last executing test programs: 4.598741999s ago: executing program 4 (id=3969): r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000640)="f3", 0xf000}], 0x1) 4.51380412s ago: executing program 4 (id=3970): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x7}) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x0) 4.393621682s ago: executing program 4 (id=3973): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [{0x4}, {0x4}]}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000054}, 0x44) 4.343803912s ago: executing program 4 (id=3976): openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCSETSW2(r0, 0x5453, 0x0) 4.293821043s ago: executing program 4 (id=3979): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)=0xfffffffb) pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000180)="80fd02000000", 0x6}], 0x1, 0x0, 0x80) 4.284392263s ago: executing program 1 (id=3980): syz_mount_image$bfs(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x80, &(0x7f0000000180)=ANY=[], 0x1, 0xb0, &(0x7f0000000500)="$eJzs1z9KA0EcBeC3i/in0QN4hz2BIB5FrEQ7K0XIiXKVHCFtqhRp00wIky3CErKkWQLfBzPwm1fMFNO8xXb+nMekzJJym73S+/n9+3r/rnsGmuERV6fNZ+6S3Kf+gTbJ+q1mTeq83Px/9CvJzdRvBgAALtOmy+vqaO5y6APnjaoCLw8no/I06hoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACe0CAAD//73NIaI=") openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x105042, 0x1fe) rename(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='./file0\x00') 4.189955775s ago: executing program 1 (id=3981): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x14, 0x3, 0x3, 0x301, 0x0, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x4) 4.172682185s ago: executing program 1 (id=3983): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xe8001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x324) 1.734816943s ago: executing program 1 (id=4006): r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000140)={0xb, 0xffffffff, 0xd68, 0x40, 0xfe, "2310d8ac5ab36230775aa3eb89bf73103e9354", 0x6, 0x3}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xff) 1.734532503s ago: executing program 4 (id=4007): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x37, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x6, [{{0x9, 0x4, 0x0, 0x11, 0x15, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x36, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000100)={0x20, 0xc, 0x7, {0x7, 0x1, "a7ea3171fd"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.646462764s ago: executing program 1 (id=4009): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000013c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x2}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x4048010) 1.537152726s ago: executing program 1 (id=4011): io_setup(0x8, &(0x7f00000001c0)=0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0) io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000300)="d0c668072b39", 0x6}]) 1.439704567s ago: executing program 2 (id=4013): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x1) 1.327891539s ago: executing program 2 (id=4014): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip_vti0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000040)={'tunl0\x00', 0x0, 0x20, 0x7, 0x7fffffd, 0x2, {{0x5, 0x4, 0x0, 0x16, 0x14, 0xfffc, 0x0, 0x7f, 0x4, 0x0, @local, @empty}}}}) 1.25351098s ago: executing program 2 (id=4015): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="5bfacef1a4", 0x5}], 0x1) 1.153205582s ago: executing program 2 (id=4016): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r1, 0x301, 0x70bd2c, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x20040000) 1.146039292s ago: executing program 2 (id=4017): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad98a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557343c5ca683a4b6fc89398f2b0000f224ab1bf906536e11d3f38e5c27891060017cfa6fa26fa7a34700de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc715f9fa75b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001980)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="04"], 0x10) 1.004673484s ago: executing program 2 (id=4020): syz_mount_image$jfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x210004, &(0x7f00000003c0)=ANY=[@ANYBLOB='nointegrity,errors=continue,nodiscard,uid=', @ANYRESHEX=0x0, @ANYBLOB=',quota,iocharset=macgaelic,usrquota,usrquota,gid=', @ANYRESHEX=0x0, @ANYBLOB='0\x00'], 0x13, 0x62f7, &(0x7f000000cc80)="$eJzs3UuPHFfZB/Cn+jYXv3GsLKK8FkKTxFxCiK/BGAIkWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo/Hma4en99Pmql6+lRNn/K/qy+uqj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQPf/Djc1VEXPlVuuFExP9FP6IXsdLUaxGxsnYiLz+IiBdiuzmej4jhUkSz/vavZyNej4iPj0fcf3Bnvbn5/D778f0//+MPPzn2o7//aXjmv3+51X9j2nK3b//2P3+9+2TbDAAAAKWp67qu0sf8k+nzfa/rTgEAc5Ff/+sk365euHpzwfqjVqvV6iNYt9WT3W0XEbHZXqd5z+BwPAAcMZvxSdddoEPyL9ogIo513QlgoVVdd4BDcf/BnfUq5Vu1Xw/WdtrzuSB78t+sdq/vmDadZfwck3k9vraiH89N6c/KnPqwSHL+vfH8r+y0j9Jyh53/vEzLf7Rz6VNxcv798fzHpPyXt38f6fx7E/MvVc5/sL/8d2z25Q8AAAAAAAss////iY6P/y4dpPMHOIjwqOO/awfpAwAAAAAAAAAsgCcd/2+X8f8AAABgYTWf1Ru/O/7wtmnfxdbcfrmKeGZseaAw6WKZ1a77AQAAAAAAAAAAAAAlGeycw3u5ihhGxDOrq3VdNz9t4/XjetL1j7rStx9K1vWTPAAA7Pj4+Ni1/FXEckRcTt/1N1xdXa3r5ZXVerVeWcrvZ0dLy/VK63Ntnja3LY328YZ4MKqbP7bcWq9t1uflWe3jf6+5r1Hd30fH5qPDwAEgInZeje57RXrK1PWz0fW7HI4G+//Tx/7PfnT9OAUAAAAOX13XdZW+zvtkOubf67pTAMBc5Nf/8eMCarVarVarn766rZ7sbruIiM32Os17BsPxA8ARsxmfdN0FOiT/og0i4oWuOwEstKrrDnAo7j+4s16lfKv260Ea3z2fC7In/81qe728/qTpLOPnmMzr8bUV/XhuSn+en1MfFknOvzee/5Wd9lFa7qD5T8u1q3OMpuXfbOeJDvrTtZx/fzz/MYe9/8/LVvQm5l+qnP/gsfLvyx8AAAAAABZY/v//Ewt1/Hd00M2Z6VHHf9cO7V4BAAAAAAAA4HDdf3BnPV/3mo//f2HCcq7/fDrl/Cv5Fynn3xvL/6tjy/Vb8/fefpj/vx/cWf/jrX/9f57uN/+lPFOlR1aVHhFVuqdqkKZPsnWftTXsj5p7Gla9fnMPa7t//3psxNk9y/bSv0c9fDeubbef29Pe9HS43V73d9rP72kf7Lbn9S/saR+mM53qldx+Otbj53E93tlub9qWZmz/8oz2ekZ7zr9v/y9Szn/Q+mnyX03t1di0ce+j3mf2+/Z00v28de2Lvzl7+Jsz01b0d7etrdm+lzroz/a/ybFR/PLmxo3Tt6/eunXjXKTJnlvPR5p8znL+w/Sz+/z/8k57ft5v76/3Pho9dv6LYisGU/N/uTXfbO8rc+5bF3L+o/ST838ntU/e/49y/tP3/1c76A8AAAAAAAAAAAAAAAA8Sl3X25eIvhURF9P1P11dmwkAzFd+/a+TfPu86v6c70+tPuJ1tWD9mWv9ab1Y/VGrj2LdVk/2ZruIiL+112neM/x60h8DABbZpxHxz647QWfkX7D8fX/N9NSeb/kFnnY3P/jwp1evX9+4cbPrngAAAAAAAAAAB5XH/1xrjf98qq7ru2PL7Rn/9e1Ye9LxPwd5ZneA0SkDVX/OpyRt9Ub9Xmu48RejPT53e4Ti4e7co8b/Hsy4v+GM9tGM9qUZ7csz2ide6NGS83+xNd75qYg4OTb8egnjv46PeV+CnP9Lrcdzk/9XxpZr51///ijn39uT/5lb7//izM0PPnzt2vtX39t4b+NnF86dO3vh4sVLly6deffa9Y2zO7877PHhyvnnsa9z/pQh558zl39Zcv5fSrX8y5Lz/3Kq5V+WnH9+vyf/suT882cf+Zcl5/9KquVflpz/11It/7Lk/F9NtfzLkvP/eqrlX5ac/2upln9Zcv6nUy3/suT8z6R6n/mvHHa/mI+cfz7CZf8vS84/n9kg/7Lk/M+nWv5lyflfSLX8y5Lzfz3V8i9Lzv8bqZZ/WXL+F1Mt/7Lk/L+ZavmXJed/KdXyL0vO/1upln9Zcv7fTrX8y5LzfyPV8i9Lzv87qZZ/WXL+3021/MuS8/9equVflpz/m6mWf1kefv//os7kS+wXpT9mzJQw0/UzEwAAAAAAAAAAAAAwbh6nE3e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhb27jZHjru8APvfoswOJgZA6qSEXx4SQXHJnO/EDbYoJjw1PJRAKfcB2fWdz4NiOzy6BRrKjQImEURGibXjRFhBqI1UVVsULWgHKC9SqUiVoX9A3iAoVqVEVUECq1FaQq3bm///f7t7e7t7d3nl35vOR7J9vd3bmP7P/ndvfnb87AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDvljfMfWooy7Lan/yv7Vn2otq/t05uz2977dUeIQAAALBev8j/fv66dMPhLh5Ut8w/vvI7X1tcXFzM3j/yx2OfX1xMd0xm2diWLMvvi6788AND9csET2QTQ8N1Xw932PxIh/tHO9w/1uH+8Q73b+lw/0SH+5cdgGW2Fj+PyVe2O//n9uKQZtdnY/l9u1s86omhLcPD8Wc5uaH8MYtjJ7L57FQ2l800LF8sO5Qv/41batt6axa3NVy3rZ21GfLTx47HMQyFY7y7YVtL64x+/Pps8mc/fez4X55/7sZWteNhaFhfMc7bd9XG+YlwSzHWoWxLOiZxnMN149zZ4jkZaRjnUP642r+bx/l8l+McWRrmpmp+ziey4fzf382P02j9j/XScdoZbvufW7Msu7Q07OZllm0rG862NdwyvPT8TBQzsraO2lR6aTa6qnl6SxfztFZndzfO0+bXRHz+bwmPG11hDPVP048fH6973n++uJZ5GtX2eqXXSvMc7PVrpV/mYJwX3813+smWc3B32P/Hblt5DracOy3mYNrvujm4q9McHB4fycecnoSh/DFLc3BPw/Ij+ZaG8vrsbe3n4PT5h89OL3zs43fNP3zs5NzJudP79uyZ2bd//8GDB6dPzJ+amyn+XuPR7n/bsuH0GtgVjl18Dby6adn6qbr4pfFl59+1vg4n2rwOtzct2+vX4Wjzzg1tzgty+ZwuXhvvrR30icvD2Qqvsfz5uWP9r8PR8OihbOl1OFr3Omz5PaXF63C0i9dhbZmzd3T3nmW07k+rMaz8vWB9c3B73Rxsfj/SPAd7/X6kX+bgRJgX379j5e8FO8N4n5xa7fuRkWVzMO1uOPfUbknv9ycO5qXVvLypdsc149mFhblzdz967Pz5c3uyUDbFy+rmSvN83Va3T9my+Tq86vl6eP6VT97U4vbt4VhN3FX7a2LF56q2zD13t3+u8u9urY9nw617s1B6bLOPZ6vv5rXjOZ5lX/j24w9+87EvvGHF41nrNz8xvf734qkvrXsfNLbC+Tf2/S8U20uremJkbLR4/Y6kozPWcD5ufKpG83PXUL7t56e7Ox+PhT+bfT6+vs35eEfTsr0+H48171w8Hw91+mnH+jQ/nxNhnpyaaX8+ri2zY+9q5+Ro2/PxraEOheP/mtAppL6obu6sNG/TtkZHx8J+jcYtNM7TfQ3Lj4XerLatp/eubZ7efmuxrpG0d0s2a55ONi3b63mafva10jwd6vTTt7Vpfj4nwry4fl/7eVpb5pl71n/u3Br/WXfuHO80B8dGxmtjHkuTMD/fZ4tb4xy8OzuenclOZbP5veP5fBrKtzV1b3dzcDz82exz5Y42c/D2pmV7PQfT97GV5t7Q6PKd74Hm53MizIun7m0/B2vLvPFAb9+73h5uScvUvXdt/vnaSj/zuqnpMG3UXBkN4/z2gfY/m60tc+rgavvM9sfpznDLNS2OU/Prd6XX1Gy2OcdpRxjncwdXPk618dSW+fyhLufT4SzLLj5yf/7z3vD7lb+98L2vNfzepdXvdC4+cv9PXnziH1YzfgAG3wtF2VZ8r6v7zVQ3v/8HAAAABkLs+4dDTfT/AAAAUBqx74//KzzR/wMAAEBpxL5/NNSkIv3/jjc+N//CxSwl8xeDeH86DA8Uy8WM60z4enJxSe32+78y999/f7G7bQ9nWfbzB/6g5fI7HojjKkyGcV55U+Pty3ztrq62ffShi2m79fn1L4b1x/3pdhq0iuDOZFn2jes+k29n8gOX8/rMA0fz+uClJ5+oLfP8oeLr+PhnX1Ys/2ch/Hv4xLGGxz8bjsOPQp15W+vjER/31cuv2XngfUvbi48b2nVtvttPfbBYb/ycnM8+USwfj/NK4//mp5/+am35R1/VevwXh1uP/+mw3q+E+r+vKJavfw5qX8fHfTKMv7a92gyNj7v7y99qOf4rnyqWP/vmYrmjocbt3x6+3v3m5+brj9ejQ8ca9it7S7Fc3P7M9/4ovz+uL66/efwTRy43HI/m+fHMvxbrmW5aPt4etxP9XdP2a+upn59x+0//4dGG49xp+1cefPYVtfU2b//OpuXOPnJHvv2l9TV+YtOff/IzLbcXx3P4b8427M/hd4fXcdj+Ux8M8zHc/39XivU1f7rC0Xc3nn/i8l/cfrFhf6K3/qzY/pXXnczrlomt26550YuvvXRz7dhl2Xe3FOvrtP2Tf3GmYfxfuqE4HvH+mNFv3v5K4vbPfXTq9JmFC/Oz6ag+dl3+2TlvL8YTx3tdOLc2f33kzPkPzZ2bnJmcybLJ8n6E3pp9OdSfFOVS+6UXl51B73goPJ83/ek3tt32L5+Ot//be4vbL7+t+L716rDcZ8Pt28Pzt7rtL/fULTfkr++hZ8IIF5d/XvB67Nz9Xwe7WjDsf/P7gjjfz778Q/lxqN2Xf9+Ir+t1jv8Hs8V6vh6O62L4ZOZdNyxtr375+NkIl99TvN7XffzCaS4+r38Vnu93/KhYfxxX3N8fhPcx39rReL6L8+PrF4eb159/iselcD7JLhX3x6Xi8b78/A0thxc/hyS7dGP+9efSem5c1W6uZOFjC9On5k9feHT6/NzC+emFj338yMNnLpw+fyT/LM8jH+70+KXz07b8/DQ7t/+eLD9bnSnKBrva4z/70PHZAzO3zc6dOHbhxPmHzs6dO3l8YeH43OzCbcdOnJj7aKfHz8/et2fvoX0H9k6dnJ+97+ChQ/sOTc2fPlMbRjGoDvbPfGTq9Lkj+UMW7rvn0J57771nZurhM7Nz9x2YmZm60Onx+femqdqjf3/q3NypY+fnH56bWpj/+Nx9ew7t37+346cBPnz2xMLk9LkLp6cvLMydmy72ZfJ8fnPte1+nx1NOC/9evJ9tNlR8EF/2rjv3p89nrfnK4yuuqlik6QNEnwufRfNPLzl7sJuvY98/FmpSkf4fAAAAqiD2/eOhJvp/AAAAKI3Y928JNdH/AwAAwCCbqP8i9v0TzXdVpP8vXf5/x8Wuti//P3j5/0z+X/6/aX/WnP9/T7/l/4vzhfx/b6w3fy//H8j/y//L/8v/y//TA/2W/499/9Ysq2T/DwAAAFUQ+/5toSb6fwAAACiN2PdfE2qi/wcAAIDSiH3/i0JNKtL/y//L/8v/y//L/7fe/iry/1uyLsj/bw75//Yqnv8f7jgA+f/prFr5/0u9HH918/9FDyX/Tyv9lv+Pff+LQ00q0v8DAABAqfxn65tj339tqIn+HwAAAEoj9v3XhZro/wEAAKA0Yt+/PdSkIv2//L/8v/y//L/8f+vtu/7/YJL/b6/i+f/O5P9d/1/+3/X/6al+y//Hvv8loSYV6f8BAACgCmLf/9JQE/0/AAAA9J/RtT0s9v0vCzVZ1v+vcQMAAADAVRf7/uuzpiB4RX7/L/8v/y//L/8v/996+93n/0cy+f/+If/fnvx/B/L/8v/y//L/9FS/5f/zvj+byF4ealKR/h8AAACqIPb9N4Sa6P8BAACgNGLf/0uhJvp/AAAAKI3Y9+8INalI/y//X8r8f+1pkv+X/19x+yXI/+cn6/7J/2/o9f/nQmBT/r9L8v/tyf93IP8v/y//L/9PT/Vb/j/2/TeGmlSk/wcAAIAqiH3/TaEm+n8AAAAojdj3/3Koif4fAAAASiP2/TtDTSrS/8v/93n+PyZHXf9f/n8p//+I/H9hKf/fOIaS5f9d/3+V5P/bk//vQP5f/l/+X/6fnuq3/H/s+18RalKR/h8AAACqIPb9rww10f8DAABAacS+/+ZQE/0/AAAAlEbs+ydDTSrS/8v/93n+f23X/19P/n+r/H/f5/9Xdf3/myuR/y/19f/l/1dJ/r89+f8O5P/l/+X/5f/pqX7L/8e+/5ZQk4r0/wAAAFAFse/fFWqi/wcAAIDSiH3/raEm+n8AAAAojdj37w41qUj/L/8v/+/6/+XO/7favvy//H+Zyf+3J//fgfy//L/8v/w/PdVv+f/Y978q1KQi/T8AAABUQez7bws10f8DAABAacS+/9WhJvp/AAAAKI3Y998ealKR/l/+X/5f/l/+v+L5/4vy/+Ui/9+e/H8H8v+9yM+/Q/5f/l/+n6jf8v+x739NqElF+n8AAACogtj33xFqov8HAACA0oh9/52hJvp/AAAAKI3Y90+FmlSk/5f/l/+X/5f/r3j+3/X/S6YP8v8T69m+/L/8fwny/67/L/8v/09ytfL/WdY6/x/7/rtCTSrS/wMAAEAVxL7/7lAT/T8AAAAMoK0tb419/3Soif4fAAAASiP2/TOhJhXp/+X/5f/l/yud/7+06vz/zUvrlf8vyP/3lw3L/w9nrv8v/y//38Gg5f+bfzvYH/n/Mfl/SmVN+f+vtlxVT67/H/v+PaEmFen/AQAAoApi37831ET/DwAAAKUR+/59oSb6fwAAACiN2PffE2pSkf5f/n/z8v+jmfy//H/f5f9d/1/+v3T64Pr/69r+4OX/4y7K/8v/D17+v9fjd/1/+X+WW1P+v7We5P9j339vqElF+n8AAACogtj37w810f8DAABAacS+/0Coif4fAAAASiP2/QdDTSrS/8v/u/6//L/8v/x/6+3L/w8m+f/2XP+/A/l/+X/5f/l/eqrf8v+x7z8UalKR/h8AAACqIPb9rw010f8DAABAacS+/1dCTfT/AAAAUBqx7//VUJOK9P/y//L/8v/y//L/rbcv/z+Y5P/bk//vQP5f/l/+X/6fnuq3/H/s++8LNalI/w8AAABVEPv+Xws10f8DAABAacS+/3WhJvp/AAAAKI3Y9x8ONalI/y//32X+f2v79cn/N45f/r/1/JD/l/+X/9948v/tyf93IP8v/1/C/P/j8v9cRf2W/499/+tDTSrS/wMAAEAVxL7//lAT/T8AAACURuz73xBqov8HAACA0oh9/xtDTSrS/8v/u/6//L/8v/x/6+3L/w8m+f/25P87kP+X/y9h/n8Trv8/Hqr8P8t0m/+P76s2Ov8f+/43hZpUpP8HAACAKoh9/5tDTfT/AAAAUBqx739LqIn+HwAAAEoj9v1vDTWpSP8v/y//L/8v/y//33r78v+DSf6/Pfn/DuT/5f8HJP//vRaPv4r5/5zr/9NKv13/P/b9vx5qUpH+HwAAAKog9v0PhJro/wEAAKA0Yt//tlAT/T8AAACURuz73x5qUpH+v3f5/3H5/yby//L/zfND/l/+X/5/48n/tzdg+f9fXBtul/8vyP9v0PgnP1cc+AHK/7fSMv//w5Xy/4tbmh8v/89G6Lf8f+z73xFqUpH+HwAAAKog9v3vDDXR/wMAAEBpxL7/XaEm+n8AAAAYfItFfCD2/b8RalKR/t/1/2vjWEovb3D+/6/l/+X/5f/l/+X/N5b8f3sDlv93/f8m8v/9Pf6+zP+7/j9XWb/l/2Pf/+5Qk4r0/wAAAFAFse9/MNRE/w8AAAClEfv+94Sa6P8BAACgNGLf/95Qk4r0//L/rv8v/z/g+f/JLMvk/+X/SeT/25P/70D+X/6/3/L//yH/z2Drt/x/7PsfCjWpSP8PAAAAVRD7/veFmuj/AQAAoDRi3/+boSb6fwAAACiN2Pe/P9SkIv2//P+g5P8n5f/l/13/v2l/5P/l/1uR/29v8/P/q3tDJf8v/z/I43f9f/l/luu3/H/s+z8QatL9t6uJrpcEAAAArorY9/9WqElFfv8PAAAAVRD7/t8ONdH/AwAAQGnEvv93Qk0q0v/L/w9K/t/1/zP5f/n/pv2R/5f/b2Xz8v/xzNNt/n9rV9svX/7f9f+b1i//v4Gu9vjl/+X/Wa7f8v+x7//dUJOi8XvL2vYSAAAA6Cex7/9gqElFfv8PAAAAg67V/8luFvv+I6Emnfv/Vf+fQgAAAODqiH3/0VCTivz+X/5f/l/+v0/z/3+y65+//513Ht0j/y//L/+/Kpt6/f/ai9/1/+X/5f8T+X/5/5b5/y3y/1W2Afn/sfobV5v/j33/sVCTivT/AAAAUAWx7/+9UBP9PwAAAJRG7PuPh5ro/wEAAKA0Yt8/G2pSkf5f/l/+X/6/T/P/q7z+/1DYTj/k/+PxkP9v1LP8fzzpyv+3tKn5//ct5cTl/1eb/x9veav8f9f5//yNm/x/f41f/t/1/1muV/n/kaX8f4PV5v9j3z8XalKR/h8AAACqIPT9wyeKunSH/h8AAABKI/b9J0NN9P8AAABQGrHv/1CoSUX6f/l/+X/5/3Lk/13/f2n50uf/Xf+/Lfn/9von/9+a/L/r/w/y+OX/5f9ZbgOu/99gtfn/2PfPh5pUpP8HAACAKoh9/4dDTfT/AAAAUBqx7/9IqIn+H/h/9u7syfL6rOP4aewpZooLyyqrvPBC7i3/Ai7gWv8AL7zxxirKUlzAfWFwX3HfcAH3FRdQxA1XUMENxV1cMSF7QkhCCKlJMfM8z5zuPv073dPnTP/O93m9LvLImMnpjONMPhne9QUAAIaRu//z4pYm+1//r//X/+v/9f+rP/9q/79//V9X/78b9P/T9P9r6P+30c8f/mV9a/T/+n/mZ279f+7+z49bmux/AAAA6CB3/z1xi/0PAAAAw8jd/wVxi/0PAAAAw8jd/4VxS5P9r//X/w/b/9+p/z/u8/X/3v8fmf5/mv5/jR3q/z/x4s70/97/1//r/xubW/+fu/+L4pYm+x8AAAA6yN3/xXGL/Q8AAADDyN1/b9xi/wMAAMAwcvffF7c02f+H+v+9xfz7/703plK+G+v/M+PV/4/U/3v//9jP1//r/0d2c/v/B978lU//r//3/n/Q/+v/9f8cNrf+P3f/l8QtTfY/AAAAdJC7/0vjFvsfAAAAhpG7/8viFvsfAAAAhpG7/8vjlib7/2zv/+97/z8s9c972aLr//X/h39+6P/1//r/7fP+/7RO/f+9L9x2zytPfPKTp/l8/b/+X/+v/2ez5tb/5+7/irilyf4HAACADnL3f2XcYv8DAADAMHL3f1XcYv8DAADAEF7+tEXt/q+OW5rs/7P1/+fy/v/c+/+i/9f/H/75of/X/+v/t0//P61T/38jn6//1//fwNdfvw3q//X/HDW3/j93/9fELU32PwAAAHSQu/9r4xb7HwAAAIaRu//+uMX+BwAAgGHk7r8ctzTZ//r/7ff/H9X/73z/f2Gh/79G/6//nz/9/zT9/xr6f/2/9//1/2zU3Pr/3P0PxC1N9j8AAAB0kLv/6+IW+x8AAACGkbv/6+MW+x8AAACGkbv/G+KWJvtf/+/9f/2/9//1/6s/X/+/m/T/0/T/a+j/z9rPX9D/6//1/yw7Zf//+sQv2xvp/3P3f2Pc0mT/AwAAQAe5+78pbrH/AQAAYBi5+785brH/AQAAYBi5+78lbmmy//X/+n/9v/5f/7/68/X/u0n/P202/f/e/spv1v/vfP/v/X/9v/6fA+b2/n/u/m+NW5rsfwAAAOggd/+3xS32PwAAAAwjd/+3xy32PwAAAAwjd/93xC1N9r/+X/+v/9f/6/9Xf/5U///k0ten/5+Xjfb/e/p/7//r//X/+n/9P2cxt/4/d/93xi1N9j8AAAB0kLv/wbjF/gcAAIBh5O7/rrhlaf8f/ntRAQAAgN2Su/+745Ymf/6/uv+//r8/Rf9/aaH/P2AL/f++/l//f+3/3tf+FfX/k/3/Xd7/78n7/9PW9//5K6r+X/+v/99I/7/YG6X/v7Tu++v/WWVu/X/u/u+JW5rsfwAAAOggd//3xi32PwAAAAwjd//3xS32PwAAAAwjd//3xy1N9r/3/3eq//f+f6/+/5EL3v+/ao7v/y9uev+/r/8/If3/NO//r6H/1/97/9/7/2zU3Pr/3P0/ELc02f8AAADQQe7+H4xb7H8AAADYDct/78Axj/jn7v+huMX+BwAAgGHk7v/huKXJ/h+8/7/zuH+a/l//v/zjNdP+/9j3//X/1/Tq/73/f1L6/2n6/zX0/9vo5/cH6/8fPu77z6H/v1//z8wc6P+fuv7t59X/5+7/kbilyf4HAACADnL3PxS32P8AAAAwjNz9Pxq32P8AAAAwjNz9Pxa3NNn/W+//Lx3/2d7/1//r//X/+n/9/6bp/6fp/9c43P+/+R8N9f/e//f+v/6fG3ag/19yXv1/7v4fj1ua7H8AAADoIHf/T8Qt9j8AAAAMI3f/w3GL/Q8AAADDyN3/SNzSZP8P/v7/sfT/+v/lHy/9v/5/1efr/3eT/n+a/n8N7//r/8+j/4+fAPp/RjS3/j93/0/GLU32PwAAAHSQu/+n4hb7HwAAAIaRu/+n4xb7HwAAAIaRu/9n4pYm+1//v93+P79d/6//X+j/9f/6/5uibf+/t+p3oqOO6f+fu/vyZxz8Fv2//n/I/v+lrX793v/X/3PULPr/K9f/02Xu/p+NW5rsfwAAAOggd//PxS32PwAAAAwjd//Pxy32PwAAAAwjd/8vxC1N9v9S/5/Jhf7f+//6f/2//l//v7MG7f9PFvefgPf/p70W/371/6P2/9v9+vX/+n+OmkX/v/TXuft/MW5psv8BAACgg9z9vxS32P8AAAAwjNz9vxy32P8AAAAwjNz9vxK3NNn/3v/v0f/futD/6//1//r/Hgbt/zdG/7+G9//1//p//T8bNbf+P3f/o3FLk/0PAAAAHeTu/9W4xf4HAACAYeTu/7W4xf4HAACAYeTu//W4pcn+1/8f0/8vxur/vf+v/1/o//X/Tej/p513/7/q98tlN6X/f2ziC1jV/1+5Vf+/4/3/xRN+f/2//p/Nm1v/n7v/N+KWJvsfAAAAOsjd/1jcYv8DAADAMHL3Px632P8AAAAwjNz9vxm3NNn/+v8e7//r//X/C/2//r8J/f+01f3/LUe/yfv/3v8fqP/3/r/+n/Mzt/4/d/9vxS1N9j8AAAB0kLv/ibjF/gcAAIBh5O7/7bjF/gcAAIBh5O5/Mm5psv/1//p//b/+X/+/+vP1/7tpe/3/YuD+fwX9v/5f/6//1/+zAXPr/3P3/07c0mT/AwAAQAe5+383brH/AQAAYBi5+38vbrH/AQAAYBi5+38/bmmy/8+r/79L/6//1//r//X/9aOq/98c7/9P0/+vof/X/+v/9f9s1Nz6/9z9fxC3NNn/AAAA0EHu/qfiFvsfAAAAhpG7/w/jFvsfAAAAhpG7/4/ilib73/v/+v+D/f9iMfP+P/+fVP+v/x+h/7+40P9vnP5/mv5/Df3/mP3/LYuB+v9Lx35//T9zNLf+P3f/H8ctTfY/AAAAdJC7/0/iFvsfAAAAhpG7/0/jFvsfAAAAhpG7/8/ilib7X/+v//f+/zj9/9Ovrv75qP+fbf9fP6r6/83R/0/T/6+h/x+z//f+v/6fczO3/j93/9NxS5P9DwAAAB3k7n/m8J+h2v8AAAAwjGeu/uPFxZ/HLfY/AAAADCN3/1/ELU32v/5f/6//H6f/9/7/Nfr/3s6p/9/b1Ofr//X/+v/d/fr1//p/jppb/5+7/y/jlib7HwAAADrI3f9s3GL/AwAAwDBy9z8Xt9j/AAAAMIzc/X8VtzTZ//p//b/+fzf7/4v6/+H7//zK9P+nM5f3/++449Of1//r//X/+n/9v/6/u7n1/7n7/zpuabL/AQAAoIPc/X8Tt9j/AAAAMIzc/X8bt9j/AAAAMIzc/X8XtzTZ/0f7/wuLa4XqNav6/2jU9P9L9P8Hv379/+qfH97/1/97/3/75tL/e///xr7+ufX/9+n/9f/b6v9vP/r99f+MaG79f+7+5+OWJvsfAAAAOsjd//dxi/0PAAAAM7bq78Q+Xu7+f4hb7H8AAAAYRu7+F+KWJvvf+//6f/2//l//v/rz1/X/Sf8/L/r/afr/Nbz/r/9v9P5//P5Xv05V//9x+n82Z279f+7+f4xbmux/AAAA6CB3/z/FLfY/AAAADCN3/z/HLfY/AAAADCN3/7/ELU32v/5/o/3//vK36f/1/4d+fuj/B+v/vf8/T/r/afr/NfT/+v9G/f9h3v9nG+bW/+fu/9e4pcn+BwAAgA5y9/9b3HKi/X9pS18VAAAAsEm5+/89bvHn/wAAADCM3P3/Ebc02f9z7f/v383+/wD9/1z6/8/W/x/6fP2//n9k+v/8HX01/f8a+v/T9vOvLf+F/l//r//nsLn1/7n7X4xbmux/AAAA6CB3/3/GLfY/AAAADCN3/3/FLfY/AAAADCN3/3/HLU32/1z7/x19//+AOfb/e4uO/b/3/6/+9d6e/l//34L+f5r+f43N9v8PNOj/D9D/6//1/xw2t/4/d///xC1N9j8AAADsqs/81M998aT/3Nz9/xu32P8AAAAwjNz9/xe32P8AAAAwjNz9L8UtTfa//r9X/9/z/X/9v/f/9f+d6P+n6f/X8P6//l//r/9no+bW/+fu//+4ZWn47Z/63yUAAAAwJ7n73xK3NPnzfwAAAOggd/9b45Yj+//KCf+udgAAAGBucve/HLc0+fP/M/f/iz39/zb7/4X+X/+v/9f/6/9PQ/8/7Yz9/5U9/b/+f4L+X/+v/2fZpRn2/7n73xa3NNn/AAAAMKgD/41C7v63xy32PwAAAAwjd/874hb7HwAAAIaRu/+dcUuT/e/9/5n3/zf0/v+l+p/0/837/wcvrvx8/b/+f2T6/2N9QtxO7/9f+Xj9/6mcdz+/61+//l//z1Fz6/9z978rbmmy/wEAAKCD3P3vjlvsfwAAABhG7v73xC32PwAAAAwjd/9745Ym+1//P2L/7/1//f/054/T/3/SbZef/azPefxR/T/X3cz+P38u7Ej/f9UZ3//ftf7/NJ//0NV/1P/r//X/p+7/b4+r/2eVufX/ufvfF7c02f8AAADQQe7+V+IW+x8AAACGkbv//XGL/Q8AAADDyN3/atzSZP/vVP//Kfr/kfv//LE+h/7/8u71/9kUd+//vf+v/z/K+//T9P9r6P/1//p/7/+zUXPr/3P3fyBuabL/AQAAoIPc/R+MW+x/AAAAGEbu/g/FLfY/AAAADCN3/2txS5P9v1P9v/f/h+7/0430//n53v/X/y/0/+3p/5fsH/0m/f8a+n/9v/5f/89Gza3/z93/4bilyf4HAACADnL3vx632P8AAAAwjNz9H4lb7H8AAAAYRu7+N+KWJvtf/6//H6H/P+P7/+fT/7/5y43+X/+v/984/f80/f8a+n/9f/v+/279Pxs1t/4/d//HAgAA///s21uH") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f00000004c0)=""/131, 0x83) 813.353937ms ago: executing program 3 (id=4022): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) 588.581431ms ago: executing program 0 (id=4026): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x2ffc, 0x4000003, 0xfffffefa, 0x6}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r0], 0x1c}}, 0x804) 577.099641ms ago: executing program 3 (id=4027): r0 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) io_submit(r1, 0x2, &(0x7f0000000440)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2, 0x1fb, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) 452.619012ms ago: executing program 0 (id=4028): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x800090, &(0x7f0000000500)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c756e695f786c6174653d312c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d302c757466383d312c696f636861727365743d69736f383835392d31332c636865636b3d7374726963742c726f6469722c757466383d302c756e695f786c6174653d312c636f6465706167653d3836362c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c646d61736b3d30303030303030303030303030303030303030303030312c646d61736b3d30303030303030303030303030303030303030303030362c756e695f786c6174653d302c696f636861727365743d63703835352c73686f72746e616d653d77696e39352c726f6469722c6e6e6f6e756d7461696c3d312c73686f72746e616d653d6d697865642c73686f72746e616d653d6d697865642c757466383d312c757466383d302c756e695f786c6174653d302c756e695f786c6174653d312c696f636861727365743d6370313235352c757466383d302c646566636f6e7465010000006e636f6e66696e65645f752c00"], 0x46, 0x2d1, &(0x7f0000000740)="$eJzs3T9rJGUcB/DfbGb/qMVuYSWCA1pYHZdrbTbIHYipPLY4LTR4dyDZRUgg4h9cU4mdjaWvQBB8ITZ2loKtYGeEwMjMzmR3k3GzkWxE8/kUyZOZ5zvP73lmkkyTJ++9ONl/nMXT489+iV4vidawG3GSxCBaUfsilgy/DgDgv+wkz+P3fKbh9M9frcj2NlgXALA5l/z+r6Tlx0dFjx9urjYAYDMePnr7zZ3d3ftvZVkvHky+PBolEVF8np3feRofxDiexN3ox2lE+aLQjvJtoWg+yPN8mmaFQbwymR6NiuTk3R+r6+/8FlHmt6Mfg/LQ2dtGmX9j9/52NrOQnxZ1PFuNPyzy96Ifz5+Fl/L3GvIx6sSrLy/Ufyf68dP78WGM43FZxDz/+XaWvZ5/88en7xTlFflkejTqlv3m8q168OkN3yMAAAAAAAAAAAAAAAAAAAAAAP5/7lR753Sj3L+nOFTtv7N1WnzRjqw2WN6fZ5ZP6gvN9weKVp7n0zy+rffXuZtlWV51nOfTeCGtNhYEAAAAAAAAAAAAAAAAAACAW+7w40/298bjJwfX0qh3A0gj4s+HEf/0OsOFIy/F6s7dasy98bhVNZf7pItHYqvuk0SsLKOYxDUty2WNZy7UXDW++74xVczoMI2mU73LB203j3XFxkft2To29qmfrv29pHkNu2fF94obF+dvXCeaR2/HuSOdv6uwfhTXm06n8VT/ysvSea5sTFf0iWTV98Vrv87KXpjFUp9OuaqN8XbVWIifezbWep6jN4tf/FmR2K0DAAAAAAAAAAAAAAAAAAA2av7Xvw0nj1dGW3l3Y2UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwI2a////dRrpcniNVCcODv+tuQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB7/BUAAP//vaZV2Q==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f00000000c0)=""/164, 0xa4) 426.045703ms ago: executing program 3 (id=4029): r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000000), 0x2, 0x0) pread64(r1, &(0x7f0000000180)=""/77, 0x4d, 0x1) 363.154854ms ago: executing program 0 (id=4030): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="640000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="f300000000000000440012800e00010069703665727370616e00000030000280140006002001000000000000000000000000000214000700fc020000000000000000000000000000040012"], 0x64}}, 0x0) syz_emit_ethernet(0x86, &(0x7f0000000100)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "f2a400", 0x1f, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x22eb, 0x8, 0x0, [0x7ba], "00000100feffff43"}, {}, {0x0, 0x0, 0x0, 0x0, 0x2a, 0x0, 0x86dd, [0x6]}, {}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0xfffffffd}}}}}}}}}, 0x0) 257.791335ms ago: executing program 3 (id=4031): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) 222.055186ms ago: executing program 0 (id=4032): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f00000001c0)={@loopback={0xfffffffffffffffd, 0x3fc}, 0x4, r1}) 153.429697ms ago: executing program 3 (id=4033): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) sendmsg$netlink(r0, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005cc0)=[{&(0x7f0000000540)=ANY=[], 0x10}, {0x0, 0x28}], 0x2, 0x0, 0x0, 0x44011}, 0x0) 119.867988ms ago: executing program 0 (id=4034): socket$inet6(0xa, 0x800, 0x3ff) syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000003040)='./file1\x00', 0x1200001, &(0x7f0000000080)={[{@gid}, {@gid}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@codepage={'codepage', 0x3d, 'cp1251'}}]}, 0x2, 0x342, &(0x7f0000000100)="$eJzs3T1rFEEcBvBn9uWyZ0Jck0jASqIBq5DEQrExSLDxC1hIMCYXCFkjaAQNiNFaxE4QLO2sRb+CNuIX0CqFWGkTLFyZ2Z19u9nN5XLJ5sjzA4+93Zmd/9zM7M0kxAERHVvX5r+/u7gt/wkXgA3gCmAB8AAHwGmMew/XN9pzDuTf2smRQJRTtGVZWm+ZYvAQ54j58p2Doew5OhhhGIY/dk31+1BiofqI7AjOsKKB7ugR7h16ZAdjq+0BdgxkWljsYAePMFxnOEREVL/4+9+KvyWG4vm7ZQGT8Ty837//c/ObnfriOBKS738reh8K+fmcVJfkem91I2gtR0s42fqWXiWa7mXsE2H6cTcQ9Sx7MDPlypRipmKxmiurQWtqS93gOa7GMsnG1OsydEWUsmgbUaoJw9q0QlXdqw2qOriyDrMl8Y9WlWhcAH/6idfm4ha+mM4W6io+i69iQfh4g+Vk/ueEQjaTaim/MFSi+KcraqnDDFrTuVqm4Z9ShZyJS8DH92ktm2WfqwdbxpLXSOtRnL/7Os5XDfMN1ekR5H+sENVuprx2Ktco4Ai1asjmmk0S/TXmGiuW1Vxxg9bU0r2grNP3lnFFJ16Km2ICv/AB85n5vyVTT6J8ZOZGuVAp455RWR9HpWxrRwM1NO/uaWSScj0/XjvK8wJ3cBnDDx5vri0GQet+/Qd6qHSZ/WyP44k6Ytwd5RmoJ1ySBp48cAH0rNB/YRgaLzk4jCZwVVUvvU2rvLm2KOJn3v6KkE/OwqW58sQA5gDEZ/QToZvSnya5BtIb7pLLV2X9ka2tzuQ6pKsPdFTqku66B9M6uqjcJRsDHY2UZheF3niythh09SSiPpM2OsZv1R0M1UHOF0S0/susV6bVU0e++BXrHzf/ttmWIHPHmZIV0Ih6PdHZCi65bek8cVAf7LLmOncBOF8o0YIu8Vnxtn4cJ47ibyX3/qsMMY9vuM2f/xMRERERERERERERERERERERERER9Zu9/jVCN39OkC9x+xj+xxtERERERERERERERERERERERERERERERPuT2f8XsNWOMQ3T/r9VOzUpdrRDjNeL/X/tDvb/FVv9vBcZ0ZHwPwAA//+ekVe5") mount$nfs(&(0x7f0000000540)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) 194.86µs ago: executing program 3 (id=4035): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x40}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x17}]}}}]}]}], {0x14}}, 0x94}}, 0x0) 0s ago: executing program 0 (id=4036): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1218001, &(0x7f0000000080)={[{}, {@type={'type', 0x3d, "5ed07ee6"}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@codepage={'codepage', 0x3d, 'iso8859-13'}}]}, 0x2, 0x342, &(0x7f0000000100)="$eJzs3T1rFEEcBvBn9uWyZ0Jck0jASqIBq5DEQrExSLDxC1hIMCYXCFkjaAQNiNFaxE4QLO2sRb+CNuIX0CqFWGkTLFyZ2Z19u9nN5XLJ5sjzA4+93Zmd/9zM7M0kxAERHVvX5r+/u7gt/wkXgA3gCmAB8AAHwGmMew/XN9pzDuTf2smRQJRTtGVZWm+ZYvAQ54j58p2Doew5OhhhGIY/dk31+1BiofqI7AjOsKKB7ugR7h16ZAdjq+0BdgxkWljsYAePMFxnOEREVL/4+9+KvyWG4vm7ZQGT8Ty837//c/ObnfriOBKS738reh8K+fmcVJfkem91I2gtR0s42fqWXiWa7mXsE2H6cTcQ9Sx7MDPlypRipmKxmiurQWtqS93gOa7GMsnG1OsydEWUsmgbUaoJw9q0QlXdqw2qOriyDrMl8Y9WlWhcAH/6idfm4ha+mM4W6io+i69iQfh4g+Vk/ueEQjaTaim/MFSi+KcraqnDDFrTuVqm4Z9ShZyJS8DH92ktm2WfqwdbxpLXSOtRnL/7Os5XDfMN1ekR5H+sENVuprx2Ktco4Ai1asjmmk0S/TXmGiuW1Vxxg9bU0r2grNP3lnFFJ16Km2ICv/AB85n5vyVTT6J8ZOZGuVAp455RWR9HpWxrRwM1NO/uaWSScj0/XjvK8wJ3cBnDDx5vri0GQet+/Qd6qHSZ/WyP44k6Ytwd5RmoJ1ySBp48cAH0rNB/YRgaLzk4jCZwVVUvvU2rvLm2KOJn3v6KkE/OwqW58sQA5gDEZ/QToZvSnya5BtIb7pLLV2X9ka2tzuQ6pKsPdFTqku66B9M6uqjcJRsDHY2UZheF3niythh09SSiPpM2OsZv1R0M1UHOF0S0/susV6bVU0e++BXrHzf/ttmWIHPHmZIV0Ih6PdHZCi65bek8cVAf7LLmOncBOF8o0YIu8Vnxtn4cJ47ibyX3/qsMMY9vuM2f/xMRERERERERERERERERERERERER9Zu9/jVCN39OkC9x+xj+xxtERERERERERERERERERERERERERERERPuT2f8XsNWOMQ3T/r9VOzUpdrRDjNeL/X/tDvb/FVv9vBcZ0ZHwPwAA//+ekVe5") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) kernel console output (not intermixed with test programs): handler #20a!!! [ 255.049922][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #208!!! [ 255.059253][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #20a!!! [ 255.068449][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #20a!!! [ 255.078602][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #28a!!! [ 255.088583][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #28a!!! [ 255.109942][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #208!!! [ 255.139813][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #20a!!! [ 255.155034][T10236] autofs4:pid:10236:autofs_fill_super: called with bogus options [ 255.283646][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.290007][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.345106][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/585.tmp-b7:4' failed: Read-only file system [ 255.421882][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/585.tmp-b7:4' failed: Read-only file system [ 255.570946][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 256.119570][T10266] team0: Device gtp0 is of different type [ 256.399706][ T4617] usb 4-1: USB disconnect, device number 16 [ 256.536812][T10273] loop4: detected capacity change from 0 to 8192 [ 256.605062][T10273] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 256.620996][T10273] REISERFS (device loop4): using ordered data mode [ 256.635641][T10273] reiserfs: using flush barriers [ 256.654330][T10281] loop3: detected capacity change from 0 to 4096 [ 256.690637][T10273] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 256.707599][T10273] REISERFS (device loop4): checking transaction log (loop4) [ 256.931676][T10273] REISERFS (device loop4): Using tea hash to sort names [ 256.938973][T10273] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 256.961888][T10273] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 257.818867][T10308] program syz.3.2545 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 258.471192][T10328] loop4: detected capacity change from 0 to 256 [ 258.528651][T10324] loop2: detected capacity change from 0 to 2048 [ 259.230271][ T8103] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 259.550348][T10354] program syz.1.2567 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 259.558330][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 259.584343][T10328] FAT-fs (loop4): Directory bread(block 64) failed [ 259.594396][T10328] FAT-fs (loop4): Directory bread(block 65) failed [ 259.621942][T10328] FAT-fs (loop4): Directory bread(block 66) failed [ 259.657538][ T8103] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 259.657894][T10328] FAT-fs (loop4): Directory bread(block 67) failed [ 259.676181][ T8103] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.691264][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/593.tmp-b7:2' failed: Read-only file system [ 259.709773][ T8103] usb 4-1: config 0 descriptor?? [ 259.718270][ T4173] udevd[4173]: symlink '../../loop3' '/dev/disk/by-diskseq/596.tmp-b7:3' failed: Read-only file system [ 259.740532][ T4175] udevd[4175]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 259.753265][T10328] FAT-fs (loop4): Directory bread(block 68) failed [ 259.768634][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/599.tmp-b7:2' failed: Read-only file system [ 259.780827][T10328] FAT-fs (loop4): Directory bread(block 69) failed [ 259.785816][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/598.tmp-b7:4' failed: Read-only file system [ 259.800159][T10328] FAT-fs (loop4): Directory bread(block 70) failed [ 259.820262][T10328] FAT-fs (loop4): Directory bread(block 71) failed [ 259.831670][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/599.tmp-b7:2' failed: Read-only file system [ 259.834489][ T8103] cp210x 4-1:0.0: cp210x converter detected [ 259.852935][T10328] FAT-fs (loop4): Directory bread(block 72) failed [ 259.861564][T10328] FAT-fs (loop4): Directory bread(block 73) failed [ 259.898847][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/599.tmp-b7:2' failed: Read-only file system [ 259.927208][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/600.tmp-b7:2' failed: Read-only file system [ 259.957259][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/600.tmp-b7:2' failed: Read-only file system [ 260.099581][T10363] overlayfs: workdir and upperdir must be separate subtrees [ 260.276081][ T8103] usb 4-1: cp210x converter now attached to ttyUSB0 [ 260.503847][ T8103] usb 4-1: USB disconnect, device number 17 [ 260.517391][ T8103] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 260.602236][ T8103] cp210x 4-1:0.0: device disconnected [ 260.981708][T10371] loop2: detected capacity change from 0 to 64 [ 262.130568][T10379] loop3: detected capacity change from 0 to 32768 [ 262.204468][T10379] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.2580 (10379) [ 262.310693][T10379] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 262.339151][T10379] BTRFS info (device loop3): force zlib compression, level 3 [ 262.386365][T10379] BTRFS info (device loop3): force clearing of disk cache [ 262.413627][T10379] BTRFS info (device loop3): setting nodatasum [ 262.461469][T10379] BTRFS info (device loop3): allowing degraded mounts [ 262.481449][T10379] BTRFS info (device loop3): enabling disk space caching [ 262.513357][T10379] BTRFS info (device loop3): disk space caching is enabled [ 262.520628][T10379] BTRFS info (device loop3): has skinny extents [ 262.537794][T10420] sp0: Synchronizing with TNC [ 262.774480][T10406] loop4: detected capacity change from 0 to 40427 [ 262.877887][T10406] F2FS-fs (loop4): invalid crc value [ 262.896408][T10379] BTRFS info (device loop3): clearing free space tree [ 262.904084][T10379] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 262.934216][T10406] F2FS-fs (loop4): Found nat_bits in checkpoint [ 262.951457][T10379] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 263.110158][T10406] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 263.366431][T10437] attempt to access beyond end of device [ 263.366431][T10437] loop4: rw=2049, want=45104, limit=40427 [ 264.099659][T10464] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2610'. [ 264.105138][T10459] xt_CT: No such helper "netbios-ns" [ 264.511841][T10477] sch_tbf: burst 0 is lower than device macvtap0 mtu (1514) ! [ 264.576538][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/605.tmp-b7:3' failed: Read-only file system [ 264.619393][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-diskseq/607.tmp-b7:2' failed: Read-only file system [ 264.743010][T10487] netlink: 'syz.3.2618': attribute type 29 has an invalid length. [ 264.750498][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-diskseq/607.tmp-b7:2' failed: Read-only file system [ 264.774979][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 264.796392][T10489] netlink: 404 bytes leftover after parsing attributes in process `syz.2.2621'. [ 264.841433][T10489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2621'. [ 264.871437][T10489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2621'. [ 264.896287][T10489] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2621'. [ 264.896885][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/605.tmp-b7:3' failed: Read-only file system [ 264.948874][T10473] loop4: detected capacity change from 0 to 32768 [ 265.022186][T10473] XFS: ikeep mount option is deprecated. [ 265.029387][T10473] XFS: noikeep mount option is deprecated. [ 265.064154][T10497] loop3: detected capacity change from 0 to 8 [ 265.133840][T10497] SQUASHFS error: zstd decompression error: 2 [ 265.170479][T10497] SQUASHFS error: zstd decompression failed, data probably corrupt [ 265.197662][T10497] SQUASHFS error: Failed to read block 0x62b: -5 [ 265.216087][T10497] SQUASHFS error: Unable to read metadata cache entry [629] [ 265.238882][T10497] SQUASHFS error: Unable to read directory block [629:ff26] [ 265.657775][T10511] netlink: 'syz.3.2632': attribute type 5 has an invalid length. [ 265.801254][T10503] loop2: detected capacity change from 0 to 32768 [ 265.866823][T10503] find_entry called with index >= next_index [ 266.060438][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/609.tmp-b7:3' failed: Read-only file system [ 266.142966][T10473] XFS (loop4): Mounting V5 Filesystem [ 266.304751][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/609.tmp-b7:3' failed: Read-only file system [ 266.320227][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/608.tmp-b7:4' failed: Read-only file system [ 266.343770][T10473] XFS (loop4): Ending clean mount [ 266.355380][ T4173] udevd[4173]: symlink '../../loop2' '/dev/disk/by-diskseq/611.tmp-b7:2' failed: Read-only file system [ 266.370620][T10473] XFS (loop4): Quotacheck needed: Please wait. [ 266.397261][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/609.tmp-b7:3' failed: Read-only file system [ 266.409031][T10529] netlink: 'syz.3.2637': attribute type 2 has an invalid length. [ 266.532362][T10473] XFS (loop4): Quotacheck: Done. [ 266.613729][ T4183] XFS (loop4): Unmounting Filesystem [ 266.652031][T10534] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2635'. [ 266.879422][T10539] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2641'. [ 266.896357][T10538] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2641'. [ 267.331932][ T4195] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 267.428996][ T23] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 267.601675][ T4195] usb 2-1: Using ep0 maxpacket: 16 [ 267.679713][T10570] loop2: detected capacity change from 0 to 736 [ 267.830001][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 267.931913][ T4195] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 267.941082][ T4195] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 267.962396][ T4195] usb 2-1: Product: syz [ 267.966674][ T4195] usb 2-1: Manufacturer: syz [ 267.981544][ T4195] usb 2-1: SerialNumber: syz [ 268.012660][ T4195] usb 2-1: config 0 descriptor?? [ 268.217305][T10589] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2665'. [ 268.246955][ T23] usb 4-1: New USB device found, idVendor=10b9, idProduct=8000, bcdDevice=c0.fa [ 268.262893][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.270911][ T23] usb 4-1: Product: syz [ 268.276721][ T4195] usb 2-1: USB disconnect, device number 21 [ 268.312234][ T23] usb 4-1: Manufacturer: syz [ 268.316861][ T23] usb 4-1: SerialNumber: syz [ 268.345159][ T23] usb 4-1: config 0 descriptor?? [ 268.636599][ T23] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 268.647991][ T23] dvb_usb_af9015: probe of 4-1:0.0 failed with error -22 [ 268.680985][ T23] usb 4-1: USB disconnect, device number 18 [ 268.827789][T10597] loop4: detected capacity change from 0 to 8 [ 268.905132][ T26] audit: type=1326 audit(1752872129.281:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.1.2670" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1292ea79a9 code=0x0 [ 269.021988][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2672'. [ 269.031048][T10604] netlink: 'syz.0.2672': attribute type 6 has an invalid length. [ 269.244982][T10613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2664'. [ 269.271212][T10613] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2664'. [ 269.306309][T10613] netlink: 'syz.2.2664': attribute type 18 has an invalid length. [ 269.334337][T10615] netlink: 536 bytes leftover after parsing attributes in process `syz.0.2676'. [ 269.359895][T10615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2676'. [ 269.532668][T10623] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2680'. [ 269.569804][T10625] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2682'. [ 269.610847][T10625] device veth1_macvtap left promiscuous mode [ 269.816862][T10641] loop3: detected capacity change from 0 to 128 [ 269.888026][T10641] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 269.917639][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/615.tmp-b7:4' failed: Read-only file system [ 269.920537][T10641] ext4 filesystem being mounted at /501/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 269.939256][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/614.tmp-b7:2' failed: Read-only file system [ 270.007069][T10641] EXT4-fs error (device loop3): ext4_empty_dir:3139: inode #2: comm syz.3.2689: Directory block failed checksum [ 270.028444][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/614.tmp-b7:2' failed: Read-only file system [ 270.050075][T10597] cifs: Unknown parameter '?ʊFokcXIઇN:"]!ibZ+' [ 270.081590][ T4234] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 270.114535][ T4173] udevd[4173]: symlink '../../loop4' '/dev/disk/by-diskseq/615.tmp-b7:4' failed: Read-only file system [ 270.124733][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/617.tmp-b7:3' failed: Read-only file system [ 270.141681][ T4195] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 270.147516][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/614.tmp-b7:2' failed: Read-only file system [ 270.157445][ T4175] udevd[4175]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 270.190469][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:3' failed: Read-only file system [ 270.236435][T10649] loop4: detected capacity change from 0 to 1024 [ 270.303072][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/617.tmp-b7:3' failed: Read-only file system [ 270.347805][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/617.tmp-b7:3' failed: Read-only file system [ 270.396848][T10649] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 270.421972][ T4195] usb 3-1: Using ep0 maxpacket: 32 [ 270.481910][ T4234] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 270.490523][ T4234] usb 2-1: config 0 has no interface number 0 [ 270.507779][T10649] ext4 filesystem being mounted at /504/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.548978][ T4234] usb 2-1: config 0 interface 120 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 270.591781][ T4195] usb 3-1: unable to get BOS descriptor or descriptor too short [ 270.627917][ T4234] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 270.657596][ T4234] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.681914][ T4195] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 256, setting to 64 [ 270.720548][ T4234] usb 2-1: config 0 descriptor?? [ 270.816891][T10660] loop3: detected capacity change from 0 to 512 [ 270.891788][ T4195] usb 3-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 270.926443][ T4195] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.944279][T10660] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 270.964963][ T4195] usb 3-1: Product: syz [ 270.971794][ T4195] usb 3-1: Manufacturer: syz [ 271.007462][ T4195] usb 3-1: SerialNumber: syz [ 271.023685][ T4195] usb 3-1: config 0 descriptor?? [ 271.045289][T10660] EXT4-fs (loop3): 1 truncate cleaned up [ 271.077549][ T5208] usb 2-1: USB disconnect, device number 22 [ 271.102108][T10660] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback. [ 271.228917][T10660] EXT4-fs error (device loop3): ext4_ext_precache:608: inode #15: comm syz.3.2697: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 271.291552][ T23] Bluetooth: hci0: command 0x080f tx timeout [ 271.322845][ T4195] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input17 [ 271.545114][ T4195] usb 3-1: USB disconnect, device number 12 [ 271.659908][T10689] loop4: detected capacity change from 0 to 1024 [ 271.764104][T10691] loop3: detected capacity change from 0 to 1024 [ 271.856224][T10691] EXT4-fs (loop3): Ignoring removed oldalloc option [ 271.872127][T10691] EXT4-fs (loop3): Ignoring removed orlov option [ 271.896448][T10689] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none. [ 271.923402][T10689] ext4 filesystem being mounted at /511/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 272.076200][T10691] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug_want_extra_isize=0x0000000000000080,grpjquota=,oldalloc,errors=remount-ro,orlov,usrquota,stripe=0x0000000000000622,. Quota mode: writeback. [ 273.053200][T10717] loop4: detected capacity change from 0 to 32768 [ 273.088562][T10709] loop2: detected capacity change from 0 to 32768 [ 273.161961][T10709] XFS: ikeep mount option is deprecated. [ 273.185832][T10709] XFS: noikeep mount option is deprecated. [ 273.199151][T10717] XFS (loop4): Mounting V5 Filesystem [ 273.302576][T10709] XFS (loop2): Mounting V5 Filesystem [ 273.378129][T10717] XFS (loop4): Ending clean mount [ 273.472379][ T4183] XFS (loop4): Unmounting Filesystem [ 273.559803][T10709] XFS (loop2): Ending clean mount [ 273.580820][T10709] XFS (loop2): Quotacheck needed: Please wait. [ 273.648038][T10709] XFS (loop2): Quotacheck: Done. [ 273.769071][ T4188] XFS (loop2): Unmounting Filesystem [ 275.280646][T10763] syz.2.2736 uses obsolete (PF_INET,SOCK_PACKET) [ 275.375758][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/627.tmp-b7:3' failed: Read-only file system [ 275.412522][ T4173] udevd[4173]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 275.443962][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 275.454269][ T4175] udevd[4175]: symlink '../../loop2' '/dev/disk/by-diskseq/631.tmp-b7:2' failed: Read-only file system [ 275.583134][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 275.598332][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 275.664534][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-diskseq/631.tmp-b7:2' failed: Read-only file system [ 275.683124][ T4173] udevd[4173]: symlink '../../loop3' '/dev/disk/by-diskseq/627.tmp-b7:3' failed: Read-only file system [ 275.699251][T10784] tmpfs: Bad value for 'uid' [ 275.712968][T10786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2746'. [ 275.750059][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 275.778883][T10786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2746'. [ 275.810756][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/631.tmp-b7:2' failed: Read-only file system [ 276.075438][T10802] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2753'. [ 276.095210][T10802] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2753'. [ 276.122088][T10804] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2754'. [ 276.491925][ T144] wlan1: Trigger new scan to find an IBSS to join [ 276.644879][T10797] loop2: detected capacity change from 0 to 32768 [ 276.729608][T10797] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.2751 (10797) [ 276.794584][T10797] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 276.839707][T10797] BTRFS info (device loop2): using free space tree [ 276.860755][T10797] BTRFS info (device loop2): has skinny extents [ 277.246267][T10797] BTRFS info (device loop2): enabling ssd optimizations [ 277.401274][T10867] netlink: 'syz.3.2774': attribute type 30 has an invalid length. [ 277.694134][T10877] netlink: 19 bytes leftover after parsing attributes in process `syz.3.2782'. [ 277.711935][ T4190] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 278.169702][ T4190] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 278.188179][ T4190] usb 5-1: config 0 has no interface number 0 [ 278.408279][ T4190] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 278.433090][ T4190] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.455901][ T4190] usb 5-1: Product: syz [ 278.460095][ T4190] usb 5-1: Manufacturer: syz [ 278.501390][ T4190] usb 5-1: SerialNumber: syz [ 278.525933][ T4190] usb 5-1: config 0 descriptor?? [ 278.597889][ T4190] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 278.731590][ T5207] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 278.808776][ T4190] gspca_spca1528: reg_w err -71 [ 278.858600][ T4190] spca1528: probe of 5-1:0.1 failed with error -71 [ 278.886780][ T4190] usb 5-1: USB disconnect, device number 20 [ 279.001645][ T5207] usb 3-1: Using ep0 maxpacket: 16 [ 279.132884][ T5207] usb 3-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 279.154748][ T5207] usb 3-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.175337][ T5207] usb 3-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 279.221657][ T5207] usb 3-1: config 0 interface 0 has no altsetting 0 [ 279.231661][ T5207] usb 3-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00 [ 279.273832][ T5207] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.302092][ T5207] usb 3-1: config 0 descriptor?? [ 279.616127][T10911] loop3: detected capacity change from 0 to 32768 [ 279.645687][T10911] XFS: noikeep mount option is deprecated. [ 279.717165][T10911] XFS (loop3): Mounting V5 Filesystem [ 279.741797][ T5208] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 279.801564][ T5207] hid-alps 0003:044E:120B.0021: hidraw0: USB HID v0.00 Device [HID 044e:120b] on usb-dummy_hcd.2-1/input0 [ 279.958910][T10911] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 279.992275][T10911] XFS (loop3): Starting recovery (logdev: internal) [ 280.002447][ T5208] usb 2-1: Using ep0 maxpacket: 16 [ 280.013062][ T4617] usb 3-1: USB disconnect, device number 13 [ 280.044754][T10911] XFS (loop3): Ending recovery (logdev: internal) [ 280.099933][ T4191] XFS (loop3): Unmounting Filesystem [ 280.144829][ T5208] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 280.162806][ T5208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 280.179574][ T5208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 280.194280][ T5208] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 280.204126][ T5208] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 280.316338][ T5208] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 280.327842][ T5208] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 280.340104][ T5208] usb 2-1: Manufacturer: syz [ 280.395291][ T5208] usb 2-1: config 0 descriptor?? [ 280.420046][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/634.tmp-b7:3' failed: Read-only file system [ 280.491772][ T1263] wlan1: Trigger new scan to find an IBSS to join [ 280.536841][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/635.tmp-b7:3' failed: Read-only file system [ 280.578959][ T4173] udevd[4173]: symlink '../../loop2' '/dev/disk/by-diskseq/633.tmp-b7:2' failed: Read-only file system [ 280.634298][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/635.tmp-b7:3' failed: Read-only file system [ 280.762920][ T5208] rc_core: IR keymap rc-hauppauge not found [ 280.774411][ T5208] Registered IR keymap rc-empty [ 280.782808][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 280.790127][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 280.856142][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 280.899089][ T4227] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 280.912719][ T5208] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 280.930381][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 280.952595][ T5208] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input18 [ 280.977510][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.022174][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.058662][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 281.071681][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.101896][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.131686][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.164867][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.193590][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 281.204847][ T4227] usb 3-1: Using ep0 maxpacket: 8 [ 281.224683][T10950] smc: net device bond0 erased user defined pnetid SYZ0 [ 281.245565][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.271491][ C0] mceusb 2-1:0.0: short-range (0x56) receiver active [ 281.294106][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.334289][ T4227] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.345908][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.361881][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 281.374255][ T4227] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 281.396751][ T4227] usb 3-1: config 0 interface 0 has no altsetting 0 [ 281.403997][ T5208] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 281.423603][ T4227] usb 3-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00 [ 281.441134][ T4227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.464588][ T5208] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 281.477897][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/630.tmp-b7:4' failed: Read-only file system [ 281.483969][T10941] loop3: detected capacity change from 0 to 32768 [ 281.501261][ T5208] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x56 active) [ 281.521106][ T4227] usb 3-1: config 0 descriptor?? [ 281.548248][ T154] wlan1: Creating new IBSS network, BSSID 36:ed:09:19:d9:bf [ 281.566664][ T5208] usb 2-1: USB disconnect, device number 23 [ 281.813334][T10941] XFS (loop3): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 282.008292][ T4227] a4tech 0003:09DA:000A.0022: unbalanced collection at end of report description [ 282.032251][ T4191] XFS (loop3): Unmounting Filesystem [ 282.040143][ T4227] a4tech 0003:09DA:000A.0022: parse failed [ 282.097854][ T4227] a4tech: probe of 0003:09DA:000A.0022 failed with error -22 [ 282.214706][ T4227] usb 3-1: USB disconnect, device number 14 [ 283.016953][T11014] loop2: detected capacity change from 0 to 8192 [ 283.194358][T11014] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 283.224690][T11014] REISERFS (device loop2): using ordered data mode [ 283.267513][T10995] loop4: detected capacity change from 0 to 32768 [ 283.276927][T11014] reiserfs: using flush barriers [ 283.295087][T11014] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 283.327057][T11014] REISERFS (device loop2): checking transaction log (loop2) [ 283.345816][T11014] REISERFS (device loop2): Using r5 hash to sort names [ 283.399678][T10995] ERROR: (device loop4): dbAllocAG: allocation request is larger than the allocation group size [ 283.399678][T10995] [ 283.419945][T11014] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 283.450119][T10995] ERROR: (device loop4): dbDiscardAG: -EIO [ 283.450119][T10995] [ 283.463423][T11014] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 283.730775][T11044] overlayfs: failed to resolve './file0': -2 [ 284.093443][T11057] loop4: detected capacity change from 0 to 512 [ 284.158963][T11057] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 284.312745][T11057] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,init_itable=0x0000000000000000,errors=remount-ro,noauto_da_alloc,dioread_lock,. Quota mode: writeback. [ 284.338880][T11057] ext4 filesystem being mounted at /543/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.395221][T11057] EXT4-fs error (device loop4): ext4_xattr_block_list:719: inode #15: comm syz.4.2860: corrupted xattr block 19 [ 284.471268][T11057] EXT4-fs (loop4): Remounting filesystem read-only [ 285.079427][T11063] loop3: detected capacity change from 0 to 32768 [ 285.238894][T11063] XFS (loop3): Mounting V5 Filesystem [ 285.433130][T11063] XFS (loop3): Ending clean mount [ 285.450467][T11095] loop4: detected capacity change from 0 to 32768 [ 285.467234][T11063] XFS (loop3): Quotacheck needed: Please wait. [ 285.477919][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/644.tmp-b7:3' failed: Read-only file system [ 285.498917][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-uuid/bfdc47fc-10d8-4eed-a562-11a831b3f791.tmp-b7:3' failed: Read-only file system [ 285.568244][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/645.tmp-b7:4' failed: Read-only file system [ 285.573147][T11063] XFS (loop3): Quotacheck: Done. [ 285.589291][T11095] XFS (loop4): Mounting V5 Filesystem [ 285.595577][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-uuid/bfdc47fc-10d8-4eed-a562-11a831b3f791.tmp-b7:4' failed: Read-only file system [ 285.644725][ T4306] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 285.682280][T11095] XFS (loop4): Ending clean mount [ 285.686815][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/644.tmp-b7:3' failed: Read-only file system [ 285.689863][T11095] XFS (loop4): Quotacheck needed: Please wait. [ 285.723962][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-uuid/bfdc47fc-10d8-4eed-a562-11a831b3f791.tmp-b7:3' failed: Read-only file system [ 285.747311][ T4191] XFS (loop3): Unmounting Filesystem [ 285.777156][T11095] XFS (loop4): Quotacheck: Done. [ 285.927580][ T4183] XFS (loop4): Unmounting Filesystem [ 285.929203][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/645.tmp-b7:4' failed: Read-only file system [ 285.956611][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-uuid/bfdc47fc-10d8-4eed-a562-11a831b3f791.tmp-b7:4' failed: Read-only file system [ 286.075030][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-uuid/bfdc47fc-10d8-4eed-a562-11a831b3f791.tmp-b7:3' failed: Read-only file system [ 286.119830][ T4306] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 286.134883][ T4306] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 286.143591][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/644.tmp-b7:3' failed: Read-only file system [ 286.350269][ T4306] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 286.363367][ T4306] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.394774][ T4306] usb 3-1: Product: syz [ 286.412842][ T4306] usb 3-1: Manufacturer: syz [ 286.417499][ T4306] usb 3-1: SerialNumber: syz [ 286.478232][ T4306] hub 3-1:1.0: bad descriptor, ignoring hub [ 286.493285][ T4306] hub: probe of 3-1:1.0 failed with error -5 [ 286.690456][ T4306] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 286.910385][ T23] usb 4-1: new low-speed USB device number 19 using dummy_hcd [ 287.039874][ T4306] usb 3-1: USB disconnect, device number 15 [ 287.067543][ T4306] usblp0: removed [ 287.367714][ T23] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 287.392459][ T23] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 287.400882][ T23] usb 4-1: config 0 has no interface number 0 [ 287.413489][ T23] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 287.458186][ T23] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 287.484543][ T23] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 287.494428][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.524979][ T4227] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 287.536391][ T23] usb 4-1: config 0 descriptor?? [ 287.901577][ T4227] usb 2-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 287.919889][ T4227] usb 2-1: config 48 interface 0 altsetting 98 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 287.933204][ T4227] usb 2-1: config 48 interface 0 altsetting 98 endpoint 0x4 has invalid wMaxPacketSize 0 [ 287.948574][ T4227] usb 2-1: config 48 interface 0 altsetting 98 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 287.960081][ T4227] usb 2-1: config 48 interface 0 altsetting 98 endpoint 0x8 has invalid wMaxPacketSize 0 [ 287.974853][ T4227] usb 2-1: config 48 interface 0 altsetting 98 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 287.989765][ T4227] usb 2-1: config 48 interface 0 has no altsetting 0 [ 288.202136][ T4227] usb 2-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 288.212919][T11174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2903'. [ 288.227232][ T4227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.235523][T11174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2903'. [ 288.253253][ T4227] usb 2-1: Product: syz [ 288.257435][ T4227] usb 2-1: Manufacturer: syz [ 288.266908][T11174] netlink: 'syz.2.2903': attribute type 6 has an invalid length. [ 288.286758][ T4227] usb 2-1: SerialNumber: syz [ 288.291430][ T23] usb 4-1: USB disconnect, device number 19 [ 288.672397][ T4227] usb 2-1: USB disconnect, device number 24 [ 288.845915][T11194] device veth0_virt_wifi entered promiscuous mode [ 288.970794][T11196] loop2: detected capacity change from 0 to 4096 [ 289.047937][T11200] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 289.325587][T11208] loop3: detected capacity change from 0 to 64 [ 290.031237][T11229] loop4: detected capacity change from 0 to 4096 [ 290.086330][T11229] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 290.494752][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/648.tmp-b7:2' failed: Read-only file system [ 290.520382][T11247] loop4: detected capacity change from 0 to 1024 [ 290.592477][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/648.tmp-b7:2' failed: Read-only file system [ 290.621617][ T4227] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 290.695367][ T1263] hfsplus: b-tree write err: -5, ino 4 [ 290.733360][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/649.tmp-b7:3' failed: Read-only file system [ 290.783107][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/650.tmp-b7:4' failed: Read-only file system [ 290.800191][ T4175] udevd[4175]: symlink '../../loop2' '/dev/disk/by-diskseq/651.tmp-b7:2' failed: Read-only file system [ 290.833511][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 290.852724][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/649.tmp-b7:3' failed: Read-only file system [ 290.867725][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-uuid/4da50ae9-7d30-3220-a998-cec1f675fd4a.tmp-b7:4' failed: Read-only file system [ 290.882927][ T4175] udevd[4175]: symlink '../../loop2' '/dev/disk/by-diskseq/651.tmp-b7:2' failed: Read-only file system [ 290.923223][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 291.059648][ T4227] usb 3-1: unable to get BOS descriptor or descriptor too short [ 291.101962][ T4227] usb 3-1: not running at top speed; connect to a high speed hub [ 291.203669][ T4227] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 291.214272][ T4617] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 291.411710][ T4227] usb 3-1: New USB device found, idVendor=0d81, idProduct=1900, bcdDevice=af.16 [ 291.445112][ T4227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.458082][ T4227] usb 3-1: Product: syz [ 291.462804][ T4227] usb 3-1: Manufacturer: syz [ 291.467637][ T4227] usb 3-1: SerialNumber: syz [ 291.472865][T11265] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2946'. [ 291.621642][ T4617] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.641977][ T4617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 291.657377][ T4617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 291.667810][ T4617] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 291.682927][ T4617] usb 4-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice=65.8c [ 291.693256][ T4617] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.709051][ T4617] usb 4-1: config 0 descriptor?? [ 291.756282][ T4617] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input20 [ 291.814499][T11273] sp0: Synchronizing with TNC [ 291.971178][ T4617] usb 4-1: USB disconnect, device number 20 [ 291.997733][ T4617] appletouch 4-1:0.0: input: appletouch disconnected [ 292.143590][ T4227] pwc: Visionite VCS-UC300 USB webcam detected. [ 292.177711][T11282] tmpfs: Bad value for 'mpol' [ 292.211711][ T4227] pwc: Failed to set LED on/off time (-71) [ 292.231757][ T4227] pwc: send_video_command error -71 [ 292.236992][ T4227] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 292.265188][ T4227] Philips webcam: probe of 3-1:1.0 failed with error -71 [ 292.311000][ T4227] usb 3-1: USB disconnect, device number 16 [ 292.646831][T11293] loop4: detected capacity change from 0 to 32768 [ 292.770916][T11302] mkiss: ax0: crc mode is auto. [ 293.468267][T11293] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 293.476663][T11293] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 293.574167][T11293] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 293.574167][T11293] inode = 0 19 [ 293.574167][T11293] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465 [ 293.592828][T11293] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 293.607824][T11293] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 293.616672][T11293] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 293.623741][T11293] gfs2: fsid=syz:syz.0: File system withdrawn [ 293.630480][T11293] CPU: 0 PID: 11293 Comm: syz.4.2959 Not tainted 5.15.189-syzkaller #0 [ 293.638752][T11293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 293.648821][T11293] Call Trace: [ 293.652116][T11293] [ 293.655060][T11293] dump_stack_lvl+0x168/0x230 [ 293.659755][T11293] ? kobject_uevent_env+0x371/0x890 [ 293.664978][T11293] ? show_regs_print_info+0x20/0x20 [ 293.670203][T11293] ? load_image+0x3b0/0x3b0 [ 293.674728][T11293] ? kobject_uevent_env+0x371/0x890 [ 293.679950][T11293] ? lockref_put_or_lock+0x6e/0xb0 [ 293.685079][T11293] gfs2_withdraw+0x111b/0x1460 [ 293.689879][T11293] ? gfs2_lm+0x220/0x220 [ 293.694149][T11293] ? __lock_acquire+0x13ad/0x7c60 [ 293.699200][T11293] ? gfs2_consist_inode_i+0xc0/0xe0 [ 293.704423][T11293] gfs2_inode_refresh+0xb5e/0xfe0 [ 293.709476][T11293] ? do_promote+0x71a/0xab0 [ 293.713998][T11293] ? gfs2_inode_metasync+0xf0/0xf0 [ 293.719139][T11293] ? __lock_acquire+0x7c60/0x7c60 [ 293.724402][T11293] inode_go_lock+0x127/0x470 [ 293.729021][T11293] do_promote+0x741/0xab0 [ 293.733387][T11293] finish_xmote+0x514/0xb70 [ 293.737916][T11293] do_xmote+0x7b6/0x1120 [ 293.742184][T11293] gfs2_glock_nq+0xc7a/0x1550 [ 293.746887][T11293] init_journal+0xc42/0x2220 [ 293.751503][T11293] ? end_bio_io_page+0x100/0x100 [ 293.756452][T11293] ? vsnprintf+0x1905/0x1a00 [ 293.761065][T11293] ? snprintf+0xd7/0x120 [ 293.765325][T11293] ? init_journal+0x710/0x2220 [ 293.770099][T11293] ? vscnprintf+0x80/0x80 [ 293.774443][T11293] ? gfs2_glock_nq_num+0x17a/0x1b0 [ 293.779574][T11293] init_inodes+0xdb/0x320 [ 293.783927][T11293] gfs2_fill_super+0x1701/0x1f50 [ 293.788893][T11293] ? gfs2_reconfigure+0xcd0/0xcd0 [ 293.793940][T11293] ? gfs2_glock_nq_num+0x82/0x1b0 [ 293.798978][T11293] ? preempt_count_add+0x8d/0x190 [ 293.804248][T11293] ? sb_set_blocksize+0xa5/0xe0 [ 293.809185][T11293] get_tree_bdev+0x3f1/0x610 [ 293.813794][T11293] ? gfs2_reconfigure+0xcd0/0xcd0 [ 293.818835][T11293] gfs2_get_tree+0x4d/0x1e0 [ 293.823363][T11293] vfs_get_tree+0x88/0x270 [ 293.827793][T11293] do_new_mount+0x24a/0xa40 [ 293.832315][T11293] __se_sys_mount+0x2d6/0x3c0 [ 293.837010][T11293] ? __x64_sys_mount+0xc0/0xc0 [ 293.841797][T11293] ? lockdep_hardirqs_on+0x94/0x140 [ 293.847006][T11293] ? __x64_sys_mount+0x1c/0xc0 [ 293.851788][T11293] do_syscall_64+0x4c/0xa0 [ 293.856215][T11293] ? clear_bhb_loop+0x30/0x80 [ 293.860895][T11293] ? clear_bhb_loop+0x30/0x80 [ 293.865587][T11293] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 293.871509][T11293] RIP: 0033:0x7f196cd7d14a [ 293.875936][T11293] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.895544][T11293] RSP: 002b:00007f196abe2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 293.904051][T11293] RAX: ffffffffffffffda RBX: 00007f196abe2ef0 RCX: 00007f196cd7d14a [ 293.912030][T11293] RDX: 0000200000000180 RSI: 00002000000000c0 RDI: 00007f196abe2eb0 [ 293.920013][T11293] RBP: 0000200000000180 R08: 00007f196abe2ef0 R09: 0000000000000000 [ 293.928081][T11293] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000000c0 [ 293.936083][T11293] R13: 00007f196abe2eb0 R14: 00000000000125b0 R15: 0000200000000080 [ 293.944073][T11293] [ 293.948274][T11293] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 294.564406][T11333] loop3: detected capacity change from 0 to 4096 [ 294.609833][T11333] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 294.706949][T11343] netlink: 184 bytes leftover after parsing attributes in process `syz.1.2983'. [ 294.718144][T11343] netlink: 184 bytes leftover after parsing attributes in process `syz.1.2983'. [ 294.746933][T11343] netlink: 184 bytes leftover after parsing attributes in process `syz.1.2983'. [ 294.758284][T11345] loop4: detected capacity change from 0 to 64 [ 294.769953][T11343] netlink: 184 bytes leftover after parsing attributes in process `syz.1.2983'. [ 295.057801][ T4191] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22. [ 295.087493][ T4191] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22. [ 295.101685][ T4191] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 295.301228][T11364] loop2: detected capacity change from 0 to 512 [ 295.404720][T11364] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #17: comm syz.2.2994: iget: bogus i_mode (0) [ 295.467537][T11364] EXT4-fs (loop2): Remounting filesystem read-only [ 295.500954][T11370] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2996'. [ 295.510459][T11364] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.2994: couldn't read orphan inode 17 (err -117) [ 295.532133][ T4173] udevd[4173]: symlink '../../loop2' '/dev/disk/by-diskseq/660.tmp-b7:2' failed: Read-only file system [ 295.548991][T11364] EXT4-fs (loop2): Remounting filesystem read-only [ 295.559262][ T4173] udevd[4173]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 295.576918][T11364] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,errors=remount-ro,. Quota mode: none. [ 295.634297][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-diskseq/660.tmp-b7:2' failed: Read-only file system [ 295.682712][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 295.701052][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 295.793970][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 295.794938][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 295.816678][ T4173] udevd[4173]: symlink '../../loop2' '/dev/disk/by-diskseq/660.tmp-b7:2' failed: Read-only file system [ 295.885325][ T4173] udevd[4173]: symlink '../../loop2' '/dev/disk/by-diskseq/660.tmp-b7:2' failed: Read-only file system [ 295.968837][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 296.160292][T11396] loop2: detected capacity change from 0 to 1024 [ 296.271505][ T4617] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 296.358472][ T4307] hfsplus: b-tree write err: -5, ino 4 [ 296.581738][ T4617] usb 2-1: Using ep0 maxpacket: 16 [ 296.715588][ T4617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.738061][ T4617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.782258][ T4617] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 296.799914][ T4617] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.820900][T11422] netlink: 'syz.2.3019': attribute type 3 has an invalid length. [ 296.822550][ T4617] usb 2-1: config 0 descriptor?? [ 296.906563][T11424] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3020'. [ 296.925444][T11424] device dummy0 entered promiscuous mode [ 296.949670][T11424] device dummy0 left promiscuous mode [ 297.189550][T11428] loop3: detected capacity change from 0 to 8192 [ 297.220345][T11428] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 297.278109][T11428] REISERFS (device loop3): using ordered data mode [ 297.322317][T11428] reiserfs: using flush barriers [ 297.337805][ T4617] corsair 0003:1B1C:1B02.0023: unknown main item tag 0x0 [ 297.350970][ T4617] corsair 0003:1B1C:1B02.0023: unknown main item tag 0x0 [ 297.374216][T11428] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 297.416146][ T4617] corsair 0003:1B1C:1B02.0023: unknown main item tag 0x0 [ 297.421773][T11428] REISERFS (device loop3): checking transaction log (loop3) [ 297.460703][ T4617] corsair 0003:1B1C:1B02.0023: unknown main item tag 0x0 [ 297.497073][ T4617] corsair 0003:1B1C:1B02.0023: unknown main item tag 0x0 [ 297.527713][T11433] sp0: Synchronizing with TNC [ 297.543152][ T4617] corsair 0003:1B1C:1B02.0023: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.1-1/input0 [ 297.623309][T11428] REISERFS (device loop3): Using tea hash to sort names [ 297.631616][ T4617] corsair 0003:1B1C:1B02.0023: Failed to get K90 initial state (error -71). [ 297.653081][T11428] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 297.663507][ T4617] usb 2-1: USB disconnect, device number 25 [ 297.880725][T11438] fido_id[11438]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 298.333648][T11454] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3033'. [ 298.373035][T11454] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3033'. [ 299.049235][T11475] loop2: detected capacity change from 0 to 4096 [ 299.262050][T11471] loop3: detected capacity change from 0 to 32768 [ 299.839987][T11503] netlink: 'syz.4.3057': attribute type 3 has an invalid length. [ 299.961485][T11493] loop3: detected capacity change from 0 to 32768 [ 299.989819][T11511] loop4: detected capacity change from 0 to 128 [ 300.256537][T11511] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 300.286536][T11511] ext4 filesystem being mounted at /579/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 300.344747][T11493] XFS (loop3): Mounting V5 Filesystem [ 300.425401][T11511] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:406: inode #2: comm syz.4.3059: No space for directory leaf checksum. Please run e2fsck -D. [ 300.457223][T11511] EXT4-fs error (device loop4): htree_dirblock_to_tree:1083: inode #2: comm syz.4.3059: Directory block failed checksum [ 300.586702][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 300.660827][T11525] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 300.675856][ T4175] udevd[4175]: symlink '../../loop4' '/dev/disk/by-diskseq/672.tmp-b7:4' failed: Read-only file system [ 300.730835][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 300.740653][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/669.tmp-b7:3' failed: Read-only file system [ 300.763137][ T4175] udevd[4175]: symlink '../../loop4' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:4' failed: Read-only file system [ 300.800047][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-diskseq/668.tmp-b7:2' failed: Read-only file system [ 300.820995][T11529] program syz.1.3065 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 300.842288][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-uuid/bfdc47fc-10d8-4eed-a562-11a831b3f791.tmp-b7:3' failed: Read-only file system [ 300.857946][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-uuid/1f2a10f4-8803-4c66-a59a-cc277d704a68.tmp-b7:2' failed: Read-only file system [ 300.903107][ T4175] udevd[4175]: symlink '../../loop4' '/dev/disk/by-diskseq/672.tmp-b7:4' failed: Read-only file system [ 300.940582][T11493] XFS (loop3): Ending clean mount [ 300.945436][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 300.964874][T11493] XFS (loop3): Quotacheck needed: Please wait. [ 301.115018][T11493] XFS (loop3): Quotacheck: Done. [ 301.341138][ T4191] XFS (loop3): Unmounting Filesystem [ 301.368277][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 301.447835][T11549] netlink: 'syz.4.3074': attribute type 5 has an invalid length. [ 301.659909][T11553] sp0: Synchronizing with TNC [ 301.706876][T11555] loop2: detected capacity change from 0 to 4096 [ 302.083906][T11560] loop3: detected capacity change from 0 to 4096 [ 302.167297][T11567] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 303.112198][T11595] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3106'. [ 303.137522][T11597] program syz.2.3080 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 303.801490][ T5208] usb 3-1: new low-speed USB device number 17 using dummy_hcd [ 303.810399][T11581] loop4: detected capacity change from 0 to 32768 [ 303.953764][T11581] XFS (loop4): Mounting V5 Filesystem [ 304.191846][ T5208] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 304.226481][ T5208] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 304.258452][ T5208] usb 3-1: config 0 has no interface number 0 [ 304.279591][T11612] loop3: detected capacity change from 0 to 32768 [ 304.300127][ T5208] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 304.336175][ T5208] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 304.352036][ T5208] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 304.356279][T11622] sp0: Synchronizing with TNC [ 304.385344][ T5208] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.416669][ T5208] usb 3-1: config 0 descriptor?? [ 304.485142][T11612] find_entry called with index >= next_index [ 304.571311][T11581] XFS (loop4): Ending clean mount [ 304.579671][T11581] XFS (loop4): Quotacheck needed: Please wait. [ 304.716099][T11581] XFS (loop4): Quotacheck: Done. [ 304.836270][ T4183] XFS (loop4): Unmounting Filesystem [ 305.023330][T11631] tmpfs: Bad value for 'uid' [ 305.127466][ T5208] usb 3-1: USB disconnect, device number 17 [ 305.649308][T11645] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3114'. [ 305.674769][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/679.tmp-b7:2' failed: Read-only file system [ 305.693060][T11644] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3114'. [ 305.730796][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/682.tmp-b7:4' failed: Read-only file system [ 305.780175][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/679.tmp-b7:2' failed: Read-only file system [ 305.916308][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/681.tmp-b7:3' failed: Read-only file system [ 306.011075][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 306.044862][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/681.tmp-b7:3' failed: Read-only file system [ 306.103750][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/683.tmp-b7:3' failed: Read-only file system [ 306.188404][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 306.213819][T11663] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3124'. [ 306.227887][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/683.tmp-b7:3' failed: Read-only file system [ 306.371256][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 306.755527][T11649] loop4: detected capacity change from 0 to 32768 [ 306.764699][T11681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3133'. [ 306.788507][T11681] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3133'. [ 306.806991][T11681] netlink: 'syz.3.3133': attribute type 18 has an invalid length. [ 306.836510][T11649] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.3117 (11649) [ 306.947696][T11649] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 306.968631][T11649] BTRFS info (device loop4): turning off barriers [ 306.995220][T11649] BTRFS info (device loop4): setting nodatasum [ 307.002934][T11685] loop3: detected capacity change from 0 to 1024 [ 307.021452][T11649] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 307.041121][T11649] BTRFS info (device loop4): use zstd compression, level 3 [ 307.059539][T11649] BTRFS info (device loop4): using free space tree [ 307.070404][T11649] BTRFS info (device loop4): has skinny extents [ 307.134067][ T1235] hfsplus: b-tree write err: -5, ino 4 [ 307.161665][ T5207] usb 2-1: new low-speed USB device number 26 using dummy_hcd [ 307.382096][ T26] audit: type=1800 audit(1752872167.761:24): pid=11649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3117" name="file2" dev="loop4" ino=261 res=0 errno=0 [ 307.609555][ T5207] usb 2-1: config index 0 descriptor too short (expected 6427, got 27) [ 307.624718][ T5207] usb 2-1: config 0 has an invalid interface number: 21 but max is 0 [ 307.628414][ T4201] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop4 scanned by udevd (4201) [ 307.641556][ T5207] usb 2-1: config 0 has no interface number 0 [ 307.666057][ T5207] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 307.689354][ T5207] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 307.716731][ T5207] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 307.746000][ T5207] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.786788][ T5207] usb 2-1: config 0 descriptor?? [ 308.063551][T11721] tmpfs: Bad value for 'mpol' [ 308.476263][ T5207] usb 2-1: USB disconnect, device number 26 [ 308.830782][T11734] loop3: detected capacity change from 0 to 32768 [ 309.239562][T11758] loop2: detected capacity change from 0 to 256 [ 309.418350][T11758] FAT-fs (loop2): Directory bread(block 64) failed [ 309.445984][T11758] FAT-fs (loop2): Directory bread(block 65) failed [ 309.496074][T11758] FAT-fs (loop2): Directory bread(block 66) failed [ 309.524129][T11758] FAT-fs (loop2): Directory bread(block 67) failed [ 309.555880][T11758] FAT-fs (loop2): Directory bread(block 68) failed [ 309.583564][T11758] FAT-fs (loop2): Directory bread(block 69) failed [ 309.604796][T11758] FAT-fs (loop2): Directory bread(block 70) failed [ 309.642661][T11758] FAT-fs (loop2): Directory bread(block 71) failed [ 309.665814][T11771] loop4: detected capacity change from 0 to 512 [ 309.685040][T11758] FAT-fs (loop2): Directory bread(block 72) failed [ 309.715328][T11758] FAT-fs (loop2): Directory bread(block 73) failed [ 310.619081][T11771] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 310.688152][T11771] EXT4-fs (loop4): 1 truncate cleaned up [ 310.699315][T11771] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback. [ 310.778981][T11771] EXT4-fs error (device loop4): ext4_ext_precache:608: inode #15: comm syz.4.3166: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 310.860046][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/690.tmp-b7:2' failed: Read-only file system [ 310.931358][ T4190] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 310.956813][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/690.tmp-b7:2' failed: Read-only file system [ 311.016178][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 311.043539][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/691.tmp-b7:4' failed: Read-only file system [ 311.044848][ T4175] udevd[4175]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 311.085284][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/692.tmp-b7:2' failed: Read-only file system [ 311.100113][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/691.tmp-b7:4' failed: Read-only file system [ 311.164029][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/691.tmp-b7:4' failed: Read-only file system [ 311.180657][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 311.202264][T11808] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3182'. [ 311.209133][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/692.tmp-b7:2' failed: Read-only file system [ 311.251446][T11808] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3182'. [ 311.301206][T11808] netlink: 'syz.4.3182': attribute type 18 has an invalid length. [ 311.354328][ T26] audit: type=1326 audit(1752872171.731:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11813 comm="syz.0.3186" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f26516279a9 code=0x0 [ 311.399009][ T4190] usb 3-1: config 0 has an invalid interface number: 120 but max is 0 [ 311.440136][ T4190] usb 3-1: config 0 has no interface number 0 [ 311.466941][ T4190] usb 3-1: config 0 interface 120 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 311.501850][ T4190] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 311.511053][ T4190] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.563982][ T4274] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 311.577363][ T4190] usb 3-1: config 0 descriptor?? [ 311.849613][ T4234] usb 3-1: USB disconnect, device number 18 [ 312.891702][ T23] Bluetooth: hci0: command 0x080f tx timeout [ 312.911967][T11863] netlink: 184 bytes leftover after parsing attributes in process `syz.3.3206'. [ 312.921079][T11863] netlink: 184 bytes leftover after parsing attributes in process `syz.3.3206'. [ 313.477483][T11846] loop2: detected capacity change from 0 to 40427 [ 313.525505][T11846] F2FS-fs (loop2): invalid crc value [ 313.609516][T11855] loop4: detected capacity change from 0 to 32768 [ 313.613024][T11846] F2FS-fs (loop2): Found nat_bits in checkpoint [ 313.660520][T11855] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.3204 (11855) [ 313.719395][T11855] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 313.754237][T11855] BTRFS info (device loop4): force zlib compression, level 3 [ 313.779031][T11846] F2FS-fs (loop2): recover fsync data on readonly fs [ 313.781388][T11855] BTRFS info (device loop4): force clearing of disk cache [ 313.799783][T11846] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 313.821378][T11855] BTRFS info (device loop4): setting nodatasum [ 313.845885][T11855] BTRFS info (device loop4): allowing degraded mounts [ 313.881444][T11855] BTRFS info (device loop4): enabling disk space caching [ 313.888506][T11855] BTRFS info (device loop4): disk space caching is enabled [ 313.911180][T11855] BTRFS info (device loop4): has skinny extents [ 313.984115][T11846] F2FS-fs (loop2): Corrupted max_depth of 3: 1025 [ 314.001916][T11846] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 314.030070][T11846] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 314.389983][T11855] BTRFS info (device loop4): clearing free space tree [ 314.396999][T11855] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 314.446712][T11855] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 314.769323][ T4201] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 10 /dev/loop4 scanned by udevd (4201) [ 314.998287][ T23] Bluetooth: hci0: command 0x080f tx timeout [ 315.463035][ T154] wlan1: Trigger new scan to find an IBSS to join [ 315.904986][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 315.909952][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/689.tmp-b7:3' failed: Read-only file system [ 315.993698][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/697.tmp-b7:4' failed: Read-only file system [ 316.025578][ T4173] udevd[4173]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 316.165983][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 316.190011][ T5274] udevd[5274]: symlink '../../loop3' '/dev/disk/by-diskseq/689.tmp-b7:3' failed: Read-only file system [ 316.220222][T11969] netlink: 'syz.1.3247': attribute type 30 has an invalid length. [ 316.265972][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/689.tmp-b7:3' failed: Read-only file system [ 316.382621][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 316.408058][ T23] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 316.578646][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 316.650186][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/689.tmp-b7:3' failed: Read-only file system [ 316.683950][T11945] loop2: detected capacity change from 0 to 32768 [ 316.728558][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.734914][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.918442][ T23] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 316.939122][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 316.972077][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 316.993896][ T23] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 317.041210][ T23] usb 5-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice=65.8c [ 317.071307][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.102697][ T23] usb 5-1: config 0 descriptor?? [ 317.164247][ T23] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input23 [ 317.254833][T12005] sch_tbf: burst 0 is lower than device macvtap0 mtu (1514) ! [ 317.426656][ T4616] usb 5-1: USB disconnect, device number 21 [ 317.450504][ T4616] appletouch 5-1:0.0: input: appletouch disconnected [ 317.451361][T12009] netlink: 'syz.1.3265': attribute type 29 has an invalid length. [ 318.491485][ T154] wlan1: Trigger new scan to find an IBSS to join [ 318.700469][T12068] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3295'. [ 318.766369][T12068] device dummy0 entered promiscuous mode [ 318.795556][T12068] device dummy0 left promiscuous mode [ 318.821888][T12059] loop4: detected capacity change from 0 to 8192 [ 318.949401][T12059] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 318.970488][T12059] REISERFS (device loop4): using journaled data mode [ 318.981262][T12059] reiserfs: using flush barriers [ 319.027327][T12083] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3304'. [ 319.038676][T12059] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 319.040164][T12083] netlink: 'syz.1.3304': attribute type 6 has an invalid length. [ 319.105852][T12059] REISERFS (device loop4): checking transaction log (loop4) [ 319.198179][T12059] REISERFS (device loop4): Using r5 hash to sort names [ 319.209734][T12059] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 319.249376][T12059] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 320.224372][T12110] loop4: detected capacity change from 0 to 1024 [ 320.400041][ T144] hfsplus: b-tree write err: -5, ino 4 [ 320.495251][ T4274] wlan1: Trigger new scan to find an IBSS to join [ 320.758047][T12127] loop3: detected capacity change from 0 to 736 [ 320.874074][ T4616] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 320.963193][ T4201] udevd[4201]: symlink '../../loop3' '/dev/disk/by-diskseq/704.tmp-b7:3' failed: Read-only file system [ 321.064928][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/699.tmp-b7:2' failed: Read-only file system [ 321.141438][ T4616] usb 2-1: Using ep0 maxpacket: 16 [ 321.266187][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/702.tmp-b7:4' failed: Read-only file system [ 321.277715][ T4616] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 321.294606][ T4616] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 321.314237][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/702.tmp-b7:4' failed: Read-only file system [ 321.325958][ T4616] usb 2-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 321.341731][ T4616] usb 2-1: config 0 interface 0 has no altsetting 0 [ 321.348377][ T4616] usb 2-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00 [ 321.358918][ T4616] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.378426][ T4616] usb 2-1: config 0 descriptor?? [ 321.389960][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/705.tmp-b7:4' failed: Read-only file system [ 321.416457][T12133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3328'. [ 321.444208][T12133] device dummy0 entered promiscuous mode [ 321.452203][ T4274] wlan1: Creating new IBSS network, BSSID 7e:be:57:f7:cb:fb [ 321.464938][T12133] device dummy0 left promiscuous mode [ 321.490170][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/699.tmp-b7:2' failed: Read-only file system [ 321.509295][T12137] sp0: Synchronizing with TNC [ 321.565247][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/699.tmp-b7:2' failed: Read-only file system [ 321.887550][ T4616] hid-alps 0003:044E:120B.0024: hidraw0: USB HID v0.00 Device [HID 044e:120b] on usb-dummy_hcd.1-1/input0 [ 322.121595][ T4616] usb 2-1: USB disconnect, device number 27 [ 322.259990][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/699.tmp-b7:2' failed: Read-only file system [ 322.408267][T12147] loop2: detected capacity change from 0 to 4096 [ 322.492253][ T154] wlan1: Trigger new scan to find an IBSS to join [ 322.695305][ T5274] udevd[5274]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 322.744539][ T4201] udevd[4201]: symlink '../../loop2' '/dev/disk/by-diskseq/706.tmp-b7:2' failed: Read-only file system [ 323.334786][T12157] loop4: detected capacity change from 0 to 736 [ 323.457724][ T154] wlan1: Creating new IBSS network, BSSID 66:0c:19:4c:5d:86 [ 323.904153][T12155] loop3: detected capacity change from 0 to 32768 [ 323.971155][T12176] sp0: Synchronizing with TNC [ 323.991743][T12155] ERROR: (device loop3): dbAllocAG: allocation request is larger than the allocation group size [ 323.991743][T12155] [ 324.028185][T12155] ERROR: (device loop3): dbDiscardAG: -EIO [ 324.028185][T12155] [ 324.216983][T12187] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3340'. [ 324.227773][T12187] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3340'. [ 324.738194][T12193] loop3: detected capacity change from 0 to 32768 [ 324.758410][T12193] XFS: ikeep mount option is deprecated. [ 324.780135][T12193] XFS: noikeep mount option is deprecated. [ 324.914833][T12193] XFS (loop3): Mounting V5 Filesystem [ 325.068187][T12193] XFS (loop3): Ending clean mount [ 325.083295][T12193] XFS (loop3): Quotacheck needed: Please wait. [ 325.190869][T12193] XFS (loop3): Quotacheck: Done. [ 325.290716][ T4191] XFS (loop3): Unmounting Filesystem [ 326.028465][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/712.tmp-b7:4' failed: Read-only file system [ 326.058931][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 326.138723][ T4201] udevd[4201]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 326.176771][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/712.tmp-b7:4' failed: Read-only file system [ 326.323874][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/712.tmp-b7:4' failed: Read-only file system [ 326.346280][ T21] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 326.361788][ T21] hid-generic 0000:0000:0000.0025: hidraw0: HID v0.00 Device [syz0] on syz0 [ 326.487331][T12261] fido_id[12261]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 326.529951][ T5274] udevd[5274]: symlink '../../loop4' '/dev/disk/by-diskseq/712.tmp-b7:4' failed: Read-only file system [ 326.613086][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/712.tmp-b7:4' failed: Read-only file system [ 326.717636][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/712.tmp-b7:4' failed: Read-only file system [ 326.756795][T12272] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3392'. [ 326.790005][ T5274] udevd[5274]: symlink '../../loop2' '/dev/disk/by-diskseq/709.tmp-b7:2' failed: Read-only file system [ 326.861782][ T4201] udevd[4201]: symlink '../../loop4' '/dev/disk/by-diskseq/712.tmp-b7:4' failed: Read-only file system [ 327.182464][ T26] audit: type=1326 audit(1752872187.551:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12284 comm="syz.0.3400" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f26516279a9 code=0x0 [ 327.397234][T12297] loop2: detected capacity change from 0 to 1024 [ 327.494585][T12301] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3405'. [ 327.528173][T12301] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3405'. [ 327.678099][T12305] devtmpfs: Cannot retroactively limit inodes [ 327.890815][T12295] loop4: detected capacity change from 0 to 40427 [ 327.931507][T12295] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff [ 327.949605][T12295] F2FS-fs (loop4): invalid crc value [ 327.967744][T12295] F2FS-fs (loop4): Found nat_bits in checkpoint [ 328.058587][T12295] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 328.120603][ T4183] attempt to access beyond end of device [ 328.120603][ T4183] loop4: rw=2049, want=45104, limit=40427 [ 328.617274][T12297] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 328.667206][T12297] ext4 filesystem being mounted at /597/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 329.397214][T12349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3436'. [ 329.506034][T12329] loop4: detected capacity change from 0 to 32768 [ 329.549601][T12329] XFS: ikeep mount option is deprecated. [ 329.556935][T12329] XFS: noikeep mount option is deprecated. [ 329.635522][T12329] XFS (loop4): Mounting V5 Filesystem [ 329.696662][T12329] XFS (loop4): Ending clean mount [ 329.708837][T12329] XFS (loop4): Quotacheck needed: Please wait. [ 329.762427][T12329] XFS (loop4): Quotacheck: Done. [ 329.835001][ T4183] XFS (loop4): Unmounting Filesystem [ 329.950860][T12361] loop3: detected capacity change from 0 to 1024 [ 330.025423][T12365] sch_tbf: burst 0 is lower than device vlan0 mtu (1514) ! [ 330.072154][T12361] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 330.089641][T12361] ext4 filesystem being mounted at /641/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 330.712828][T12390] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 331.166233][ T5207] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 331.346300][ T21] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 331.536709][T12411] overlayfs: unrecognized mount option "\fsplus" or missing value [ 331.605738][ T5207] usb 4-1: config 0 has an invalid interface number: 181 but max is 0 [ 331.641355][ T5207] usb 4-1: config 0 has no interface number 0 [ 331.647868][ T21] usb 3-1: Using ep0 maxpacket: 16 [ 331.667826][ T5207] usb 4-1: config 0 interface 181 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 331.716863][ T5207] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=c0.c5 [ 331.766983][ T5207] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.785561][ T5207] usb 4-1: config 0 descriptor?? [ 331.823498][ T21] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.834563][ T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 331.878961][ T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 331.911411][ T21] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 331.921130][ T21] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 332.067179][ T21] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 332.083366][ T5207] usb 4-1: string descriptor 0 read error: -71 [ 332.094211][ T21] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 332.111398][ T21] usb 3-1: Manufacturer: syz [ 332.111967][ T5207] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 332.129575][ T21] usb 3-1: config 0 descriptor?? [ 332.145303][ T4274] usb 4-1: Failed to submit usb control message: -71 [ 332.188502][ T4274] usb 4-1: unable to send the bmi data to the device: -71 [ 332.223642][ T5207] usb 4-1: USB disconnect, device number 21 [ 332.251507][ T4274] usb 4-1: unable to get target info from device [ 332.285668][ T4274] usb 4-1: could not get target info (-71) [ 332.309027][ T4274] usb 4-1: could not probe fw (-71) [ 332.551503][ T21] rc_core: IR keymap rc-hauppauge not found [ 332.557438][ T21] Registered IR keymap rc-empty [ 332.614025][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 332.680840][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 332.777154][ T21] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 332.803480][ T21] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input24 [ 332.867571][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 332.973868][T12454] openvswitch: netlink: Duplicate or invalid key (type 0). [ 332.986629][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.004744][T12454] openvswitch: netlink: Actions may not be safe on all matching packets [ 333.031920][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.083519][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.125992][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.169005][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.204697][ C1] mceusb 3-1:0.0: short-range (0x56) receiver active [ 333.242193][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.282305][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.319047][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.360690][ T21] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.381036][ T4190] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 333.416754][ T21] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 333.425923][ T21] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x56 active) [ 333.497734][ T21] usb 3-1: USB disconnect, device number 19 [ 333.566212][ T5208] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 333.869979][ T4190] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.894528][ T4190] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.911299][ T4190] usb 4-1: New USB device found, idVendor=056a, idProduct=0028, bcdDevice= 0.00 [ 333.946474][ T4190] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.962928][ T4190] usb 4-1: config 0 descriptor?? [ 334.018316][ T5208] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 334.037966][ T5208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.089718][ T5208] usb 5-1: config 0 descriptor?? [ 334.191694][ T23] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 334.450317][ T4190] wacom 0003:056A:0028.0026: Unknown device_type for 'HID 056a:0028'. Assuming pen. [ 334.461617][ T5208] usb 5-1: Cannot read MAC address [ 334.472020][ T5208] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71 [ 334.473229][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 334.486761][ T4190] wacom 0003:056A:0028.0026: hidraw0: USB HID v0.00 Device [HID 056a:0028] on usb-dummy_hcd.3-1/input0 [ 334.512209][ T4190] input: Wacom Intuos5 touch L Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0028.0026/input/input25 [ 334.522043][ T5208] usb 5-1: USB disconnect, device number 22 [ 334.631758][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 334.646118][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 334.675658][ T23] usb 2-1: config 0 interface 0 has no altsetting 0 [ 334.711226][ T23] usb 2-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00 [ 334.731497][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.754609][ T4190] usb 4-1: USB disconnect, device number 22 [ 334.774619][T12498] binder: 12497:12498 ioctl c0306201 0 returned -14 [ 334.806990][ T23] usb 2-1: config 0 descriptor?? [ 334.843548][T12496] fido_id[12496]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 335.323890][ T23] a4tech 0003:09DA:000A.0027: unbalanced collection at end of report description [ 335.360553][ T23] a4tech 0003:09DA:000A.0027: parse failed [ 335.370323][ T23] a4tech: probe of 0003:09DA:000A.0027 failed with error -22 [ 335.427219][T12516] loop3: detected capacity change from 0 to 512 [ 335.484513][T12516] EXT4-fs (loop3): error: journal path ./bus is not a block device [ 335.584209][ T21] usb 2-1: USB disconnect, device number 28 [ 335.618444][ T5808] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 335.774297][T12522] loop3: detected capacity change from 0 to 1024 [ 335.950187][ T5808] usb 5-1: Using ep0 maxpacket: 16 [ 336.112323][ T5808] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 336.172606][ T5808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 336.193972][ T5808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 336.222136][ T5808] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 336.244673][ T5808] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 336.347105][ T4616] kernel write not supported for file /dsp1 (pid: 4616 comm: kworker/0:15) [ 336.363811][ T5808] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 336.384378][ T5808] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 336.392440][ T5808] usb 5-1: Manufacturer: syz [ 336.412527][ T5808] usb 5-1: config 0 descriptor?? [ 336.601730][ T23] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 336.768046][ T5808] rc_core: IR keymap rc-hauppauge not found [ 336.773988][ T5808] Registered IR keymap rc-empty [ 336.778910][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 336.837290][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 336.889461][ T4274] hfsplus: b-tree write err: -5, ino 4 [ 336.903284][ T5808] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 336.922909][ T5808] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input28 [ 336.984723][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.031144][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.070478][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.084038][ T23] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 337.092419][ T23] usb 2-1: config 0 has no interface number 0 [ 337.111149][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.155924][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.210387][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.248844][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.256092][ C1] mceusb 5-1:0.0: short-range (0x56) receiver active [ 337.267504][ T23] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 337.287865][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.303918][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.325780][ T23] usb 2-1: Product: syz [ 337.329954][ T23] usb 2-1: Manufacturer: syz [ 337.334587][ T23] usb 2-1: SerialNumber: syz [ 337.345404][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.369393][ T23] usb 2-1: config 0 descriptor?? [ 337.381500][ T5208] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 337.400598][ T5808] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 337.419835][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 337.441116][ T5808] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 337.464713][ T5808] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x56 active) [ 337.518770][ T5207] usb 5-1: USB disconnect, device number 23 [ 337.635718][ T23] gspca_spca1528: reg_w err -71 [ 337.661504][ T5208] usb 4-1: Using ep0 maxpacket: 16 [ 337.669744][ T23] spca1528: probe of 2-1:0.1 failed with error -71 [ 337.708891][ T23] usb 2-1: USB disconnect, device number 29 [ 337.812367][ T5208] usb 4-1: New USB device found, idVendor=09da, idProduct=0006, bcdDevice= 0.00 [ 337.826353][ T5208] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.847248][ T5208] usb 4-1: config 0 descriptor?? [ 338.335108][ T5208] a4tech 0003:09DA:0006.0028: hidraw0: USB HID v20.00 Device [HID 09da:0006] on usb-dummy_hcd.3-1/input0 [ 338.542953][ T5208] usb 4-1: USB disconnect, device number 23 [ 338.996224][T12571] loop4: detected capacity change from 0 to 40427 [ 339.036323][T12571] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff [ 339.095211][T12571] F2FS-fs (loop4): invalid crc value [ 339.164587][T12582] loop2: detected capacity change from 0 to 32768 [ 339.205358][T12571] F2FS-fs (loop4): Found nat_bits in checkpoint [ 339.249286][ T26] audit: type=1800 audit(1752872199.621:27): pid=12582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3530" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 339.342277][T12571] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 340.082473][T12607] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3538'. [ 340.208083][T12611] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3540'. [ 340.349899][T12619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3544'. [ 340.363231][T12619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3544'. [ 340.372659][T12619] netlink: 'syz.1.3544': attribute type 6 has an invalid length. [ 340.445789][T12621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3545'. [ 340.466525][T12621] device veth1_macvtap left promiscuous mode [ 340.581572][ T4616] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 340.986176][ T4616] usb 3-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 341.015294][ T4616] usb 3-1: config 48 interface 0 altsetting 98 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 341.030096][ T4616] usb 3-1: config 48 interface 0 altsetting 98 endpoint 0x4 has invalid wMaxPacketSize 0 [ 341.046577][ T4616] usb 3-1: config 48 interface 0 altsetting 98 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 341.058356][ T4616] usb 3-1: config 48 interface 0 altsetting 98 endpoint 0x8 has invalid wMaxPacketSize 0 [ 341.068722][ T4616] usb 3-1: config 48 interface 0 altsetting 98 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 341.082271][ T4616] usb 3-1: config 48 interface 0 has no altsetting 0 [ 341.262241][ T4616] usb 3-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 341.276131][ T4616] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.293236][ T4616] usb 3-1: Product: syz [ 341.297504][ T4616] usb 3-1: Manufacturer: syz [ 341.306888][ T4616] usb 3-1: SerialNumber: syz [ 341.574178][T12631] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3552'. [ 341.639194][T12635] device veth0_virt_wifi entered promiscuous mode [ 341.675540][ T4616] usb 3-1: USB disconnect, device number 20 [ 342.501220][T12667] loop3: detected capacity change from 0 to 1024 [ 342.549621][T12667] EXT4-fs (loop3): inline encryption not supported [ 342.588647][T12649] loop4: detected capacity change from 0 to 32768 [ 342.593594][ T144] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 342.746156][T12649] XFS (loop4): Mounting V5 Filesystem [ 342.764181][T12667] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #3: block 2: comm syz.3.3569: lblock 2 mapped to illegal pblock 2 (length 1) [ 342.804194][T12667] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 342.852599][T12667] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #3: block 48: comm syz.3.3569: lblock 0 mapped to illegal pblock 48 (length 1) [ 342.890992][T12667] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 342.897252][T12649] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 342.912166][T12667] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.3569: Failed to acquire dquot type 0 [ 342.981670][T12667] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 343.010763][T12696] nfs4: Unexpected value for 'tcp' [ 343.048433][T12667] EXT4-fs error (device loop3): ext4_evict_inode:282: inode #11: comm syz.3.3569: mark_inode_dirty error [ 343.093021][T12667] EXT4-fs warning (device loop3): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 343.142679][T12667] EXT4-fs (loop3): 1 orphan inode deleted [ 343.161360][T12667] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,data_err=ignore,max_batch_time=0x00000000000008c9,nodiscard,inlinecrypt,i_version,,errors=continue. Quota mode: none. [ 343.182796][ T4274] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 343.241462][ T4274] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 343.267853][T12700] loop2: detected capacity change from 0 to 4096 [ 343.286067][T12649] XFS (loop4): Starting recovery (logdev: internal) [ 343.294901][ T4274] EXT4-fs error (device loop3): ext4_release_dquot:6243: comm kworker/u4:5: Failed to release dquot type 0 [ 343.294965][T12667] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.3569: Invalid inode table block 1 in block_group 0 [ 343.359062][T12667] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 343.380714][T12700] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 343.446688][ T4191] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 343.471776][T12649] XFS (loop4): Ending recovery (logdev: internal) [ 343.501118][T12649] XFS (loop4): Quotacheck needed: Please wait. [ 343.507552][ T4191] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 343.528526][ T4191] EXT4-fs error (device loop3): ext4_quota_off:6513: inode #3: comm syz-executor: mark_inode_dirty error [ 343.603707][T12649] XFS (loop4): Quotacheck: Done. [ 343.771120][ T4183] XFS (loop4): Unmounting Filesystem [ 344.325819][ C1] sd 0:0:1:0: tag#2601 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 344.335746][ C1] sd 0:0:1:0: tag#2601 CDB: Read(6) 08 00 00 00 00 2c [ 344.585106][T12738] loop4: detected capacity change from 0 to 4096 [ 344.664116][T12742] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 344.749073][T12744] loop3: detected capacity change from 0 to 512 [ 344.880196][T12744] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 344.903400][T12744] ext4 filesystem being mounted at /680/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 345.010926][T12744] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #2: block 3: comm syz.3.3600: lblock 8 mapped to illegal pblock 3 (length 26) [ 346.254661][T12776] loop4: detected capacity change from 0 to 32768 [ 346.549328][T12795] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3604'. [ 346.647927][T12797] loop3: detected capacity change from 0 to 4096 [ 346.712923][T12798] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 347.061546][T12805] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3628'. [ 347.214203][T12811] loop3: detected capacity change from 0 to 4096 [ 347.281597][ T5207] Bluetooth: hci0: command 0x0c20 tx timeout [ 347.421394][T12811] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 347.462468][T12827] loop2: detected capacity change from 0 to 512 [ 347.511405][T12827] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 347.612455][T12827] EXT4-fs (loop2): 1 truncate cleaned up [ 347.668944][T12827] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 347.890112][T12834] loop3: detected capacity change from 0 to 4096 [ 347.928416][T12834] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 348.879517][ T21] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 349.045929][ T4616] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 349.321447][ T4616] usb 5-1: Using ep0 maxpacket: 16 [ 349.337450][ T21] usb 3-1: unable to get BOS descriptor or descriptor too short [ 349.410964][ T21] usb 3-1: not running at top speed; connect to a high speed hub [ 349.473061][ T4616] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 349.478376][T12884] misc userio: Invalid payload size [ 349.491022][ T4616] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 349.522492][T12884] misc userio: The device must be registered before sending interrupts [ 349.531349][ T4616] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 349.557157][ T4616] usb 5-1: config 0 interface 0 has no altsetting 0 [ 349.560427][ T21] usb 3-1: config 129 has an invalid interface number: 135 but max is 0 [ 349.581570][ T21] usb 3-1: config 129 has an invalid interface number: 5 but max is 0 [ 349.589759][ T21] usb 3-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 349.626462][ T21] usb 3-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 349.653103][ T21] usb 3-1: config 129 has no interface number 0 [ 349.659474][ T21] usb 3-1: config 129 has no interface number 1 [ 349.683158][ T21] usb 3-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 349.696633][ T21] usb 3-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 349.724855][ T21] usb 3-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 349.747064][ T4616] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 349.750624][ T21] usb 3-1: config 129 interface 135 has no altsetting 0 [ 349.767759][ T4616] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.771300][ T21] usb 3-1: config 129 interface 5 has no altsetting 0 [ 349.785717][ T4616] usb 5-1: Product: syz [ 349.800338][ T4616] usb 5-1: Manufacturer: syz [ 349.805104][ T4616] usb 5-1: SerialNumber: syz [ 349.829805][ T4616] usb 5-1: config 0 descriptor?? [ 349.981168][ T4190] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 350.049620][ T21] usb 3-1: string descriptor 0 read error: -22 [ 350.081434][ T21] usb 3-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62 [ 350.090535][ T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.109343][ T4616] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input29 [ 350.131646][ T3545] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 350.168722][ T3545] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 350.182570][ T21] usb 3-1: MIDIStreaming interface descriptor not found [ 350.204833][ T3545] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 350.263502][ T4173] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 350.318352][ T3545] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 350.328034][ T4190] usb 2-1: Using ep0 maxpacket: 16 [ 350.357751][T12871] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 350.411195][ T3545] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 350.420392][ T23] usb 3-1: USB disconnect, device number 21 [ 350.428630][ T5208] usb 5-1: USB disconnect, device number 24 [ 350.521035][ T4190] usb 2-1: config index 0 descriptor too short (expected 69, got 36) [ 350.545343][ T4190] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 350.777759][ T4190] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 350.805259][ T4190] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.853269][ T4190] usb 2-1: Product: syz [ 350.857495][ T4190] usb 2-1: Manufacturer: syz [ 350.874809][ T4190] usb 2-1: SerialNumber: syz [ 350.889855][ T4190] usb 2-1: config 0 descriptor?? [ 350.952212][ T4190] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 351.164085][T12906] loop2: detected capacity change from 0 to 1024 [ 351.234458][T12899] loop3: detected capacity change from 0 to 40427 [ 351.290309][T12899] F2FS-fs (loop3): Found nat_bits in checkpoint [ 351.342867][T12899] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 351.349790][T12899] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2 [ 351.362999][T12899] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 351.382351][ T23] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 351.498147][ T1235] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 351.625460][ T4190] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 351.632430][ T4190] gspca_pac7302: probe of 2-1:0.0 failed with error -71 [ 351.654163][ T4190] usb 2-1: USB disconnect, device number 30 [ 351.837725][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 351.867707][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 351.884407][ T23] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 351.942941][ T23] usb 5-1: New USB device found, idVendor=045e, idProduct=008e, bcdDevice= 0.00 [ 351.952257][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.989218][ T23] usb 5-1: config 0 descriptor?? [ 352.198354][T12906] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 352.261371][T12906] EXT4-fs error (device loop2): ext4_get_journal_inode:5158: inode #32: comm syz.2.3673: iget: special inode unallocated [ 352.358819][T12906] EXT4-fs (loop2): no journal found [ 352.364158][T12906] EXT4-fs (loop2): can't get journal size [ 352.384940][T12906] EXT4-fs (loop2): filesystem is read-only [ 352.417579][T12906] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,noload,noblock_validity,bsdgroups,nobarrier,. Quota mode: none. [ 352.522856][ T23] hid-generic 0003:045E:008E.0029: unbalanced collection at end of report description [ 352.562569][ T23] hid-generic: probe of 0003:045E:008E.0029 failed with error -22 [ 352.601431][ T5208] usb 4-1: new low-speed USB device number 24 using dummy_hcd [ 352.718298][ T4234] usb 5-1: USB disconnect, device number 25 [ 353.001643][ T5208] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 353.028046][ T5208] usb 4-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 353.090158][ T5208] usb 4-1: config 0 interface 0 has no altsetting 0 [ 353.107229][ T5208] usb 4-1: New USB device found, idVendor=1532, idProduct=011d, bcdDevice= 0.00 [ 353.111780][T12952] [U] K#LɄR [ 353.131654][ T5208] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.159917][ T5208] usb 4-1: config 0 descriptor?? [ 353.168688][T12951] [U] U [ 353.181820][T12944] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 353.530578][ T4274] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 353.671458][ T4616] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 353.713481][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.724699][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.741113][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.756889][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.773150][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.787407][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.802971][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.819149][ T5208] hid-rmi 0003:1532:011D.002A: unknown main item tag 0x0 [ 353.844092][ T5208] hid-rmi 0003:1532:011D.002A: hidraw0: USB HID v10.00 Device [HID 1532:011d] on usb-dummy_hcd.3-1/input0 [ 353.915656][ T5208] usb 4-1: USB disconnect, device number 24 [ 353.941744][ T4616] usb 5-1: Using ep0 maxpacket: 16 [ 354.051670][T12967] fido_id[12967]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 354.066590][ T4616] usb 5-1: config 2 has an invalid interface number: 123 but max is 0 [ 354.078479][ T4616] usb 5-1: config 2 has no interface number 0 [ 354.092080][ T4616] usb 5-1: config 2 interface 123 has no altsetting 0 [ 354.241324][ C1] sched: RT throttling activated [ 354.300156][ T4616] usb 5-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=17.2e [ 354.330129][ T4616] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.347542][T12962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.368912][ T4616] usb 5-1: Product: syz [ 354.379053][ T4616] usb 5-1: Manufacturer: syz [ 354.399358][ T4616] usb 5-1: SerialNumber: syz [ 354.789030][ T4616] (null): radio-mr800 - initialization failed [ 354.817164][ T4616] radio-mr800: probe of 5-1:2.123 failed with error -22 [ 354.859704][ T4616] usbhid 5-1:2.123: couldn't find an input interrupt endpoint [ 354.921063][T12954] loop2: detected capacity change from 0 to 262144 [ 354.949516][ T4616] usb 5-1: USB disconnect, device number 26 [ 355.224526][T12993] loop3: detected capacity change from 0 to 256 [ 355.466545][T13006] loop4: detected capacity change from 0 to 2048 [ 355.500799][T13006] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 355.846552][T12954] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by syz.2.3694 (12954) [ 355.866318][T12954] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 355.875767][T12954] BTRFS info (device loop2): using free space tree [ 355.882313][T12954] BTRFS info (device loop2): has skinny extents [ 355.888571][T12954] BTRFS info (device loop2): flagging fs with big metadata feature [ 356.043800][T13023] netlink: 'syz.1.3722': attribute type 4 has an invalid length. [ 356.117889][ T1263] BTRFS warning (device loop2): checksum verify failed on 22036480 wanted 0x23e101be1e001a29 found 0x4b55084d40a2574f level 0 [ 356.147209][ T1263] BTRFS warning (device loop2): checksum verify failed on 30670848 wanted 0xe9f08ec94c425425 found 0xa65e63c69188ce63 level 0 [ 356.331675][ T5207] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 356.377140][T12954] BTRFS error (device loop2): open_ctree failed: -22 [ 356.437550][T12993] FAT-fs (loop3): Directory bread(block 64) failed [ 356.493905][T12993] FAT-fs (loop3): Directory bread(block 65) failed [ 356.530681][T12993] FAT-fs (loop3): Directory bread(block 66) failed [ 356.570730][T12993] FAT-fs (loop3): Directory bread(block 67) failed [ 356.610531][T12993] FAT-fs (loop3): Directory bread(block 68) failed [ 356.640946][T12993] FAT-fs (loop3): Directory bread(block 69) failed [ 356.654690][T12993] FAT-fs (loop3): Directory bread(block 70) failed [ 356.669150][T12993] FAT-fs (loop3): Directory bread(block 71) failed [ 356.686709][T12993] FAT-fs (loop3): Directory bread(block 72) failed [ 356.709065][T12993] FAT-fs (loop3): Directory bread(block 73) failed [ 356.754241][ T5207] usb 5-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 356.771454][ T5207] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 356.977216][ T5207] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 357.001429][ T5207] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.020233][T13047] loop3: detected capacity change from 0 to 1024 [ 357.026929][ T5207] usb 5-1: Product: syz [ 357.038554][ T5207] usb 5-1: Manufacturer: syz [ 357.044308][ T5207] usb 5-1: SerialNumber: syz [ 357.053079][ T5207] usb 5-1: config 0 descriptor?? [ 357.085867][T13047] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 357.148772][T13052] netlink: 71 bytes leftover after parsing attributes in process `syz.1.3733'. [ 357.326017][ T5207] mos7840 5-1:0.0: required endpoints missing [ 357.416589][T13062] IPVS: Error connecting to the multicast addr [ 357.531866][ T5207] usb 5-1: USB disconnect, device number 27 [ 358.185949][T13088] netlink: 110 bytes leftover after parsing attributes in process `syz.1.3751'. [ 358.208024][T13088] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3751'. [ 358.450646][T13104] usb usb8: usbfs: process 13104 (syz.4.3759) did not claim interface 0 before use [ 358.807639][T13118] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 358.845199][T13118] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 358.870294][T13118] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 359.331441][ T5207] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 359.588228][ T5207] usb 5-1: Using ep0 maxpacket: 32 [ 359.742595][ T5207] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 359.951612][ T5207] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 359.965426][ T5207] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.006956][ T5207] usb 5-1: Product: syz [ 360.041248][ T5207] usb 5-1: Manufacturer: syz [ 360.051352][ T5207] usb 5-1: SerialNumber: syz [ 360.089116][ T5207] usb 5-1: config 0 descriptor?? [ 360.143866][ T5207] quatech2 5-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 360.361734][ T5207] usb 5-1: qt2_setup_urbs - submit read urb failed -8 [ 360.368652][ T5207] quatech2: probe of 5-1:0.0 failed with error -8 [ 360.580029][ T5207] usb 5-1: USB disconnect, device number 28 [ 361.041818][T13206] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3804'. [ 361.191498][ T5207] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 361.431957][ T5208] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 361.606184][ T5207] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 361.630421][ T5207] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 361.660167][T13230] digital: digital_start_poll: Unknown protocol [ 361.717100][ T5809] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 361.768022][ T5207] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 361.790649][ T5207] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 361.812598][ T5207] usb 2-1: Manufacturer: syz [ 361.838979][ T5207] usb 2-1: config 0 descriptor?? [ 361.848475][ T5208] usb 5-1: config 0 has an invalid interface number: 117 but max is 0 [ 361.856965][ T5208] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 361.872389][ T5208] usb 5-1: config 0 has no interface number 0 [ 361.879579][ T5208] usb 5-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 361.895748][ T5208] usb 5-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 361.991539][ T5207] rc_core: IR keymap rc-hauppauge not found [ 362.000845][ T5207] Registered IR keymap rc-empty [ 362.011750][ T5207] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 362.028780][ T5207] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input31 [ 362.092610][ T5208] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 362.115143][ T5208] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.134262][ T5208] usb 5-1: Product: syz [ 362.138449][ T5208] usb 5-1: Manufacturer: syz [ 362.144463][ T5809] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 362.144501][ T5809] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.169456][ T5208] usb 5-1: SerialNumber: syz [ 362.175867][ T5208] usb 5-1: config 0 descriptor?? [ 362.258274][ T5809] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 362.267456][ T5809] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 362.291900][ T5809] usb 3-1: Manufacturer: syz [ 362.299104][ T5809] usb 3-1: config 0 descriptor?? [ 362.371510][ C0] igorplugusb 2-1:0.0: receive overflow, at least 24 lost [ 362.472808][ T5809] rc_core: IR keymap rc-hauppauge not found [ 362.478998][ T5809] Registered IR keymap rc-empty [ 362.479195][T13249] MPI: mpi too large (185152 bits) [ 362.491059][ T5809] rc rc1: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc1 [ 362.513595][ T5809] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc1/input33 [ 362.585284][ T5207] usb 2-1: USB disconnect, device number 31 [ 362.792960][T13258] loop3: detected capacity change from 0 to 512 [ 362.831569][T13252] rc rc1: two consecutive events of type space [ 362.845353][ T5207] usb 5-1: USB disconnect, device number 29 [ 362.897707][T13258] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 362.911139][T13258] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 362.939035][T13258] System zones: 0-1, 15-15, 18-18, 34-34 [ 362.957904][T13258] EXT4-fs (loop3): orphan cleanup on readonly fs [ 362.972939][T13258] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 362.998408][T13258] EXT4-fs warning (device loop3): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 363.031500][T13258] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 363.058234][ T5809] usb 3-1: USB disconnect, device number 22 [ 363.121867][T13258] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.3827: bg 0: block 40: padding at end of block bitmap is not set [ 363.201628][T13258] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 363.251628][T13258] EXT4-fs (loop3): 1 truncate cleaned up [ 363.257303][T13258] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 363.288297][T13258] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 363.491118][T13281] loop4: detected capacity change from 0 to 512 [ 363.793333][T13304] loop3: detected capacity change from 0 to 512 [ 363.862873][T13304] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 363.919277][T13304] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e12c, mo2=0002] [ 363.931449][T13304] System zones: 1-12 [ 363.936385][T13304] EXT4-fs (loop3): orphan cleanup on readonly fs [ 363.977740][T13304] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.3848: invalid indirect mapped block 12 (level 1) [ 364.014669][T13304] EXT4-fs (loop3): Remounting filesystem read-only [ 364.032394][T13304] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.3848: invalid indirect mapped block 2 (level 2) [ 364.089537][T13304] EXT4-fs (loop3): Remounting filesystem read-only [ 364.105754][T13304] EXT4-fs (loop3): 1 truncate cleaned up [ 364.130931][T13304] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,jqfmt=vfsv1,noload,errors=remount-ro,i_version. Quota mode: none. [ 364.266384][ T21] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 364.284627][T13292] loop2: detected capacity change from 0 to 32768 [ 364.470282][T13320] loop3: detected capacity change from 0 to 512 [ 364.552985][T13320] EXT4-fs (loop3): orphan cleanup on readonly fs [ 364.579291][T13320] EXT4-fs error (device loop3): ext4_find_extent:929: inode #4: comm syz.3.3856: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0) [ 364.609486][T13281] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 364.675517][T13281] EXT4-fs (loop4): 1 truncate cleaned up [ 364.692416][T13281] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,errors=continue,errors=continue,nodelalloc,,errors=continue. Quota mode: none. [ 364.710601][ T21] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.780015][ T21] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.795599][T13320] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=-117 [ 364.806124][T13320] EXT4-fs warning (device loop3): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 364.838939][ T21] usb 2-1: config 0 interface 0 has no altsetting 0 [ 364.852590][ T21] usb 2-1: New USB device found, idVendor=056a, idProduct=00cc, bcdDevice= 0.00 [ 364.871560][T13320] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 364.872329][ T21] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.914112][ T21] usb 2-1: config 0 descriptor?? [ 364.916489][T13320] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 365.420753][T13338] loop3: detected capacity change from 0 to 512 [ 365.429207][ T21] wacom 0003:056A:00CC.002B: hidraw0: USB HID v0.00 Device [HID 056a:00cc] on usb-dummy_hcd.1-1/input0 [ 365.476914][ T5207] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 365.513964][T13338] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 365.528613][T13338] ext4 filesystem being mounted at /763/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 365.554359][T13338] EXT4-fs warning (device loop3): verify_group_input:165: Last group not full [ 365.658113][ T21] usb 2-1: USB disconnect, device number 32 [ 365.741456][ T5207] usb 3-1: Using ep0 maxpacket: 32 [ 365.861629][ T5207] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 365.870869][ T5207] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 365.887236][ T5207] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 365.899479][ T5207] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 365.945952][ T5207] usb 3-1: config 0 interface 0 has no altsetting 0 [ 366.005060][ T4616] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 366.151540][ T5207] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 366.160652][ T5207] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=6 [ 366.189530][T13352] loop4: detected capacity change from 0 to 128 [ 366.196017][ T5207] usb 3-1: Product: syz [ 366.200186][ T5207] usb 3-1: Manufacturer: syz [ 366.205506][ T5207] usb 3-1: SerialNumber: syz [ 366.211926][ T5207] usb 3-1: config 0 descriptor?? [ 366.273027][ T5207] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 366.298264][T13352] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 366.310064][ T5207] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 366.318791][ T4616] usb 4-1: Using ep0 maxpacket: 8 [ 366.329947][T13358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3871'. [ 366.370983][T13358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3871'. [ 366.407499][T13352] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 366.537901][ T5208] usb 3-1: USB disconnect, device number 23 [ 366.549544][ T5208] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 366.560535][T13362] smb3: Unexpected value for 'acl' [ 366.641873][ T4616] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 366.666749][ T4616] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.680945][ T4616] usb 4-1: Product: syz [ 366.692182][ T4616] usb 4-1: Manufacturer: syz [ 366.696799][ T4616] usb 4-1: SerialNumber: syz [ 366.717679][ T4616] usb 4-1: config 0 descriptor?? [ 366.744740][T13370] IPVS: stopping backup sync thread 7970 ... [ 366.902127][T13376] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) ! [ 366.981604][ T4616] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 367.132243][T13389] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3885'. [ 367.194618][T13394] loop4: detected capacity change from 0 to 64 [ 367.203694][ T4616] usb write operation failed. (-71) [ 367.221669][ T4616] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 367.263393][ T4616] dvbdev: DVB: registering new adapter (Terratec H7) [ 367.297173][ T4616] usb 4-1: media controller created [ 367.331491][ T4616] usb read operation failed. (-71) [ 367.371508][ T4616] usb write operation failed. (-71) [ 367.383788][ T4616] dvb_usb_az6007: probe of 4-1:0.0 failed with error -5 [ 367.408450][ T4616] usb 4-1: USB disconnect, device number 25 [ 367.536479][T13417] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3896'. [ 367.556366][T13412] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3896'. [ 367.937460][T13442] loop3: detected capacity change from 0 to 64 [ 368.001543][ T4616] Bluetooth: hci2: command 0x0811 tx timeout [ 368.100541][T13442] Trying to free block not in datazone [ 368.116844][T13442] Trying to free block not in datazone [ 368.398739][T13471] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3924'. [ 368.510351][T13474] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3926'. [ 368.868141][T13461] loop2: detected capacity change from 0 to 32768 [ 368.877769][T13488] netlink: 'syz.1.3933': attribute type 2 has an invalid length. [ 368.930042][T13467] loop3: detected capacity change from 0 to 32768 [ 369.087885][T13467] XFS (loop3): Mounting V5 Filesystem [ 369.229060][T13513] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3941'. [ 369.243554][T13513] device vlan3 entered promiscuous mode [ 369.249467][T13513] device bridge0 entered promiscuous mode [ 369.295845][T13467] XFS (loop3): Ending clean mount [ 369.329396][T13467] XFS (loop3): Quotacheck needed: Please wait. [ 369.447762][T13467] XFS (loop3): Quotacheck: Done. [ 369.653422][ T4191] XFS (loop3): Unmounting Filesystem [ 369.772858][T13536] CUSE: DEVNAME unspecified [ 369.892688][T13542] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3956'. [ 369.994857][ T21] kernel read not supported for file /dsp (pid: 21 comm: kworker/1:0) [ 370.011627][ T5208] Bluetooth: hci4: command 0x0406 tx timeout [ 370.033898][T13461] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.3920 (13461) [ 371.107895][T13461] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 371.123728][T13461] BTRFS info (device loop2): setting nodatacow, compression disabled [ 371.162136][T13461] BTRFS info (device loop2): trying to use backup root at mount time [ 371.170270][T13461] BTRFS info (device loop2): ignoring data csums [ 371.202212][T13461] BTRFS info (device loop2): setting datacow [ 371.208216][T13461] BTRFS info (device loop2): setting nodatacow, compression disabled [ 371.253967][T13461] BTRFS info (device loop2): turning on flush-on-commit [ 371.260945][T13461] BTRFS info (device loop2): using free space tree [ 371.281366][T13461] BTRFS info (device loop2): has skinny extents [ 371.653770][T13461] BTRFS error (device loop2): open_ctree failed: -12 [ 371.753025][T13613] loop3: detected capacity change from 0 to 40427 [ 371.848770][ T4201] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by udevd (4201) [ 371.903726][T13638] netlink: 192 bytes leftover after parsing attributes in process `syz.2.3992'. [ 371.923117][T13638] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3992'. [ 371.939079][T13613] F2FS-fs (loop3): Found nat_bits in checkpoint [ 372.061826][T13613] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2 [ 372.106290][T13613] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 372.671603][T13653] loop3: detected capacity change from 0 to 2048 [ 372.968665][T13661] loop2: detected capacity change from 0 to 1024 [ 373.044822][T13661] hfsplus: bad catalog entry type [ 373.070071][ T9] hfsplus: b-tree write err: -5, ino 4 [ 373.476996][T13680] netlink: 'syz.2.4012': attribute type 6 has an invalid length. [ 373.491789][T13680] netlink: 'syz.2.4012': attribute type 6 has an invalid length. [ 373.561519][ T5336] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 373.829144][ T4325] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 373.856491][ T5336] usb 5-1: Using ep0 maxpacket: 32 [ 373.955587][T13697] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 374.003490][ T5336] usb 5-1: config 0 interface 0 altsetting 17 endpoint 0x81 has invalid wMaxPacketSize 0 [ 374.023924][ T5336] usb 5-1: config 0 interface 0 altsetting 17 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 374.067003][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 374.094540][T13703] netlink: 'syz.0.4021': attribute type 5 has an invalid length. [ 374.104182][ T5336] usb 5-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 374.134592][ T5336] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.180091][ T5336] usb 5-1: config 0 descriptor?? [ 374.222338][T13705] netlink: 'syz.0.4023': attribute type 2 has an invalid length. [ 374.666213][ T5336] waltop 0003:172F:0037.002C: hidraw0: USB HID v0.00 Device [HID 172f:0037] on usb-dummy_hcd.4-1/input0 [ 374.865278][ T4248] usb 5-1: USB disconnect, device number 30 [ 375.008206][T13701] loop2: detected capacity change from 0 to 32768 [ 375.018916][ C1] ================================================================== [ 375.027731][ C1] BUG: KASAN: use-after-free in __nft_trace_packet+0x135/0x150 [ 375.035295][ C1] Read of size 2 at addr ffff888017bae1c0 by task ksoftirqd/1/20 [ 375.043017][ C1] [ 375.045344][ C1] CPU: 1 PID: 20 Comm: ksoftirqd/1 Not tainted 5.15.189-syzkaller #0 [ 375.053410][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 375.063469][ C1] Call Trace: [ 375.066778][ C1] [ 375.069722][ C1] dump_stack_lvl+0x168/0x230 [ 375.074598][ C1] ? show_regs_print_info+0x20/0x20 [ 375.079806][ C1] ? _printk+0xcc/0x110 [ 375.083986][ C1] ? __nft_trace_packet+0x135/0x150 [ 375.089211][ C1] ? load_image+0x3b0/0x3b0 [ 375.093847][ C1] ? nft_synproxy_do_eval+0x3d3/0x570 [ 375.099240][ C1] print_address_description+0x60/0x2d0 [ 375.104813][ C1] ? __nft_trace_packet+0x135/0x150 [ 375.110019][ C1] kasan_report+0xdf/0x130 [ 375.114446][ C1] ? __nft_trace_packet+0x135/0x150 [ 375.119753][ C1] __nft_trace_packet+0x135/0x150 [ 375.124803][ C1] nft_do_chain+0x120e/0x1420 [ 375.129511][ C1] ? nft_fwd_dup_netdev_offload+0x120/0x120 [ 375.135434][ C1] ? __local_bh_enable_ip+0xcb/0x1b0 [ 375.140750][ C1] ? ipv6_find_tlv+0x270/0x270 [ 375.145553][ C1] nft_do_chain_inet+0x22b/0x300 [ 375.150513][ C1] ? nft_do_chain_arp+0xe0/0xe0 [ 375.155376][ C1] ? nf_nat_ipv6_fn+0x217/0x2d0 [ 375.160249][ C1] ? nf_nat_ipv6_local_fn+0x390/0x390 [ 375.164500][T13701] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 375.164500][T13701] [ 375.165627][ C1] ? ip6table_mangle_hook+0x23c/0x7a0 [ 375.182162][ C1] ? lock_downgrade+0x7b0/0x820 [ 375.187022][ C1] ? nf_nat_ipv6_local_fn+0x390/0x390 [ 375.192412][ C1] ? nft_do_chain_arp+0xe0/0xe0 [ 375.197273][ C1] nf_hook_slow+0xb9/0x200 [ 375.201694][ C1] ? ip6_input+0xa0/0xa0 [ 375.205947][ C1] NF_HOOK+0x1cb/0x360 [ 375.210047][ C1] ? ip6_input+0xa0/0xa0 [ 375.214311][ C1] ? ip6_rcv_core+0x1620/0x1620 [ 375.219182][ C1] ? ip6_input+0xa0/0xa0 [ 375.223448][ C1] ? ip6_rcv_finish_core+0x20d/0x420 [ 375.228749][ C1] ? ip6_rcv_finish+0x16b/0x240 [ 375.233648][ C1] ? refcount_add+0x80/0x80 [ 375.238161][ C1] NF_HOOK+0x2d6/0x360 [ 375.242254][ C1] ? refcount_add+0x80/0x80 [ 375.246786][ C1] ? ip6_rcv_core+0x1620/0x1620 [ 375.251651][ C1] ? refcount_add+0x80/0x80 [ 375.256194][ C1] ? ip6_rcv_finish_core+0x420/0x420 [ 375.261513][ C1] __netif_receive_skb+0xcc/0x290 [ 375.266548][ C1] process_backlog+0x364/0x780 [ 375.271321][ C1] ? rps_trigger_softirq+0x210/0x210 [ 375.276602][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 375.282574][ C1] ? lock_chain_count+0x20/0x20 [ 375.287422][ C1] __napi_poll+0xc0/0x430 [ 375.291740][ C1] ? net_rx_action+0x2db/0x9c0 [ 375.296509][ C1] net_rx_action+0x4a8/0x9c0 [ 375.301100][ C1] ? net_tx_action+0x870/0x870 [ 375.305854][ C1] ? net_tx_action+0x800/0x870 [ 375.310604][ C1] ? detach_timer+0x2b0/0x2b0 [ 375.315272][ C1] ? process_backlog+0x780/0x780 [ 375.320201][ C1] ? lockdep_hardirqs_on_prepare+0x760/0x760 [ 375.326176][ C1] handle_softirqs+0x328/0x820 [ 375.330930][ C1] ? run_ksoftirqd+0x98/0xf0 [ 375.335518][ C1] ? do_softirq+0x200/0x200 [ 375.340027][ C1] ? run_ksoftirqd+0x75/0xf0 [ 375.344602][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 375.349795][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 375.355078][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 375.360260][ C1] run_ksoftirqd+0x98/0xf0 [ 375.364673][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 375.369891][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 375.375268][ C1] ? smpboot_thread_fn+0x5bc/0x970 [ 375.380376][ C1] smpboot_thread_fn+0x4f6/0x970 [ 375.385337][ C1] kthread+0x436/0x520 [ 375.389420][ C1] ? cpu_report_death+0x180/0x180 [ 375.394460][ C1] ? kthread_blkcg+0xd0/0xd0 [ 375.399074][ C1] ret_from_fork+0x1f/0x30 [ 375.403532][ C1] [ 375.406587][ C1] [ 375.408928][ C1] Allocated by task 20: [ 375.413094][ C1] __kasan_slab_alloc+0x9c/0xd0 [ 375.417959][ C1] slab_post_alloc_hook+0x4c/0x380 [ 375.423082][ C1] kmem_cache_alloc_node+0x12d/0x2d0 [ 375.428369][ C1] __alloc_skb+0xf4/0x750 [ 375.432694][ C1] synproxy_send_client_synack_ipv6+0x15b/0xc50 [ 375.438950][ C1] nft_synproxy_eval_v6+0x36b/0x560 [ 375.444152][ C1] nft_synproxy_do_eval+0x3d3/0x570 [ 375.449445][ C1] nft_do_chain+0x3fc/0x1420 [ 375.454037][ C1] nft_do_chain_inet+0x22b/0x300 [ 375.458998][ C1] nf_hook_slow+0xb9/0x200 [ 375.463436][ C1] NF_HOOK+0x1cb/0x360 [ 375.467518][ C1] NF_HOOK+0x2d6/0x360 [ 375.471603][ C1] __netif_receive_skb+0xcc/0x290 [ 375.476645][ C1] process_backlog+0x364/0x780 [ 375.481417][ C1] __napi_poll+0xc0/0x430 [ 375.485756][ C1] net_rx_action+0x4a8/0x9c0 [ 375.490360][ C1] handle_softirqs+0x328/0x820 [ 375.495145][ C1] run_ksoftirqd+0x98/0xf0 [ 375.499576][ C1] smpboot_thread_fn+0x4f6/0x970 [ 375.504538][ C1] kthread+0x436/0x520 [ 375.508615][ C1] ret_from_fork+0x1f/0x30 [ 375.513046][ C1] [ 375.515376][ C1] Freed by task 20: [ 375.519184][ C1] kasan_set_track+0x4b/0x70 [ 375.523794][ C1] kasan_set_free_info+0x1f/0x40 [ 375.528748][ C1] ____kasan_slab_free+0xd5/0x110 [ 375.533815][ C1] slab_free_freelist_hook+0xea/0x170 [ 375.539198][ C1] kmem_cache_free+0x8f/0x210 [ 375.543893][ C1] nft_synproxy_eval_v6+0x373/0x560 [ 375.549113][ C1] nft_synproxy_do_eval+0x3d3/0x570 [ 375.554338][ C1] nft_do_chain+0x3fc/0x1420 [ 375.558949][ C1] nft_do_chain_inet+0x22b/0x300 [ 375.563911][ C1] nf_hook_slow+0xb9/0x200 [ 375.568334][ C1] NF_HOOK+0x1cb/0x360 [ 375.572431][ C1] NF_HOOK+0x2d6/0x360 [ 375.576511][ C1] __netif_receive_skb+0xcc/0x290 [ 375.581547][ C1] process_backlog+0x364/0x780 [ 375.586329][ C1] __napi_poll+0xc0/0x430 [ 375.590676][ C1] net_rx_action+0x4a8/0x9c0 [ 375.595277][ C1] handle_softirqs+0x328/0x820 [ 375.600047][ C1] run_ksoftirqd+0x98/0xf0 [ 375.604476][ C1] smpboot_thread_fn+0x4f6/0x970 [ 375.609433][ C1] kthread+0x436/0x520 [ 375.613519][ C1] ret_from_fork+0x1f/0x30 [ 375.617951][ C1] [ 375.620277][ C1] The buggy address belongs to the object at ffff888017bae140 [ 375.620277][ C1] which belongs to the cache skbuff_head_cache of size 232 [ 375.634858][ C1] The buggy address is located 128 bytes inside of [ 375.634858][ C1] 232-byte region [ffff888017bae140, ffff888017bae228) [ 375.648146][ C1] The buggy address belongs to the page: [ 375.653787][ C1] page:ffffea00005eeb80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17bae [ 375.663941][ C1] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 375.671500][ C1] raw: 00fff00000000200 0000000000000000 0000000b00000001 ffff88801b5e5140 [ 375.680088][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 375.688670][ C1] page dumped because: kasan: bad access detected [ 375.695087][ C1] page_owner tracks the page as allocated [ 375.700796][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 20, ts 187845443901, free_ts 177456800259 [ 375.718248][ C1] get_page_from_freelist+0x1b77/0x1c60 [ 375.723808][ C1] __alloc_pages+0x1e1/0x470 [ 375.728514][ C1] new_slab+0xc0/0x4b0 [ 375.732671][ C1] ___slab_alloc+0x81e/0xdf0 [ 375.737266][ C1] kmem_cache_alloc_node+0x1c3/0x2d0 [ 375.742552][ C1] __alloc_skb+0xf4/0x750 [ 375.746883][ C1] synproxy_send_client_synack+0x169/0xdd0 [ 375.752701][ C1] nft_synproxy_eval_v4+0x36b/0x560 [ 375.757912][ C1] nft_synproxy_do_eval+0x341/0x570 [ 375.763121][ C1] nft_do_chain+0x3fc/0x1420 [ 375.767721][ C1] nft_do_chain_inet+0x22b/0x300 [ 375.772664][ C1] nf_hook_slow+0xb9/0x200 [ 375.777093][ C1] NF_HOOK+0x1cb/0x360 [ 375.781254][ C1] NF_HOOK+0x2d6/0x360 [ 375.785322][ C1] __netif_receive_skb+0xcc/0x290 [ 375.790346][ C1] process_backlog+0x364/0x780 [ 375.795115][ C1] page last free stack trace: [ 375.799785][ C1] free_unref_page_prepare+0x637/0x6c0 [ 375.805257][ C1] free_unref_page+0x94/0x280 [ 375.809939][ C1] kasan_depopulate_vmalloc_pte+0x67/0x80 [ 375.815683][ C1] __apply_to_page_range+0x95c/0xc80 [ 375.820978][ C1] kasan_release_vmalloc+0x93/0xb0 [ 375.826100][ C1] __purge_vmap_area_lazy+0xc6e/0x18f0 [ 375.831561][ C1] _vm_unmap_aliases+0x410/0x4a0 [ 375.836499][ C1] change_page_attr_set_clr+0x311/0xc10 [ 375.842046][ C1] set_memory_ro+0x89/0xd0 [ 375.846462][ C1] bpf_int_jit_compile+0xc4a8/0xcc80 [ 375.851752][ C1] bpf_prog_select_runtime+0x74f/0xaa0 [ 375.857217][ C1] bpf_prog_load+0x106e/0x1550 [ 375.861990][ C1] __sys_bpf+0x4c2/0x670 [ 375.866236][ C1] __x64_sys_bpf+0x78/0x90 [ 375.870660][ C1] do_syscall_64+0x4c/0xa0 [ 375.875080][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 375.880988][ C1] [ 375.883312][ C1] Memory state around the buggy address: [ 375.888946][ C1] ffff888017bae080: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 375.897016][ C1] ffff888017bae100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 375.905083][ C1] >ffff888017bae180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.913143][ C1] ^ [ 375.919301][ C1] ffff888017bae200: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 375.927372][ C1] ffff888017bae280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.935431][ C1] ================================================================== [ 375.943502][ C1] Disabling lock debugging due to kernel taint [ 375.949707][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.955754][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 375.962952][ C1] CPU: 1 PID: 20 Comm: ksoftirqd/1 Tainted: G B 5.15.189-syzkaller #0 [ 375.972408][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 375.982462][ C1] Call Trace: [ 375.985736][ C1] [ 375.988664][ C1] dump_stack_lvl+0x168/0x230 [ 375.993349][ C1] ? show_regs_print_info+0x20/0x20 [ 375.998545][ C1] ? load_image+0x3b0/0x3b0 [ 376.003055][ C1] panic+0x2c9/0x7f0 [ 376.006957][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 376.011464][ C1] ? _raw_spin_unlock_irqrestore+0xa5/0x100 [ 376.017365][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 376.023268][ C1] ? _raw_spin_unlock+0x40/0x40 [ 376.028126][ C1] ? print_memory_metadata+0x314/0x400 [ 376.033607][ C1] ? __nft_trace_packet+0x135/0x150 [ 376.038809][ C1] check_panic_on_warn+0x80/0xa0 [ 376.043763][ C1] ? __nft_trace_packet+0x135/0x150 [ 376.048970][ C1] end_report+0x6d/0xf0 [ 376.053136][ C1] kasan_report+0x102/0x130 [ 376.057645][ C1] ? __nft_trace_packet+0x135/0x150 [ 376.062845][ C1] __nft_trace_packet+0x135/0x150 [ 376.067880][ C1] nft_do_chain+0x120e/0x1420 [ 376.072565][ C1] ? nft_fwd_dup_netdev_offload+0x120/0x120 [ 376.078466][ C1] ? __local_bh_enable_ip+0xcb/0x1b0 [ 376.083763][ C1] ? ipv6_find_tlv+0x270/0x270 [ 376.088534][ C1] nft_do_chain_inet+0x22b/0x300 [ 376.093478][ C1] ? nft_do_chain_arp+0xe0/0xe0 [ 376.098336][ C1] ? nf_nat_ipv6_fn+0x217/0x2d0 [ 376.103188][ C1] ? nf_nat_ipv6_local_fn+0x390/0x390 [ 376.108558][ C1] ? ip6table_mangle_hook+0x23c/0x7a0 [ 376.113932][ C1] ? lock_downgrade+0x7b0/0x820 [ 376.118790][ C1] ? nf_nat_ipv6_local_fn+0x390/0x390 [ 376.124205][ C1] ? nft_do_chain_arp+0xe0/0xe0 [ 376.129070][ C1] nf_hook_slow+0xb9/0x200 [ 376.133494][ C1] ? ip6_input+0xa0/0xa0 [ 376.137739][ C1] NF_HOOK+0x1cb/0x360 [ 376.141807][ C1] ? ip6_input+0xa0/0xa0 [ 376.146053][ C1] ? ip6_rcv_core+0x1620/0x1620 [ 376.150910][ C1] ? ip6_input+0xa0/0xa0 [ 376.155152][ C1] ? ip6_rcv_finish_core+0x20d/0x420 [ 376.160441][ C1] ? ip6_rcv_finish+0x16b/0x240 [ 376.165300][ C1] ? refcount_add+0x80/0x80 [ 376.169812][ C1] NF_HOOK+0x2d6/0x360 [ 376.173900][ C1] ? refcount_add+0x80/0x80 [ 376.178403][ C1] ? ip6_rcv_core+0x1620/0x1620 [ 376.183254][ C1] ? refcount_add+0x80/0x80 [ 376.187757][ C1] ? ip6_rcv_finish_core+0x420/0x420 [ 376.193041][ C1] __netif_receive_skb+0xcc/0x290 [ 376.198067][ C1] process_backlog+0x364/0x780 [ 376.202836][ C1] ? rps_trigger_softirq+0x210/0x210 [ 376.208126][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 376.214113][ C1] ? lock_chain_count+0x20/0x20 [ 376.218980][ C1] __napi_poll+0xc0/0x430 [ 376.223319][ C1] ? net_rx_action+0x2db/0x9c0 [ 376.228087][ C1] net_rx_action+0x4a8/0x9c0 [ 376.232685][ C1] ? net_tx_action+0x870/0x870 [ 376.237448][ C1] ? net_tx_action+0x800/0x870 [ 376.242213][ C1] ? detach_timer+0x2b0/0x2b0 [ 376.246894][ C1] ? process_backlog+0x780/0x780 [ 376.251835][ C1] ? lockdep_hardirqs_on_prepare+0x760/0x760 [ 376.257827][ C1] handle_softirqs+0x328/0x820 [ 376.262601][ C1] ? run_ksoftirqd+0x98/0xf0 [ 376.267196][ C1] ? do_softirq+0x200/0x200 [ 376.271701][ C1] ? run_ksoftirqd+0x75/0xf0 [ 376.276289][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 376.281486][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 376.286770][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 376.291968][ C1] run_ksoftirqd+0x98/0xf0 [ 376.296383][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 376.301578][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 376.306950][ C1] ? smpboot_thread_fn+0x5bc/0x970 [ 376.312066][ C1] smpboot_thread_fn+0x4f6/0x970 [ 376.317010][ C1] kthread+0x436/0x520 [ 376.321081][ C1] ? cpu_report_death+0x180/0x180 [ 376.326108][ C1] ? kthread_blkcg+0xd0/0xd0 [ 376.330700][ C1] ret_from_fork+0x1f/0x30 [ 376.335126][ C1] [ 376.338421][ C1] Kernel Offset: disabled [ 376.342745][ C1] Rebooting in 86400 seconds..