last executing test programs: 3.087728002s ago: executing program 0 (id=3599): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x414, &(0x7f00000000c0)=ANY=[], 0x1, 0x2c3, &(0x7f0000000100)="$eJzs3EFrE2sUxvFzm94mTWmTC5eCgnrQjd0MbfwAGqQFMaDWpqgLYWonGjImZSZUUsRmI279HMVld4L6BboRN+7dFUF0YRfiiJmknbSTNNUmpvb/gzInec+TvKUknBTybt56/rCQc42cWZaBmMqASFW2RJI/q7p/6teBWj0kQVWZGPny/tTN23eupjOZ6KzqTHruQkpVx868evT4xdk35ZH59bGXUdlI3t38lPqwMb5xYvP73IO8q3lXi6WymrpQKpXNBdvSxbxbMFSv25bpWpovupbTtJ6zS0tLFTWLi6PxJcdyXTWLFS1YFS2XtOxU1Lxv5otqGIaOxuV4G+ygJ7s2O2umWy57kUPdEbpuOOxOx0lXRWRo72J2rRebAgAA/aX9/O/P+q3n/8y8f23M/9OHM/+LMP93SbXp1j7zP/4KjpM24/XXbzPmfwAAAAAAAAAAAAAAAAAAAAAAjoItz0t4npdoXBs/URGJiUjj9p/eJ7pjv7//5/DYxV7vE90R+OJeTMR+tpxdzvpXfz2dk7zYYsmkJORb7f2gzq9nrmSmJ7Xmq+d5q/X86nI2ItFGviEZlj/935SfV3ltB/L/Sjz4/ClJyP/hz58KzQ/dOH8ukDckIW/vSUlsWay9r+3kn0ypXr6W2ZUfrvW1FHrSAgAAAAAA/cnQbcnmz7/+2Y9GrSEme9f9/AH+P7Dr8/WgnOzkiEoAAAAAAPDb3MpKwbRtywkp1kWkxVKtiIpIm/hxLSLSF9vYVVwSkT7YRq+KmIj49+gvxMc/bsc7Snkd9Azu82rqtyL0wGAAAAAAR9jO0H+A0LunXdwRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHT9tjwCZG/KbKSqHR39QTfKA2jxPoivTuNwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6z48AAAD//0vYF3I=") syz_emit_ethernet(0x4a, &(0x7f0000000040)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x2, 0x4}}}}}}}, 0x0) syz_emit_ethernet(0x4f, &(0x7f00000001c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "a12600", 0x19, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x0, {[@fastopen={0x22, 0x2}]}}, {'`'}}}}}}}, 0x0) 2.661444617s ago: executing program 0 (id=3604): r0 = socket(0x23, 0x80805, 0x0) listen(r0, 0x0) connect$phonet_pipe(r0, &(0x7f0000000080)={0x23, 0x0, 0x8, 0xaa}, 0x10) 2.382686159s ago: executing program 3 (id=3606): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004840)={0x38, r1, 0x731, 0x0, 0x0, {0x38}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x73}}}]}, 0x38}, 0x1, 0x2, 0x0, 0x1bb5818a0d1752a}, 0x4890) 2.364000121s ago: executing program 0 (id=3608): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000900)='./file1\x00', 0x8c0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4", @ANYRESHEX], 0x1, 0x4438, &(0x7f0000004480)="$eJzs3b9vHFkdAPDvjH2cHS6HfVxxSEisxEkgQNb6KsAn4ThOfHZiggKJEM1mbW8Sw9ob2WtEkcJ0kaiQKBBFBBKdq8gFbfgTaChDHQkKGiSkCKPdnbU9Y6+8sbw2CZ9P4fG838535s2bYvLSTPPh6mZpdbNUXS81lu9vflL6eaO+tVaL9Jwc9D8dEVn/75xf//RnENfJRV97/89uXb3+w7ufRPx55a8v9/b29qJlOI41eej3f/3z8fLhY1daqNNq9/jWzspPIuLDI+NqGYqIH/8pIomIK1naTHYcjYjL0cm7+/hX90pnNJpnL2qfVl4tPtmd+nhh5+lu7789ifhd/UvferD2968OTf3tG2fUPQAAAAAAAAAAAAAAAAAAb7i527fu/KA8Gc+TGN5Jjn6vO5cde30fu3dmvjL4PxYAAAAAAAAAAAAAAAAAAAD+Rx18/19KPjjm+//Z7Djdo/7e9wY/RgZn/vu3Zq+VJ7P935Mj+d/Okv5xZSjGD/ZXfyd67P9+pVD/+P3fj/ZzWt3xtfsdaredTrQH2DEWaToxEfGHbOP3j5JLab2x2fzm/cbW+sqZDeONlY9/Z/f+XHSyDf0L8e+5//9Mof3B7///xSNXU+v83tldYm+1fPyHepb74y+TvuJ/tVDvPOLP6eXjP9xOGz1cYLozAbTi/+vhk+M/W2h/UPF/PyJKSWuspdwM0FrDtNJ7rVfIy8e/89TMTZ3ZP2Sv+//fhfhfK7R/UfP/dvFBxLHy8f9cO20kV+Lg/h9PT77/rxfav4j4t8a/7fnfl3z83+0kDueKlOM15v+5QvuDiv+dNBvn+0nuCthJOum9/r868vLxHzmSf/D+l/a1/vusUP+83v+6/Y5l73/d6f/rSef9j+Pl4z/as1y/9/98od6g5//p9vqP08rH/1I7Lb92Hmv/7Df+C4X2BxX/9qpkpBv/g/nkP+920n9v/deXfPw/30lMD5fYbv9sr/+Sk9f/NwrtX8T6rzX+7XSwvb4t8vF/r2e5Vvz/0sfz/2ah3uDjH1G21j+1fPwv9yzXvv9HTo7/YqHeoOP/tUE2DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAGmMmOY5GkE7nzNJ2YiLianX8Ul5Kl6kplqd5Y/tlmxGyWXooPkgf1xlK1Xlldb6zUKtV6vbEccS3L/zBGks16o1lZqz66vt/WaPKwVt1oLtWqzYiYy9K/HJe7bS2tNteqjyLis/28L6SNjUcPq+uVldWN75bL5XLM749hPKn9ollbb3Z67+RGLOzXHUsODa6dfWN/LO8lP21sbaxX6+30m4fq1BvL1fqhOotZ3m9iPGlubK0vV5u1Sr3xoNvfRZrOjrPzt390++bkkfx7Sec4c77DAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA1PZ/6zm8jYrhzlkbEdPeX5Ljyz17UPq28WnyyO/Xxws7T3Ze9ygEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwX3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAeZ7eu4+3uolIcbW5jPj7+l8c5i+l/tyP3784w4yczvNr9/BYN+Xf01F+V46Wbd6l69X3Z4zU3u9gT4b7tNf3uZ6ca2rfpubr+95EylVEtCW/TTlX1by3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CsAAP//Zqsc7Q==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0) 2.104181832s ago: executing program 3 (id=3610): r0 = semget$private(0x0, 0x20000000102, 0x0) semop(r0, &(0x7f0000000240)=[{0x3, 0x0, 0x1800}], 0x1) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000140)=""/65) 1.666217527s ago: executing program 2 (id=3615): r0 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@filter={'filter\x00', 0xe, 0x4, 0x90, [0x0, 0x200000002800, 0x2000000033c4, 0x2000000034e2], 0x0, 0x0, 0x0}, 0x1b3) 1.666029887s ago: executing program 3 (id=3616): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f00000003c0)) 1.665949667s ago: executing program 4 (id=3617): mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4) r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x200, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x40084503, &(0x7f0000ffcffc)=0xfa) 1.453432334s ago: executing program 3 (id=3618): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000c00)={0x53, 0xfffffffffffffffc, 0x6, 0x62, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000ac0)="410489452051", 0x0, 0x4, 0x4, 0xffffffffffffffff, 0x0}) 1.38795813s ago: executing program 4 (id=3619): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000000), 0x4) 1.368190141s ago: executing program 2 (id=3620): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 1.342899053s ago: executing program 1 (id=3621): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f022}) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000180)={0x2, 0x102, 0x1, {0x7, 0x23, 0x107, 0x7}}) 1.171881576s ago: executing program 3 (id=3622): syz_emit_ethernet(0x36, &(0x7f0000000080)={@broadcast, @random="00005403cb00", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "03136c", 0x0, 0x87, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2}}}}, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x48) 1.165787437s ago: executing program 2 (id=3623): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000000780)={[{@uid_forget}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@gid_ignore}, {@gid}, {@noadinicb}, {@iocharset={'iocharset', 0x3d, 'cp874'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x80086c42, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"}) 1.137542119s ago: executing program 4 (id=3624): r0 = socket$inet(0x2, 0x2, 0x73) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendto$inet(r0, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20, @loopback}, 0x10) 1.113378841s ago: executing program 1 (id=3625): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@getstat={0xe0, 0x15, 0x0, 0x70bd29, 0x0, {{'drbg_pr_hmac_sha384\x00'}, '\x00', '\x00', 0x0, 0x2400}}, 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$nl_crypto(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0) 926.098206ms ago: executing program 3 (id=3626): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) mbind(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000000300)=0x2, 0x1ff, 0x3) 851.978632ms ago: executing program 2 (id=3627): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x28, r1, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x28}, 0x4, 0x700000000000000}, 0x8850) 837.301073ms ago: executing program 1 (id=3628): bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x8, 0x9, 0x0, 0x682, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x4, 0xd}, 0x50) r0 = io_uring_setup(0x3720, &(0x7f0000000ac0)={0x0, 0x22e8, 0x40, 0x2, 0x31}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000040)=[@ioring_restriction_sqe_flags_required={0x3, 0xb}, @ioring_restriction_sqe_flags_allowed={0x2, 0xe}], 0x4f) 818.433335ms ago: executing program 4 (id=3629): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f0000000740)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYRESDEC, @ANYBLOB=',session=0000\x00000000000000005,\x00'], 0x90, 0xc38, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNiOSEml9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSoWwEAPExXRr5y+qz7PwA8Vq75/38AAAAAAAAAAAAAANjvUhTxZKSYubKSxqr3HfXL7b47d0eHhjevdiRVNQ9V5cuf+pmz585/8YXBC9283J76gPq77dPx2si1S42Xp2/PzE7MzU2MN0an2jemxye2vYed1t/oZHUCGrdfvzN+8+Zc4+zz59Z9fHfg/f4njg9cHHz21DPdsqNDw8Mja0XqveVrD9yQjq1meByOIk5Fiue++5PUiogidn4u6g937Dc6UnXiZNWJ0aHhqiOT7dbUfPnh1e6JKCIaPZWa3XO0+VhEre+h9mFrzYiFsvllg0+W3RuZac22rk9ONK62Zufb8+3pqaup09qyP40o4kKKWIyI5f77d9cXRdQixbePraTrEXGoex6+UE0M3rodxR72cRvKdjb6IhaLAzBm+1h/FPFqpPjpOyfiRr7OVNeaz0e8Wub3I94q86WIVH4xzke8t8n3iIOpFkX8ZTn+F1fSeHU96F5XLn+18eWpm9M9ZbvXlV/y/nDfleIR3R+ObMiHY59fm+pRRKu64q+kB//NDgAAAAAAAAAAAAAAAAC77UgU8alI8cp//Ek1rziqeenHLg7+4cCv9s4Zf/pD9lOWfT4iFortzck9nCcGXk1XU3rEc4kfZ/Uo4k/z/L9vPurGAAAAAAAAAAAAAAAAAAAAPNaK+HGkePHdE2kxetcUb0/dalxrXZ/srArbXfu3u2b66urqaiN1splzLOdCzsWcSzmXc0aR6+ds5hzLuZBzMedSzuWccSjXz9nMOZZzIedizqWcyzmjluvnbOYcy7mQczEvur+U3y/njH2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEdJEUX8PFJ86+srKVJENCPGopNL/Y+6dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAqT8V8b1I0fij5r1ttYhI1b8dJ8pfzkfzcJkfj+ZgmS9F81LOVpW15jcfQfvZmb5UxI8iRX/97XsDnse/r/Pu3tcg3vrG2rtP1zp5qPvhwPv9Txw/dnFw+Dee3up12qwBJy+3p+7cbYwODQ+P9Gyu5aN/vGfbQD5usTtdJyLm3njz9dbk5MTsg78ovwI7qH6AXqTa49LTg/3iN3drh1HbD915NC8e9ZWJh6G8/78XKX733f/s3vA79/96/Ern3b07fPzsz9bu/y9u3NE27/+1jfXy/b+8p292/3+yZ9uL+XcjfbWI+vztmb7jEfW5N9481b7dujVxa2Lq/OnTXxoc/NK5032HI+o325MTPa925XQBAAAAAAAAAAAAAAAAPDypiN+PFK0fraRGRNyt5msNXBx89tQzh+JQNd9q3bzt10auXWq8PH17ZnZibm5ivDE61b4xPT6x3cPVq+leo0PDe9KZD3Vkj9t/pP7y9Mwbs+1bfzy/6edH65euz83Ptm5s/nEciSKi2bvlZNXg0aHhqtGT7dZUVfXqppPpf3l9qYj/ihQ3zjfSZ/O2PP9/4wz/dfP/FzbuaI/m/3+sZ1t5zJSK+Fmk+J2/ejo+W7XzaNx3znK5v4sUJy98JpeLw2W5bhs6zxXozAwsy/5fpPinn68v250P+eRa2TPbPrEHRDn+xyLF9/7iO/Fbedv65z9sPv5HN+5oj8b/qZ5tR9c9r2DHXSeP/6lI8dKTb8fn8rYPev5H99kbJ3Lhe8/n2KPx/0TPtoF83N/ena4DAAAAAAAAAAAcaH2piL+PFD8YrqUX8rbt/P2/8Y072qO///XJnm3ju7Ne0Ye+2PFJBQAAAIB9oi8V8eNIcWv+7XtzqNfP/+6Z//l7a/M/h9KGT6s/5/u16rkBu/nnf70G8nHHdt5tAAAAAAAAAAAAAAAAAAAA2FdSKuKFvJ76WDWff3zL9dSXIsUr//NcLpeOl+W668APVL/Wr0xPnbo0OTl9ozXfuj450RiZad2YKOs+FSlW/vYzuW5Rra/eXW++s8b72lrss5Fi+B+6ZTtrsXfXJn9qreyZsuzHIsV//+P6sp/L5T6xVvZsWfZvIsXX/uX+sqXja2XPlWW/Eyl++LVGt+zRsmz3+aifXCv7/I3pYo9GBgAAAAAAAAAAAAAAAAAAgMdJXyrizyPF/95evDeXP6//39fztvLWN3rW+9/gbrXO/0C1/v9Wrx9k/f/quQILWx0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+mlIU8WakmLmykpb6y/cd9cvtqTt3R4eGN692JFU1D1Xly5/6mbPnzn/xhcEL3fzg+rvtU/HayLVLjZenb8/MTszNTYw3RqfaN6bHJ7a9h53W3+hkdQIat1+/M37z5lzj7PPn1n18d+D9/ieOD1wcfPbUM92yo0PDwyM9ZWp9D3z0+6Qtth+OIv46Ujz33Z+kH/RHFLHzc/Eh3529dqTqxMmqE6NDw1VHJtutqfnyw6vdE1FENHoqNbvn6CGMxY40IxbK5pcNPll2b2SmNdu6PjnRuNqanW/Pt6enrqZOa8v+NKKICyliMSKW++/fXV8U8Xqk+PaxlfSv/RGHuufhC1dGvnL67NbtKPawj9tQtrPRF7FYHIAx28f6o4h/jhQ/fedE/Ft/RC06P/H5iFfL/H7EW9EZ71R+Mc5HvLfJ94iDqRZF/H85/hdX0jv95fWge125/NXGl6duTveU7V5XDvz94WHa59emehTxw+qKv5L+3X/XAAAAAAAAAAAAAAAAAPtIEb8eKV5890Sq5gffm1PcnrrVuNa6PtmZ1ted+9edM726urraSJ1s5hzLuZBzMedSzuWcUeT6OZtl1ldXx/L7hZyLOZdyLueMQ7l+zmbOsZwLORdzLuVczhm1XD9nM+dYzoWcizmXci7njH0ydw8AAAAAAAAAAAAAAAAAAPhoKap/Unzr6ytptb+zvvRYdHLJeqAfeb8IAAD//1qT9HY=") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x194) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 634.56662ms ago: executing program 0 (id=3630): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$netlink(r0, 0x10e, 0xa, 0x0, &(0x7f0000001340)) 605.142362ms ago: executing program 2 (id=3631): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='percpu_alloc_percpu\x00', r0}, 0x10) io_uring_setup(0x1612, &(0x7f0000000200)={0x0, 0x0, 0x800}) 558.532676ms ago: executing program 1 (id=3632): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b0400000000000000000200fffe2c0004802800018007000100637400001c0002800800014000000002080002400000001405e10200000000000900010073797a30000000000900020073797a32"], 0x80}}, 0x24004800) 307.896826ms ago: executing program 2 (id=3633): syz_mount_image$hfs(&(0x7f0000000300), &(0x7f0000000880)='./file7\x00', 0xc10, &(0x7f0000000180)=ANY=[], 0x3, 0x308, &(0x7f00000004c0)="$eJzs3b1rFEEYBvBndu8uFw1xTSIBy2jASjQ2YhOR/A1ioWLMnRBuiZBEMDYe1iJ2fnQWdtZiY2kftBatxMI+163MO7O5vdx+3efm9PlBjvV2Zvad/XznYB0Q0X/rxtqP91d+6T8FuHABXAMcAFWgBOAMFquPtnY3d/16La0hV2roPwVTU3WV2diqx1XV9aSG5el/lTAT/Y5GIwiC4Oc3N73MqbGFQwWRqz/oPg8cYMpenbKyWkRwI9AsOoCCqRZaeIzZouMgIqJi6ed/2ST++jk/Y/N3xwGW7WN/wp7/6Vlra3yBHEuR57+MsgKlj6/sMtUe78kQTq93wlFiSouJayowiWRHdqmyRpUSizP9YNOvX9x46NccPMOqFSm2IJ81c+qGMqJdSgk2Rnbfk0iPnbLuw0pC/PP9bPFV76EcOgjUvrqrPLxFDbP2oJQC2SNypDyJ2zusYOK/JMs3yzEtntQfSkmphF6elo2ctVvApw85ellF4rC0Yts0p+5T86UXxvmyklJrDp0/K5jeXU7akq01H1trJaPWQrvW7/DOac/m5Jr9S+j2EeqFuqWW8AcfsRbJ/x29t5elQLjbU4JUUtKeGan9KUlJL0dgTq7wKa+4S7XtOe7jKmZ39p401n2/vp134fP3HgoPa+HNO7PgDtJO2POuVSUMGmEwZZoe1U7oM0J9y+mhVnjCDDP4SswOB9C034THJLGd8J4WtwnVfSgnZQEDt+NiCo3wnjm0wOzebjbWfbMUnyhN93tPomMmcntcvJ1dPBhHTDRW+h6izPhPMnmT1V2Xdfry9yRPLyMuT888H6TF13f2zfAhMjZoJ6tz8nmilxFcWqYb6UPqmOvcBeA82nnn0S1+6WzWs3H+I9QavuIef/8nIiIiIiIiIiIiIiIiIiIiIiIiIpo0mS8GHATbO3v29ZY+3wwpuItERERERERERERERERERERERERERERERBMvbf5fmSMzY/7f8M2A5Pl/I/+rd/b8v6u6oYT5f7tmA4qdOomIcvsbAAD//wpUabs=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be00000000e22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce539f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ff0f9fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0xc34) 306.077966ms ago: executing program 0 (id=3634): r0 = socket$inet(0x2, 0x6, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 245.263921ms ago: executing program 1 (id=3635): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, 0x0, &(0x7f0000000000)) 203.288624ms ago: executing program 4 (id=3636): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000080)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20) 575.7µs ago: executing program 1 (id=3637): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz2\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 200.161µs ago: executing program 0 (id=3638): memfd_create(&(0x7f0000000100)='+\x88\xc7s\x00\x00\x942nodev\x00\x00\x8cZ_Pv\x03\xa7\xc1\b\xec\x90Q\x85\x83\xcd\x16\xdcw\'\x8a\xe5N\x8c\x17\xfd\xc5\xad\xd5y\x15\x1fx\x17\f\xbc\xd1.\x8cA\x17\x86\xb7-j!Y\x92\xd9\xc4\r8\xd0\xc9X\xa7\x11\xa3\xf0\x8a*\xbc\x87\xcd\x1fl\xfc\xf3]\xb8\xbd\x02\v<\fl\xa6]\xa5\xfb\x05\xcb\x9c\xe2\xc8\x05\xa5\xa5\xeb\xa9\xef\xe3\xf1b\x81\xec\xac\xb6\x80\xd5\xf5S\x85\x06O\x05\xb8\xa1\x15\xcc\x17\xe8s\x95\x95B\xee_\x98\x91)\xe7\xa8+\x8c\xee\x83@q\x16\xcf3\x0f\x81\xa8\xa9`i\x01m:\xcc\x1c\xed<\xcfA3n\xfd\n>\x03\xae\f \xdbH\'\x05\x82\xdbLE\x14\xcdq\x1abcf\xdb8\xe9a\xa8\x00'/201, 0x2) r0 = socket$inet(0x2, 0x4000000805, 0x0) sendmmsg(r0, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000084000000"], 0x18}}], 0x2, 0x844) 0s ago: executing program 4 (id=3639): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0x69) kernel console output (not intermixed with test programs): 228.620362][ T7] usb 2-1: Product: syz [ 228.631149][ T7] usb 2-1: Manufacturer: syz [ 228.644300][ T7] usb 2-1: SerialNumber: syz [ 228.667157][ T7] usb 2-1: config 0 descriptor?? [ 228.703002][ T7] dvb-usb: found a 'Leadtek - USB2.0 Winfast DTV dongle' in warm state. [ 228.736059][ T7] dvb-usb: bulk message failed: -22 (3/0) [ 228.800972][ T7] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 228.820497][ T7] dvbdev: DVB: registering new adapter (Leadtek - USB2.0 Winfast DTV dongle) [ 228.851341][ T7] usb 2-1: media controller created [ 228.886171][ T8930] loop3: detected capacity change from 0 to 2048 [ 228.943375][ T8930] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 228.975807][ T7] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 229.069453][ T7] dvb-usb: bulk message failed: -22 (6/0) [ 229.091886][ T7] dvb-usb: bulk message failed: -22 (6/0) [ 229.120518][ T7] dvb-usb: no frontend was attached by 'Leadtek - USB2.0 Winfast DTV dongle' [ 229.193233][ T7] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9 [ 229.240146][ T7] dvb-usb: schedule remote query interval to 150 msecs. [ 229.271521][ T7] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully initialized and connected. [ 229.297565][ T7] usb 2-1: USB disconnect, device number 5 [ 229.470621][ T7] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully deinitialized and disconnected. [ 229.981989][ T8964] loop2: detected capacity change from 0 to 2048 [ 230.038575][ T8964] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 230.355924][ T8976] (unnamed net_device) (uninitialized): option ad_select: invalid value (105) [ 231.143733][ T9010] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 231.193156][ T9012] No such timeout policy "syz1" [ 231.285535][ T4310] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 231.502303][ T4310] usb 4-1: Using ep0 maxpacket: 16 [ 231.509481][ T4310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024 [ 231.563423][ T4310] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 231.593783][ T4310] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 231.626934][ T4310] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 231.667880][ T4310] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.694824][ T4310] usb 4-1: Product: syz [ 231.709439][ T4310] usb 4-1: Manufacturer: syz [ 231.718982][ T4310] usb 4-1: SerialNumber: syz [ 231.754491][ T4310] usb 4-1: config 0 descriptor?? [ 231.765214][ T9004] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 231.780142][ T9004] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 231.807566][ C1] port100 4-1:0.0: NFC: Urb failure (status -71) [ 231.825516][ C1] port100 4-1:0.0: NFC: Urb failure (status -71) [ 231.834152][ T4310] port100 4-1:0.0: NFC: Could not get supported command types [ 232.005261][ T9034] loop4: detected capacity change from 0 to 16 [ 232.049594][ T9034] erofs: (device loop4): mounted with root inode @ nid 36. [ 232.068284][ T6101] usb 4-1: USB disconnect, device number 12 [ 232.105693][ T9034] erofs: (device loop4): z_erofs_readahead: readahead error at page 2 @ nid 9895604650073 [ 232.148000][ T4273] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -20 in[4096, 0] out[8192] [ 232.170204][ T9034] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -20 in[4096, 0] out[4096] [ 232.326372][ T9022] loop1: detected capacity change from 0 to 32768 [ 232.388943][ T9022] (syz.1.2118,9022,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 232.444596][ T9022] (syz.1.2118,9022,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 232.455666][ T9030] loop0: detected capacity change from 0 to 32768 [ 232.517562][ T9022] JBD2: Ignoring recovery information on journal [ 232.578202][ T9022] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 232.607617][ T9026] loop2: detected capacity change from 0 to 32768 [ 232.626370][ T9030] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 232.788207][ T9026] XFS (loop2): Mounting V5 Filesystem [ 232.932498][ T4266] ocfs2: Unmounting device (7,1) on (node local) [ 233.049956][ T4276] ocfs2: Unmounting device (7,0) on (node local) [ 233.057706][ T9026] XFS (loop2): Ending clean mount [ 233.126700][ T9026] XFS (loop2): Quotacheck needed: Please wait. [ 233.275308][ T9026] XFS (loop2): Quotacheck: Done. [ 233.498838][ T4270] XFS (loop2): Unmounting Filesystem [ 234.472726][ T9103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2151'. [ 234.545994][ T9106] loop0: detected capacity change from 0 to 16 [ 234.563355][ T9106] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 234.679126][ T9109] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 234.735295][ T9109] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 234.778024][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 234.778041][ T26] audit: type=1326 audit(1756225790.423:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9112 comm="syz.1.2156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 234.831703][ T9109] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 234.850854][ T9109] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 234.869883][ T26] audit: type=1326 audit(1756225790.473:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9112 comm="syz.1.2156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 234.892659][ T9109] device geneve2 entered promiscuous mode [ 234.928144][ T9109] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 234.979868][ T9109] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 234.998679][ T26] audit: type=1326 audit(1756225790.473:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9112 comm="syz.1.2156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 235.013331][ T9109] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 235.084464][ T9109] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 235.104839][ T26] audit: type=1326 audit(1756225790.473:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9112 comm="syz.1.2156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 235.602450][ T9138] binder: 9136:9138 ioctl c0306201 200000000340 returned -14 [ 236.058807][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2178'. [ 236.170002][ T9165] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2182'. [ 236.179023][ T9165] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2182'. [ 236.614617][ T9175] loop3: detected capacity change from 0 to 2048 [ 236.650614][ T9175] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=26504, location=26504 [ 236.661964][ T9181] netlink: 'syz.2.2190': attribute type 7 has an invalid length. [ 236.688783][ T9183] loop1: detected capacity change from 0 to 24 [ 236.697716][ T9181] netlink: 140 bytes leftover after parsing attributes in process `syz.2.2190'. [ 236.745319][ T9175] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 237.120600][ T9190] loop2: detected capacity change from 0 to 1024 [ 237.379131][ T1204] hfsplus: b-tree write err: -5, ino 4 [ 237.645988][ T9177] loop0: detected capacity change from 0 to 32768 [ 237.718397][ T9177] JBD2: Ignoring recovery information on journal [ 237.810880][ T9212] loop1: detected capacity change from 0 to 256 [ 237.848355][ T9213] netlink: 'syz.3.2205': attribute type 10 has an invalid length. [ 237.874436][ T9177] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 237.919084][ T9177] (syz.0.2187,9177,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 22 [ 237.937240][ T9212] FAT-fs (loop1): Directory bread(block 64) failed [ 237.963390][ T9177] ocfs2: Unmounting device (7,0) on (node local) [ 237.964438][ T9212] FAT-fs (loop1): Directory bread(block 65) failed [ 237.999076][ T9213] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.010467][ T9212] FAT-fs (loop1): Directory bread(block 66) failed [ 238.022201][ T9213] bond0: (slave team0): Enslaving as an active interface with an up link [ 238.033509][ T9212] FAT-fs (loop1): Directory bread(block 67) failed [ 238.044235][ T9212] FAT-fs (loop1): Directory bread(block 68) failed [ 238.053366][ T9212] FAT-fs (loop1): Directory bread(block 69) failed [ 238.070175][ T9212] FAT-fs (loop1): Directory bread(block 70) failed [ 238.091024][ T9212] FAT-fs (loop1): Directory bread(block 71) failed [ 238.118257][ T9212] FAT-fs (loop1): Directory bread(block 72) failed [ 238.129890][ T9212] FAT-fs (loop1): Directory bread(block 73) failed [ 238.256706][ T9204] loop4: detected capacity change from 0 to 32768 [ 238.560520][ T9204] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 238.600118][ T9204] XFS (loop4): Mounting V5 Filesystem [ 238.673756][ T9204] XFS (loop4): Ending clean mount [ 238.686905][ T9235] loop1: detected capacity change from 0 to 256 [ 238.737732][ T9204] XFS (loop4): Quotacheck needed: Please wait. [ 238.789119][ T9235] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 238.819219][ T9204] XFS (loop4): Quotacheck: Done. [ 238.899989][ T9235] fuse: Bad value for 'fd' [ 239.002053][ T4274] XFS (loop4): Unmounting Filesystem [ 239.104955][ T9246] netlink: 'syz.1.2216': attribute type 10 has an invalid length. [ 239.196976][ T9246] team0: Device hsr_slave_0 failed to register rx_handler [ 239.539410][ T9254] loop1: detected capacity change from 0 to 512 [ 239.577147][ T9254] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 239.672155][ T9254] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 239.700614][ T9254] EXT4-fs (loop1): 1 truncate cleaned up [ 239.706343][ T9254] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 239.902001][ T9250] loop0: detected capacity change from 0 to 32768 [ 239.962020][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 239.974846][ T9250] CIFS mount error: No usable UNC path provided in device string! [ 239.974846][ T9250] [ 240.001937][ T9250] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 240.160735][ T9266] netlink: 'syz.1.2224': attribute type 3 has an invalid length. [ 240.199082][ T9266] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2224'. [ 240.513264][ T7] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 240.724614][ T7] usb 1-1: Using ep0 maxpacket: 8 [ 240.753094][ T7] usb 1-1: config 0 interface 0 has no altsetting 0 [ 240.782467][ T7] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 240.798036][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.815462][ T9288] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2234'. [ 240.825164][ T7] usb 1-1: Product: syz [ 240.829801][ T7] usb 1-1: Manufacturer: syz [ 240.839849][ T7] usb 1-1: SerialNumber: syz [ 240.858338][ T7] usb 1-1: config 0 descriptor?? [ 240.896101][ T7] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 241.066349][ T9296] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 241.083275][ T9295] netlink: 'syz.3.2238': attribute type 27 has an invalid length. [ 241.123861][ T7] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 241.139845][ T9295] netlink: 'syz.3.2238': attribute type 3 has an invalid length. [ 241.141216][ T7] snd_usb_toneport: probe of 1-1:0.0 failed with error -22 [ 241.147681][ T9295] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2238'. [ 241.426544][ T4400] usb 1-1: USB disconnect, device number 7 [ 241.601281][ T9306] loop4: detected capacity change from 0 to 4096 [ 241.625531][ T9312] binder: BC_ATTEMPT_ACQUIRE not supported [ 241.649216][ T9312] binder: 9311:9312 ioctl c0306201 2000000003c0 returned -22 [ 241.676931][ T9315] loop1: detected capacity change from 0 to 1024 [ 241.836454][ T9318] netlink: 'syz.2.2250': attribute type 24 has an invalid length. [ 241.925031][ T41] hfsplus: b-tree write err: -5, ino 4 [ 243.489481][ T9378] loop2: detected capacity change from 0 to 64 [ 243.732950][ T9386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2283'. [ 243.742542][ T92] block nbd4: Attempted send on invalid socket [ 243.748810][ T92] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 244.182137][ T9400] loop4: detected capacity change from 0 to 512 [ 244.264364][ T9404] loop2: detected capacity change from 0 to 512 [ 244.292186][ T9404] EXT4-fs: Ignoring removed i_version option [ 244.316273][ T9404] EXT4-fs: Ignoring removed mblk_io_submit option [ 244.325020][ T9406] x_tables: arp_tables: .0 target: invalid size 8 (kernel) != (user) 0 [ 244.391317][ T9404] EXT4-fs error (device loop2): ext4_orphan_get:1400: comm syz.2.2293: inode #13: comm syz.2.2293: iget: illegal inode # [ 244.458627][ T9404] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.2293: couldn't read orphan inode 13 (err -117) [ 244.493880][ T9404] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 244.663269][ T4270] EXT4-fs (loop2): unmounting filesystem. [ 244.746427][ T9411] loop4: detected capacity change from 0 to 8192 [ 244.801510][ T9411] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 244.861770][ T9411] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 1046) [ 244.886588][ T9411] FAT-fs (loop4): Filesystem has been set read-only [ 244.889828][ T4317] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 244.939211][ T9390] loop1: detected capacity change from 0 to 32768 [ 244.951612][ T9416] loop3: detected capacity change from 0 to 4096 [ 245.000828][ T9416] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 245.016816][ T4274] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 1046) [ 245.092658][ T4317] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 245.130891][ T4317] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 245.181771][ T4317] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 245.239661][ T4317] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 245.261765][ T9422] overlayfs: missing 'workdir' [ 245.294101][ T4317] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 245.314607][ T4317] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 245.358307][ T4317] usb 1-1: config 1 interface 1 has no altsetting 0 [ 245.402810][ T4317] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 245.463105][ T4317] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.503715][ T4317] usb 1-1: Product: syz [ 245.508171][ T4317] usb 1-1: Manufacturer: syz [ 245.544244][ T4317] usb 1-1: SerialNumber: syz [ 245.557266][ T9414] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 245.870019][ T9438] overlayfs: bad mount option "redirect_dir=on:/" [ 245.973644][ T9442] netlink: 'syz.4.2310': attribute type 3 has an invalid length. [ 245.993412][ T9442] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 246.080691][ T4310] usb 1-1: USB disconnect, device number 8 [ 246.220511][ T9450] loop4: detected capacity change from 0 to 764 [ 246.236372][ T4400] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 246.273117][ T9450] Symlink component flag not implemented [ 246.316062][ T9450] Symlink component flag not implemented (116) [ 246.433928][ T4400] usb 2-1: Using ep0 maxpacket: 32 [ 246.445222][ T4400] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 246.480442][ T4400] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 246.520911][ T4400] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.529058][ T4400] usb 2-1: Product: syz [ 246.540210][ T4400] usb 2-1: Manufacturer: syz [ 246.548157][ T4400] usb 2-1: SerialNumber: syz [ 246.572416][ T4400] usb 2-1: config 0 descriptor?? [ 246.584204][ T9440] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 246.610455][ T4400] hub 2-1:0.0: bad descriptor, ignoring hub [ 246.636637][ T4400] hub: probe of 2-1:0.0 failed with error -5 [ 246.645390][ T4400] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input11 [ 246.976658][ T9440] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 246.983779][ T9440] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 247.005414][ T9440] vhci_hcd vhci_hcd.0: Device attached [ 247.092617][ T9467] vhci_hcd: connection closed [ 247.093496][ T4400] usb 2-1: USB disconnect, device number 6 [ 247.097925][ T41] vhci_hcd: stop threads [ 247.098276][ C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 247.108630][ T41] vhci_hcd: release socket [ 247.186843][ T9466] loop3: detected capacity change from 0 to 4096 [ 247.199142][ T41] vhci_hcd: disconnect device [ 247.217731][ T9466] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 247.239947][ T7] vhci_hcd: vhci_device speed not set [ 247.336975][ T9466] ntfs3: loop3: no free space to extend mft [ 247.722627][ T9458] loop4: detected capacity change from 0 to 32768 [ 247.773038][ T9458] ERROR: (device loop4): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 247.773038][ T9458] [ 247.835274][ T9458] ERROR: (device loop4): remounting filesystem as read-only [ 247.852881][ T9489] loop0: detected capacity change from 0 to 256 [ 247.859895][ T9458] ERROR: (device loop4): jfs_rename: [ 247.859895][ T9458] [ 247.920884][ T9489] exFAT-fs (loop0): bogus sector size bits : 0 [ 247.927252][ T9489] exFAT-fs (loop0): failed to read boot sector [ 247.972047][ T9489] exFAT-fs (loop0): failed to recognize exfat type [ 247.991635][ T4274] ERROR: (device loop4): xtTruncate: XT_GETPAGE: xtree page corrupt [ 247.991635][ T4274] [ 248.075389][ T9494] device wlan0 entered promiscuous mode [ 248.108019][ T4406] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 248.180064][ T9489] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 248.229821][ T9489] exFAT-fs (loop0): unable to read boot sector [ 248.276271][ T9489] exFAT-fs (loop0): failed to read boot sector [ 248.276317][ T9489] exFAT-fs (loop0): failed to recognize exfat type [ 248.417915][ T9504] loop2: detected capacity change from 0 to 512 [ 248.418796][ T9504] EXT4-fs: Ignoring removed nomblk_io_submit option [ 248.492065][ T9504] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 248.492117][ T9504] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 248.493247][ T9504] EXT4-fs (loop2): orphan cleanup on readonly fs [ 248.493332][ T9504] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 248.493404][ T9504] EXT4-fs warning (device loop2): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 248.493431][ T9504] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 248.536043][ T9504] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.2341: bg 0: block 40: padding at end of block bitmap is not set [ 248.566579][ T9504] EXT4-fs (loop2): Remounting filesystem read-only [ 248.566616][ T9504] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 248.568513][ T9504] EXT4-fs (loop2): Remounting filesystem read-only [ 248.568653][ T9504] EXT4-fs (loop2): 1 truncate cleaned up [ 248.568684][ T9504] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 248.641429][ T9504] EXT4-fs error (device loop2): ext4_encrypted_get_link:46: inode #16: comm syz.2.2341: bad symlink. [ 248.774098][ T4270] EXT4-fs (loop2): unmounting filesystem. [ 248.923593][ T9516] loop0: detected capacity change from 0 to 1024 [ 249.759103][ T9543] netlink: 'syz.4.2357': attribute type 2 has an invalid length. [ 249.781956][ T9543] netlink: 'syz.4.2357': attribute type 8 has an invalid length. [ 249.800225][ T9543] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2357'. [ 249.885049][ T9545] loop2: detected capacity change from 0 to 128 [ 249.911285][ T9545] EXT4-fs (loop2): Test dummy encryption mode enabled [ 249.964649][ T9545] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 250.075348][ T9553] loop4: detected capacity change from 0 to 4096 [ 250.149973][ T9545] ext4 filesystem being mounted at /473/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 250.170510][ T9556] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 250.181557][ T9553] NILFS error (device loop4): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=0, inode=3, rec_len=16, name_len=1 [ 250.255195][ T9553] Remounting filesystem read-only [ 250.404322][ T4270] EXT4-fs (loop2): unmounting filesystem. [ 250.581157][ T9568] comedi comedi0: rti800: I/O port conflict (0xffffffff80000000,16) [ 251.215114][ T9588] loop1: detected capacity change from 0 to 512 [ 251.252098][ T9588] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 251.263898][ T9591] loop4: detected capacity change from 0 to 128 [ 251.303658][ T9588] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.2380: Invalid block bitmap block 0 in block_group 0 [ 251.347643][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.364822][ T9588] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 251.450243][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.456846][ T9588] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.2380: attempt to clear invalid blocks 983261 len 1 [ 251.545574][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.572362][ T9588] EXT4-fs error (device loop1): __ext4_get_inode_loc:4507: comm syz.1.2380: Invalid inode table block 0 in block_group 0 [ 251.639688][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.646289][ T9588] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5915: Corrupt filesystem [ 251.755774][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.768631][ T9588] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 251.807372][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.818040][ T9588] EXT4-fs error (device loop1): __ext4_get_inode_loc:4507: comm syz.1.2380: Invalid inode table block 0 in block_group 0 [ 251.870526][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.877104][ T9588] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5915: Corrupt filesystem [ 251.896063][ T9605] loop3: detected capacity change from 0 to 2048 [ 251.905430][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 251.933166][ T9588] EXT4-fs error (device loop1): ext4_truncate:4312: inode #11: comm syz.1.2380: mark_inode_dirty error [ 251.979052][ T9609] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 251.984831][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 252.040406][ T9588] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 252.066866][ T9612] xt_ecn: cannot match TCP bits for non-tcp packets [ 252.075358][ T9605] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 252.109994][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 252.117827][ T9588] EXT4-fs error (device loop1): __ext4_get_inode_loc:4507: comm syz.1.2380: Invalid inode table block 0 in block_group 0 [ 252.158327][ T9605] Remounting filesystem read-only [ 252.170533][ T9588] EXT4-fs (loop1): Remounting filesystem read-only [ 252.177174][ T9588] EXT4-fs (loop1): 1 truncate cleaned up [ 252.184345][ T9605] NILFS (loop3): error -2 truncating bmap (ino=16) [ 252.194148][ T9588] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 252.343961][ T4278] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 252.534011][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 252.671793][ T9625] netlink: 6 bytes leftover after parsing attributes in process `syz.0.2398'. [ 252.681153][ T9627] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2397'. [ 253.405388][ T26] audit: type=1400 audit(1756226038.048:77): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-22 profile="unconfined" name="&" pid=9652 comm="syz.4.2411" [ 253.568752][ T26] audit: type=1326 audit(1756226038.208:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9657 comm="syz.1.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 253.625742][ T26] audit: type=1326 audit(1756226038.238:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9657 comm="syz.1.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 253.710055][ T26] audit: type=1326 audit(1756226038.238:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9657 comm="syz.1.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 253.803311][ T26] audit: type=1326 audit(1756226038.238:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9657 comm="syz.1.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 253.948542][ T9640] loop0: detected capacity change from 0 to 32768 [ 254.017555][ T9640] ERROR: (device loop0): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 254.017555][ T9640] [ 254.043302][ T9640] ERROR: (device loop0): remounting filesystem as read-only [ 254.052175][ T9640] ERROR: (device loop0): jfs_rename: [ 254.052175][ T9640] [ 254.141153][ T4276] ERROR: (device loop0): xtTruncate: XT_GETPAGE: xtree page corrupt [ 254.141153][ T4276] [ 254.157431][ T9668] loop1: detected capacity change from 0 to 2048 [ 254.240239][ T9656] loop3: detected capacity change from 0 to 32768 [ 254.290680][ T9668] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 254.332366][ T9656] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 254.362741][ T9668] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 254.556990][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 254.668158][ T5277] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 255.054129][ T9689] loop3: detected capacity change from 0 to 8192 [ 255.123590][ T9689] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 255.225939][ T9689] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 255.311179][ T9689] REISERFS (device loop3): using ordered data mode [ 255.320873][ T9689] reiserfs: using flush barriers [ 255.327316][ T9689] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 255.380646][ T9689] REISERFS (device loop3): checking transaction log (loop3) [ 255.388410][ T9708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2437'. [ 255.431012][ T9689] REISERFS (device loop3): Using rupasov hash to sort names [ 255.438814][ T9689] REISERFS (device loop3): using 3.5.x disk format [ 255.457107][ T9710] loop1: detected capacity change from 0 to 128 [ 255.464367][ T9689] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 255.502143][ T9689] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 255.517475][ T9712] Error parsing options; rc = [-22] [ 255.536498][ T9710] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 255.555861][ T9689] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 255.567759][ T9710] FAT-fs (loop1): Filesystem has been set read-only [ 255.592010][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.598747][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.600138][ T9689] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 255.605419][ T2306] pvrusb2: request_firmware fatal error with code=-110 [ 255.624086][ T2306] pvrusb2: Failure uploading firmware1 [ 255.630907][ T2306] pvrusb2: Device initialization was not successful. [ 255.637765][ T2306] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 255.652859][ T2306] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 255.663128][ T4379] pvrusb2: Device being rendered inoperable [ 255.762767][ T9689] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 255.862537][ T9689] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 255.898221][ T9689] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 256.025258][ T4379] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 256.036324][ T9722] netlink: 'syz.4.2444': attribute type 6 has an invalid length. [ 256.255966][ T4379] usb 3-1: device descriptor read/all, error -71 [ 256.437651][ T9724] loop1: detected capacity change from 0 to 4096 [ 256.518418][ T9724] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 256.668198][ T9724] ntfs: volume version 3.1. [ 256.897164][ T9744] device hsr0 entered promiscuous mode [ 256.930578][ T9746] loop3: detected capacity change from 0 to 512 [ 256.954557][ T9744] A link change request failed with some changes committed already. Interface hsr0 may have been left with an inconsistent configuration, please check. [ 256.992796][ T9746] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 257.113647][ T9746] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 257.189065][ T4273] Bluetooth: hci0: unexpected event 0x3e length: 262 > 260 [ 257.189100][ T4273] Bluetooth: hci0: unexpected subevent 0x02 length: 261 > 260 [ 257.189290][ T9751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 257.198826][ T4273] Bluetooth: hci0: Dropping invalid advertising data [ 257.222551][ T4273] Bluetooth: hci0: Malformed LE Event: 0x02 [ 257.534178][ T9764] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2465'. [ 257.649748][ T7] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 257.704564][ T9772] loop4: detected capacity change from 0 to 8 [ 257.723150][ T9772] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 257.762481][ T4385] udevd[4385]: incorrect cramfs checksum on /dev/loop4 [ 257.779314][ T9772] cramfs: Error -3 while decompressing! [ 257.817324][ T9772] cramfs: ffffffff96d761a8(26)->ffff88804e726000(4096) [ 257.829727][ T9772] cramfs: Error -3 while decompressing! [ 257.866384][ T4385] udevd[4385]: incorrect cramfs checksum on /dev/loop4 [ 257.876178][ T9772] cramfs: ffffffff96d761c2(26)->ffff88804f39f000(4096) [ 257.883471][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 257.891491][ T7] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 257.899846][ T9772] cramfs: Error -3 while decompressing! [ 257.919801][ T9772] cramfs: ffffffff96d761dc(16)->ffff88804e614000(4096) [ 257.926784][ T9772] cramfs: Error -3 while decompressing! [ 257.930956][ T7] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 257.952979][ T9772] cramfs: ffffffff96d761a8(26)->ffff88804e726000(4096) [ 257.961237][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.969714][ T7] usb 1-1: Product: syz [ 257.976625][ T7] usb 1-1: Manufacturer: syz [ 257.982792][ T7] usb 1-1: SerialNumber: syz [ 258.009987][ T26] audit: type=1800 audit(1756226042.658:82): pid=9772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2469" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 258.040590][ T7] usb 1-1: config 0 descriptor?? [ 258.069893][ T9756] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 258.078220][ T7] hub 1-1:0.0: bad descriptor, ignoring hub [ 258.101662][ T7] hub: probe of 1-1:0.0 failed with error -5 [ 258.138934][ T7] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input12 [ 258.404381][ T9756] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 258.410986][ T9756] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 258.447094][ T9756] vhci_hcd vhci_hcd.0: Device attached [ 258.587655][ T9779] vhci_hcd: connection closed [ 258.588220][ T4310] usb 1-1: USB disconnect, device number 9 [ 258.588285][ C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 258.639953][ T4317] vhci_hcd: vhci_device speed not set [ 258.640082][ T1076] vhci_hcd: stop threads [ 258.667734][ T1076] vhci_hcd: release socket [ 258.679549][ T1076] vhci_hcd: disconnect device [ 258.696286][ T9768] loop2: detected capacity change from 0 to 40427 [ 258.710146][ T4317] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 258.729788][ T4317] usb 33-1: enqueue for inactive port 0 [ 258.741306][ T9768] F2FS-fs (loop2): invalid crc value [ 258.784933][ T9768] F2FS-fs (loop2): Found nat_bits in checkpoint [ 258.859978][ T4317] vhci_hcd: vhci_device speed not set [ 258.902878][ T9768] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 259.416131][ T9805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2482'. [ 259.436216][ T9802] loop4: detected capacity change from 0 to 2048 [ 259.554031][ T9802] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 259.658463][ T9802] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 259.786256][ T26] audit: type=1326 audit(1756226044.428:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9818 comm="syz.0.2487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238018ebe9 code=0x7ffc0000 [ 259.876933][ T26] audit: type=1326 audit(1756226044.468:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9818 comm="syz.0.2487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f238018ebe9 code=0x7ffc0000 [ 259.940486][ T9815] loop3: detected capacity change from 0 to 4096 [ 259.949987][ T26] audit: type=1326 audit(1756226044.468:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9818 comm="syz.0.2487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238018ebe9 code=0x7ffc0000 [ 259.963981][ T9815] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 259.985675][ T4274] EXT4-fs (loop4): unmounting filesystem. [ 260.065916][ T26] audit: type=1326 audit(1756226044.468:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9818 comm="syz.0.2487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238018ebe9 code=0x7ffc0000 [ 260.338686][ T9815] ntfs3: loop3: failed to convert "c46c" to cp855 [ 261.279889][ T9865] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2511'. [ 261.289158][ T9865] unsupported nlmsg_type 40 [ 262.039457][ T9894] loop1: detected capacity change from 0 to 256 [ 262.080689][ T9894] exfat: Deprecated parameter 'namecase' [ 262.119913][ T9894] exfat: Deprecated parameter 'namecase' [ 262.125838][ T9894] exfat: Deprecated parameter 'namecase' [ 262.159798][ T9894] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 262.210962][ T9894] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 262.371871][ T9896] loop0: detected capacity change from 0 to 4096 [ 262.405412][ T9896] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 262.475986][ T9905] loop4: detected capacity change from 0 to 512 [ 262.537538][ T9905] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 262.602767][ T9905] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.2531: Invalid block bitmap block 0 in block_group 0 [ 262.628462][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 262.666213][ T9905] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 262.690928][ T9896] ntfs3: loop0: failed to convert "c46c" to iso8859-3 [ 262.748434][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 262.829787][ T9905] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #11: comm syz.4.2531: attempt to clear invalid blocks 983261 len 1 [ 262.899747][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 262.906531][ T9905] EXT4-fs error (device loop4): __ext4_get_inode_loc:4507: comm syz.4.2531: Invalid inode table block 0 in block_group 0 [ 262.980098][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 262.986824][ T9905] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5915: Corrupt filesystem [ 263.099405][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 263.117640][ T9923] loop2: detected capacity change from 0 to 64 [ 263.142874][ T9905] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 263.178579][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 263.188414][ T9905] EXT4-fs error (device loop4): __ext4_get_inode_loc:4507: comm syz.4.2531: Invalid inode table block 0 in block_group 0 [ 263.215833][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 263.229573][ T9905] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5915: Corrupt filesystem [ 263.238279][ T9923] hfs: request for non-existent node 16777216 in B*Tree [ 263.240195][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 263.291646][ T9905] EXT4-fs error (device loop4): ext4_truncate:4312: inode #11: comm syz.4.2531: mark_inode_dirty error [ 263.299971][ T9923] hfs: request for non-existent node 16777216 in B*Tree [ 263.313577][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 263.333156][ T9923] hfs: request for non-existent node 16777216 in B*Tree [ 263.336643][ T9905] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 263.380745][ T9923] hfs: request for non-existent node 16777216 in B*Tree [ 263.387162][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 263.405399][ T9905] EXT4-fs error (device loop4): __ext4_get_inode_loc:4507: comm syz.4.2531: Invalid inode table block 0 in block_group 0 [ 263.421450][ T9923] hfs: request for non-existent node 16777216 in B*Tree [ 263.443195][ T9923] hfs: request for non-existent node 16777216 in B*Tree [ 263.450808][ T9905] EXT4-fs (loop4): Remounting filesystem read-only [ 263.457576][ T9905] EXT4-fs (loop4): 1 truncate cleaned up [ 263.475493][ T9905] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 263.744988][ T4274] EXT4-fs (loop4): unmounting filesystem. [ 264.069022][ T9951] loop1: detected capacity change from 0 to 2048 [ 264.096526][ T9951] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 264.167092][ T9954] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 264.488188][ T9963] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 264.746942][ T9977] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2566'. [ 265.199113][ T9993] xt_bpf: check failed: parse error [ 265.306928][ T9997] loop2: detected capacity change from 0 to 2048 [ 265.444706][ T9997] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 265.456495][ T9997] ext4 filesystem being mounted at /506/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 265.550886][ T9997] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.2575: bg 0: block 345: padding at end of block bitmap is not set [ 265.557752][T10007] loop3: detected capacity change from 0 to 1024 [ 265.658521][ T9997] EXT4-fs (loop2): Remounting filesystem read-only [ 265.814105][ T4270] EXT4-fs (loop2): unmounting filesystem. [ 265.967229][ T5293] hfsplus: b-tree write err: -5, ino 4 [ 266.181394][T10017] loop2: detected capacity change from 0 to 2048 [ 266.272359][T10017] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 266.668185][T10029] loop3: detected capacity change from 0 to 8192 [ 266.706324][T10029] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 266.745024][T10029] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 266.774514][T10029] REISERFS (device loop3): using ordered data mode [ 266.820902][T10029] reiserfs: using flush barriers [ 266.915520][T10029] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 266.971749][T10029] REISERFS (device loop3): checking transaction log (loop3) [ 267.043205][T10029] REISERFS (device loop3): Using r5 hash to sort names [ 267.087409][T10029] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 267.197065][T10058] wg1 speed is unknown, defaulting to 1000 [ 267.200027][T10029] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 267.225294][T10058] wg1 speed is unknown, defaulting to 1000 [ 267.244974][T10058] wg1 speed is unknown, defaulting to 1000 [ 267.302008][T10058] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 267.380307][T10058] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 267.524498][T10066] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2609'. [ 267.577944][T10058] wg1 speed is unknown, defaulting to 1000 [ 267.614574][T10058] wg1 speed is unknown, defaulting to 1000 [ 267.668870][T10058] wg1 speed is unknown, defaulting to 1000 [ 267.701004][T10058] wg1 speed is unknown, defaulting to 1000 [ 267.708005][T10058] wg1 speed is unknown, defaulting to 1000 [ 268.012020][T10074] misc userio: The device must be registered before sending interrupts [ 268.355642][T10057] loop4: detected capacity change from 0 to 32768 [ 268.484975][T10091] loop1: detected capacity change from 0 to 128 [ 268.560083][T10091] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 268.569905][ T6101] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 268.607975][T10091] ext4 filesystem being mounted at /530/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 268.639661][T10098] SET target dimension over the limit! [ 268.803278][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 268.831921][ T6101] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 268.859739][ T6101] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 268.910537][ T6101] usb 1-1: config 220 has no interface number 2 [ 268.935187][ T6101] usb 1-1: config 220 interface 1 altsetting 5 endpoint 0x9 has invalid wMaxPacketSize 0 [ 268.977371][ T6101] usb 1-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 269.039101][ T6101] usb 1-1: config 220 interface 0 has no altsetting 0 [ 269.056426][ T6101] usb 1-1: config 220 interface 76 has no altsetting 0 [ 269.084019][ T6101] usb 1-1: config 220 interface 1 has no altsetting 0 [ 269.122220][ T6101] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 269.141656][ T6101] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.161891][ T6101] usb 1-1: Product: syz [ 269.166122][ T6101] usb 1-1: Manufacturer: syz [ 269.197306][ T6101] usb 1-1: SerialNumber: syz [ 269.441549][ T6101] usb 1-1: selecting invalid altsetting 0 [ 269.458072][ T6101] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 269.489953][ T6101] usb 1-1: No valid video chain found. [ 269.548367][ T6101] usb 1-1: selecting invalid altsetting 0 [ 269.567862][ T6101] usbtest: probe of 1-1:220.1 failed with error -22 [ 269.610865][ T6101] usb 1-1: USB disconnect, device number 10 [ 269.769005][T10132] ax25_connect(): syz.3.2640 uses autobind, please contact jreuter@yaina.de [ 270.524171][T10160] loop3: detected capacity change from 0 to 2048 [ 270.564692][T10162] netlink: 'syz.4.2655': attribute type 3 has an invalid length. [ 270.610369][T10162] netlink: 46 bytes leftover after parsing attributes in process `syz.4.2655'. [ 270.620208][T10160] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 270.699765][ T6101] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 270.837204][T10171] genirq: Flags mismatch irq 1. 00000000 (dt2814) vs. 00000080 (i8042) [ 270.899804][ T6101] usb 1-1: Using ep0 maxpacket: 16 [ 270.919084][ T6101] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.959954][ T6101] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 270.969133][ T6101] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.991728][ T6101] usb 1-1: config 0 descriptor?? [ 271.012594][ T6101] xbox_remote_probe: Unexpected endpoint_in [ 271.051640][ T6101] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 271.227185][ T26] audit: type=1326 audit(1756226055.868:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 271.261400][T10177] loop1: detected capacity change from 0 to 4096 [ 271.263757][ T7] usb 1-1: USB disconnect, device number 11 [ 271.305564][ T26] audit: type=1326 audit(1756226055.868:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 271.359957][ T26] audit: type=1326 audit(1756226055.898:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 271.473917][ T26] audit: type=1326 audit(1756226055.898:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 271.565596][ T26] audit: type=1326 audit(1756226055.898:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 271.676757][T10189] delete_channel: no stack [ 272.025953][T10200] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2674'. [ 272.076741][T10200] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2674'. [ 272.138568][T10200] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2674'. [ 272.179775][ T26] audit: type=1326 audit(1756226056.818:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10201 comm="syz.1.2676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 272.275409][ T26] audit: type=1326 audit(1756226056.858:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10201 comm="syz.1.2676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 272.359718][ T26] audit: type=1326 audit(1756226056.858:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10201 comm="syz.1.2676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 272.463230][ T26] audit: type=1326 audit(1756226056.858:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10201 comm="syz.1.2676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 272.509228][ T4344] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 272.540029][ T26] audit: type=1326 audit(1756226056.858:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10201 comm="syz.1.2676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 272.680081][T10180] syz.4.2664 (10180): drop_caches: 2 [ 272.727368][ T4344] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 272.769699][ T4344] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.783295][ T4344] usb 4-1: Product: syz [ 272.787795][ T4344] usb 4-1: Manufacturer: syz [ 272.826115][ T4344] usb 4-1: SerialNumber: syz [ 272.851366][ T4344] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 272.877353][T10224] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2687'. [ 272.942674][ T4344] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 273.071428][T10229] netlink: 'syz.4.2688': attribute type 12 has an invalid length. [ 273.339196][T10240] xt_CT: You must specify a L4 protocol and not use inversions on it [ 273.440577][ T4257] usb 4-1: USB disconnect, device number 13 [ 273.599820][ T7] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 273.666838][T10252] siw: device registration error -23 [ 273.699888][T10254] xt_bpf: check failed: parse error [ 273.805200][ T7] usb 5-1: Using ep0 maxpacket: 32 [ 273.814160][ T7] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 273.842134][ T7] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 273.870881][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.884676][ T7] usb 5-1: Product: syz [ 273.888892][ T7] usb 5-1: Manufacturer: syz [ 273.911716][ T7] usb 5-1: SerialNumber: syz [ 273.941673][ T7] usb 5-1: config 0 descriptor?? [ 273.947421][T10238] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 273.983560][ T7] hub 5-1:0.0: bad descriptor, ignoring hub [ 273.989563][ T7] hub: probe of 5-1:0.0 failed with error -5 [ 273.990207][ T4344] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 274.033400][ T7] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input14 [ 274.048233][ T4344] ath9k_htc: Failed to initialize the device [ 274.065777][ T4257] usb 4-1: ath9k_htc: USB layer deinitialized [ 274.288403][T10238] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 274.295011][T10238] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 274.360448][T10238] vhci_hcd vhci_hcd.0: Device attached [ 274.431737][T10269] vhci_hcd: connection closed [ 274.432482][ T51] vhci_hcd: stop threads [ 274.435153][ T4379] usb 5-1: USB disconnect, device number 9 [ 274.437359][ C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 274.437903][ T51] vhci_hcd: release socket [ 274.509776][ T51] vhci_hcd: disconnect device [ 274.566455][ T6101] vhci_hcd: vhci_device speed not set [ 275.052610][T10266] loop2: detected capacity change from 0 to 32768 [ 275.116721][T10293] loop4: detected capacity change from 0 to 256 [ 275.119984][T10266] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 275.203365][T10266] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 275.590384][ T4270] ocfs2: Unmounting device (7,2) on (node local) [ 276.305608][T10335] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2738'. [ 276.391745][T10330] loop1: detected capacity change from 0 to 4096 [ 276.416345][T10330] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 276.439997][ T6101] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 276.507507][T10330] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 276.631526][ T6101] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 276.659799][ T6101] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 276.710323][ T6101] usb 5-1: config 0 interface 0 has no altsetting 0 [ 276.742741][ T6101] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 276.749899][T10344] sctp: [Deprecated]: syz.2.2744 (pid 10344) Use of struct sctp_assoc_value in delayed_ack socket option. [ 276.749899][T10344] Use struct sctp_sack_info instead [ 276.760896][ T6101] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 276.815279][ T6101] usb 5-1: Product: syz [ 276.822874][ T6101] usb 5-1: Manufacturer: syz [ 276.827532][ T6101] usb 5-1: SerialNumber: syz [ 276.855167][ T6101] usb 5-1: config 0 descriptor?? [ 276.890958][ T6101] hub 5-1:0.0: bad descriptor, ignoring hub [ 276.927967][ T6101] hub: probe of 5-1:0.0 failed with error -5 [ 276.961098][ T6101] usb 5-1: selecting invalid altsetting 0 [ 277.041505][T10350] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 277.058573][ T4273] Bluetooth: hci1: unexpected cc 0x0c5b length: 5 > 1 [ 277.377295][T10364] binfmt_misc: register: failed to install interpreter file ./file0/../file0 [ 277.510109][ T6101] usb 5-1: USB disconnect, device number 10 [ 277.706032][T10374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2759'. [ 277.721964][T10374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2759'. [ 278.023279][T10379] loop3: detected capacity change from 0 to 4096 [ 278.065696][T10379] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 278.114293][T10389] netlink: zone id is out of range [ 278.292370][T10379] ntfs3: loop3: ntfs_sync_inode r=1e failed, -22. [ 278.311213][T10379] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 278.369530][T10395] ieee802154 phy0 wpan0: encryption failed: -22 [ 278.558839][ T4278] ntfs3: loop3: ntfs_evict_inode r=1e failed, -22. [ 278.773996][T10408] loop3: detected capacity change from 0 to 512 [ 279.315784][T10408] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 279.345657][T10408] EXT4-fs (loop3): Test dummy encryption mode enabled [ 279.426228][T10408] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 279.457902][T10408] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.2773: attempt to clear invalid blocks 2 len 1 [ 279.536283][T10408] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 279.620160][T10408] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.2773: invalid indirect mapped block 1819239214 (level 0) [ 279.661439][T10408] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.2773: invalid indirect mapped block 1819239214 (level 1) [ 279.707229][T10408] EXT4-fs (loop3): 1 truncate cleaned up [ 279.734176][T10408] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 279.819129][T10446] netlink: 71 bytes leftover after parsing attributes in process `syz.1.2792'. [ 279.819558][T10408] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 279.862091][T10408] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 280.056110][ T4278] EXT4-fs (loop3): unmounting filesystem. [ 280.177821][T10430] loop2: detected capacity change from 0 to 32768 [ 280.365039][T10430] XFS (loop2): Mounting V5 Filesystem [ 280.578858][T10430] XFS (loop2): Ending clean mount [ 280.702507][ T4270] XFS (loop2): Unmounting Filesystem [ 281.418258][T10504] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2817'. [ 281.511471][ T4257] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 281.691425][T10513] loop4: detected capacity change from 0 to 1024 [ 281.704747][ T4257] usb 4-1: Using ep0 maxpacket: 8 [ 281.713446][ T4257] usb 4-1: unable to get BOS descriptor or descriptor too short [ 281.738093][T10513] hfsplus: failed to load root directory [ 281.778008][ T4257] usb 4-1: config 8 has an invalid interface number: 24 but max is 0 [ 281.789731][ T4257] usb 4-1: config 8 has no interface number 0 [ 281.797402][ T4257] usb 4-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 1024 [ 281.829177][ T4257] usb 4-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 255, changing to 11 [ 281.861573][ T4257] usb 4-1: config 8 interface 24 has no altsetting 0 [ 281.882809][T10520] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead [ 281.895918][ T4257] usb 4-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 281.915721][ T4257] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.926111][T10520] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD [ 281.968091][ T4257] usb 4-1: Product: syz [ 281.983463][ T4257] usb 4-1: Manufacturer: syz [ 282.001722][ T4257] usb 4-1: SerialNumber: syz [ 282.027912][T10500] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 282.272730][ T4257] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 282.320082][ T4257] usb 4-1: USB disconnect, device number 14 [ 282.455046][T10540] xt_l2tp: v2 doesn't support IP mode [ 282.664705][T10548] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 282.886292][T10554] loop4: detected capacity change from 0 to 2048 [ 282.891586][T10557] loop1: detected capacity change from 0 to 256 [ 282.973055][T10558] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 282.988154][T10554] NILFS error (device loop4): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=203 [ 283.007429][T10560] loop3: detected capacity change from 0 to 64 [ 283.061766][T10554] Remounting filesystem read-only [ 283.128658][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 283.128673][ T26] audit: type=1326 audit(1756226067.768:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10561 comm="syz.0.2845" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f238018ebe9 code=0x0 [ 284.012616][T10592] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2859'. [ 284.072170][ T4400] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 284.095245][T10594] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 284.248450][T10564] loop2: detected capacity change from 0 to 32768 [ 284.261770][ T4400] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 284.296205][ T4400] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 284.343294][ T4400] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 284.380789][ T4400] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 284.426042][ T4400] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 284.465708][ T4400] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 284.540152][ T4400] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 284.585773][ T4400] usb 2-1: Product: syz [ 284.595538][ T4400] usb 2-1: Manufacturer: syz [ 284.631739][ T4400] cdc_wdm 2-1:1.0: skipping garbage [ 284.637020][ T4400] cdc_wdm 2-1:1.0: skipping garbage [ 284.704590][ T4400] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 284.726494][ T4400] cdc_wdm 2-1:1.0: Unknown control protocol [ 284.895970][ T4400] usb 2-1: USB disconnect, device number 7 [ 285.015261][T10619] loop2: detected capacity change from 0 to 764 [ 285.066862][T10619] Symlink component flag not implemented [ 285.078467][T10619] Symlink component flag not implemented [ 285.100562][T10619] Symlink component flag not implemented (128) [ 285.116510][T10619] Symlink component flag not implemented (122) [ 285.521996][T10630] loop2: detected capacity change from 0 to 64 [ 285.934594][T10641] loop1: detected capacity change from 0 to 1024 [ 286.048476][T10641] hfsplus: trying to free free bnode 0(1) [ 286.213914][ T1076] hfsplus: b-tree write err: -5, ino 4 [ 286.426500][T10649] loop3: detected capacity change from 0 to 4096 [ 286.461786][T10649] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 286.583838][T10614] loop0: detected capacity change from 0 to 65536 [ 286.589993][T10649] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 286.610791][T10649] ntfs3: loop3: mft corrupted [ 286.668132][T10649] ntfs3: loop3: Failed to load $Extend. [ 286.698825][T10614] XFS (loop0): Mounting V5 Filesystem [ 286.818106][T10614] XFS (loop0): Ending clean mount [ 287.106831][ T4276] XFS (loop0): Unmounting Filesystem [ 287.214150][T10677] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2898'. [ 287.310178][T10679] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2900'. [ 288.302309][T10711] netlink: 'syz.0.2899': attribute type 10 has an invalid length. [ 288.332666][T10711] device veth0_macvtap left promiscuous mode [ 288.394302][T10711] batman_adv: batadv0: Adding interface: macvtap0 [ 288.410049][T10711] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.541224][T10711] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 288.571279][T10714] 8021q: VLANs not supported on gre0 [ 288.905627][T10729] loop2: detected capacity change from 0 to 1024 [ 288.994842][T10729] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 289.018549][T10729] hfsplus: xattr searching failed [ 289.331106][T10715] loop3: detected capacity change from 0 to 32768 [ 289.661488][T10745] loop1: detected capacity change from 0 to 8192 [ 289.728721][T10745] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 289.759914][T10749] loop2: detected capacity change from 0 to 4096 [ 289.767396][T10749] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 289.823126][T10745] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 289.832992][T10745] REISERFS (device loop1): using ordered data mode [ 289.839695][T10745] reiserfs: using flush barriers [ 289.869793][T10745] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 289.924849][T10745] REISERFS (device loop1): checking transaction log (loop1) [ 289.945568][T10762] kAFS: unparsable volume name [ 289.957514][T10745] REISERFS (device loop1): Using r5 hash to sort names [ 290.184042][T10749] ntfs: (device loop2): parse_options(): NLS character set macgreÿ not found. Using previous one utf8. [ 290.210670][T10749] ntfs: (device loop2): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 290.259797][T10749] ntfs: (device loop2): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 290.318913][T10749] ntfs: (device loop2): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 290.368259][T10749] ntfs: (device loop2): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 290.417075][T10749] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 290.462237][T10749] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 290.509299][T10749] ntfs: volume version 3.1. [ 290.592922][ T4310] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 290.796352][ T4310] usb 5-1: Using ep0 maxpacket: 16 [ 290.817478][ T4310] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 290.854253][ T4310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.869780][ T4310] usb 5-1: Product: syz [ 290.874036][ T4310] usb 5-1: Manufacturer: syz [ 290.878695][ T4310] usb 5-1: SerialNumber: syz [ 290.901112][ T4310] usb 5-1: config 0 descriptor?? [ 290.917662][ T4310] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 290.951155][ T4310] usb 5-1: Detected FT232H [ 291.044711][T10784] wg1 speed is unknown, defaulting to 1000 [ 291.104536][T10792] loop3: detected capacity change from 0 to 8 [ 291.133903][T10792] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 291.164719][ T5275] udevd[5275]: incorrect cramfs checksum on /dev/loop3 [ 291.185419][T10792] cramfs: bad data blocksize 4294934200 [ 291.207565][T10792] cramfs: bad data blocksize 4294934200 [ 291.223022][ T26] audit: type=1800 audit(1756226075.868:109): pid=10792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2953" name="file1" dev="loop3" ino=33092 res=0 errno=0 [ 291.267684][ T5275] udevd[5275]: incorrect cramfs checksum on /dev/loop3 [ 291.318416][ T4310] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 291.329996][ T4310] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 291.340734][T10794] loop2: detected capacity change from 0 to 4096 [ 291.358291][T10794] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 291.360642][ T4310] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 291.414276][ T4310] usb 5-1: USB disconnect, device number 11 [ 291.442264][ T4310] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 291.470202][ T4310] ftdi_sio 5-1:0.0: device disconnected [ 291.498436][T10794] ntfs3: loop2: no free space to extend mft [ 292.067762][T10812] netlink: 124 bytes leftover after parsing attributes in process `syz.3.2965'. [ 292.272811][T10820] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2967'. [ 292.807374][T10804] loop1: detected capacity change from 0 to 32768 [ 292.853492][T10804] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.2959 (10804) [ 292.934675][T10804] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 292.999897][T10804] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 293.032964][T10804] BTRFS info (device loop1): force zlib compression, level 3 [ 293.050939][T10804] BTRFS info (device loop1): force clearing of disk cache [ 293.094741][T10804] BTRFS info (device loop1): setting nodatasum [ 293.148321][T10804] BTRFS info (device loop1): allowing degraded mounts [ 293.175947][T10804] BTRFS info (device loop1): enabling disk space caching [ 293.209784][T10804] BTRFS info (device loop1): disk space caching is enabled [ 293.536971][T10828] loop2: detected capacity change from 0 to 32768 [ 293.566793][T10804] BTRFS info (device loop1): rebuilding free space tree [ 293.601363][T10804] BTRFS info (device loop1): disabling free space tree [ 293.608401][T10804] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 293.629658][T10804] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 293.721650][T10804] BTRFS error (device loop1): balance: mixed groups data and metadata options must be the same [ 293.844905][T10832] loop3: detected capacity change from 0 to 32768 [ 294.259524][T10874] loop4: detected capacity change from 0 to 136 [ 294.269927][ T4266] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 294.508209][T10850] syz.0.2980 (10850): drop_caches: 2 [ 294.518616][T10832] XFS (loop3): Mounting V5 Filesystem [ 294.532697][T10874] rock: directory entry would overflow storage [ 294.539021][T10874] rock: sig=0x4f50, size=4, remaining=3 [ 294.571628][T10874] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 294.749429][T10832] XFS (loop3): Ending clean mount [ 294.757458][T10828] XFS (loop2): Mounting V5 Filesystem [ 294.824601][ T4278] XFS (loop3): Unmounting Filesystem [ 294.853160][T10896] RDS: rds_bind could not find a transport for 0:0:4::1, load rds_tcp or rds_rdma? [ 295.039519][T10900] loop4: detected capacity change from 0 to 64 [ 295.053520][T10828] XFS (loop2): Ending clean mount [ 295.350304][ T4270] XFS (loop2): Unmounting Filesystem [ 295.446586][ T4273] Bluetooth: hci3: unknown advertising packet type: 0x0b [ 295.446666][ T4273] Bluetooth: hci3: unknown advertising packet type: 0x0e [ 296.064720][T10920] netlink: 'syz.1.3001': attribute type 9 has an invalid length. [ 296.130813][T10920] netlink: 'syz.1.3001': attribute type 7 has an invalid length. [ 296.169300][T10920] netlink: 'syz.1.3001': attribute type 8 has an invalid length. [ 296.280990][ T4400] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 296.434711][T10931] kAFS: unable to lookup cell '.,' [ 296.449027][T10928] loop3: detected capacity change from 0 to 4096 [ 296.480585][T10928] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 296.491181][ T4400] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 296.520777][ T4400] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 296.548602][ T4400] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 296.580193][ T4400] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 296.599739][ T4400] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 296.623634][ T4400] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 296.649509][ T4400] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 296.672585][T10928] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 296.691944][ T4400] usb 1-1: Product: syz [ 296.696170][ T4400] usb 1-1: Manufacturer: syz [ 296.740244][T10936] loop2: detected capacity change from 0 to 512 [ 296.771326][ T4400] cdc_wdm 1-1:1.0: skipping garbage [ 296.789983][T10936] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 296.795356][ T4400] cdc_wdm 1-1:1.0: skipping garbage [ 296.839943][T10936] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 296.849967][ T4400] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 296.856040][ T4400] cdc_wdm 1-1:1.0: Unknown control protocol [ 296.887127][T10916] loop4: detected capacity change from 0 to 32768 [ 296.891448][T10936] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.3008: corrupted in-inode xattr [ 296.913929][T10936] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.3008: couldn't read orphan inode 15 (err -117) [ 297.002970][T10936] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 297.023979][T10916] XFS (loop4): Mounting V5 Filesystem [ 297.049830][ T4400] usb 1-1: USB disconnect, device number 12 [ 297.137276][T10916] XFS (loop4): Ending clean mount [ 297.157729][T10916] XFS (loop4): Quotacheck needed: Please wait. [ 297.292700][ T4270] EXT4-fs (loop2): unmounting filesystem. [ 297.309409][T10916] XFS (loop4): Quotacheck: Done. [ 297.309731][T10958] netlink: 'syz.3.3012': attribute type 12 has an invalid length. [ 297.440521][ T4274] XFS (loop4): Unmounting Filesystem [ 297.731395][T10970] ALSA: mixer_oss: invalid OSS volume 'u' [ 298.106179][T10985] loop1: detected capacity change from 0 to 512 [ 298.151197][T10985] EXT4-fs error (device loop1): ext4_get_branch:178: inode #13: block 1024: comm syz.1.3027: invalid block [ 298.159707][ T5564] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 298.175745][T10985] EXT4-fs (loop1): Remounting filesystem read-only [ 298.195092][T10985] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3027: invalid indirect mapped block 1024 (level 0) [ 298.246451][T10985] EXT4-fs (loop1): Remounting filesystem read-only [ 298.258914][ T26] audit: type=1400 audit(1756226082.908:110): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="#(%#{//(@\)//&@},['%%&\#*" pid=10991 comm="syz.0.3030" [ 298.259202][T10985] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.3027: bg 0: block 35: padding at end of block bitmap is not set [ 298.304392][T10985] EXT4-fs (loop1): Remounting filesystem read-only [ 298.319673][T10985] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 298.343736][T10985] EXT4-fs (loop1): Remounting filesystem read-only [ 298.350581][T10985] EXT4-fs (loop1): 1 truncate cleaned up [ 298.356334][T10985] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 298.403026][ T5564] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 298.440515][ T5564] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 298.479907][ T5564] usb 3-1: config 0 interface 0 has no altsetting 0 [ 298.494616][ T5564] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 298.528019][ T5564] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 298.561293][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 298.588446][ T5564] usb 3-1: Product: syz [ 298.596223][ T5564] usb 3-1: Manufacturer: syz [ 298.611067][ T5564] usb 3-1: SerialNumber: syz [ 298.635187][ T5564] usb 3-1: config 0 descriptor?? [ 298.678782][ T5564] hub 3-1:0.0: bad descriptor, ignoring hub [ 298.722565][ T5564] hub: probe of 3-1:0.0 failed with error -5 [ 298.760902][ T5564] usb 3-1: selecting invalid altsetting 0 [ 298.852699][T11006] nftables ruleset with unbound set [ 299.075281][T11008] syz.3.3035 (11008): drop_caches: 2 [ 299.102783][ T5565] usb 3-1: USB disconnect, device number 7 [ 299.519786][ T4379] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 299.721527][ T4379] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 299.730100][T11034] loop3: detected capacity change from 0 to 1024 [ 299.738853][T11034] EXT4-fs (loop3): Test dummy encryption mode enabled [ 299.750993][ T4379] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 299.768561][ T4379] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 299.789755][ T26] audit: type=1326 audit(1756226084.428:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 299.799185][ T4379] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 299.829159][T11034] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 299.850914][ T4379] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 299.888718][ T26] audit: type=1326 audit(1756226084.428:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 299.912108][ T26] audit: type=1326 audit(1756226084.428:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 299.936371][ T4379] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 299.946079][ T26] audit: type=1326 audit(1756226084.428:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 299.969043][ T4379] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 299.978011][ T4379] usb 5-1: Product: syz [ 299.982470][ T4379] usb 5-1: Manufacturer: syz [ 299.991855][ T26] audit: type=1326 audit(1756226084.428:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 300.029891][ T4379] cdc_wdm 5-1:1.0: skipping garbage [ 300.035169][ T4379] cdc_wdm 5-1:1.0: skipping garbage [ 300.069472][ T4379] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 300.079696][ T4379] cdc_wdm 5-1:1.0: Unknown control protocol [ 300.087381][ T26] audit: type=1326 audit(1756226084.428:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 300.114166][ T26] audit: type=1326 audit(1756226084.428:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 300.117258][T11042] syz.2.3052 (11042): drop_caches: 2 [ 300.150496][ T4278] EXT4-fs (loop3): unmounting filesystem. [ 300.245422][ T26] audit: type=1326 audit(1756226084.428:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11035 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fdcb198ebe9 code=0x7ffc0000 [ 300.256369][T11043] loop0: detected capacity change from 0 to 4096 [ 300.318497][ T5564] usb 5-1: USB disconnect, device number 12 [ 300.350593][T11043] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 300.428748][T11043] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 300.860753][T11063] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3062'. [ 300.917092][T11066] loop1: detected capacity change from 0 to 16 [ 300.942795][T11066] erofs: (device loop1): mounted with root inode @ nid 36. [ 300.993383][T11066] erofs: (device loop1): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 301.008200][T11068] loop2: detected capacity change from 0 to 1024 [ 301.015330][T11066] syz.1.3063: attempt to access beyond end of device [ 301.015330][T11066] loop1: rw=524288, sector=524296, nr_sectors = 8 limit=16 [ 301.073503][T11068] hfsplus: bad catalog entry type [ 301.091760][T11066] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -5 in[4096, 0] out[4096] [ 301.099681][ T5564] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 301.115308][T11070] netlink: 'syz.3.3065': attribute type 29 has an invalid length. [ 301.129197][T11070] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3065'. [ 301.160278][ T26] audit: type=1800 audit(1756226085.808:119): pid=11066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3063" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 301.361460][ T5564] usb 1-1: config index 0 descriptor too short (expected 39, got 27) [ 301.381533][ T5564] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 301.395329][T11080] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3070'. [ 301.414456][ T5564] usb 1-1: config 0 interface 0 has no altsetting 0 [ 301.441345][ T5564] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 301.463367][ T5564] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 301.491992][ T5564] usb 1-1: Product: syz [ 301.496403][ T5564] usb 1-1: Manufacturer: syz [ 301.516109][ T5564] usb 1-1: SerialNumber: syz [ 301.548084][ T5564] usb 1-1: config 0 descriptor?? [ 301.557357][ T5564] hub 1-1:0.0: bad descriptor, ignoring hub [ 301.570848][ T5564] hub: probe of 1-1:0.0 failed with error -5 [ 301.604693][ T5564] usb 1-1: selecting invalid altsetting 0 [ 301.699745][ T4379] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 301.783059][T11090] netlink: 'syz.3.3075': attribute type 24 has an invalid length. [ 301.797991][T11090] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 301.863086][ T4400] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 301.911113][ T4257] usb 1-1: USB disconnect, device number 13 [ 301.919739][ T4379] usb 3-1: Using ep0 maxpacket: 16 [ 301.929089][ T4379] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 301.969527][ T4379] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.991972][ T4379] usb 3-1: Product: syz [ 301.996209][ T4379] usb 3-1: Manufacturer: syz [ 302.019523][ T4379] usb 3-1: SerialNumber: syz [ 302.035692][ T4379] usb 3-1: config 0 descriptor?? [ 302.048273][ T4379] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 302.061018][ T4379] usb 3-1: Detected FT232H [ 302.062654][ T4400] usb 2-1: Using ep0 maxpacket: 8 [ 302.092019][ T4400] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 302.115246][ T4400] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 302.134112][ T4400] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 302.158870][ T4400] usb 2-1: config 250 has no interface number 0 [ 302.179141][ T4400] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 302.204325][ T4400] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 302.221499][ T4400] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has an invalid bInterval 255, changing to 11 [ 302.237286][ T4400] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 59391, setting to 1024 [ 302.259935][ T4400] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 302.289831][ T4400] usb 2-1: config 250 interface 228 has no altsetting 0 [ 302.304715][ T4400] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 302.345416][ T4400] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 302.359303][ T4400] usb 2-1: Product: syz [ 302.363832][ T4400] usb 2-1: SerialNumber: syz [ 302.378165][ T4400] hub 2-1:250.228: bad descriptor, ignoring hub [ 302.384932][ T4400] hub: probe of 2-1:250.228 failed with error -5 [ 302.400468][T11106] xt_nfacct: accounting object `syz1' does not exist [ 302.481219][ T4379] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 302.499982][ T4379] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 302.530352][ T4379] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 302.560228][ T4379] usb 3-1: USB disconnect, device number 8 [ 302.622669][ T4379] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 302.649378][ T4379] ftdi_sio 3-1:0.0: device disconnected [ 302.669650][T11114] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3087'. [ 302.701970][T11114] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3087'. [ 302.786146][ T4400] usb 2-1: USB disconnect, device number 8 [ 302.978947][T11126] loop3: detected capacity change from 0 to 136 [ 302.997897][T11126] rock: directory entry would overflow storage [ 303.009018][T11126] rock: sig=0x4f50, size=4, remaining=3 [ 303.017804][T11126] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 303.088426][ T4400] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 303.320982][ T4400] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 303.347315][ T4400] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 303.351691][T11134] IPv6: sit3: Disabled Multicast RS [ 303.361925][ T4400] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.394014][ T4400] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 303.438446][T11140] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3099'. [ 303.708795][T11150] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3105'. [ 304.175848][ T4344] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 304.213464][T11143] loop3: detected capacity change from 0 to 32768 [ 304.236320][T11143] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.3102 (11143) [ 304.254939][T11143] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 304.266577][T11143] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 304.278806][T11143] BTRFS info (device loop3): force zlib compression, level 3 [ 304.287317][T11143] BTRFS info (device loop3): force clearing of disk cache [ 304.294901][T11143] BTRFS info (device loop3): setting nodatasum [ 304.310724][T11143] BTRFS info (device loop3): use zlib compression, level 3 [ 304.321119][T11143] BTRFS info (device loop3): allowing degraded mounts [ 304.328197][T11143] BTRFS info (device loop3): enabling disk space caching [ 304.336572][T11143] BTRFS info (device loop3): disk space caching is enabled [ 304.369859][ T4344] usb 2-1: Using ep0 maxpacket: 8 [ 304.384030][ T4344] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 304.408150][ T4344] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.450300][ T4344] usb 2-1: Product: syz [ 304.480450][ T4400] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32 [ 304.499277][ T4400] stv0680 5-1:4.0: STV(e): camera ping failed!! [ 304.509096][ T4344] usb 2-1: Manufacturer: syz [ 304.537340][ T4344] usb 2-1: SerialNumber: syz [ 304.546876][ T4400] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 304.577567][ T4344] usb 2-1: config 0 descriptor?? [ 304.608659][ T4400] stv0680 5-1:4.0: last error: 0, command = 0x0 [ 304.620404][ T4344] gspca_main: se401-2.14.0 probing 047d:5003 [ 304.737240][ T4400] usb 5-1: USB disconnect, device number 13 [ 304.755503][T11143] BTRFS info (device loop3): enabling ssd optimizations [ 304.776982][T11143] BTRFS info (device loop3): rebuilding free space tree [ 304.830313][T11143] BTRFS info (device loop3): disabling free space tree [ 304.847494][T11143] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 304.869768][ T4379] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 304.885158][T11143] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 304.947697][T11198] loop2: detected capacity change from 0 to 8 [ 305.049789][T11143] BTRFS info (device loop3): balance: start -sprofiles=data|system|metadata|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,usage=4,usage=4..0,devid=0,drange=9223372036854776319..7,limit=20030,limit=20030..0 [ 305.073479][ T4379] usb 1-1: Using ep0 maxpacket: 16 [ 305.079285][ T4344] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 305.081961][ T4379] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.107672][ T4344] se401: probe of 2-1:0.0 failed with error -71 [ 305.113171][ T4379] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 305.138503][ T4344] usb 2-1: USB disconnect, device number 9 [ 305.162919][T11143] BTRFS info (device loop3): balance: ended with status: 0 [ 305.209780][ T4379] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 305.249804][ T4379] usb 1-1: config 0 interface 0 has no altsetting 0 [ 305.269257][ T4379] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 305.290658][ T4379] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.301719][ T4379] usb 1-1: Product: syz [ 305.305976][ T4379] usb 1-1: Manufacturer: syz [ 305.319688][ T4379] usb 1-1: SerialNumber: syz [ 305.331806][ T4379] usb 1-1: config 0 descriptor?? [ 305.387395][ T4278] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 305.629561][T11203] loop4: detected capacity change from 0 to 8192 [ 305.700219][T11203] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 305.792850][ T5564] usb 1-1: USB disconnect, device number 14 [ 305.824984][T11203] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 305.871118][T11203] REISERFS (device loop4): using ordered data mode [ 305.878111][T11203] reiserfs: using flush barriers [ 305.916686][T11203] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 305.976570][T11203] REISERFS (device loop4): checking transaction log (loop4) [ 306.279130][T11231] xt_hashlimit: max too large, truncated to 1048576 [ 306.349347][T11203] REISERFS (device loop4): Using tea hash to sort names [ 306.384788][T11203] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 306.643320][T11238] loop0: detected capacity change from 0 to 512 [ 306.699191][T11238] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 306.711233][T11238] ext4 filesystem being mounted at /622/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 306.807611][T11248] libceph: resolve '40.' (ret=-3): failed [ 306.912047][T11238] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.3132: corrupted xattr block 19 [ 306.995774][T11238] EXT4-fs (loop0): Remounting filesystem read-only [ 307.017149][ T26] audit: type=1400 audit(1756226091.658:120): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=11252 comm="syz.2.3140" [ 307.169955][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 307.464777][T11267] loop3: detected capacity change from 0 to 256 [ 307.491270][T11267] exfat: Deprecated parameter 'namecase' [ 307.509760][T11267] exfat: Deprecated parameter 'namecase' [ 307.543303][T11267] exfat: Deprecated parameter 'utf8' [ 307.594610][T11267] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d) [ 307.848823][T11277] loop0: detected capacity change from 0 to 128 [ 307.948563][T11280] tmpfs: Bad value for 'mpol' [ 307.969754][T11277] FAT-fs (loop0): bogus number of reserved sectors [ 308.000014][T11277] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 308.039198][T11277] FAT-fs (loop0): Can't find a valid FAT filesystem [ 308.126432][T11283] loop2: detected capacity change from 0 to 1764 [ 308.154510][T11277] loop0: detected capacity change from 0 to 128 [ 308.266054][T11283] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 308.372421][T11255] loop1: detected capacity change from 0 to 32768 [ 308.426318][T11287] loop4: detected capacity change from 0 to 4096 [ 308.481197][T11287] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 308.555047][T11255] XFS (loop1): Mounting V5 Filesystem [ 308.658906][T11255] XFS (loop1): Ending clean mount [ 308.719014][T11255] XFS (loop1): Quotacheck needed: Please wait. [ 308.814125][T11255] XFS (loop1): Quotacheck: Done. [ 309.034119][ T4266] XFS (loop1): Unmounting Filesystem [ 309.599049][T11291] loop3: detected capacity change from 0 to 32768 [ 309.654263][T11291] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 309.781313][T11303] loop2: detected capacity change from 0 to 32768 [ 309.790854][T11319] loop1: detected capacity change from 0 to 4096 [ 309.804219][T11319] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 309.852014][T11303] (syz.2.3162,11303,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 309.933883][T11319] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 309.941377][T11303] (syz.2.3162,11303,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 310.034331][T11303] JBD2: Ignoring recovery information on journal [ 310.210439][ T5275] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 310.250638][T11303] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 310.374236][T11333] loop0: detected capacity change from 0 to 4096 [ 310.432809][T11340] loop4: detected capacity change from 0 to 65 [ 310.514803][T11340] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway [ 310.895788][ T4270] ocfs2: Unmounting device (7,2) on (node local) [ 311.452000][T11360] loop0: detected capacity change from 0 to 1024 [ 311.723174][ T1076] hfsplus: b-tree write err: -5, ino 4 [ 311.734177][T11372] loop3: detected capacity change from 0 to 1024 [ 312.096830][T11379] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3196'. [ 312.186629][T11382] comedi comedi0: dt2815: I/O port conflict (0x3,2) [ 312.255382][T11384] loop4: detected capacity change from 0 to 512 [ 312.317265][T11384] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 312.532951][T11392] netlink: 'syz.2.3203': attribute type 10 has an invalid length. [ 312.560828][T11392] device veth0_macvtap left promiscuous mode [ 312.627721][T11392] batman_adv: batadv0: Adding interface: macvtap0 [ 312.656359][T11392] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.715223][T11392] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 312.798395][T11398] loop4: detected capacity change from 0 to 4096 [ 312.860859][T11398] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 312.940241][T11398] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 313.025443][T11398] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 313.059393][T11404] loop2: detected capacity change from 0 to 1024 [ 313.072756][T11398] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 313.119884][T11398] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 313.161368][T11398] ntfs: volume version 3.1. [ 313.169165][T11404] hfsplus: trying to free free bnode 0(1) [ 313.224842][T11398] ntfs: (device loop4): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 313.279120][T11398] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 313.279181][ T1204] hfsplus: b-tree write err: -5, ino 4 [ 313.339957][T11398] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 313.386003][T11398] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 313.449802][T11398] ntfs: (device loop4): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 313.601213][T11397] loop3: detected capacity change from 0 to 32768 [ 313.643659][T11397] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.3205 (11397) [ 313.718822][T11412] loop0: detected capacity change from 0 to 8 [ 313.743529][T11397] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 313.762291][T11397] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 313.795668][T11397] BTRFS info (device loop3): setting nodatacow, compression disabled [ 313.805669][T11397] BTRFS info (device loop3): max_inline at 0 [ 313.855098][T11397] BTRFS info (device loop3): enabling disk space caching [ 313.885384][T11397] BTRFS info (device loop3): turning off barriers [ 313.939793][T11397] BTRFS info (device loop3): turning on flush-on-commit [ 313.959729][T11397] BTRFS info (device loop3): doing ref verification [ 313.995316][T11397] BTRFS info (device loop3): force clearing of disk cache [ 314.007378][T11416] loop4: detected capacity change from 0 to 512 [ 314.025614][T11397] BTRFS info (device loop3): enabling ssd optimizations [ 314.042605][T11397] BTRFS info (device loop3): max_inline at 4096 [ 314.042633][T11397] BTRFS info (device loop3): disk space caching is enabled [ 314.057259][T11416] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 314.155473][T11402] loop1: detected capacity change from 0 to 32768 [ 314.215586][T11416] EXT4-fs (loop4): 1 truncate cleaned up [ 314.246175][T11416] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 314.297861][T11402] I/O error, dev loop14, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 314.308305][T11402] lbmIODone: I/O error in JFS log [ 314.317440][T11402] *** Log Format Error ! *** [ 314.323516][T11402] lmLogInit: exit(-22) [ 314.327937][T11402] lmLogOpen: exit(-22) [ 314.344441][T11416] EXT4-fs (loop4): unmounting filesystem. [ 314.512598][T11397] BTRFS info (device loop3): rebuilding free space tree [ 314.609921][T11397] BTRFS info (device loop3): disabling free space tree [ 314.618498][T11397] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 314.674707][T11397] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 315.159859][ T5564] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 315.329157][ T4278] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 315.375627][ T5564] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 315.407049][ T5564] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.438105][ T5564] usb 3-1: Product: syz [ 315.443474][ T5564] usb 3-1: Manufacturer: syz [ 315.458812][ T5564] usb 3-1: SerialNumber: syz [ 315.471969][T11471] ieee802154 phy0 wpan0: encryption failed: -22 [ 315.479485][ T5564] usb 3-1: config 0 descriptor?? [ 315.598324][T11473] loop0: detected capacity change from 0 to 512 [ 315.621383][T11475] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 315.724970][ T5564] hso 3-1:0.0: Can't find BULK IN endpoint [ 315.733348][ T5564] usb-storage 3-1:0.0: USB Mass Storage device detected [ 315.762286][T11473] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 315.829183][T11473] ext4 filesystem being mounted at /650/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.983841][T11473] EXT4-fs error (device loop0): ext4_get_first_dir_block:3583: inode #12: comm syz.0.3235: Attempting to read directory block (0) that is past i_size (3) [ 316.006743][T11490] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3239'. [ 316.049143][ T5564] usb 3-1: USB disconnect, device number 9 [ 316.107313][T11473] EXT4-fs (loop0): Remounting filesystem read-only [ 316.316465][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 316.738664][T11512] loop0: detected capacity change from 0 to 512 [ 316.880144][T11512] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 316.942387][T11512] EXT4-fs (loop0): 1 truncate cleaned up [ 316.989996][T11512] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 317.034033][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.040467][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.160259][T11512] EXT4-fs error (device loop0): ext4_find_dest_de:2115: inode #2: block 13: comm syz.0.3248: bad entry in directory: '.' directory cannot be the last in data block - offset=0, inode=2, rec_len=1024, size=1024 fake=1 [ 317.417824][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 317.940383][T11554] loop3: detected capacity change from 0 to 1024 [ 317.960755][T11554] EXT4-fs: Ignoring removed nomblk_io_submit option [ 318.021429][T11554] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 318.075990][T11554] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 318.099730][T11554] System zones: 0-1, 3-36 [ 318.167146][T11554] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 318.225760][T11542] loop4: detected capacity change from 0 to 32768 [ 318.270709][T11542] (syz.4.3265,11542,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 318.339229][T11542] (syz.4.3265,11542,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 318.446876][T11542] JBD2: Ignoring recovery information on journal [ 318.516252][ T4278] EXT4-fs (loop3): unmounting filesystem. [ 318.732515][T11542] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 319.048237][T11587] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3284'. [ 319.080019][T11589] loop1: detected capacity change from 0 to 64 [ 319.095836][ T4274] ocfs2: Unmounting device (7,4) on (node local) [ 319.100207][T11591] loop0: detected capacity change from 0 to 64 [ 319.234261][T11591] syz.0.3287: attempt to access beyond end of device [ 319.234261][T11591] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 319.308365][T11591] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 319.396568][T11591] syz.0.3287: attempt to access beyond end of device [ 319.396568][T11591] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 319.477053][T11591] Buffer I/O error on dev loop0, logical block 134217734, async page read [ 319.684032][T11597] loop2: detected capacity change from 0 to 8192 [ 319.692932][T11597] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 319.706973][T11597] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 319.716829][T11597] REISERFS (device loop2): using ordered data mode [ 319.729957][T11597] reiserfs: using flush barriers [ 319.749917][T11597] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 319.820731][T11597] REISERFS (device loop2): checking transaction log (loop2) [ 319.936212][T11612] loop3: detected capacity change from 0 to 512 [ 319.995195][T11597] REISERFS (device loop2): Using tea hash to sort names [ 320.010901][T11612] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 320.029910][T11612] ext4 filesystem being mounted at /661/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 320.107797][T11597] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 320.115759][T11612] EXT4-fs error (device loop3): ext4_get_first_dir_block:3583: inode #12: comm syz.3.3296: Attempting to read directory block (0) that is past i_size (3) [ 320.183931][T11612] EXT4-fs (loop3): Remounting filesystem read-only [ 320.319708][ T4310] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 320.350526][ T4278] EXT4-fs (loop3): unmounting filesystem. [ 320.492363][T11627] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3302'. [ 320.513486][ T4310] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.539504][ T4310] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 320.558985][ T4310] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 320.578434][ T4310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.614124][ T4310] usb 2-1: config 0 descriptor?? [ 321.045527][T11645] loop0: detected capacity change from 0 to 256 [ 321.071366][ T4310] Bluetooth: Can't get state to change to load configuration err [ 321.114915][ T4310] Bluetooth: Loading sysconfig file failed [ 321.125166][T11645] FAT-fs (loop0): Directory bread(block 64) failed [ 321.129680][ T4310] ath3k: probe of 2-1:0.0 failed with error -16 [ 321.161015][ T4310] usb 2-1: USB disconnect, device number 10 [ 321.173492][T11645] FAT-fs (loop0): Directory bread(block 65) failed [ 321.210025][T11645] FAT-fs (loop0): Directory bread(block 66) failed [ 321.236555][T11645] FAT-fs (loop0): Directory bread(block 67) failed [ 321.279869][T11645] FAT-fs (loop0): Directory bread(block 68) failed [ 321.295097][T11645] FAT-fs (loop0): Directory bread(block 69) failed [ 321.360104][T11645] FAT-fs (loop0): Directory bread(block 70) failed [ 321.403131][T11645] FAT-fs (loop0): Directory bread(block 71) failed [ 321.456316][T11645] FAT-fs (loop0): Directory bread(block 72) failed [ 321.477483][T11645] FAT-fs (loop0): Directory bread(block 73) failed [ 321.478010][T11659] loop2: detected capacity change from 0 to 16 [ 321.523220][T11659] erofs: (device loop2): mounted with root inode @ nid 36. [ 321.643482][T11661] syz.3.3320 (11661): drop_caches: 2 [ 322.580432][T11685] ipt_REJECT: TCP_RESET invalid for non-tcp [ 322.631660][T11657] loop4: detected capacity change from 0 to 32768 [ 322.785750][T11657] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 322.806039][T11657] XFS (loop4): Mounting V5 Filesystem [ 323.021059][T11657] XFS (loop4): Ending clean mount [ 323.056860][T11657] XFS (loop4): Quotacheck needed: Please wait. [ 323.114531][T11705] netlink: 140 bytes leftover after parsing attributes in process `syz.2.3338'. [ 323.160510][T11657] XFS (loop4): Quotacheck: Done. [ 323.305429][T11709] loop0: detected capacity change from 0 to 64 [ 323.339549][T11709] hfs: unable to locate alternate MDB [ 323.392434][ T4274] XFS (loop4): Unmounting Filesystem [ 323.398506][T11709] hfs: continuing without an alternate MDB [ 323.857825][T11720] overlayfs: conflicting options: nfs_export=on,index=off [ 324.551821][T11743] loop4: detected capacity change from 0 to 16 [ 324.574813][T11743] erofs: (device loop4): mounted with root inode @ nid 36. [ 324.926127][T11755] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3364'. [ 324.955842][T11757] loop4: detected capacity change from 0 to 1024 [ 325.066333][T11757] hfsplus: keylen 65060 too large [ 325.089842][T11761] ieee802154 phy0 wpan0: encryption failed: -22 [ 325.098797][T11725] loop1: detected capacity change from 0 to 32768 [ 325.100238][T11757] hfsplus: keylen 65060 too large [ 325.164309][T11725] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.3349 (11725) [ 325.238350][T11725] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 325.276624][T11725] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 325.299054][T11764] loop3: detected capacity change from 0 to 1764 [ 325.343319][T11725] BTRFS info (device loop1): setting nodatacow, compression disabled [ 325.372503][T11725] BTRFS info (device loop1): max_inline at 0 [ 325.378586][T11725] BTRFS info (device loop1): enabling disk space caching [ 325.472252][T11725] BTRFS info (device loop1): turning off barriers [ 325.478780][T11725] BTRFS info (device loop1): turning on flush-on-commit [ 325.519727][T11725] BTRFS info (device loop1): doing ref verification [ 325.526494][T11725] BTRFS info (device loop1): force clearing of disk cache [ 325.541949][T11725] BTRFS info (device loop1): enabling ssd optimizations [ 325.590329][T11725] BTRFS info (device loop1): max_inline at 4096 [ 325.596690][T11725] BTRFS info (device loop1): disk space caching is enabled [ 326.020198][T11725] BTRFS info (device loop1): rebuilding free space tree [ 326.053306][T11725] BTRFS info (device loop1): disabling free space tree [ 326.061517][T11725] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 326.071796][T11725] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 326.103654][T11808] netlink: 'syz.4.3380': attribute type 10 has an invalid length. [ 326.222572][T11808] team0: Device hsr_slave_0 failed to register rx_handler [ 326.263232][T11222] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 326.410564][ T4266] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 326.459876][T11222] usb 4-1: Using ep0 maxpacket: 8 [ 326.468609][T11222] usb 4-1: config 4 has an invalid interface number: 244 but max is 0 [ 326.529080][T11222] usb 4-1: config 4 has no interface number 0 [ 326.555471][T11222] usb 4-1: config 4 interface 244 altsetting 1 endpoint 0x1 has an invalid bInterval 41, changing to 7 [ 326.610744][T11222] usb 4-1: config 4 interface 244 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0 [ 326.611552][ T4385] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 12 /dev/loop1 scanned by udevd (4385) [ 326.648038][T11222] usb 4-1: config 4 interface 244 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 0 [ 326.691782][T11222] usb 4-1: config 4 interface 244 has no altsetting 0 [ 326.732979][T11222] usb 4-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa [ 326.755328][T11222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.764181][T11222] usb 4-1: Product: syz [ 326.768495][T11222] usb 4-1: Manufacturer: syz [ 326.789119][T11222] usb 4-1: SerialNumber: syz [ 327.035586][T11222] ipheth 4-1:4.244: Unable to find endpoints [ 327.085275][T11222] usb 4-1: USB disconnect, device number 15 [ 327.091547][T11217] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 327.291458][T11217] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 327.310441][T11217] usb 1-1: config 0 has no interface number 0 [ 327.320076][T11217] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=91.6f [ 327.337787][T11217] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.368325][T11217] usb 1-1: config 0 descriptor?? [ 327.599307][T11217] RobotFuzz Open Source InterFace, OSIF 1-1:0.200: version 91.6f found at bus 001 address 015 [ 327.815020][ T4317] usb 1-1: USB disconnect, device number 15 [ 329.927632][T11873] loop2: detected capacity change from 0 to 40427 [ 329.968763][T11873] F2FS-fs (loop2): invalid crc value [ 330.048311][T11873] F2FS-fs (loop2): Found nat_bits in checkpoint [ 330.080102][T11930] netlink: 'syz.4.3439': attribute type 5 has an invalid length. [ 330.202654][T11935] xt_bpf: check failed: parse error [ 330.230000][T11936] vivid-007: disconnect [ 330.237309][T11932] vivid-007: reconnect [ 330.274377][T11873] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 330.310094][T11873] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 330.328310][T11873] F2FS-fs (loop2): Start checkpoint disabled! [ 330.414534][T11873] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 330.682684][T11946] loop0: detected capacity change from 0 to 8 [ 330.776767][T11946] SQUASHFS error: lzo decompression failed, data probably corrupt [ 330.819909][T11946] SQUASHFS error: Failed to read block 0x0: -5 [ 330.846838][T11946] SQUASHFS error: lzo decompression failed, data probably corrupt [ 330.882246][T11946] SQUASHFS error: Failed to read block 0x0: -5 [ 330.959792][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 330.959807][ T26] audit: type=1800 audit(1756226115.598:121): pid=11946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3446" name="file2" dev="loop0" ino=3 res=0 errno=0 [ 331.264201][T11964] loop3: detected capacity change from 0 to 1024 [ 331.325295][T11964] EXT4-fs: Ignoring removed oldalloc option [ 331.365232][T11964] EXT4-fs: Ignoring removed orlov option [ 331.464969][T11970] loop4: detected capacity change from 0 to 1024 [ 331.474949][T11974] x_tables: duplicate underflow at hook 2 [ 331.483937][T11964] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 331.567422][T11970] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 331.721693][T11970] EXT4-fs error (device loop4): ext4_generic_delete_entry:2729: inode #2: block 16: comm syz.4.3458: bad entry in directory: inode out of bounds - offset=12, inode=1282, rec_len=12, size=1024 fake=1 [ 331.856427][T11988] netlink: 'syz.2.3464': attribute type 1 has an invalid length. [ 331.866341][ T4278] EXT4-fs (loop3): unmounting filesystem. [ 331.872310][T11970] EXT4-fs error (device loop4) in ext4_delete_entry:2800: Corrupt filesystem [ 331.872618][T11970] EXT4-fs warning (device loop4): ext4_rename_delete:3778: inode #2: comm syz.4.3458: Deleting old file: nlink 4, error=-117 [ 332.074608][ T4274] EXT4-fs (loop4): unmounting filesystem. [ 332.509489][T12007] ieee802154 phy0 wpan0: encryption failed: -22 [ 333.066728][T11993] loop1: detected capacity change from 0 to 32768 [ 333.100697][T11993] (syz.1.3468,11993,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 333.130979][T12029] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3486'. [ 333.149877][T11993] (syz.1.3468,11993,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 333.199998][ T22] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 333.246478][T11993] JBD2: Ignoring recovery information on journal [ 333.330537][T11993] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 333.345027][T12035] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 333.355914][ T1076] bond0: (slave bond_slave_0): interface is now down [ 333.389695][ T1076] bond0: (slave bond_slave_1): interface is now down [ 333.400159][ T22] usb 5-1: Using ep0 maxpacket: 32 [ 333.408205][ T22] usb 5-1: unable to get BOS descriptor or descriptor too short [ 333.459836][ T22] usb 5-1: config 11 has an invalid interface number: 4 but max is 0 [ 333.468097][ T22] usb 5-1: config 11 has no interface number 0 [ 333.478140][ T1076] bond0: now running without any active interface! [ 333.500176][ T22] usb 5-1: config 11 interface 4 altsetting 4 endpoint 0x4 has invalid maxpacket 1088, setting to 64 [ 333.542528][ T22] usb 5-1: config 11 interface 4 has no altsetting 0 [ 333.577906][ T22] usb 5-1: New USB device found, idVendor=0e8d, idProduct=0043, bcdDevice=63.58 [ 333.593529][ T51] bridge0: port 3(bond0) entered disabled state [ 333.622344][ T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.623387][ T4266] ocfs2: Unmounting device (7,1) on (node local) [ 333.637733][ T22] usb 5-1: Product: syz [ 333.661884][ T22] usb 5-1: Manufacturer: syz [ 333.666561][ T22] usb 5-1: SerialNumber: syz [ 333.921862][ T22] option 5-1:11.4: GSM modem (1-port) converter detected [ 333.957342][ T22] usb 5-1: USB disconnect, device number 14 [ 333.985974][ T22] option 5-1:11.4: device disconnected [ 334.095873][T12051] loop0: detected capacity change from 0 to 764 [ 334.162989][T12051] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 334.694011][ T26] audit: type=1326 audit(1756226119.338:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12072 comm="syz.1.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 334.817351][ T26] audit: type=1326 audit(1756226119.378:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12072 comm="syz.1.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 334.885909][ T26] audit: type=1326 audit(1756226119.378:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12072 comm="syz.1.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 334.965264][ T26] audit: type=1326 audit(1756226119.378:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12072 comm="syz.1.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b87d8ebe9 code=0x7ffc0000 [ 335.153459][ T22] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 335.248333][T12086] vim2m vim2m.0: Fourcc format (0x56595559) invalid. [ 335.359732][ T22] usb 5-1: Using ep0 maxpacket: 16 [ 335.383258][ T22] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 335.440201][ T22] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 335.440238][ T22] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 335.441551][ T22] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 335.441579][ T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 335.441600][ T22] usb 5-1: SerialNumber: syz [ 335.471074][ T22] hub 5-1:1.0: bad descriptor, ignoring hub [ 335.471105][ T22] hub: probe of 5-1:1.0 failed with error -5 [ 335.471628][ T22] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 335.810239][T11222] usb 5-1: USB disconnect, device number 15 [ 335.817108][T12078] loop3: detected capacity change from 0 to 32768 [ 335.937977][T12078] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 335.960363][T12078] XFS (loop3): Mounting V5 Filesystem [ 336.055830][T12118] loop1: detected capacity change from 0 to 1024 [ 336.196823][T12078] XFS (loop3): Ending clean mount [ 336.246082][T12078] XFS (loop3): Quotacheck needed: Please wait. [ 336.388696][T12078] XFS (loop3): Quotacheck: Done. [ 336.547532][ T4278] XFS (loop3): Unmounting Filesystem [ 336.957222][T12136] loop4: detected capacity change from 0 to 64 [ 337.445198][T12120] loop0: detected capacity change from 0 to 32768 [ 337.579002][T12120] jfs_lookup: iget failed on inum 4 [ 337.608123][T12120] jfs_lookup: iget failed on inum 4 [ 338.213710][T12138] loop2: detected capacity change from 0 to 32768 [ 338.291265][T12138] ERROR: (device loop2): dbAlloc: the hint is outside the map [ 338.291265][T12138] [ 338.340417][T12138] ialloc: diAlloc returned -5! [ 338.380926][T12140] loop1: detected capacity change from 0 to 32768 [ 338.505135][T12140] XFS (loop1): Mounting V5 Filesystem [ 338.747808][T12140] XFS (loop1): Ending clean mount [ 338.769182][T12140] XFS (loop1): Quotacheck needed: Please wait. [ 338.831205][T12181] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3552'. [ 338.838713][T12177] loop2: detected capacity change from 0 to 4096 [ 338.888747][T12140] XFS (loop1): Quotacheck: Done. [ 338.974541][T12177] ntfs: volume version 3.1. [ 339.050496][ T4266] XFS (loop1): Unmounting Filesystem [ 339.056915][T12183] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3553'. [ 339.106685][T12156] loop0: detected capacity change from 0 to 32768 [ 339.318227][T12156] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 339.399460][T12156] XFS (loop0): Mounting V5 Filesystem [ 339.657672][T12156] XFS (loop0): Ending clean mount [ 339.667694][T12156] XFS (loop0): Quotacheck needed: Please wait. [ 339.743391][T12201] trusted_key: encrypted_key: key trusted:s)’yz not found [ 339.791085][T12156] XFS (loop0): Quotacheck: Done. [ 339.899042][T12205] loop4: detected capacity change from 0 to 128 [ 339.914230][T12205] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 340.131942][T12196] loop3: detected capacity change from 0 to 32768 [ 340.139259][ T4276] XFS (loop0): Unmounting Filesystem [ 340.226247][T12212] loop1: detected capacity change from 0 to 256 [ 340.258385][T12196] XFS (loop3): Mounting V5 Filesystem [ 340.343770][T12223] loop4: detected capacity change from 0 to 512 [ 340.402682][T12196] XFS (loop3): Ending clean mount [ 340.425920][T12223] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 340.453656][T12196] XFS (loop3): Quotacheck needed: Please wait. [ 340.500161][T12223] ext4 filesystem being mounted at /706/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 340.534096][T12223] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #4: comm syz.4.3566: corrupted inode contents [ 340.597105][T12196] XFS (loop3): Quotacheck: Done. [ 340.607707][T12223] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #4: comm syz.4.3566: mark_inode_dirty error [ 340.698545][T12223] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #4: comm syz.4.3566: corrupted inode contents [ 340.802777][T12223] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #4: comm syz.4.3566: mark_inode_dirty error [ 340.864430][ T4278] XFS (loop3): Unmounting Filesystem [ 340.923411][T12223] Quota error (device loop4): write_blk: dquota write failed [ 340.967671][T12223] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 341.024915][T12223] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.3566: Failed to acquire dquot type 1 [ 341.208230][ T4274] EXT4-fs (loop4): unmounting filesystem. [ 342.159018][T12269] vivid-004: disconnect [ 342.166672][T12266] vivid-004: reconnect [ 342.850642][T12294] loop1: detected capacity change from 0 to 1024 [ 342.884324][T12296] trusted_key: encrypted_key: key trusted:s)’yz not found [ 342.907734][T12299] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3597'. [ 343.212033][ T5293] hfsplus: b-tree write err: -5, ino 8 [ 343.231936][T12307] loop0: detected capacity change from 0 to 128 [ 343.285568][T12307] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 343.450385][T12309] loop1: detected capacity change from 0 to 256 [ 343.460855][T12309] exfat: Deprecated parameter 'namecase' [ 343.477682][T12309] exfat: Deprecated parameter 'namecase' [ 343.506319][T12309] exfat: Deprecated parameter 'namecase' [ 343.538284][T12309] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 343.812148][T12317] loop4: detected capacity change from 0 to 16 [ 343.863091][T12292] loop2: detected capacity change from 0 to 32768 [ 343.889933][T12317] erofs: (device loop4): mounted with root inode @ nid 36. [ 343.926235][T12323] tipc: Invalid UDP bearer configuration [ 343.926280][T12323] tipc: Enabling of bearer rejected, failed to enable media [ 343.943096][T12317] erofs: (device loop4): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 343.955205][T12292] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 343.976469][ T4273] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -33 in[4096, 0] out[8192] [ 343.987710][T12317] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -33 in[4096, 0] out[4096] [ 344.018200][ T26] audit: type=1800 audit(1756226128.648:126): pid=12317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3605" name="file3" dev="loop4" ino=89 res=0 errno=0 [ 344.408282][ T4385] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 344.907941][T12324] loop0: detected capacity change from 0 to 32768 [ 345.051334][T12324] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 345.114878][T12361] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3625'. [ 345.134944][T12357] loop2: detected capacity change from 0 to 2048 [ 345.148101][T12357] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 345.188956][T12324] (syz.0.3608,12324,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=0, inode=3298534883393, rec_len=0, name_len=1 [ 345.269907][T12324] (syz.0.3608,12324,0):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 345.295630][T12324] (syz.0.3608,12324,0):ocfs2_mknod:298 ERROR: status = -2 [ 345.336195][T12324] (syz.0.3608,12324,0):ocfs2_mknod:502 ERROR: status = -2 [ 345.395307][T12324] (syz.0.3608,12324,0):ocfs2_create:676 ERROR: status = -2 [ 345.571611][ T4276] ocfs2: Unmounting device (7,0) on (node local) [ 345.644168][T12370] loop4: detected capacity change from 0 to 2048 [ 345.703159][T12370] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 345.757673][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3632'. [ 346.002153][T12378] loop2: detected capacity change from 0 to 64 [ 346.134037][T12378] [ 346.136424][T12378] ====================================================== [ 346.143485][T12378] WARNING: possible circular locking dependency detected [ 346.150610][T12378] 6.1.148-syzkaller #0 Not tainted [ 346.155744][T12378] ------------------------------------------------------ [ 346.162888][T12378] syz.2.3633/12378 is trying to acquire lock: [ 346.168972][T12378] ffff8880728e75f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xd7/0x1280 [ 346.179815][T12378] [ 346.179815][T12378] but task is already holding lock: [ 346.187210][T12378] ffff8880511340b0 (&tree->tree_lock#2/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 346.196797][T12378] [ 346.196797][T12378] which lock already depends on the new lock. [ 346.196797][T12378] [ 346.207250][T12378] [ 346.207250][T12378] the existing dependency chain (in reverse order) is: [ 346.216291][T12378] [ 346.216291][T12378] -> #1 (&tree->tree_lock#2/1){+.+.}-{3:3}: [ 346.224514][T12378] __mutex_lock+0x120/0xaf0 [ 346.229583][T12378] hfs_find_init+0x15b/0x1d0 [ 346.234745][T12378] hfs_extend_file+0x2eb/0x1280 [ 346.240181][T12378] hfs_bmap_reserve+0x103/0x420 [ 346.245773][T12378] hfs_cat_move+0x18a/0xc80 [ 346.250836][T12378] hfs_rename+0x22c/0x320 [ 346.255807][T12378] vfs_rename+0xbbf/0x10d0 [ 346.260781][T12378] do_renameat2+0x89d/0xc70 [ 346.265849][T12378] __x64_sys_rename+0x82/0x90 [ 346.271098][T12378] do_syscall_64+0x4c/0xa0 [ 346.276265][T12378] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 346.282909][T12378] [ 346.282909][T12378] -> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}: [ 346.292426][T12378] __lock_acquire+0x2cf8/0x7c50 [ 346.297966][T12378] lock_acquire+0x1b4/0x490 [ 346.303035][T12378] __mutex_lock+0x120/0xaf0 [ 346.308099][T12378] hfs_extend_file+0xd7/0x1280 [ 346.313422][T12378] hfs_bmap_reserve+0x103/0x420 [ 346.318860][T12378] __hfs_ext_write_extent+0x1fa/0x470 [ 346.324792][T12378] hfs_ext_write_extent+0x15e/0x1e0 [ 346.330565][T12378] hfs_write_inode+0x8e/0x970 [ 346.335890][T12378] __writeback_single_inode+0x75b/0x1160 [ 346.342448][T12378] writeback_single_inode+0x221/0x8b0 [ 346.348346][T12378] write_inode_now+0x15d/0x1d0 [ 346.353629][T12378] hfs_file_fsync+0xa3/0x140 [ 346.358852][T12378] generic_file_write_iter+0x25d/0x2e0 [ 346.364827][T12378] vfs_write+0x44c/0x960 [ 346.369690][T12378] ksys_write+0x143/0x240 [ 346.374649][T12378] do_syscall_64+0x4c/0xa0 [ 346.379586][T12378] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 346.386015][T12378] [ 346.386015][T12378] other info that might help us debug this: [ 346.386015][T12378] [ 346.396251][T12378] Possible unsafe locking scenario: [ 346.396251][T12378] [ 346.403725][T12378] CPU0 CPU1 [ 346.409205][T12378] ---- ---- [ 346.414602][T12378] lock(&tree->tree_lock#2/1); [ 346.419556][T12378] lock(&HFS_I(tree->inode)->extents_lock); [ 346.428092][T12378] lock(&tree->tree_lock#2/1); [ 346.435504][T12378] lock(&HFS_I(tree->inode)->extents_lock); [ 346.441507][T12378] [ 346.441507][T12378] *** DEADLOCK *** [ 346.441507][T12378] [ 346.449741][T12378] 4 locks held by syz.2.3633/12378: [ 346.454962][T12378] #0: ffff888030f1ed68 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2ae/0x360 [ 346.464189][T12378] #1: ffff88801c2d0460 (sb_writers#15){.+.+}-{0:0}, at: vfs_write+0x256/0x960 [ 346.473337][T12378] #2: ffff8880728e5da8 (&sb->s_type->i_mutex_key#23){+.+.}-{3:3}, at: hfs_file_fsync+0x99/0x140 [ 346.483865][T12378] #3: ffff8880511340b0 (&tree->tree_lock#2/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 346.493804][T12378] [ 346.493804][T12378] stack backtrace: [ 346.499694][T12378] CPU: 1 PID: 12378 Comm: syz.2.3633 Not tainted 6.1.148-syzkaller #0 [ 346.507863][T12378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 346.517922][T12378] Call Trace: [ 346.521204][T12378] [ 346.524135][T12378] dump_stack_lvl+0x168/0x22e [ 346.528854][T12378] ? load_image+0x3b0/0x3b0 [ 346.533364][T12378] ? show_regs_print_info+0x12/0x12 [ 346.538576][T12378] ? print_circular_bug+0x12b/0x1a0 [ 346.543793][T12378] check_noncircular+0x274/0x310 [ 346.548791][T12378] ? add_chain_block+0x940/0x940 [ 346.553734][T12378] ? lockdep_lock+0xdc/0x1e0 [ 346.558321][T12378] ? _find_first_zero_bit+0xcf/0x100 [ 346.563608][T12378] __lock_acquire+0x2cf8/0x7c50 [ 346.568470][T12378] ? is_bpf_text_address+0x28b/0x2a0 [ 346.573764][T12378] ? verify_lock_unused+0x140/0x140 [ 346.579045][T12378] ? stack_trace_save+0x98/0xe0 [ 346.584327][T12378] ? stack_trace_snprint+0xf0/0xf0 [ 346.589447][T12378] ? check_noncircular+0x16f/0x310 [ 346.594587][T12378] ? add_chain_block+0x940/0x940 [ 346.599551][T12378] lock_acquire+0x1b4/0x490 [ 346.604071][T12378] ? hfs_extend_file+0xd7/0x1280 [ 346.609052][T12378] ? __might_sleep+0xd0/0xd0 [ 346.614196][T12378] ? read_lock_is_recursive+0x10/0x10 [ 346.619587][T12378] __mutex_lock+0x120/0xaf0 [ 346.624290][T12378] ? hfs_extend_file+0xd7/0x1280 [ 346.629251][T12378] ? verify_lock_unused+0x140/0x140 [ 346.634451][T12378] ? hfs_extend_file+0xd7/0x1280 [ 346.639382][T12378] ? mutex_lock_nested+0x10/0x10 [ 346.644320][T12378] ? __stack_depot_save+0x421/0x460 [ 346.649520][T12378] hfs_extend_file+0xd7/0x1280 [ 346.654309][T12378] ? hfs_ext_write_extent+0x131/0x1e0 [ 346.659673][T12378] ? hfs_write_inode+0x8e/0x970 [ 346.664523][T12378] ? hfs_get_block+0xbd0/0xbd0 [ 346.669289][T12378] ? trace_raw_output_contention_end+0xd0/0xd0 [ 346.675441][T12378] ? rcu_is_watching+0x11/0xa0 [ 346.680205][T12378] ? trace_contention_end+0x5f/0x170 [ 346.685504][T12378] ? __mutex_lock+0x19e/0xaf0 [ 346.690187][T12378] ? hfs_brec_find+0x18b/0x500 [ 346.694968][T12378] hfs_bmap_reserve+0x103/0x420 [ 346.699815][T12378] __hfs_ext_write_extent+0x1fa/0x470 [ 346.705703][T12378] hfs_ext_write_extent+0x15e/0x1e0 [ 346.711248][T12378] ? verify_lock_unused+0x140/0x140 [ 346.716442][T12378] ? hfs_ext_keycmp+0x310/0x310 [ 346.721303][T12378] ? folio_batch_move_lru+0x56e/0x6a0 [ 346.726674][T12378] hfs_write_inode+0x8e/0x970 [ 346.731354][T12378] ? hfs_release_folio+0x500/0x500 [ 346.736480][T12378] ? hfs_inode_write_fork+0x1a0/0x1a0 [ 346.741850][T12378] ? __writeback_single_inode+0x4ae/0x1160 [ 346.747662][T12378] ? __lock_acquire+0x7c50/0x7c50 [ 346.752693][T12378] ? do_raw_spin_lock+0x11d/0x280 [ 346.757732][T12378] ? __rwlock_init+0x140/0x140 [ 346.762498][T12378] ? __lock_acquire+0x7c50/0x7c50 [ 346.767521][T12378] __writeback_single_inode+0x75b/0x1160 [ 346.773157][T12378] writeback_single_inode+0x221/0x8b0 [ 346.778534][T12378] ? write_inode_now+0x1d0/0x1d0 [ 346.783478][T12378] ? errseq_check+0x3c/0x70 [ 346.787976][T12378] write_inode_now+0x15d/0x1d0 [ 346.792736][T12378] ? bdi_split_work_to_wbs+0x890/0x890 [ 346.798193][T12378] ? clear_nonspinnable+0x60/0x60 [ 346.803211][T12378] ? rwsem_write_trylock+0x12f/0x1b0 [ 346.808495][T12378] ? clear_nonspinnable+0x60/0x60 [ 346.813512][T12378] ? generic_write_checks_count+0x3d9/0x4c0 [ 346.819411][T12378] hfs_file_fsync+0xa3/0x140 [ 346.824203][T12378] generic_file_write_iter+0x25d/0x2e0 [ 346.829662][T12378] vfs_write+0x44c/0x960 [ 346.834077][T12378] ? file_end_write+0x250/0x250 [ 346.838937][T12378] ? __fget_files+0x44a/0x4d0 [ 346.843633][T12378] ? __fdget_pos+0x2ae/0x360 [ 346.848219][T12378] ? ksys_write+0x71/0x240 [ 346.852630][T12378] ksys_write+0x143/0x240 [ 346.856960][T12378] ? __ia32_sys_read+0x80/0x80 [ 346.861738][T12378] ? lockdep_hardirqs_on+0x94/0x140 [ 346.866961][T12378] do_syscall_64+0x4c/0xa0 [ 346.871386][T12378] ? clear_bhb_loop+0x60/0xb0 [ 346.876056][T12378] ? clear_bhb_loop+0x60/0xb0 [ 346.880724][T12378] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 346.886619][T12378] RIP: 0033:0x7fdcb198ebe9 [ 346.891053][T12378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.910678][T12378] RSP: 002b:00007fdcb2717038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 346.919111][T12378] RAX: ffffffffffffffda RBX: 00007fdcb1bb5fa0 RCX: 00007fdcb198ebe9 [ 346.927108][T12378] RDX: 0000000000000c34 RSI: 0000200000000940 RDI: 0000000000000004 [ 346.935085][T12378] RBP: 00007fdcb1a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 346.943068][T12378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 346.951568][T12378] R13: 00007fdcb1bb6038 R14: 00007fdcb1bb5fa0 R15: 00007ffc4940df08 [ 346.959546][T12378] [ 347.020421][ T4270] hfs: node 4:3 still has 1 user(s)!