3: detected capacity change from 0 to 1024 [ 120.806316][ T6562] hfsplus: bad catalog entry type [ 120.890833][ T62] hfsplus: b-tree write err: -5, ino 4 [ 121.196863][ T6578] input: syz1 as /devices/virtual/input/input7 [ 121.807563][ T6581] loop2: detected capacity change from 0 to 32768 [ 121.855748][ T6581] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.219 (6581) [ 121.920626][ T6581] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 121.987133][ T6581] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 122.012247][ T6581] BTRFS info (device loop2): metadata ratio 2 [ 122.034909][ T6581] BTRFS info (device loop2): allowing degraded mounts [ 122.067412][ T6581] BTRFS info (device loop2): force zlib compression, level 3 [ 122.098968][ T6581] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 122.132052][ T6581] BTRFS info (device loop2): use zstd compression, level 3 [ 122.158453][ T6581] BTRFS info (device loop2): force clearing of disk cache [ 122.205360][ T6581] BTRFS info (device loop2): turning on flush-on-commit [ 122.236886][ T6581] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 122.295432][ T6581] BTRFS info (device loop2): trying to use backup root at mount time [ 122.345962][ T6581] BTRFS info (device loop2): using free space tree [ 122.552236][ T6581] BTRFS info (device loop2): enabling ssd optimizations [ 122.615848][ T6581] BTRFS info (device loop2): rebuilding free space tree [ 122.826303][ T6637] loop0: detected capacity change from 0 to 2048 [ 122.920191][ T6637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.171830][ T5981] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 123.213811][ T12] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 123.318364][ T12] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 123.357443][ T12] EXT4-fs (loop0): This should not happen!! Data will be lost [ 123.357443][ T12] [ 123.410748][ T12] EXT4-fs (loop0): Total free blocks count 0 [ 123.437206][ T12] EXT4-fs (loop0): Free/Dirty block details [ 123.443383][ T12] EXT4-fs (loop0): free_blocks=4096 [ 123.465620][ T12] EXT4-fs (loop0): dirty_blocks=32 [ 123.485423][ T12] EXT4-fs (loop0): Block reservation details [ 123.505392][ T12] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 123.514812][ T12] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2 with error 28 [ 123.551148][ T6655] tap0: tun_chr_ioctl cmd 1074812118 [ 123.909599][ T5761] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 11 /dev/loop2 scanned by udevd (5761) [ 124.387628][ T6678] loop2: detected capacity change from 0 to 64 [ 124.440694][ T6678] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 124.710746][ T6661] loop1: detected capacity change from 0 to 32768 [ 124.786866][ T6661] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 124.797787][ T6661] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 125.022195][ T6692] loop0: detected capacity change from 0 to 4096 [ 125.046917][ T6692] __ntfs_warning: 10 callbacks suppressed [ 125.046932][ T6692] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 125.075364][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.099452][ T6661] XFS (loop1): Ending clean mount [ 125.117508][ T6692] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 125.143855][ T6661] XFS (loop1): Quotacheck needed: Please wait. [ 125.169840][ T6676] loop3: detected capacity change from 0 to 32768 [ 125.187714][ T6692] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 125.202206][ T6692] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 125.224146][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.234999][ T6676] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.252 (6676) [ 125.262246][ T6692] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 125.299954][ T6661] XFS (loop1): Quotacheck: Done. [ 125.308095][ T6676] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 125.363663][ T6692] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 125.397184][ T6676] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 125.455575][ T6676] BTRFS info (device loop3): using free space tree [ 125.477687][ T6692] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 125.537318][ T6692] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 125.663675][ T6692] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 125.763468][ T6676] BTRFS info (device loop3): enabling ssd optimizations [ 125.775500][ T6692] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 125.827955][ T6676] BTRFS info (device loop3): auto enabling async discard [ 125.840743][ T6692] ntfs: volume version 3.1. [ 126.038191][ T5772] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 126.184304][ T5771] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 126.591428][ T6698] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 10 /dev/loop3 scanned by udevd (6698) [ 126.905522][ T5852] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 127.126226][ T5852] usb 1-1: Using ep0 maxpacket: 8 [ 127.170099][ T5852] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 127.200289][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.259665][ T5852] usb 1-1: Product: syz [ 127.275944][ T5852] usb 1-1: Manufacturer: syz [ 127.281816][ T5852] usb 1-1: SerialNumber: syz [ 127.338819][ T5852] usb 1-1: config 0 descriptor?? [ 127.353524][ T5852] gspca_main: se401-2.14.0 probing 047d:5003 [ 127.984773][ T6739] netlink: 'syz.2.267': attribute type 3 has an invalid length. [ 127.996437][ T5852] usb 1-1: reset high-speed USB device number 4 using dummy_hcd [ 128.359545][ T6749] loop3: detected capacity change from 0 to 2048 [ 128.707583][ T5852] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 128.770354][ T5852] se401: probe of 1-1:0.0 failed with error -71 [ 128.825867][ T5852] usb 1-1: USB disconnect, device number 4 [ 128.838920][ T6759] kvm_intel: kvm [6758]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x401e04ee [ 129.407220][ T27] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 129.615425][ T27] usb 3-1: Using ep0 maxpacket: 8 [ 129.637839][ T27] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 129.676003][ T27] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 129.705719][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.738441][ T27] usb 3-1: Product: syz [ 129.743824][ T27] usb 3-1: Manufacturer: syz [ 129.771967][ T27] usb 3-1: SerialNumber: syz [ 129.808197][ T27] usb 3-1: config 0 descriptor?? [ 129.822371][ T27] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 129.852947][ T27] usb 3-1: setting power ON [ 129.883851][ T27] dvb-usb: bulk message failed: -22 (2/0) [ 129.928403][ T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 129.964907][ T6793] loop0: detected capacity change from 0 to 512 [ 129.978135][ T27] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 129.989615][ T27] usb 3-1: media controller created [ 130.023206][ T6793] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 130.074127][ T6771] dvb-usb: bulk message failed: -22 (3/0) [ 130.091146][ T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 130.112344][ T6771] dvb-usb: bulk message failed: -22 (4/0) [ 130.137277][ T6771] cxusb: i2c read failed [ 130.156315][ T6793] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 130.168848][ T6771] cxusb: i2c rd: len=81 is too big! [ 130.168848][ T6771] [ 130.180984][ T6793] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.212159][ T6793] __quota_error: 10 callbacks suppressed [ 130.212179][ T6793] Quota error (device loop0): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 130.235377][ T27] usb 3-1: selecting invalid altsetting 6 [ 130.241647][ T27] usb 3-1: digital interface selection failed (-22) [ 130.248796][ T27] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 130.252582][ T6793] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 130.259351][ T27] usb 3-1: setting power OFF [ 130.275150][ T27] dvb-usb: bulk message failed: -22 (2/0) [ 130.305351][ T27] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 130.321905][ T27] (NULL device *): no alternate interface [ 130.364090][ T27] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 130.374490][ T6793] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.285: Failed to acquire dquot type 0 [ 130.399260][ T27] usb 3-1: USB disconnect, device number 2 [ 130.502553][ T6803] Quota error (device loop0): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 130.550063][ T6803] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 130.596221][ T6803] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.285: Failed to acquire dquot type 0 [ 130.669761][ T6788] loop3: detected capacity change from 0 to 32768 [ 130.714526][ T6788] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.283 (6788) [ 130.778499][ T6788] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 130.812280][ T6788] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 130.815063][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 130.823429][ T6788] BTRFS info (device loop3): using free space tree [ 130.983113][ T6788] BTRFS info (device loop3): enabling ssd optimizations [ 131.015444][ T6788] BTRFS info (device loop3): auto enabling async discard [ 131.054385][ T6829] loop0: detected capacity change from 0 to 256 [ 131.471005][ T6840] loop2: detected capacity change from 0 to 512 [ 131.504562][ T5771] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 131.549591][ T6840] FAT-fs (loop2): bogus number of FAT sectors [ 131.603396][ T6840] FAT-fs (loop2): Can't find a valid FAT filesystem [ 131.951817][ T6847] netlink: 12 bytes leftover after parsing attributes in process `syz.3.293'. [ 131.983244][ T6847] netlink: 12 bytes leftover after parsing attributes in process `syz.3.293'. [ 132.001675][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.727210][ T6832] loop1: detected capacity change from 0 to 32768 [ 132.822857][ T6832] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 132.832763][ T6832] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 132.836045][ T6841] loop0: detected capacity change from 0 to 32768 [ 132.941533][ T6832] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 132.996965][ T6841] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 133.092571][ T6832] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 133.158173][ T6841] XFS (loop0): Ending clean mount [ 133.325689][ T6881] loop3: detected capacity change from 0 to 1024 [ 133.403301][ T5767] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 133.936625][ T6886] loop1: detected capacity change from 0 to 64 [ 133.990702][ T6891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.307'. [ 134.046067][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.062509][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.148003][ T6893] input: syz0 as /devices/virtual/input/input8 [ 134.363072][ T6901] loop0: detected capacity change from 0 to 512 [ 134.374328][ T6901] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 134.971693][ T6897] loop2: detected capacity change from 0 to 40427 [ 134.995799][ T6914] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.030732][ T6897] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 135.059456][ T6897] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 135.126529][ T6897] F2FS-fs (loop2): invalid crc value [ 135.172109][ T6897] F2FS-fs (loop2): Found nat_bits in checkpoint [ 135.362228][ T6897] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 135.380532][ T6897] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 135.464821][ T28] audit: type=1800 audit(1770728643.938:21): pid=6897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.310" name="bus" dev="loop2" ino=10 res=0 errno=0 [ 135.524804][ T6897] Invalid ELF header magic: != ELF [ 136.287003][ T6931] loop1: detected capacity change from 0 to 40427 [ 136.304638][ T6931] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 136.323623][ T6931] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 136.365414][ T6931] F2FS-fs (loop1): Found nat_bits in checkpoint [ 136.484093][ T6931] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 136.505697][ T6931] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 136.529782][ T6951] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 136.757155][ T5772] syz-executor: attempt to access beyond end of device [ 136.757155][ T5772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 136.793918][ T5772] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 137.112744][ T6963] loop2: detected capacity change from 0 to 1024 [ 137.169034][ T6963] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 137.192323][ T6963] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.438700][ T5981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 137.647658][ T6959] loop0: detected capacity change from 0 to 32768 [ 137.669540][ T6959] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 11 [ 137.824000][ T6698] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 11 [ 137.928462][ T6987] vcan0: tx drop: invalid da for name 0x00000000000000f0 [ 138.003250][ T6991] netlink: 16 bytes leftover after parsing attributes in process `syz.3.343'. [ 138.385616][ T2132] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 138.577807][ T7000] loop1: detected capacity change from 0 to 40427 [ 138.592521][ T7000] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 138.595544][ T2132] usb 1-1: Using ep0 maxpacket: 16 [ 138.601849][ T7000] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 138.620311][ T2132] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.631999][ T7000] F2FS-fs (loop1): heap/no_heap options were deprecated [ 138.639901][ T2132] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 138.653277][ T7000] F2FS-fs (loop1): invalid crc value [ 138.659171][ T2132] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 138.670191][ T2132] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 138.682128][ T2132] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.699261][ T2132] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 138.709324][ T2132] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 138.719130][ T2132] usb 1-1: Manufacturer: syz [ 138.727516][ T7000] F2FS-fs (loop1): Found nat_bits in checkpoint [ 138.746398][ T2132] usb 1-1: config 0 descriptor?? [ 138.749276][ T27] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 138.812902][ T7000] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 138.826246][ T7000] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 138.972919][ T5772] syz-executor: attempt to access beyond end of device [ 138.972919][ T5772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 139.001835][ T5772] F2FS-fs (loop1): Remounting filesystem read-only [ 139.002499][ T27] usb 4-1: Using ep0 maxpacket: 32 [ 139.033260][ T27] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 139.052325][ T27] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 139.069617][ T27] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 139.082993][ T27] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 139.106107][ T27] usb 4-1: config 0 interface 0 has no altsetting 0 [ 139.118409][ T27] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 139.143520][ T27] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 139.145532][ T2132] rc_core: IR keymap rc-hauppauge not found [ 139.160786][ T27] usb 4-1: Product: syz [ 139.168442][ T27] usb 4-1: Manufacturer: syz [ 139.174319][ T27] usb 4-1: SerialNumber: syz [ 139.190947][ T2132] Registered IR keymap rc-empty [ 139.204744][ T27] usb 4-1: config 0 descriptor?? [ 139.208182][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.224667][ T27] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 139.255928][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.261467][ T27] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 139.292756][ T2132] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 139.342681][ T2132] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input9 [ 139.413658][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.455557][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.510960][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.556294][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.595551][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.641444][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.673310][ T7017] loop1: detected capacity change from 0 to 512 [ 139.688632][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.727399][ T7017] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.350: invalid indirect mapped block 256 (level 2) [ 139.745476][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.766078][ T7017] EXT4-fs (loop1): 2 truncates cleaned up [ 139.780321][ T7017] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.803180][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.832229][ T9] usb 4-1: USB disconnect, device number 5 [ 139.860028][ T9] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 139.886175][ T2132] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 139.889139][ T7019] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.350: bg 0: block 5: invalid block bitmap [ 139.947578][ T2132] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 139.958127][ T2132] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 139.982453][ T2132] usb 1-1: USB disconnect, device number 5 [ 140.164521][ T12] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 140.179824][ T12] EXT4-fs (loop1): This should not happen!! Data will be lost [ 140.179824][ T12] [ 140.193101][ T12] EXT4-fs (loop1): Total free blocks count 0 [ 140.201374][ T12] EXT4-fs (loop1): Free/Dirty block details [ 140.214694][ T12] EXT4-fs (loop1): free_blocks=0 [ 140.224240][ T12] EXT4-fs (loop1): dirty_blocks=753 [ 140.235182][ T12] EXT4-fs (loop1): Block reservation details [ 140.259591][ T12] EXT4-fs (loop1): i_reserved_data_blocks=753 [ 140.275059][ T12] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 752 with error 28 [ 140.481838][ T7024] netlink: 178584 bytes leftover after parsing attributes in process `syz.0.354'. [ 140.510961][ T7024] netlink: zone id is out of range [ 140.525630][ T7024] netlink: zone id is out of range [ 140.545422][ T7024] netlink: zone id is out of range [ 140.562645][ T7024] netlink: zone id is out of range [ 140.585534][ T7024] netlink: zone id is out of range [ 140.603330][ T7024] netlink: zone id is out of range [ 140.631770][ T7024] netlink: zone id is out of range [ 140.654849][ T7024] netlink: zone id is out of range [ 140.664992][ T7024] netlink: zone id is out of range [ 140.681215][ T7024] netlink: zone id is out of range [ 140.738259][ T7032] syz.2.357 uses obsolete (PF_INET,SOCK_PACKET) [ 140.873764][ T7034] loop3: detected capacity change from 0 to 512 [ 140.892466][ T7034] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 140.943173][ T7034] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.359: couldn't read orphan inode 26 (err -116) [ 141.025593][ T7041] loop1: detected capacity change from 0 to 512 [ 141.041144][ T7041] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 141.068066][ T7034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.088677][ T7034] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.135003][ T7034] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.359: iget: bad i_size value: 360287970189639690 [ 141.253434][ T7034] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 141.308930][ T7044] loop2: detected capacity change from 0 to 1024 [ 141.345125][ T7044] EXT4-fs: Ignoring removed nobh option [ 141.372511][ T7044] EXT4-fs: Ignoring removed bh option [ 141.382980][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.412394][ T7044] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 141.523126][ T7044] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.703686][ T7044] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4047: comm syz.2.362: Allocating blocks 417-513 which overlap fs metadata [ 141.735545][ T7044] EXT4-fs (loop2): pa ffff888076e33828: logic 15984, phys. 113, len 25 [ 141.745850][ T7044] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5388: group 0, free 19, pa_free 25 [ 141.903882][ T5981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.477940][ T27] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 142.549056][ T5775] Bluetooth: hci1: link tx timeout [ 142.557900][ T5775] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 142.687992][ T27] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 142.737259][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.771818][ T27] usb 3-1: config 0 descriptor?? [ 142.807953][ T27] cp210x 3-1:0.0: cp210x converter detected [ 142.834217][ T7062] loop0: detected capacity change from 0 to 32768 [ 142.926871][ T7062] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 142.973055][ T7062] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 143.231781][ T27] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 143.286620][ T7062] XFS (loop0): Ending clean mount [ 143.322239][ T27] usb 3-1: cp210x converter now attached to ttyUSB0 [ 143.334561][ T7062] XFS (loop0): Quotacheck needed: Please wait. [ 143.452429][ T7062] XFS (loop0): Quotacheck: Done. [ 143.475617][ T27] usb 3-1: USB disconnect, device number 3 [ 143.523943][ T27] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 143.552970][ T27] cp210x 3-1:0.0: device disconnected [ 143.843390][ T5767] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.027150][ T7110] loop1: detected capacity change from 0 to 4096 [ 144.035049][ T7110] ntfs3: Unknown parameter 'windowv_names' [ 144.100644][ T6698] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 144.596043][ T5082] Bluetooth: hci1: command 0x0406 tx timeout [ 144.668926][ T7137] loop3: detected capacity change from 0 to 128 [ 144.941260][ T7137] syz.3.389: attempt to access beyond end of device [ 144.941260][ T7137] loop3: rw=2049, sector=169, nr_sectors = 872 limit=128 [ 145.345540][ T7156] netlink: 176 bytes leftover after parsing attributes in process `syz.2.395'. [ 145.603672][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.0.398'. [ 145.610510][ T7162] loop2: detected capacity change from 0 to 1024 [ 145.664257][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.0.398'. [ 146.117663][ T7172] loop3: detected capacity change from 0 to 8192 [ 146.271737][ T7185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.406'. [ 146.283637][ T7185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.406'. [ 146.305887][ T7185] netlink: 40 bytes leftover after parsing attributes in process `syz.1.406'. [ 146.610334][ T7193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.410'. [ 146.626604][ T7197] netlink: 'syz.2.411': attribute type 3 has an invalid length. [ 147.857537][ T788] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 147.896439][ T7241] loop3: detected capacity change from 0 to 256 [ 148.078859][ T788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.102381][ T788] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 148.114565][ T7247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.434'. [ 148.125174][ T788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.226499][ T788] usb 2-1: config 0 descriptor?? [ 148.557087][ T7261] netlink: 'syz.0.442': attribute type 11 has an invalid length. [ 148.605070][ T7265] loop3: detected capacity change from 0 to 512 [ 148.722200][ T7230] loop1: detected capacity change from 0 to 1024 [ 148.803122][ T7230] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 148.921342][ T788] cherry 0003:046A:0023.0001: unbalanced delimiter at end of report description [ 148.933465][ T788] cherry: probe of 0003:046A:0023.0001 failed with error -22 [ 149.084721][ T7271] loop2: detected capacity change from 0 to 4096 [ 149.147060][ T7271] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 149.183510][ T2132] usb 2-1: USB disconnect, device number 4 [ 149.369199][ T7271] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 149.795198][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.883826][ T7292] netlink: 12 bytes leftover after parsing attributes in process `syz.3.457'. [ 150.213627][ T7300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.459'. [ 150.603059][ T7310] loop0: detected capacity change from 0 to 128 [ 150.730582][ T7310] syz.0.463: attempt to access beyond end of device [ 150.730582][ T7310] loop0: rw=2049, sector=145, nr_sectors = 57 limit=128 [ 150.796435][ T7296] loop1: detected capacity change from 0 to 32768 [ 150.892227][ T7296] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 150.950052][ T7321] loop3: detected capacity change from 0 to 128 [ 150.979906][ T7321] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 151.011222][ T7321] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 151.025590][ T7296] XFS (loop1): Ending clean mount [ 151.038892][ T7296] XFS (loop1): Quotacheck needed: Please wait. [ 151.178099][ T7296] XFS (loop1): Quotacheck: Done. [ 151.305375][ T28] audit: type=1800 audit(1770728659.778:22): pid=7296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.455" name="file1" dev="loop1" ino=6150 res=0 errno=0 [ 151.490535][ T5772] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 152.105386][ T5803] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 152.263381][ T7350] mmap: syz.3.476 (7350) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 152.325387][ T5803] usb 3-1: Using ep0 maxpacket: 8 [ 152.330663][ T27] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 152.374481][ T5803] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 152.385358][ T5803] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.415590][ T5803] usb 3-1: config 0 has no interface number 0 [ 152.428326][ T7352] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.435945][ T7352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.443957][ T7352] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.452533][ T7352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.466844][ T5803] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 152.483094][ T5803] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.515666][ T5803] usb 3-1: Product: syz [ 152.526930][ T5803] usb 3-1: Manufacturer: syz [ 152.532400][ T5803] usb 3-1: SerialNumber: syz [ 152.542005][ T7352] net_ratelimit: 52 callbacks suppressed [ 152.542013][ T7352] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 152.575367][ T27] usb 1-1: Using ep0 maxpacket: 32 [ 152.588800][ T5803] usb 3-1: config 0 descriptor?? [ 152.597620][ T27] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 152.620199][ T27] usb 1-1: config 0 has no interface number 0 [ 152.648521][ T27] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 152.674365][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.689817][ T27] usb 1-1: Product: syz [ 152.695112][ T27] usb 1-1: Manufacturer: syz [ 152.705899][ T27] usb 1-1: SerialNumber: syz [ 152.727640][ T27] usb 1-1: config 0 descriptor?? [ 152.743790][ T27] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 152.756595][ T7355] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 152.895848][ T5757] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 152.977619][ T27] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 152.993549][ T5803] usb 3-1: USB disconnect, device number 4 [ 153.016017][ T27] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 153.126231][ T5757] usb 2-1: Using ep0 maxpacket: 8 [ 153.143421][ T5757] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 153.191484][ T5757] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 153.205353][ T5757] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.215476][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 153.225997][ T5757] usb 2-1: Product: syz [ 153.230683][ T5757] usb 2-1: Manufacturer: syz [ 153.247856][ T5757] usb 2-1: SerialNumber: syz [ 153.267787][ T5757] usb 2-1: config 0 descriptor?? [ 153.290483][ T5757] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 153.305672][ T5757] usb 2-1: setting power ON [ 153.315871][ T5757] dvb-usb: bulk message failed: -22 (2/0) [ 153.335865][ T5757] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 153.366336][ T5757] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 153.379612][ T5757] usb 2-1: media controller created [ 153.427368][ T8] usb 4-1: config 0 has no interfaces? [ 153.441668][ T5757] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 153.442842][ T8] usb 4-1: New USB device found, idVendor=0919, idProduct=3333, bcdDevice= 0.40 [ 153.456389][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 153.472166][ T5803] usb 1-1: USB disconnect, device number 6 [ 153.491572][ T5803] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 153.505697][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.538094][ T7357] dvb-usb: bulk message failed: -22 (3/0) [ 153.545163][ T5803] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 153.559255][ T8] usb 4-1: config 0 descriptor?? [ 153.566513][ T7357] cxusb: i2c rd: len=4096 is too big! [ 153.566513][ T7357] [ 153.574428][ T5757] usb 2-1: selecting invalid altsetting 6 [ 153.591633][ T5803] quatech2 1-1:0.51: device disconnected [ 153.605450][ T5757] usb 2-1: digital interface selection failed (-22) [ 153.612721][ T5757] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 153.627677][ T7360] dvb-usb: bulk message failed: -22 (3/0) [ 153.641590][ T5757] usb 2-1: setting power OFF [ 153.668132][ T7360] dvb-usb: bulk message failed: -22 (3/0) [ 153.689203][ T5757] dvb-usb: bulk message failed: -22 (2/0) [ 153.701157][ T5757] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 153.728124][ T5757] (NULL device *): no alternate interface [ 153.788383][ T5757] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 153.850912][ T5757] usb 2-1: USB disconnect, device number 5 [ 153.868775][ T7359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.913571][ T7359] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.973820][ T8] usb 4-1: USB disconnect, device number 6 [ 154.079361][ T7364] loop2: detected capacity change from 0 to 512 [ 154.203295][ T7364] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.270321][ T7364] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.545464][ T8] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 154.581838][ T5981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.728517][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 154.775444][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 4 [ 154.837833][ T8] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 154.870642][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.870667][ T8] usb 4-1: Product: syz [ 154.870681][ T8] usb 4-1: Manufacturer: syz [ 154.870693][ T8] usb 4-1: SerialNumber: syz [ 154.936387][ T8] usb 4-1: config 0 descriptor?? [ 154.950615][ T8] hub 4-1:0.0: bad descriptor, ignoring hub [ 154.950645][ T8] hub: probe of 4-1:0.0 failed with error -5 [ 155.125492][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 155.292744][ T8] usb 4-1: USB disconnect, device number 7 [ 155.356874][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 155.408217][ T9] usb 2-1: config 0 has an invalid interface number: 126 but max is 0 [ 155.430106][ T5762] udevd[5762]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 155.458545][ T9] usb 2-1: config 0 has no interface number 0 [ 155.489191][ T9] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 155.555414][ T9] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 155.596319][ T9] usb 2-1: config 0 interface 126 has no altsetting 0 [ 155.648741][ T9] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 155.665398][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.694676][ T9] usb 2-1: Product: syz [ 155.703544][ T9] usb 2-1: Manufacturer: syz [ 155.725420][ T9] usb 2-1: SerialNumber: syz [ 155.756492][ T9] usb 2-1: config 0 descriptor?? [ 155.773535][ T7378] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 155.815761][ T7378] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 155.960104][ T7391] loop0: detected capacity change from 0 to 4096 [ 156.049529][ T7391] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.209962][ T7396] loop3: detected capacity change from 0 to 256 [ 156.302978][ T7396] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 156.351732][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.372000][ T9] ir_usb 2-1:0.126: IR Dongle converter detected [ 156.565104][ T7393] loop2: detected capacity change from 0 to 32768 [ 156.573073][ T9] usb 2-1: IRDA class descriptor not found, device not bound [ 156.832902][ T9] usb 2-1: USB disconnect, device number 6 [ 157.004907][ T7406] loop0: detected capacity change from 0 to 8192 [ 157.900971][ T7420] loop2: detected capacity change from 0 to 32768 [ 157.942552][ T7420] JBD2: Ignoring recovery information on journal [ 158.043281][ T7420] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 158.195491][ T7426] loop0: detected capacity change from 0 to 32768 [ 158.217331][ T7426] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.508 (7426) [ 158.255607][ T7426] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 158.279155][ T7420] OCFS2: ERROR (device loop2): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #1792 has bad signature [ 158.302467][ T7426] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 158.338743][ T7426] BTRFS info (device loop0): using free space tree [ 158.369688][ T7420] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 158.409356][ T7420] OCFS2: File system is now read-only. [ 158.426096][ T7420] (syz.2.505,7420,1):ocfs2_search_chain:1785 ERROR: status = -30 [ 158.438164][ T7420] (syz.2.505,7420,1):ocfs2_search_chain:1871 ERROR: status = -30 [ 158.458227][ T7420] (syz.2.505,7420,1):ocfs2_claim_suballoc_bits:1950 ERROR: status = -30 [ 158.498776][ T7420] (syz.2.505,7420,0):ocfs2_claim_suballoc_bits:1993 ERROR: status = -30 [ 158.510544][ T7420] (syz.2.505,7420,0):ocfs2_claim_new_inode:2226 ERROR: status = -30 [ 158.523439][ T7420] (syz.2.505,7420,0):ocfs2_claim_new_inode:2241 ERROR: status = -30 [ 158.543257][ T7420] (syz.2.505,7420,0):ocfs2_mknod_locked:639 ERROR: status = -30 [ 158.549399][ T7426] BTRFS info (device loop0): enabling ssd optimizations [ 158.552500][ T7420] (syz.2.505,7420,0):ocfs2_symlink:1944 ERROR: status = -30 [ 158.568610][ T7420] (syz.2.505,7420,0):ocfs2_symlink:2068 ERROR: status = -30 [ 158.590034][ T7426] BTRFS info (device loop0): auto enabling async discard [ 158.843051][ T5981] ocfs2: Unmounting device (7,2) on (node local) [ 159.172930][ T5767] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 159.720609][ T7468] loop0: detected capacity change from 0 to 128 [ 159.969910][ T7454] loop1: detected capacity change from 0 to 32768 [ 160.013065][ T7454] [ 160.013065][ T7454] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.013065][ T7454] [ 160.051941][ T7475] netlink: 'syz.0.521': attribute type 1 has an invalid length. [ 160.075748][ T7475] netlink: 'syz.0.521': attribute type 4 has an invalid length. [ 160.096632][ T7475] netlink: 208 bytes leftover after parsing attributes in process `syz.0.521'. [ 160.129740][ T7475] NCSI netlink: No device for ifindex 3321692160 [ 160.244775][ T5772] [ 160.244775][ T5772] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.244775][ T5772] [ 160.270362][ T5772] [ 160.270362][ T5772] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.270362][ T5772] [ 161.125293][ C1] sched: RT throttling activated [ 161.230916][ T7477] loop3: detected capacity change from 0 to 131072 [ 161.376039][ T7477] F2FS-fs (loop3): Test dummy encryption mode enabled [ 161.398379][ T7477] F2FS-fs (loop3): invalid crc value [ 161.445683][ T7477] F2FS-fs (loop3): Found nat_bits in checkpoint [ 161.514197][ T7477] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 161.776345][ T7477] fscrypt (loop3, inode 10): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 162.635350][ T7519] loop1: detected capacity change from 0 to 32768 [ 162.687200][ T7519] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 162.784266][ T7519] XFS (loop1): Ending clean mount [ 162.968243][ T5772] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 163.558785][ T7548] loop0: detected capacity change from 0 to 8192 [ 163.576688][ T7548] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 163.716117][ T7548] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 163.761954][ T7548] ntfs3: loop0: Failed to load $Extend (-2). [ 163.786560][ T7548] ntfs3: loop0: Failed to initialize $Extend. [ 164.023088][ T7557] lo: Caught tx_queue_len zero misconfig [ 164.113550][ T7543] loop2: detected capacity change from 0 to 32768 [ 164.148053][ T7543] gfs2: Unknown parameter 'met@' [ 164.152384][ T7561] loop3: detected capacity change from 0 to 128 [ 164.181432][ T7560] loop1: detected capacity change from 0 to 512 [ 164.198050][ T7560] EXT4-fs: Ignoring removed bh option [ 164.208234][ T6701] I/O error, dev loop2, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 164.245494][ T7560] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 164.359166][ T7560] EXT4-fs (loop1): 1 truncate cleaned up [ 164.367096][ T7560] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.632837][ T7560] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.551: invalid indirect mapped block 4294901760 (level 0) [ 164.678605][ T7560] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.551: invalid indirect mapped block 4294967295 (level 1) [ 164.773725][ T7543] netlink: 192 bytes leftover after parsing attributes in process `syz.2.543'. [ 164.829763][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.954477][ T7570] loop2: detected capacity change from 0 to 1024 [ 164.971634][ T7563] loop0: detected capacity change from 0 to 40427 [ 165.002764][ T7563] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff [ 165.029469][ T7563] F2FS-fs (loop0): Image doesn't support compression [ 165.045637][ T7563] F2FS-fs (loop0): Image doesn't support compression [ 165.104507][ T7563] F2FS-fs (loop0): invalid crc value [ 165.113707][ T7574] loop3: detected capacity change from 0 to 256 [ 165.159893][ T7563] F2FS-fs (loop0): Found nat_bits in checkpoint [ 165.319055][ T62] hfsplus: b-tree write err: -5, ino 4 [ 165.385989][ T7563] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 165.521335][ T7581] loop1: detected capacity change from 0 to 2048 [ 165.553030][ T7583] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.583187][ T28] audit: type=1800 audit(1770728674.058:23): pid=7563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.550" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 165.719039][ T5767] syz-executor: attempt to access beyond end of device [ 165.719039][ T5767] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 165.754232][ T5767] F2FS-fs (loop0): Remounting filesystem read-only [ 165.999859][ T7593] ip6tnl0: Caught tx_queue_len zero misconfig [ 166.259084][ T7602] vivid-003: disconnect [ 166.277289][ T7599] vivid-003: reconnect [ 166.357593][ T7604] netlink: 32 bytes leftover after parsing attributes in process `syz.3.570'. [ 166.401142][ T7604] netlink: 'syz.3.570': attribute type 1 has an invalid length. [ 166.427700][ T7604] bond0: option mode: unable to set because the bond device has slaves [ 166.923681][ T7623] Driver unsupported XDP return value 0 on prog (id 39) dev N/A, expect packet loss! [ 167.066676][ T7632] netlink: 4 bytes leftover after parsing attributes in process `syz.3.580'. [ 167.435554][ T5852] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 167.467546][ T7639] loop3: detected capacity change from 0 to 32768 [ 167.493685][ T7639] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 167.543215][ T7639] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 167.580331][ T7639] XFS (loop3): Starting recovery (logdev: internal) [ 167.621293][ T7639] XFS (loop3): Ending recovery (logdev: internal) [ 167.628119][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 167.641978][ T5852] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 167.663408][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 167.695423][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64 [ 167.711996][ T5852] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 167.756009][ T5852] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 167.776353][ T5852] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 167.784978][ T5852] usb 3-1: Manufacturer: syz [ 167.833647][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 167.841034][ T7655] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x44b/0x650, xfs_bnobt block 0x8 [ 167.841523][ T5852] usb 3-1: config 0 descriptor?? [ 167.861587][ T7655] XFS (loop3): Unmount and run xfs_repair [ 167.866253][ T8] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 167.880310][ T8] usb 2-1: config 0 has no interface number 0 [ 167.902597][ T8] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 167.922439][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.945403][ T8] usb 2-1: Product: syz [ 167.950038][ T8] usb 2-1: Manufacturer: syz [ 167.954892][ T8] usb 2-1: SerialNumber: syz [ 167.972243][ T8] usb 2-1: config 0 descriptor?? [ 167.974613][ T5771] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 167.989437][ T8] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 168.221072][ T8] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 168.271068][ T5852] rc_core: IR keymap rc-hauppauge not found [ 168.280671][ T5852] Registered IR keymap rc-empty [ 168.288538][ T8] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 168.301371][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.382950][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.427468][ T5852] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 168.470014][ T5852] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input10 [ 168.519369][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.555971][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.607852][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.655986][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.685807][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.718404][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 168.719581][ T27] usb 2-1: USB disconnect, device number 7 [ 168.726735][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.776576][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.776715][ T27] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 168.835396][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.837210][ T27] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 168.870139][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.871478][ T27] quatech2 2-1:0.51: device disconnected [ 168.929174][ T5852] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 168.977635][ T5852] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 169.015703][ T5852] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 169.044827][ T5852] usb 3-1: USB disconnect, device number 5 [ 169.163868][ T7683] netlink: 548 bytes leftover after parsing attributes in process `syz.0.598'. [ 169.741953][ T7705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.608'. [ 170.115411][ T27] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 170.265227][ T7727] loop0: detected capacity change from 0 to 2048 [ 170.286944][ T7727] UDF-fs: bad mount option "defcont+8r8xtroot}oD·BpM#d%" or missing value [ 170.315468][ T27] usb 3-1: Using ep0 maxpacket: 8 [ 170.328357][ T27] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 170.343505][ T27] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 170.356171][ T27] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 170.367201][ T27] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 170.382308][ T27] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 170.426939][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.685741][ T27] usb 3-1: GET_CAPABILITIES returned 0 [ 170.705139][ T27] usbtmc 3-1:16.0: can't read capabilities [ 170.791419][ T7740] loop0: detected capacity change from 0 to 16 [ 170.811182][ T7740] erofs: (device loop0): mounted with root inode @ nid 36. [ 170.901317][ T27] usb 3-1: USB disconnect, device number 6 [ 171.371122][ T7731] loop3: detected capacity change from 0 to 40427 [ 171.440619][ T7731] F2FS-fs (loop3): invalid crc value [ 171.487292][ T7731] F2FS-fs (loop3): Found nat_bits in checkpoint [ 171.684992][ T7731] F2FS-fs (loop3): Start checkpoint disabled! [ 171.758636][ T7731] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 171.804159][ T7765] netlink: 4444 bytes leftover after parsing attributes in process `syz.1.632'. [ 172.257128][ T32] kworker/u4:2: attempt to access beyond end of device [ 172.257128][ T32] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 172.371765][ T11] kworker/u4:0: attempt to access beyond end of device [ 172.371765][ T11] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 172.442538][ T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 172.483209][ T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 172.513619][ T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 172.976242][ T7769] loop2: detected capacity change from 0 to 131072 [ 172.988486][ T7769] F2FS-fs (loop2): invalid crc value [ 173.004491][ T7769] F2FS-fs (loop2): Found nat_bits in checkpoint [ 173.048903][ T7769] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 173.344379][ T7789] loop1: detected capacity change from 0 to 1024 [ 173.444271][ T7777] loop0: detected capacity change from 0 to 40427 [ 173.456806][ T7789] hfsplus: bad catalog entry type [ 173.505631][ T7777] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 173.526760][ T7777] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 173.566666][ T12] hfsplus: b-tree write err: -5, ino 4 [ 173.589680][ T7777] F2FS-fs (loop0): Found nat_bits in checkpoint [ 173.787521][ T7777] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 173.794856][ T7777] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 173.901190][ T7777] F2FS-fs (loop0): access invalid blkaddr:3 [ 173.932017][ T7777] CPU: 0 PID: 7777 Comm: syz.0.639 Not tainted syzkaller #0 [ 173.940016][ T7777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 173.951148][ T7777] Call Trace: [ 173.955167][ T7777] [ 173.958324][ T7777] dump_stack_lvl+0x18c/0x250 [ 173.963187][ T7777] ? show_regs_print_info+0x20/0x20 [ 173.968973][ T7777] ? f2fs_get_next_page_offset+0x690/0x690 [ 173.976319][ T7777] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 173.982004][ T7777] f2fs_map_blocks+0xde5/0x3e60 [ 173.988713][ T7777] ? __might_sleep+0xe0/0xe0 [ 173.995544][ T7777] ? f2fs_get_block_locked+0xe0/0xe0 [ 174.001243][ T7777] ? f2fs_precache_extents+0x19f/0x260 [ 174.007019][ T7777] ? __lock_acquire+0x7d40/0x7d40 [ 174.012391][ T7777] ? down_read_killable+0x340/0x340 [ 174.017880][ T7777] ? max_file_blocks+0xb0/0x1b0 [ 174.024293][ T7777] f2fs_precache_extents+0x194/0x260 [ 174.030228][ T7777] ? f2fs_pin_file_control+0x1a0/0x1a0 [ 174.035995][ T7777] ? kasan_set_track+0x5f/0x70 [ 174.040925][ T7777] ? security_file_ioctl+0x70/0xa0 [ 174.048007][ T7777] ? __se_sys_ioctl+0x48/0x170 [ 174.054483][ T7777] ? do_syscall_64+0x55/0xa0 [ 174.062509][ T7777] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 174.070506][ T7777] __f2fs_ioctl+0xe19/0xb9d0 [ 174.076018][ T7777] ? mark_lock+0x94/0x320 [ 174.081724][ T7777] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 174.088801][ T7777] ? do_vfs_ioctl+0x1573/0x1cc0 [ 174.093886][ T7777] ? __ia32_compat_sys_ioctl+0x8a0/0x8a0 [ 174.100277][ T7777] ? tomoyo_path_number_perm+0x217/0x620 [ 174.106476][ T7777] ? __lock_acquire+0x7d40/0x7d40 [ 174.112162][ T7777] ? slab_free_freelist_hook+0x130/0x1a0 [ 174.118380][ T7777] ? f2fs_ioctl+0x1d0/0x1d0 [ 174.123376][ T7777] ? tomoyo_path_number_perm+0x500/0x620 [ 174.129929][ T7777] ? __kmem_cache_free+0xba/0x1e0 [ 174.135181][ T7777] ? tomoyo_path_number_perm+0x5b4/0x620 [ 174.141214][ T7777] ? tomoyo_path_number_perm+0x217/0x620 [ 174.146904][ T7777] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 174.152617][ T7777] ? __fget_files+0x28/0x4b0 [ 174.157254][ T7777] ? __fget_files+0x28/0x4b0 [ 174.162422][ T7777] ? f2fs_ioctl+0x138/0x1d0 [ 174.166968][ T7777] ? f2fs_precache_extents+0x260/0x260 [ 174.172985][ T7777] __se_sys_ioctl+0xfd/0x170 [ 174.178058][ T7777] do_syscall_64+0x55/0xa0 [ 174.183251][ T7777] ? clear_bhb_loop+0x40/0x90 [ 174.188852][ T7777] ? clear_bhb_loop+0x40/0x90 [ 174.194741][ T7777] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 174.201546][ T7777] RIP: 0033:0x7f85c6f9bf79 [ 174.206089][ T7777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 174.226766][ T7777] RSP: 002b:00007f85c51f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 174.236094][ T7777] RAX: ffffffffffffffda RBX: 00007f85c7215fa0 RCX: 00007f85c6f9bf79 [ 174.244198][ T7777] RDX: 0000000000000000 RSI: 000000000000f50f RDI: 0000000000000004 [ 174.252738][ T7777] RBP: 00007f85c70327e0 R08: 0000000000000000 R09: 0000000000000000 [ 174.261495][ T7777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.270191][ T7777] R13: 00007f85c7216038 R14: 00007f85c7215fa0 R15: 00007ffc2fd3fbb8 [ 174.278755][ T7777] [ 174.487864][ T5767] syz-executor: attempt to access beyond end of device [ 174.487864][ T5767] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 174.509740][ T5767] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 175.090351][ T7818] loop2: detected capacity change from 0 to 2048 [ 175.117911][ T7818] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 175.151410][ T7818] NILFS (loop2): mounting unchecked fs [ 175.152648][ T7806] loop1: detected capacity change from 0 to 40427 [ 175.188401][ T7806] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 175.197899][ T7818] NILFS (loop2): recovery complete [ 175.205089][ T7822] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 175.239420][ T7806] F2FS-fs (loop1): invalid crc value [ 175.292444][ T7806] F2FS-fs (loop1): Found nat_bits in checkpoint [ 175.453162][ T7806] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 175.496353][ T27] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 175.632568][ T5772] syz-executor: attempt to access beyond end of device [ 175.632568][ T5772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 175.637525][ T7835] loop5: detected capacity change from 0 to 7 [ 175.658290][ T5772] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 175.669000][ T6698] Dev loop5: unable to read RDB block 7 [ 175.676419][ T6698] loop5: AHDI p1 [ 175.680206][ T6698] loop5: partition table partially beyond EOD, truncated [ 175.701370][ T7835] Dev loop5: unable to read RDB block 7 [ 175.710550][ T7835] loop5: AHDI p1 [ 175.721885][ T27] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 175.733957][ T7835] loop5: partition table partially beyond EOD, truncated [ 175.741513][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.775708][ T27] usb 1-1: config 0 descriptor?? [ 175.787818][ T27] cp210x 1-1:0.0: cp210x converter detected [ 176.216698][ T27] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 176.263702][ T27] usb 1-1: cp210x converter now attached to ttyUSB0 [ 176.479367][ T7851] loop8: detected capacity change from 0 to 1 [ 176.491587][ T5757] usb 1-1: USB disconnect, device number 7 [ 176.521892][ T7851] Dev loop8: unable to read RDB block 1 [ 176.526472][ T5757] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 176.543131][ T7851] loop8: unable to read partition table [ 176.559504][ T7851] loop8: partition table beyond EOD, truncated [ 176.593919][ T7851] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 176.603458][ T5757] cp210x 1-1:0.0: device disconnected [ 176.612497][ T7853] loop2: detected capacity change from 0 to 1024 [ 176.684293][ T7853] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 177.019041][ T7862] loop2: detected capacity change from 0 to 64 [ 178.014887][ T7890] netlink: 16 bytes leftover after parsing attributes in process `syz.3.683'. [ 178.390505][ T7901] loop1: detected capacity change from 0 to 1024 [ 178.452199][ T7901] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 178.485688][ T7901] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 178.525484][ T7901] EXT4-fs error (device loop1): ext4_get_journal_inode:5816: inode #32: comm syz.1.689: iget: special inode unallocated [ 178.570695][ T7901] EXT4-fs (loop1): no journal found [ 178.577401][ T7901] EXT4-fs (loop1): can't get journal size [ 178.596927][ T7901] EXT4-fs (loop1): filesystem is read-only [ 178.604368][ T7901] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 178.648104][ T7907] loop0: detected capacity change from 0 to 128 [ 178.771802][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.528407][ T7932] vcan0: entered allmulticast mode [ 179.544166][ T7932] vcan0: left allmulticast mode [ 180.227486][ T7931] loop3: detected capacity change from 0 to 32768 [ 180.250200][ T7931] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.701 (7931) [ 180.314537][ T7931] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 180.354232][ T7931] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 180.385539][ T7931] BTRFS info (device loop3): setting nodatasum [ 180.394321][ T7931] BTRFS info (device loop3): use zlib compression, level 3 [ 180.446945][ T7931] BTRFS info (device loop3): using free space tree [ 180.630059][ T7931] BTRFS info (device loop3): enabling ssd optimizations [ 180.668160][ T7931] BTRFS info (device loop3): auto enabling async discard [ 180.815911][ T28] audit: type=1800 audit(1770728945.298:24): pid=7931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.701" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 181.204865][ T7985] loop2: detected capacity change from 0 to 512 [ 181.291335][ T7985] EXT4-fs (loop2): 1 truncate cleaned up [ 181.329159][ T7985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.366275][ T5771] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 181.591206][ T5981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.432268][ T7993] loop1: detected capacity change from 0 to 32768 [ 182.725907][ T7998] loop2: detected capacity change from 0 to 32768 [ 182.762035][ T7998] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.724 (7998) [ 182.796639][ T7998] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 182.815834][ T5757] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 182.829334][ T7998] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 182.863062][ T7998] BTRFS info (device loop2): force clearing of disk cache [ 182.905451][ T7998] BTRFS info (device loop2): max_inline at 0 [ 182.917090][ T7998] BTRFS info (device loop2): enabling auto defrag [ 182.965375][ T7998] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 183.004490][ T7998] BTRFS info (device loop2): force zstd compression, level 3 [ 183.019417][ T7998] BTRFS info (device loop2): enabling disk space caching [ 183.035529][ T7998] BTRFS info (device loop2): disk space caching is enabled [ 183.040061][ T5757] usb 1-1: Using ep0 maxpacket: 32 [ 183.069255][ T8019] loop3: detected capacity change from 0 to 16 [ 183.081267][ T5757] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 183.098218][ T5757] usb 1-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30 [ 183.100142][ T8019] erofs: (device loop3): mounted with root inode @ nid 36. [ 183.110170][ T5757] usb 1-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69 [ 183.132610][ T5757] usb 1-1: config 0 interface 0 has no altsetting 1 [ 183.142899][ T5757] usb 1-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00 [ 183.152294][ T5757] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 183.156639][ T8016] loop1: detected capacity change from 0 to 4096 [ 183.205519][ T5757] usb 1-1: SerialNumber: syz [ 183.222549][ T5757] usb 1-1: config 0 descriptor?? [ 183.247667][ T5757] usb-storage 1-1:0.0: USB Mass Storage device detected [ 183.266176][ T8032] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.290547][ T7998] BTRFS info (device loop2): enabling ssd optimizations [ 183.300776][ T5757] usb-storage 1-1:0.0: Quirks match for vid 152d pid 0539: 4000000 [ 183.320126][ T7998] BTRFS info (device loop2): auto enabling async discard [ 183.363608][ T7998] BTRFS info (device loop2): rebuilding free space tree [ 183.432925][ T7998] BTRFS info (device loop2): disabling free space tree [ 183.463535][ T7998] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 183.529640][ T7998] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 183.572870][ T5757] usb 1-1: USB disconnect, device number 8 [ 183.896927][ T5981] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 183.970398][ T8049] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 184.034568][ T8049] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.042814][ T8049] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.895053][ T8078] batadv_slave_1: entered promiscuous mode [ 184.913337][ T8075] batadv_slave_1: left promiscuous mode [ 185.154845][ T8090] loop1: detected capacity change from 0 to 1024 [ 185.201462][ T8090] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 185.240045][ T8090] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.440584][ T8101] Zero length message leads to an empty skb [ 185.461098][ T59] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: comm kworker/u4:4: lblock 0 mapped to illegal pblock 0 (length 6) [ 185.537800][ T59] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 185.564962][ T8104] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 185.590001][ T59] EXT4-fs (loop1): This should not happen!! Data will be lost [ 185.590001][ T59] [ 185.641024][ T3493] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 8: comm kworker/u4:9: lblock 8 mapped to illegal pblock 8 (length 8) [ 185.671886][ T3493] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 185.691390][ T3493] EXT4-fs (loop1): This should not happen!! Data will be lost [ 185.691390][ T3493] [ 185.717163][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 186.525691][ T8132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.769'. [ 186.574056][ T8137] netlink: 32 bytes leftover after parsing attributes in process `syz.0.772'. [ 186.780835][ T8143] loop2: detected capacity change from 0 to 1024 [ 186.844264][ T8143] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 186.859746][ T8143] hfsplus: xattr searching failed [ 186.878812][ T8143] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 186.895002][ T8143] hfsplus: xattr searching failed [ 187.190539][ T8154] loop1: detected capacity change from 0 to 1024 [ 187.226323][ T8154] EXT4-fs: Ignoring removed orlov option [ 187.290277][ T8154] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.642209][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.424915][ T8178] loop3: detected capacity change from 0 to 32768 [ 188.559110][ T8178] read_mapping_page failed! [ 188.578324][ T8178] ERROR: (device loop3): txCommit: [ 188.578324][ T8178] [ 188.618039][ T8205] read_mapping_page failed! [ 188.633318][ T8205] ERROR: (device loop3): txCommit: [ 188.633318][ T8205] [ 188.650072][ T8208] netlink: 'syz.0.801': attribute type 15 has an invalid length. [ 188.746248][ T48] read_mapping_page failed! [ 188.767707][ T48] ERROR: (device loop3): txCommit: [ 188.767707][ T48] [ 188.823606][ T48] jfs_write_inode: jfs_commit_inode failed! [ 189.189436][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 189.242626][ T8216] loop3: detected capacity change from 0 to 256 [ 189.254111][ T8216] exfat: Deprecated parameter 'utf8' [ 189.328367][ T8216] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbc51571d, utbl_chksum : 0xe619d30d) [ 189.405750][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 189.432885][ T8] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xEE, skipping [ 189.465374][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 189.500053][ T8] usb 2-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 189.553281][ T8] usb 2-1: New USB device strings: Mfr=55, Product=237, SerialNumber=3 [ 189.567740][ T8] usb 2-1: Product: syz [ 189.574625][ T8] usb 2-1: Manufacturer: syz [ 189.591929][ T8] usb 2-1: SerialNumber: syz [ 189.633837][ T8] usb 2-1: config 0 descriptor?? [ 189.653117][ T8] smsusb:smsusb_probe: board id=2, interface number 0 [ 189.662216][ T8] smsusb:smsusb_probe: Device initialized with return code -19 [ 189.946629][ T8] usb 2-1: USB disconnect, device number 8 [ 190.023434][ T8234] loop2: detected capacity change from 0 to 128 [ 190.036849][ T8234] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 190.091270][ T8234] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 190.370328][ T8229] loop0: detected capacity change from 0 to 32768 [ 190.696468][ T8242] loop1: detected capacity change from 0 to 4096 [ 190.735722][ T8242] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 190.793519][ T8242] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 191.406273][ T8254] netlink: 'syz.0.821': attribute type 27 has an invalid length. [ 191.440548][ T8254] netlink: 'syz.0.821': attribute type 1 has an invalid length. [ 191.820594][ T8268] netlink: 'syz.3.828': attribute type 25 has an invalid length. [ 191.841608][ T8268] netlink: 'syz.3.828': attribute type 7 has an invalid length. [ 191.929835][ T28] audit: type=1326 audit(1770728956.408:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.002946][ T28] audit: type=1326 audit(1770728956.408:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.089900][ T28] audit: type=1326 audit(1770728956.438:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.191969][ T28] audit: type=1326 audit(1770728956.438:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.277440][ T28] audit: type=1326 audit(1770728956.438:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.388660][ T28] audit: type=1326 audit(1770728956.438:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.456776][ T788] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 192.465877][ T28] audit: type=1326 audit(1770728956.438:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.494522][ T28] audit: type=1326 audit(1770728956.438:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.549472][ T28] audit: type=1326 audit(1770728956.438:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.608272][ T28] audit: type=1326 audit(1770728956.438:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.0.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c6f9bf79 code=0x7ffc0000 [ 192.705645][ T788] usb 1-1: Using ep0 maxpacket: 32 [ 192.715100][ T788] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 192.739033][ T788] usb 1-1: config 0 has no interface number 0 [ 192.751703][ T788] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 192.768083][ T788] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.780069][ T788] usb 1-1: Product: syz [ 192.785007][ T788] usb 1-1: Manufacturer: syz [ 192.793597][ T788] usb 1-1: SerialNumber: syz [ 192.793846][ T8287] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 192.815708][ T788] usb 1-1: config 0 descriptor?? [ 192.826884][ T8287] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 192.826931][ T788] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 192.849504][ T8287] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 192.870150][ T8287] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 192.887766][ T8287] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 192.895531][ T8287] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 192.902465][ T8287] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 192.912541][ T8287] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 192.923888][ T8287] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 192.932222][ T8287] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 192.944582][ T8287] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 192.953454][ T8287] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 192.971491][ T8287] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 192.980633][ T8287] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 193.041691][ T788] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 193.066451][ T788] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 193.264765][ T5775] Bluetooth: hci1: link tx timeout [ 193.272802][ T5775] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 193.349413][ T8298] loop3: detected capacity change from 0 to 8 [ 193.515605][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 193.529443][ T5757] usb 1-1: USB disconnect, device number 9 [ 193.551246][ T5757] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 193.607664][ T5757] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 193.663014][ T5757] quatech2 1-1:0.51: device disconnected [ 194.307607][ T8312] loop0: detected capacity change from 0 to 1024 [ 194.350870][ T8312] EXT4-fs: Ignoring removed nomblk_io_submit option [ 194.420687][ T8312] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.514511][ T8302] loop2: detected capacity change from 0 to 32768 [ 194.569084][ T8302] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 194.668821][ T8302] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 194.707299][ T8324] team0: Caught tx_queue_len zero misconfig [ 194.753150][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.831020][ T8302] XFS (loop2): Ending clean mount [ 194.874693][ T8302] XFS (loop2): Quotacheck needed: Please wait. [ 194.986389][ T8331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.850'. [ 195.074317][ T8302] XFS (loop2): Quotacheck: Done. [ 195.193927][ T8335] loop0: detected capacity change from 0 to 1024 [ 195.236599][ T8335] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 195.325323][ T5775] Bluetooth: hci1: command 0x0406 tx timeout [ 195.337690][ T8335] ext4 filesystem being mounted at /206/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.500481][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.508226][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.581159][ T5981] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 195.984099][ T11] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: comm kworker/u4:0: lblock 0 mapped to illegal pblock 0 (length 6) [ 196.056618][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 196.083027][ T8333] loop1: detected capacity change from 0 to 32768 [ 196.140124][ T8333] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.852 (8333) [ 196.165718][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 196.165718][ T11] [ 196.224073][ T8333] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 196.269998][ T3493] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 8: comm kworker/u4:9: lblock 8 mapped to illegal pblock 8 (length 8) [ 196.301947][ T8333] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 196.337545][ T8333] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 196.361735][ T3493] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 196.395519][ T8333] BTRFS info (device loop1): trying to use backup root at mount time [ 196.414233][ T3493] EXT4-fs (loop0): This should not happen!! Data will be lost [ 196.414233][ T3493] [ 196.441460][ T8333] BTRFS info (device loop1): setting nodatasum [ 196.473902][ T8350] loop2: detected capacity change from 0 to 512 [ 196.475470][ T8333] BTRFS info (device loop1): enabling ssd optimizations [ 196.552452][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 196.600574][ T8333] BTRFS info (device loop1): using spread ssd allocation scheme [ 196.643749][ T8333] BTRFS info (device loop1): turning on flush-on-commit [ 196.660631][ T8350] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.855: invalid indirect mapped block 10 (level 1) [ 196.737336][ T8333] BTRFS info (device loop1): force zlib compression, level 3 [ 196.789291][ T8333] BTRFS info (device loop1): using free space tree [ 196.819770][ T8350] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.855: invalid indirect mapped block 8 (level 1) [ 196.954299][ T8350] EXT4-fs (loop2): 1 truncate cleaned up [ 197.030260][ T8350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.244500][ T8378] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 197.254694][ T5981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.291156][ T8378] syzkaller1: linktype set to 0 [ 198.265646][ T8382] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 198.317400][ T8381] loop0: detected capacity change from 0 to 40427 [ 198.409800][ T8381] F2FS-fs (loop0): invalid crc value [ 198.786631][ T8381] F2FS-fs (loop0): Start checkpoint disabled! [ 198.866421][ T8381] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 199.175891][ T59] kworker/u4:4: attempt to access beyond end of device [ 199.175891][ T59] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 199.201210][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 199.715532][ T788] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 199.927726][ T788] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 199.951031][ T788] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 199.975336][ T788] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 200.015615][ T788] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 200.043386][ T5775] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 200.058821][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 200.071357][ T5775] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 200.084926][ T5775] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 200.096204][ T5775] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 200.108039][ T5775] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 200.120325][ T788] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 200.146607][ T788] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 200.188147][ T788] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 200.215331][ T788] usb 4-1: Product: syz [ 200.220482][ T788] usb 4-1: Manufacturer: syz [ 200.232524][ T788] cdc_wdm 4-1:1.0: skipping garbage [ 200.240616][ T788] cdc_wdm 4-1:1.0: skipping garbage [ 200.247822][ T788] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 200.254254][ T788] cdc_wdm 4-1:1.0: Unknown control protocol [ 200.673561][ T8450] chnl_net:caif_netlink_parms(): no params data found [ 200.688439][ T27] usb 4-1: USB disconnect, device number 8 [ 200.745833][ T788] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 200.864592][ T8450] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.873776][ T8450] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.892120][ T8450] bridge_slave_0: entered allmulticast mode [ 200.906862][ T8450] bridge_slave_0: entered promiscuous mode [ 200.926775][ T8450] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.960619][ T788] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 200.970953][ T8450] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.981434][ T8450] bridge_slave_1: entered allmulticast mode [ 200.990449][ T8450] bridge_slave_1: entered promiscuous mode [ 200.990456][ T788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.024554][ T788] usb 1-1: config 0 descriptor?? [ 201.051796][ T788] cp210x 1-1:0.0: cp210x converter detected [ 201.056232][ T8450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.080844][ T8450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.102480][ T8478] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 201.198150][ T8450] team0: Port device team_slave_0 added [ 201.219147][ T8450] team0: Port device team_slave_1 added [ 201.332445][ T8450] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.386737][ T8450] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.495327][ T788] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 201.500217][ T8450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.553847][ T788] usb 1-1: cp210x converter now attached to ttyUSB0 [ 201.576509][ T8450] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.609805][ T8450] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.684955][ T8450] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.787315][ T788] usb 1-1: USB disconnect, device number 10 [ 201.824189][ T788] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 201.859359][ T788] cp210x 1-1:0.0: device disconnected [ 201.903831][ T8450] hsr_slave_0: entered promiscuous mode [ 201.952618][ T8450] hsr_slave_1: entered promiscuous mode [ 201.975497][ T8450] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.984331][ T8450] Cannot create hsr debugfs directory [ 202.098674][ T8500] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 202.195714][ T5775] Bluetooth: hci2: command tx timeout [ 202.643963][ T8450] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 202.706300][ T8450] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 202.760069][ T8450] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 202.823900][ T8450] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 203.247312][ T8537] netlink: 16 bytes leftover after parsing attributes in process `syz.3.900'. [ 203.301780][ T8450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.401578][ T8450] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.439804][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.447599][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.467661][ T9] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 203.528926][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.537027][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.688743][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 203.724781][ T9] usb 1-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 203.773412][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.803916][ T9] usb 1-1: config 0 descriptor?? [ 204.007036][ T27] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 204.147931][ T8450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.231300][ T27] usb 3-1: Using ep0 maxpacket: 8 [ 204.248747][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 204.258362][ T9] cypress 0003:04B4:DE61.0002: unknown main item tag 0x0 [ 204.276361][ T5775] Bluetooth: hci2: command tx timeout [ 204.288489][ T27] usb 3-1: New USB device found, idVendor=056a, idProduct=00b8, bcdDevice= 0.00 [ 204.311511][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.312750][ T9] cypress 0003:04B4:DE61.0002: unknown main item tag 0x0 [ 204.336656][ T27] usb 3-1: config 0 descriptor?? [ 204.389433][ T9] cypress 0003:04B4:DE61.0002: unknown main item tag 0x0 [ 204.425142][ T9] cypress 0003:04B4:DE61.0002: unknown main item tag 0x0 [ 204.451785][ T9] cypress 0003:04B4:DE61.0002: item fetching failed at offset 4/7 [ 204.485481][ T788] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 204.486120][ T9] cypress 0003:04B4:DE61.0002: parse failed [ 204.522097][ T9] cypress: probe of 0003:04B4:DE61.0002 failed with error -22 [ 204.596412][ T9] usb 1-1: USB disconnect, device number 11 [ 204.704257][ T788] usb 4-1: Using ep0 maxpacket: 8 [ 204.733492][ T788] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 204.753055][ T788] usb 4-1: config 179 has no interface number 0 [ 204.764583][ T788] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 204.799289][ T27] wacom 0003:056A:00B8.0003: unknown main item tag 0x0 [ 204.816139][ T788] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 204.851578][ T27] wacom 0003:056A:00B8.0003: Unknown device_type for 'HID 056a:00b8'. Assuming pen. [ 204.866176][ T788] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 204.882175][ T8450] veth0_vlan: entered promiscuous mode [ 204.909953][ T788] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 204.915077][ T8450] veth1_vlan: entered promiscuous mode [ 204.951975][ T27] wacom 0003:056A:00B8.0003: hidraw0: USB HID v5.59 Device [HID 056a:00b8] on usb-dummy_hcd.2-1/input0 [ 204.975523][ T788] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 205.034553][ T27] input: Wacom Intuos4 4x6 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00B8.0003/input/input11 [ 205.051667][ T8450] veth0_macvtap: entered promiscuous mode [ 205.055394][ T788] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 205.098500][ T8450] veth1_macvtap: entered promiscuous mode [ 205.105617][ T788] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.155081][ T8569] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 205.229303][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.263517][ T27] usb 3-1: USB disconnect, device number 7 [ 205.306028][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.351488][ T8582] fido_id[8582]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 205.385618][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.446212][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.511588][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.555918][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.595451][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.623280][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.659706][ T8450] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.671542][ T788] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input14 [ 205.762498][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.865557][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.928072][ T5757] usb 4-1: USB disconnect, device number 9 [ 205.928132][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 205.944596][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 205.950770][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.040118][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.110935][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.149453][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 206.160491][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.174450][ T8450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.181294][ T8596] Bluetooth: hci4: Frame reassembly failed (-84) [ 206.188439][ T8450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.189993][ T8450] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.306335][ T5757] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 206.322879][ T8450] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.355663][ T5768] Bluetooth: hci2: command tx timeout [ 206.363484][ T8450] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.387426][ T8450] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.400224][ T8450] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.538394][ T8603] loop2: detected capacity change from 0 to 64 [ 206.684883][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.738716][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.862083][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.912671][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.063833][ T8616] loop3: detected capacity change from 0 to 128 [ 207.720668][ T8632] overlayfs: workdir and upperdir must be separate subtrees [ 207.795840][ T5768] Bluetooth: hci0: command 0x0406 tx timeout [ 207.804544][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 207.994377][ T8636] kvm: kvm [8635]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x5 [ 208.172132][ T8648] loop2: detected capacity change from 0 to 512 [ 208.195763][ T5082] Bluetooth: hci4: command 0x1003 tx timeout [ 208.198566][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 208.288244][ T8648] EXT4-fs (loop2): 1 truncate cleaned up [ 208.343735][ T8648] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.436908][ T51] Bluetooth: hci2: command tx timeout [ 208.559878][ T5981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.168077][ T8] IPVS: starting estimator thread 0... [ 209.289064][ T8685] loop3: detected capacity change from 0 to 512 [ 209.295773][ T8687] loop4: detected capacity change from 0 to 64 [ 209.315978][ T8680] IPVS: using max 24 ests per chain, 57600 per kthread [ 209.357497][ T8685] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.374807][ T8685] ext4 filesystem being mounted at /270/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.577668][ T8] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 209.600100][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.813951][ T8] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.841122][ T8] usb 1-1: config 0 interface 0 has no altsetting 0 [ 209.872264][ T8] usb 1-1: New USB device found, idVendor=056a, idProduct=4004, bcdDevice= 0.00 [ 209.930294][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.959930][ T8] usb 1-1: config 0 descriptor?? [ 210.120107][ T8706] netlink: 16 bytes leftover after parsing attributes in process `syz.2.950'. [ 210.175198][ T8706] netlink: 16 bytes leftover after parsing attributes in process `syz.2.950'. [ 210.432741][ T8683] loop0: detected capacity change from 0 to 2048 [ 210.445474][ T5757] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 210.674971][ T8] wacom 0003:056A:4004.0004: unknown main item tag 0x0 [ 210.698834][ T5757] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 210.707464][ T8] wacom 0003:056A:4004.0004: unknown main item tag 0x0 [ 210.729835][ T5757] usb 4-1: config 0 has no interface number 0 [ 210.739229][ T5757] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 210.785954][ T5757] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.792163][ T8] wacom 0003:056A:4004.0004: unknown main item tag 0x0 [ 210.812164][ T8] wacom 0003:056A:4004.0004: unknown main item tag 0x0 [ 210.821049][ T8] wacom 0003:056A:4004.0004: unknown main item tag 0x0 [ 210.830003][ T5757] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 210.884217][ T8] wacom 0003:056A:4004.0004: hidraw0: USB HID v0.05 Device [HID 056a:4004] on usb-dummy_hcd.0-1/input0 [ 210.911115][ T5757] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.943906][ T8] usb 1-1: USB disconnect, device number 12 [ 210.984810][ T5757] usb 4-1: config 0 descriptor?? [ 211.034671][ T8720] loop2: detected capacity change from 0 to 1024 [ 211.083508][ T8716] fido_id[8716]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 211.215972][ T11] hfsplus: b-tree write err: -5, ino 4 [ 211.502654][ T8730] loop4: detected capacity change from 0 to 2048 [ 211.544267][ T8730] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 211.663542][ T5757] uclogic 0003:28BD:0094.0005: pen parameters not found [ 211.706594][ T5757] uclogic 0003:28BD:0094.0005: interface is invalid, ignoring [ 211.757054][ T5757] usb 4-1: USB disconnect, device number 10 [ 212.052390][ T28] audit: type=1107 audit(1770728976.518:35): pid=8739 uid=0 auid=0 ses=1 subj=unconfined msg='' [ 212.325437][ T8] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 212.362628][ T8749] loop4: detected capacity change from 0 to 16 [ 212.397980][ T8749] erofs: (device loop4): mounted with root inode @ nid 36. [ 212.435034][ T8749] syz.4.968: attempt to access beyond end of device [ 212.435034][ T8749] loop4: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 212.474625][ T8749] syz.4.968: attempt to access beyond end of device [ 212.474625][ T8749] loop4: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 212.500432][ T8753] syz.4.968: attempt to access beyond end of device [ 212.500432][ T8753] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 212.557345][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 212.585346][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.615843][ T8] usb 3-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 212.645427][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.658360][ T8450] BUG: Bad page state in process syz-executor pfn:3088b [ 212.667628][ T8450] page:ffffea0000c222c0 refcount:0 mapcount:0 mapping:ffff88805e881278 index:0x2 pfn:0x3088b [ 212.680878][ T8450] aops:z_erofs_cache_aops ino:0 [ 212.686517][ T8450] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 212.694818][ T8450] page_type: 0xffffffff() [ 212.699414][ T8450] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805e881278 [ 212.709626][ T8450] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 212.721956][ T8450] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 212.731393][ T8450] page_owner tracks the page as allocated [ 212.739013][ T8450] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8749, tgid 8748 (syz.4.968), ts 212434446763, free_ts 211473277001 [ 212.764969][ T8450] post_alloc_hook+0x1c1/0x200 [ 212.771400][ T8450] get_page_from_freelist+0x1951/0x19e0 [ 212.777881][ T8450] __alloc_pages+0x1f0/0x460 [ 212.783103][ T8450] z_erofs_do_read_page+0x2181/0x36b0 [ 212.789028][ T8450] z_erofs_readahead+0x88b/0xda0 [ 212.795630][ T8450] read_pages+0x189/0x850 [ 212.800088][ T8450] page_cache_ra_unbounded+0x68a/0x770 [ 212.806611][ T8450] force_page_cache_ra+0x2c1/0x320 [ 212.812165][ T8450] generic_fadvise+0x47e/0x780 [ 212.817175][ T8450] __x64_sys_fadvise64+0x140/0x180 [ 212.823897][ T8450] do_syscall_64+0x55/0xa0 [ 212.829624][ T8450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 212.836395][ T8450] page last free stack trace: [ 212.841094][ T8450] free_unref_page_prepare+0x7b2/0x8c0 [ 212.847309][ T8450] free_unref_page_list+0xbe/0x860 [ 212.852827][ T8450] release_pages+0x1f7a/0x2200 [ 212.858261][ T8450] tlb_flush_mmu+0x377/0x510 [ 212.863358][ T8450] tlb_finish_mmu+0xc3/0x1d0 [ 212.868366][ T8450] exit_mmap+0x428/0xb90 [ 212.873899][ T8450] __mmput+0x118/0x3c0 [ 212.879628][ T8450] exit_mm+0x1f2/0x2c0 [ 212.884815][ T8450] do_exit+0x8dd/0x2460 [ 212.890083][ T8450] do_group_exit+0x21b/0x2d0 [ 212.896762][ T8450] get_signal+0x12fc/0x13f0 [ 212.902112][ T8450] arch_do_signal_or_restart+0xc2/0x800 [ 212.909297][ T8450] exit_to_user_mode_loop+0x70/0x110 [ 212.916179][ T8450] exit_to_user_mode_prepare+0xee/0x180 [ 212.923000][ T8450] syscall_exit_to_user_mode+0x1a/0x50 [ 212.931184][ T8450] do_syscall_64+0x61/0xa0 [ 212.936919][ T8450] Modules linked in: [ 212.941574][ T8450] CPU: 0 PID: 8450 Comm: syz-executor Not tainted syzkaller #0 [ 212.950540][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 212.963548][ T8450] Call Trace: [ 212.967228][ T8450] [ 212.971261][ T8450] dump_stack_lvl+0x18c/0x250 [ 212.976486][ T8450] ? show_regs_print_info+0x20/0x20 [ 212.981951][ T8450] ? swiotlb_print_info+0x70/0x70 [ 212.987860][ T8450] bad_page+0x14b/0x170 [ 212.993221][ T8450] free_unref_page_prepare+0x85f/0x8c0 [ 212.999144][ T8450] free_unref_page+0x32/0x2e0 [ 213.004833][ T8450] ? __folio_put+0xef/0x210 [ 213.010589][ T8450] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 213.017662][ T8450] erofs_shrink_workstation+0x11f/0x290 [ 213.023647][ T8450] ? erofs_shrinker_unregister+0x170/0x170 [ 213.029991][ T8450] ? io_schedule+0xd0/0xd0 [ 213.034500][ T8450] ? kobject_put+0x428/0x460 [ 213.040093][ T8450] erofs_shrinker_unregister+0x5d/0x170 [ 213.046317][ T8450] erofs_put_super+0x4e/0x150 [ 213.052425][ T8450] ? erofs_free_inode+0xb0/0xb0 [ 213.058912][ T8450] generic_shutdown_super+0x134/0x2b0 [ 213.065133][ T8450] kill_block_super+0x44/0x90 [ 213.071558][ T8450] erofs_kill_sb+0x4c/0x140 [ 213.077055][ T8450] deactivate_locked_super+0x97/0x100 [ 213.085605][ T8450] cleanup_mnt+0x43b/0x4d0 [ 213.092294][ T8450] task_work_run+0x1d4/0x260 [ 213.097662][ T8450] ? task_work_cancel+0x220/0x220 [ 213.105069][ T8450] ? exit_to_user_mode_loop+0x3b/0x110 [ 213.113950][ T8450] exit_to_user_mode_loop+0xe6/0x110 [ 213.120344][ T8450] exit_to_user_mode_prepare+0xee/0x180 [ 213.129292][ T8450] syscall_exit_to_user_mode+0x1a/0x50 [ 213.136734][ T8450] do_syscall_64+0x61/0xa0 [ 213.142863][ T8450] ? clear_bhb_loop+0x40/0x90 [ 213.147731][ T8450] ? clear_bhb_loop+0x40/0x90 [ 213.152698][ T8450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.158900][ T8450] RIP: 0033:0x7f807d19d1d7 [ 213.164041][ T8450] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 213.184726][ T8450] RSP: 002b:00007fffdd359ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 213.193330][ T8450] RAX: 0000000000000000 RBX: 00007f807d231c3b RCX: 00007f807d19d1d7 [ 213.202190][ T8450] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffdd359da0 [ 213.210220][ T8450] RBP: 00007fffdd359da0 R08: 00007fffdd35ada0 R09: 00000000ffffffff [ 213.218489][ T8450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdd35ae30 [ 213.226839][ T8450] R13: 00007f807d231c3b R14: 0000000000033e32 R15: 00007fffdd35ae70 [ 213.235539][ T8450] [ 213.242189][ T8450] Disabling lock debugging due to kernel taint [ 213.249052][ T8450] BUG: Bad page state in process syz-executor pfn:2101e [ 213.256152][ T8450] page:ffffea0000840780 refcount:0 mapcount:0 mapping:ffff88805e881278 index:0x3 pfn:0x2101e [ 213.266892][ T8450] aops:z_erofs_cache_aops ino:0 [ 213.271936][ T8450] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 213.280000][ T8450] page_type: 0xffffffff() [ 213.285059][ T8450] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805e881278 [ 213.294370][ T8450] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 213.303457][ T8450] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 213.311269][ T8450] page_owner tracks the page as allocated [ 213.317418][ T8450] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8749, tgid 8748 (syz.4.968), ts 212434467635, free_ts 211473263418 [ 213.342339][ T8450] post_alloc_hook+0x1c1/0x200 [ 213.347539][ T8450] get_page_from_freelist+0x1951/0x19e0 [ 213.354160][ T8450] __alloc_pages+0x1f0/0x460 [ 213.359276][ T8450] z_erofs_do_read_page+0x2181/0x36b0 [ 213.364854][ T8450] z_erofs_readahead+0x88b/0xda0 [ 213.370525][ T8450] read_pages+0x189/0x850 [ 213.375053][ T8450] page_cache_ra_unbounded+0x68a/0x770 [ 213.381015][ T8450] force_page_cache_ra+0x2c1/0x320 [ 213.386837][ T8450] generic_fadvise+0x47e/0x780 [ 213.393828][ T8450] __x64_sys_fadvise64+0x140/0x180 [ 213.400272][ T8450] do_syscall_64+0x55/0xa0 [ 213.404944][ T8450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.411078][ T8450] page last free stack trace: [ 213.415812][ T8450] free_unref_page_prepare+0x7b2/0x8c0 [ 213.421620][ T8450] free_unref_page_list+0xbe/0x860 [ 213.426793][ T8450] release_pages+0x1f7a/0x2200 [ 213.431752][ T8450] tlb_flush_mmu+0x377/0x510 [ 213.437078][ T8450] tlb_finish_mmu+0xc3/0x1d0 [ 213.442310][ T8450] exit_mmap+0x428/0xb90 [ 213.446971][ T8450] __mmput+0x118/0x3c0 [ 213.451432][ T8450] exit_mm+0x1f2/0x2c0 [ 213.456239][ T8450] do_exit+0x8dd/0x2460 [ 213.460870][ T8450] do_group_exit+0x21b/0x2d0 [ 213.466244][ T8450] get_signal+0x12fc/0x13f0 [ 213.471107][ T8450] arch_do_signal_or_restart+0xc2/0x800 [ 213.477339][ T8450] exit_to_user_mode_loop+0x70/0x110 [ 213.482731][ T8450] exit_to_user_mode_prepare+0xee/0x180 [ 213.488848][ T8450] syscall_exit_to_user_mode+0x1a/0x50 [ 213.495429][ T8450] do_syscall_64+0x61/0xa0 [ 213.500049][ T8450] Modules linked in: [ 213.504266][ T8450] CPU: 0 PID: 8450 Comm: syz-executor Tainted: G B syzkaller #0 [ 213.514083][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 213.524943][ T8450] Call Trace: [ 213.528249][ T8450] [ 213.531181][ T8450] dump_stack_lvl+0x18c/0x250 [ 213.536386][ T8450] ? show_regs_print_info+0x20/0x20 [ 213.542197][ T8450] ? swiotlb_print_info+0x70/0x70 [ 213.547570][ T8450] bad_page+0x14b/0x170 [ 213.552786][ T8450] free_unref_page_prepare+0x85f/0x8c0 [ 213.559009][ T8450] free_unref_page+0x32/0x2e0 [ 213.564660][ T8450] ? __folio_put+0xef/0x210 [ 213.569429][ T8450] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 213.576645][ T8450] erofs_shrink_workstation+0x11f/0x290 [ 213.583717][ T8450] ? erofs_shrinker_unregister+0x170/0x170 [ 213.589909][ T8450] ? io_schedule+0xd0/0xd0 [ 213.595133][ T8450] ? kobject_put+0x428/0x460 [ 213.599995][ T8450] erofs_shrinker_unregister+0x5d/0x170 [ 213.605909][ T8450] erofs_put_super+0x4e/0x150 [ 213.610783][ T8450] ? erofs_free_inode+0xb0/0xb0 [ 213.615909][ T8450] generic_shutdown_super+0x134/0x2b0 [ 213.621871][ T8450] kill_block_super+0x44/0x90 [ 213.627632][ T8450] erofs_kill_sb+0x4c/0x140 [ 213.632596][ T8450] deactivate_locked_super+0x97/0x100 [ 213.639040][ T8450] cleanup_mnt+0x43b/0x4d0 [ 213.644792][ T8450] task_work_run+0x1d4/0x260 [ 213.650110][ T8450] ? task_work_cancel+0x220/0x220 [ 213.655129][ T8450] ? exit_to_user_mode_loop+0x3b/0x110 [ 213.661004][ T8450] exit_to_user_mode_loop+0xe6/0x110 [ 213.666566][ T8450] exit_to_user_mode_prepare+0xee/0x180 [ 213.672404][ T8450] syscall_exit_to_user_mode+0x1a/0x50 [ 213.678152][ T8450] do_syscall_64+0x61/0xa0 [ 213.682824][ T8450] ? clear_bhb_loop+0x40/0x90 [ 213.687693][ T8450] ? clear_bhb_loop+0x40/0x90 [ 213.694100][ T8450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.703644][ T8450] RIP: 0033:0x7f807d19d1d7 [ 213.708847][ T8450] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 213.739538][ T8450] RSP: 002b:00007fffdd359ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 213.751499][ T8450] RAX: 0000000000000000 RBX: 00007f807d231c3b RCX: 00007f807d19d1d7 [ 213.760392][ T8450] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffdd359da0 [ 213.768885][ T8450] RBP: 00007fffdd359da0 R08: 00007fffdd35ada0 R09: 00000000ffffffff [ 213.777419][ T8450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdd35ae30 [ 213.785942][ T8450] R13: 00007f807d231c3b R14: 0000000000033e32 R15: 00007fffdd35ae70 [ 213.795764][ T8450] [ 213.799873][ T8450] BUG: Bad page state in process syz-executor pfn:68340 [ 213.807430][ T8450] page:ffffea0001a0d000 refcount:0 mapcount:0 mapping:ffff88805e881278 index:0x4 pfn:0x68340 [ 213.818241][ T8450] aops:z_erofs_cache_aops ino:0 [ 213.823651][ T8450] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 213.832338][ T8450] page_type: 0xffffffff() [ 213.836751][ T8450] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805e881278 [ 213.847409][ T8450] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 213.857464][ T8450] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 213.864943][ T8450] page_owner tracks the page as allocated [ 213.871072][ T8450] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8749, tgid 8748 (syz.4.968), ts 212434481779, free_ts 211473251891 [ 213.894317][ T8450] post_alloc_hook+0x1c1/0x200 [ 213.899854][ T8450] get_page_from_freelist+0x1951/0x19e0 [ 213.905981][ T8450] __alloc_pages+0x1f0/0x460 [ 213.910749][ T8450] z_erofs_do_read_page+0x2181/0x36b0 [ 213.916613][ T8450] z_erofs_readahead+0x88b/0xda0 [ 213.921735][ T8450] read_pages+0x189/0x850 [ 213.926377][ T8450] page_cache_ra_unbounded+0x68a/0x770 [ 213.932296][ T8450] force_page_cache_ra+0x2c1/0x320 [ 213.937650][ T8450] generic_fadvise+0x47e/0x780 [ 213.942687][ T8450] __x64_sys_fadvise64+0x140/0x180 [ 213.948786][ T8450] do_syscall_64+0x55/0xa0 [ 213.953572][ T8450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.960633][ T8450] page last free stack trace: [ 213.965538][ T8450] free_unref_page_prepare+0x7b2/0x8c0 [ 213.971375][ T8450] free_unref_page_list+0xbe/0x860 [ 213.976958][ T8450] release_pages+0x1f7a/0x2200 [ 213.982112][ T8450] tlb_flush_mmu+0x377/0x510 [ 213.986925][ T8450] tlb_finish_mmu+0xc3/0x1d0 [ 213.991882][ T8450] exit_mmap+0x428/0xb90 [ 213.996637][ T8450] __mmput+0x118/0x3c0 [ 214.000904][ T8450] exit_mm+0x1f2/0x2c0 [ 214.005567][ T8450] do_exit+0x8dd/0x2460 [ 214.010452][ T8450] do_group_exit+0x21b/0x2d0 [ 214.015361][ T8450] get_signal+0x12fc/0x13f0 [ 214.020836][ T8450] arch_do_signal_or_restart+0xc2/0x800 [ 214.026904][ T8450] exit_to_user_mode_loop+0x70/0x110 [ 214.032459][ T8450] exit_to_user_mode_prepare+0xee/0x180 [ 214.038317][ T8450] syscall_exit_to_user_mode+0x1a/0x50 [ 214.044350][ T8450] do_syscall_64+0x61/0xa0 [ 214.049020][ T8450] Modules linked in: [ 214.053883][ T8450] CPU: 0 PID: 8450 Comm: syz-executor Tainted: G B syzkaller #0 [ 214.065134][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 214.076413][ T8450] Call Trace: [ 214.080246][ T8450] [ 214.083905][ T8450] dump_stack_lvl+0x18c/0x250 [ 214.089033][ T8450] ? show_regs_print_info+0x20/0x20 [ 214.095429][ T8450] ? swiotlb_print_info+0x70/0x70 [ 214.101337][ T8450] bad_page+0x14b/0x170 [ 214.106379][ T8450] free_unref_page_prepare+0x85f/0x8c0 [ 214.112420][ T8450] free_unref_page+0x32/0x2e0 [ 214.118260][ T8450] ? __folio_put+0xef/0x210 [ 214.122920][ T8450] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 214.130591][ T8450] erofs_shrink_workstation+0x11f/0x290 [ 214.136696][ T8450] ? erofs_shrinker_unregister+0x170/0x170 [ 214.142612][ T8450] ? io_schedule+0xd0/0xd0 [ 214.147762][ T8450] ? kobject_put+0x428/0x460 [ 214.153390][ T8450] erofs_shrinker_unregister+0x5d/0x170 [ 214.159211][ T8450] erofs_put_super+0x4e/0x150 [ 214.164446][ T8450] ? erofs_free_inode+0xb0/0xb0 [ 214.169769][ T8450] generic_shutdown_super+0x134/0x2b0 [ 214.175307][ T8450] kill_block_super+0x44/0x90 [ 214.180186][ T8450] erofs_kill_sb+0x4c/0x140 [ 214.185316][ T8450] deactivate_locked_super+0x97/0x100 [ 214.191137][ T8450] cleanup_mnt+0x43b/0x4d0 [ 214.196793][ T8450] task_work_run+0x1d4/0x260 [ 214.201673][ T8450] ? task_work_cancel+0x220/0x220 [ 214.206733][ T8450] ? exit_to_user_mode_loop+0x3b/0x110 [ 214.212375][ T8450] exit_to_user_mode_loop+0xe6/0x110 [ 214.217746][ T8450] exit_to_user_mode_prepare+0xee/0x180 [ 214.223902][ T8450] syscall_exit_to_user_mode+0x1a/0x50 [ 214.229966][ T8450] do_syscall_64+0x61/0xa0 [ 214.234559][ T8450] ? clear_bhb_loop+0x40/0x90 [ 214.239416][ T8450] ? clear_bhb_loop+0x40/0x90 [ 214.244097][ T8450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.250416][ T8450] RIP: 0033:0x7f807d19d1d7 [ 214.255012][ T8450] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 214.276643][ T8450] RSP: 002b:00007fffdd359ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 214.286671][ T8450] RAX: 0000000000000000 RBX: 00007f807d231c3b RCX: 00007f807d19d1d7 [ 214.296523][ T8450] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffdd359da0 [ 214.306871][ T8450] RBP: 00007fffdd359da0 R08: 00007fffdd35ada0 R09: 00000000ffffffff [ 214.316008][ T8450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdd35ae30 [ 214.325322][ T8450] R13: 00007f807d231c3b R14: 0000000000033e32 R15: 00007fffdd35ae70 [ 214.335947][ T8450] [ 214.350519][ T8] usb 3-1: config 0 descriptor?? [ 214.785126][ T8] uclogic 0003:28BD:0075.0006: interface is invalid, ignoring [ 215.027018][ T8] usb 3-1: USB disconnect, device number 8