last executing test programs: 2.352316423s ago: executing program 4 (id=9814): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, 0x0, 0x0) 2.127805012s ago: executing program 4 (id=9818): r0 = syz_open_dev$swradio(&(0x7f00000006c0), 0x0, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000700)={0x2, 0x3, 0x8001}) 1.862771015s ago: executing program 4 (id=9823): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000001c0)=@ethtool_modinfo={0x42, 0x2, 0x8000}}) 1.674710711s ago: executing program 4 (id=9826): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, 0x0) 1.492606628s ago: executing program 4 (id=9829): syz_mount_image$jfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000006600)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981ddfc47532cf2f46d4d4904f68fb43cd165b98394a1705c9bb5330ca3d57c417572fa5345a234d284f66082e5c7ee10008b76a217b176213a0c6712dc6076ac9ac30e270554fd6efa03e59c10240211be758d72799eb73b38587bce830cef0f9d"], 0x1, 0x6282, &(0x7f0000000340)="$eJzs3U+PG2cdB/Df+N/+CU2jHqoSIbRtA7SU5m8JgQJtD3DohQPKFSXabquIFFASUFpFZKtcOPAiQEgcAXHkxAvogSs3XgCREiSgpw6a9fNsxsaOdze1x7vz+UjOzM/PzPqZfD1re2fGTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8fb3f3iuiIgrv0h3nIj4XHQjOhFrVb0REWsbJ/LyvYh4Lnaa49mI6K9EFLnx6YjXIuLj4xEPHt7ZrO46v8d+fO9Pf//dj4794G9/6J/5z59vdV+fttzt27/+91/uHnx7AQAAoI3KsiyL9DH/ZPp832m6UwDAQuTX/zLJ96uXrt5esv6o1Wq1+hDWdeVkd+tFRGzX16neMzgcDwCHzHZ80nQXaJD8W60XEcea7gSw1IqmO8BcPHh4Z7NI+Rb114ONYXs+F2Qk/+1i9/qOadNZxs8xWdTz615045kp/VlbUB+WSc6/M57/lWH7IC037/wXZVr+g+GlT62T8++O5z/m6OTfmZh/W+X8e/vKvyt/AAAAAABYYvnv/ycaPv678uSbsiePO/67saA+AAAAAAAAAMBn7UnH/9tVGP8PAAAAllX1Wb3ym+OP7pv2XWzV/ZeLiKfGlgdaZiMiViPWm+4HAAAAAAAAAAAAALRJb3gO7+Uioh8RT62vl2VZ3erG6/160vUPu7ZvP7RZ07/kAQBg6OPjY9fyFzuX9cbl9F1//fX19bJcXVsv18u1lfx+drCyWq7VPtfmaXXfymAPb4h7g7L6Yau19epmfV6e1T7+86rHGpTdPXRsMRoMHAAiYvhq9MAr0hFTlk9H0+9yOBzs/0eP/Z+9aPp5CgAAAMxfWZZlkb7O+2Q65t9pulMAwELk1//x4wILq/sLfjy1Wq1Wq1tc15WT3a0XEbFdX6d6z2A4fgA4ZLbjk6a7QIPk32q9iHiu6U4AS61ougPMxYOHdzaLlG9Rfz3YGLbnc0FG8t8udtbL60+azjJ+jsminl/3ohvPTOnPswvqwzLJ+XfG878ybB+k5ead/6JMy7/azhMN9KdpOf/ueP5jjk7+nYn5t1XOv7ev/LvyBwAAAACAJZb//n9iqY7/Dg66OTM97vjvxtweFQAAAAAAAADm68HDO5v5utd8/P8LE5Zz/efRlPMv5N9KOf90/f/uiTcvjS3Xrc3ff+tR/v96eGfz97f++fk83Wv+K3mmSM+sIj0jivRIRS9ND7hhU9zrdwfVI/WLTreXzvkp++/GtbgeW3F2ZNlO2h8etZ8baa962t9pL7vD9vMj7b3d9rz+hZH2fjrTqVzL7adjM34a1+OdnfaqbWXG9q/OaC9ntOf8u/b/Vsr592q3Kv/11F6MTSv3P+r8335fn056nDevffFXZ+e/OTPdi+7uttVV2/dCA/3Z+T85Noif39y6cfr21Vu3bpyLNBm593ykyWcs599Pt5z/Sy8O2/Pv/fr+ev+jwb7zXxb3ojc1/xdr89X2vrzgvjUh5z9It5z/O6n90f5/bHedw53/9P3/lQb6AwAAAAAAAAAAAAAAAI9TluXOJaJvRsTFdP1PU9dmAgCLlV//yyTfv6i6e9D1/zi6HU31X61ecF3U6mIJ+rPQ+tNy3o/39lJtr/pA9X+XrD9LV9eVk71RLyLir/V1qvcMv5z0wwCAZfZpRPyj6U7QGPm3WP6+v2p6qunOAAt184MPf3z1+vWtGzeb7gkAAAAAAAAAcFB5/M+N2vjPp8qyvDu23Mj4r2/FxpOO/9nLM7sDjE4ZqLq7/216nE5Et1Mbbvz5mDb+d3937nHjf/dmPF5/RvtgRvvKjPbVGe0TL/Soyfk/Xxvv/FREnBwbfn10/OejOf7r+Jj3bZDzf6H2fK7y/8rYcvX8y98e5vw7I/mfufX+z87c/ODDV6+9f/W9rfe2fnLh3LmzFy5evHTp0pl3r13fOjv8t8Eez1fOP4997TzQdsn558zl3y45/y+lWv7tkvP/cqrl3y45//x+T/7tkvPPn33k3y45/5dTLf92yfl/NdUj+c/64xKHXs7/lVTb/9sl5/+1VMu/XXL+r6Za/u2S8z+davm3S87/TKr3mP/avPvFYuT88xEu+3+75PzzmQ3yb5ec//lUy79dcv4XUi3/dsn5v5Zq+bdLzv/rqZZ/u+T8L6Za/u2S8/9GquXfLjn/S6mWf7vk/L+Zavm3S87/W6mWf7vk/F9PtfzbJef/7VTLv11y/t9JtfzbJef/3VTLv11y/m+kWv7t8uj7/82YMWMmzzT9mwkAAAAAAAAAAAAAGLeI04mb3kYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgp79xYj113fAfzM3rxxIDEQUic1YeMYY5xNdn2JL7QuJlwbbiUhFHrBdr1rs+AbXrsEGtWOAiUSRkUVbcNDW0CozUuFVfFAK0B5QK0qVYL2gb4gKlQeoiqggFSVVpCt5pz//78zs7Mzu97xZuacz0dKftmZM3POnPnP7H7tfHcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaHTnG2Y/VcuyrFarFRdsyrIX1ecNE5vyS177wh4fAAAAsHa/yP/93M3pgsMruFHDNv90x7e/urCwsJC9b/hPRz+3sJCumMiy0Q1Zll8XXf3B+2uN2wSPZ+O1oYavh7rsfrjL9SNdrh/tcv1Yl+s3dLl+vMv1S07AEjdktXRn2/L/3FSc0uyWbDS/blubWz1e2zBUP3fptlktv83C6IlsLjuVzWbTTdsX29by7b9+Z31fb83ivoYa9rWlvkJ+8ujxeAy1cI63Ne1r8T6jH70+m/jpTx49/tcXnr2t3ex6GprurzjOHVvrx/mJcElxrLVsQzon8TiHGo5zS5vnZLjpOGv57er/3Xqcz63wOIcXD3NdtT7n49lQ/t/fyc/TSC1rc562hMt+dleWZZcXD7t1myX7yoayjU2XDC0+P+PFiqzfR30pvTQbWdU6vXMF67Q+Z7Y1r9PW10R8/u8MtxtZ5hgan6YfPTbW8Lz/fOFa1mlUf9TLvVZa12CvXyv9sgbjuvhO/qCfaLsGt4XH/+j25ddg27XTZg2mx92wBrd2W4NDY8P5MacnoZbfZnEN7mrafjjfUy2fz2zvvAanLpw+NzX/sY/fM3f62MnZk7Nn9uzaNb1n374DBw5MnZg7NTtd/Psaz3b/25gNpdfA1nDu4mvg1S3bNi7VhS+OLXn/vdbX4XiH1+Gmlm17/TocaX1wtfV5QS5d08Vr4z31kz5+ZShb5jWWPz871/46TI+74XU40vA6bPs9pc3rcGQFr8P6Nud2ruxnlpGGf9odw/LfC9a2Bjc1rMHWn0da12Cvfx7plzU4HtbF93Yu/71gSzjeJyZX+/PI8JI1mB5ueO+pX5J+3h8/kI926/L2+hU3jmUX52fP3/vIsQsXzu/KwlgXL2tYK63rdWPDY8qWrNehVa/Xw3N3PHF7m8s3hXM1fk/9X+PLPlf1bfbe2/m5yr+7tT+fTZfuzsLosfU+n+2+m9fP51iWff5bjz34jUc//4Zlz2c9b35iau0/i6dc2vD+O7rM+2/M/c8X+0t39fjw6Ejx+h1OZ2e06f24+akayd+7avm+n5ta2fvxaPhnvd+Pb+nwfry5Zdtevx+Ptj64+H5c6/anHWvT+nyOh3Vyarrz+3F9m827V7smRzq+H98VZi2c/9eEpJByUcPaWW7dpn2NjIyGxzUS99C8Tvc0bT8asll9X0/tvrZ1uuOu4r6G06NbtF7rdKJl216v0/RnX8ut01q3P327Nq3P53hYF7fs6bxO69s8vXft7503xP9seO8c67YGR4fH6sc8mhZh/n6fLdwQ1+C92fHsbHYqm8mvHcvXUy3f1+R9K1uDY+Gf9X6v3NxhDe5o2bbXazB9H1tu7dVGlj74Hmh9PsfDunjyvs5rsL7NG/f39mfXHeGStE3Dz66tf7623J953d5ymq7XWhkJx/mt/Z3/bLa+zakDq82Znc/T3eGSG9ucp9bX73KvqZlsfc7T5nCczx5Y/jzVj6e+zecOrnA9Hc6y7NJH7s//vDf8/crfXfzuV5v+3qXd3+lc+sj9P37xiX9czfEDMPieL8bG4ntdw99MreTv/wEAAICBEHP/UJiJ/A8AAAClEXN//L/CE/kfAAAASiPm/pEwk4rk/81vfHbu+UtZauYvBPH6dBoeKLaLHdfp8PXEwqL65fd/efa//+HSyvY9lGXZzx/4g7bbb34gHldhIhzn1Tc1X77EV+9Z0b6PPnwp7bexv/6FcP/x8ax0GbSr4E5nWfb1mz+T72fi/Vfy+fQDR/P54OUnHq9v89zB4ut4+2deVmz/F6H8e/jEsabbPxPOww/DnH5b+/MRb/eVK6/Zsv+9i/uLt6ttvSl/2E9+oLjf+HtyPvt4sX08z8sd/zc+/dRX6ts/8qr2x39pqP3xPxXu98th/u8riu0bn4P61/F2nwzHH/cXb3fvl77Z9vivfqrY/tybi+2Ohhn3vyN8ve3Nz841nq9HaseaHlf2lmK7uP/p7/5xfn28v3j/rcc/fuRK0/loXR9P/1txP1Mt28fL436iv2/Zf/1+Gtdn3P9Tf3S06Tx32//VB595Rf1+W/d/d8t25z6yM9//4v01/8amv/zkZ9ruLx7P4b891/R4Dr87vI7D/p/8QFiP4fr/u1rcX+tvVzj67ub3n7j9FzZdano80Vt/Wuz/6utO5nPD+A0bb3zRi2+6/Mr6ucuy72wo7q/b/k/+1dmm4//ircX5iNfHjn7r/pcT93/+o5Nnzs5fnJtJZ/XRm/PfnfP24nji8d4c3ltbvz5y9sIHZ89PTE9MZ9lEeX+F3jX7Upg/LsblzlsvLHkH3flweD5v//Ovb9z+r5+Ol//7e4rLr7yt+L716rDdZ8Plm8Lzt7r9L/Xknbfmr+/a0+EIF5b+vuC12LLtvw6saMPw+Ft/Lojr/dzLP5ifh/p1+feN+Lpe4/F/f6a4n6+F87oQfjPz1lsX99e4ffzdCFceKl7vaz5/4W0uPq9/E57vd/ywuP94XPHxfj/8HPPNzc3vd3F9fO3SUOv957/F43J4P8kuF9fHreL5vvLcrW0PL/4ekuzybfnXf5Lu57ZVPczlzH9sfurU3JmLj0xdmJ2/MDX/sY8fOX324pkLR/Lf5XnkQ91uv/j+tDF/f5qZ3bc3y9+tzhbjOnuhj//cw8dn9k9vn5k9ceziiQsPn5s9f/L4/Pzx2Zn57cdOnJj9aLfbz80c2rX74J79uydPzs0cOnDw4J6Dk3NnztYPozioLvZNf3jyzPkj+U3mD+09uOu++/ZOT54+OzN7aP/09OTFbrfPvzdN1m/9+5PnZ08duzB3enZyfu7js4d2Hdy3b3fX3wZ4+tyJ+Ymp8xfPTF2cnz0/VTyWiQv5xfXvfd1uTznN/0fx82yrWvGL+LJ33b0v/X7Wui8/tuxdFZu0/ALRZ8Pvovnnl5w7sJKvY+4fDTOpSP4HAACAKoi5fyzMRP4HAACA0oi5f0OYifwPAAAApRFz/3iYSUXyf+n6/5svrWj/+v/6/43nS/+/Yv3/h/qt/1+8X+j/98Za+/f6/4H+v/6//r/+v/4/PdBv/f+Y+2/IskrmfwAAAKiCmPs3hpnI/wAAAFAaMfffGGYi/wMAAEBpxNz/ojCTiuR//X/9f/1//X/9//b71/8fTPr/nen/d6H/P5VVq/9/uZfHr/+v/89S/db/j7n/xWEmFcn/AAAAUAUx998UZiL/AwAAQGnE3H9zmIn8DwAAAKURc/+mMJOK5H/9f/1//X/9f/3/9vvX/x9M+v+d6f93of/v8//1//X/6al+6//H3P+SMJOK5H8AAACogpj7XxpmIv8DAABA/xm5tpvF3P+yMJMl+f8adwAAAAC84GLuvyVrKYJX5O//9f/1//u//78hXaf/r/+f9WX/fzjT/+8f+v+d6f93of+v/6//r/9PT/Vb/z/P/dl49vIwk4rkfwAAAKiCmPtvDTOR/wEAAKA0Yu7/pTAT+R8AAABKI+b+zWEmFcn/+v/6//3f//f5//r//d7/9/n//UT/vzP9/y70//X/9f/1/+mpfuv/x9x/W5hJRfI/AAAAVEHM/beHmcj/AAAAUBox9/9ymIn8DwAAAKURc/+WMJOK5H/9/7X1/2Pv/Lr1/2NzVP9f/1//X/9f/39F9P870//vQv9f/1//X/+fnuq3/n/M/a8IM6lI/gcAAIAqiLn/jjAT+R8AAABKI+b+V4aZyP8AAABQGjH3T4SZVCT/6/8PxOf/j/n8f/1//X/9f/3/ldH/70z/vwv9f/3/nvT/Fy7p/+v/U+i3/n/M/XeGmVQk/wMAAEAVxNy/NcxE/gcAAIDSiLn/rjAT+R8AAABKI+b+bWEmFcn/+v8D0f/P9P/1//X/9f/1/1dG/78z/f8u9P/1/33+v/4/PdVv/f+Y+18VZlKR/A8AAABVEHP/9jAT+R8AAABKI+b+V4eZyP8AAABQGjH37wgzqUj+1//X/9f/1//X/2+/f/3/waT/35n+fxf6//r/Pev/L+j/6//Th/3/mPtfE2ZSkfwPAAAAVRBz/84wE/kfAAAASiPm/rvDTOR/AAAAKI2Y+yfDTCqS//X/9f/1//X/9f/b71//fzDp/3em/9+F/r/+v8//1/+np/qt/x9z/z1hJhXJ/wAAAFAFMfffG2Yi/wMAAEBpxNw/FWYi/wMAAEBpxNw/HWZSkfyv/6//r/+v/7+q/v8rF+9X/7+g/99f9P870//vQv9f//8F7/+P6v9TKv3W/4+5f1eYSUXyPwAAAFRBzP27w0zkfwAAACiNmPv3hJnI/wAAAFAaMffvDTOpSP7X/9f/1//X//f5/+33r/8/mPT/O+t9/z8+RP1//X/9f5//r//PUv3W/4+5/74wk4rkfwAAAKiCmPv3hZnI/wAAAFAaMffvDzOR/wEAAKA0Yu4/EGZSkfxf1f5/rdZ8HJH+v/5/foH+v/6//v/A0v/vzOf/d6H/r/+v/6//zxo99IeNX/Vb/z/m/oNhJhXJ/wAAAFAFMfe/NsxE/gcAAIDSiLn/V8JM5H8AAAAojZj7fzXMpCL5v6r9/2U+/7/+cPX/9f/1//X/c/r/g0n/vzP9/y70//X/9f/1/+mpZfv/IXqvd/8/5v5DYSYVyf8AAABQBTH3/1qYifwPAAAApRFz/+vCTOR/AAAAKI2Y+w+HmVQk/+v/+/x//X/9f/3/9vtf7/7/WLxf/f810f/vbH36/7X4tqz/r/+v/6//r/9fcf32+f8x978+zKQi+R8AAACqIOb++8NM5H8AAAAojZj73xBmIv8DAABAacTc/8Ywk4rkf/1//f9B6f/fqP+v/9/yeMrW//f5/72h/9+Zz//vQv9f/1//X/+fnuq3/n/M/W8KM6lI/gcAAIAqiLn/zWEm8j8AAACURsz9bwkzkf8BAACgNGLuf2uYSUXyv/6//v+g9P8z/X/9/5bHo/+v/9+O/n9n+v9d6P/r/+v/6//TU/3W/4+5/9fDTCqS/wEAAKAKYu5/IMxE/gcAAIDSiLn/bWEm8j8AAACURsz9bw8zqUj+1//X/9f/1//X/2+/f/3/waT/39mA9f9/cVO4XP+/oP/f38e/2v7/SMvX16X//4Pl+v8LG1pvr//P9dBv/f+Y+98RZlKR/A8AAABVEHP/O8NM5H8AAAAojZj73xVmIv8DAABAacTc/xthJhXJ//r/9eNYbC/r/5e1/z+k/6//r/9fEfr/nQ1Y/9/n/7fQ/+/v4/f5//r/LNVv/f+Y+98dZlKR/A8AAABVEHP/g2Em8j8AAACURsz9D4WZyP8AAABQGjH3vyfMpCL5X//f5/9Xo//v8/8z/X/9/4rQ/+9M/78L/X/9/37r//+n/j+Drd/6/zH3PxxmUpH8DwAAAFUQc/97w0zkfwAAACiNmPt/M8xE/gcAAIDSiLn/fWEmFcn/+v8r7v9PdLq/69//nxjQ/v9j+v/Xsf9/x03Fdvr/+v8s0v/vTP+/C/1//f9+6//7/H8GXL/1/2Puf3+Yycrz//iKtwQAAABeEDH3/1aYSUX+/h8AAACqIOb+3w4zaZv/u/5vNwAAAEAfirn/d8JMKvL3//r/Pv/f5/8Pbv/f5//r/+v/L7V+/f/4zqP/r/+v/x/p/+v/6//Tqt/6/zH3/26YSUXyPwAAAFRBzP0fCDOR/wEAAGAgtPt/slvF3H8kzET+BwAAgNKIuf9omElF8r/+v/6//n+f9v//bOu/fO/b7zy6S/9f/1//f1XW9fP/6y9+n/+v/6//n+j/6//r/9Oq3/r/MfcfCzOpSP4HAACAKoi5//fCTOR/AAAAKI2Y+4+Hmcj/AAAAUBox98+EmVQk/+v/6//r//dp/3+AP/8/ng/9/2Y96//HN139/7aK/n1aRde3///exZ64/v9q+/9jbS/V/9f/H+Tj1//X/2epfuv/x9w/G2ZSkfwPAAAAVRBy/9CJYi5eIf8DAABAacTcfzLMRP4HAACA0oi5/4NhJhXJ//r/+v/6//r/Pv+//f479f9rIz7/v1+l/v3P8heK/n+L/un/t6f/r/8/yMev/6//z1L91v+PuX8uzKQi+R8AAACqIOb+D4WZyP8AAABQGjH3fzjMRP4HAACA0oi5/1SYSUXyv/6//r/+v/6//n/7/af+f/jW0Def/6//39Fa+/f6/4H+f7X7//+j/6//r/9Pb/Rb/z/m/tNh/j97d/JkWZnWcfwkFlRWYBjuXLgxwqV/Agtda7h24caNEYYLHFBxpnAeUVCcFcF5ABUEERWcB1ARxakbupue54GeaLqJ6iDzeZ6qzDx5bmblvXnPed/PZ8HTZFdybxMVWfzI+vYpnex/AAAA6EHu/lvjFvsfAAAAmpG7/xviFvsfAAAAmpG7/xvjlk72v/7/LP3/1UpZ/3/w/a/u//MVN9j/f6n+/7jX1/+f/fn/g/5/tvT/0/T/K4z3/zcNw9BX/+/5//p//T9rMrf+P3f/N8Utnex/AAAA6EHu/m+OW+x/AAAAaEbu/tviFvsfAAAAmpG7/1vilk72/6H+f2fos//PjNfz/z3/X/+v/9f/L9z59v93vv6VT/9/4v7/oXtWvexM+/8Wn/9/09gHt93Pn9W23/8J+/+Lx32+/p8Wza3/z93/rXFLJ/sfAAAAepC7/9viFvsfAAAAmpG7//a4xf4HAACAZuTu//a4pZP9v77n/1/a+/hC+/+i/9f/731A/6//1/8vluf/T+vp+f+3PX/zrS8/9oWPn+b1O+r/R227n1/6+/f8f/0/R82t/8/d/x1xSyf7HwAAAHqQu/874xb7HwAAAJqRu/+74hb7HwAAAJqRu/+745ZO9v/6+v9FP/+/6P/1/3sf0P/r//X/i6X/n9ZT/389r6//1//r//X/rNfc+v/c/d8Tt3Sy/wEAAKAHufu/N26x/wEAAKAZufvviFvsfwAAAGhG7v7LcUsn+1//v/n+/zX9v/4/rv5f/6//3zz9/zT9/wr6f/2//l//z1rNrf/P3X9n3NLJ/gcAAIAe5O7/vrjF/gcAAIBm5O7//rjF/gcAAIBm5O7/gbilk/2v//f8f/2//l//P/76+v9l0v9P0/+voP8/az9/o/5f/6//51qn7P9fnfiyvZb+P3f/D8Ytnex/AAAA6EHu/h+KW+x/AAAAaEbu/h+OW+x/AAAAaEbu/h+JWzrZ//p//b/+X/9/3f3/0Z96e/T/4/T/50P/P202/f/OhdEP6/8X3/97/r/+X//PAXN7/n/u/h+NWzrZ/wAAANCD3P0/FrdM7P9T/8t8AAAAYKty9/943OL7/wAAALB4WZ3l7v+JuKWT/a//1//r//X/nv8//vpT/f/j17w//f+86P+nzab/P4b+X/+/5Pev/9f/c9Tc+v/c/T8Zt3Sy/wEAAKAHufvvilvsfwAAAGhG7v6filvsfwAAAGhG7v6fjls62f/j/f/V/17/fzL6/4PvX/8//vNjXf1//hX1/5P9/5d5/n+f9P/Tzr//v6j/P/jX1/9v0Lbff+P9/6VVn6//Z8zc+v/c/XfHLZ3sfwAAAOhB7v574hb7HwAAAJqRu/9n4hb7HwAAAJqRu/9n45ZO9r/n/+v/9f/L6/89/3/fNp//P5x7/39B/39C+v9pnv+/gv5f/6//9/x/1mpu/X/u/nvjlk72PwAAAPTg3leGvd3/c8Ng/wMAAMASXft7Bw7/htKQu//n4xb7HwAAAJqRu/8X4pZO9r/+X/+v/9f/6//HX/+0/f+qByN7/v/50P9P0/+voP/fRD9/obH+/77jPn8O/f8d+n9m5kD//+TVj2+r/8/d/4txSyf7HwAAAHqQu/+X4hb7HwAAAJqRu/+X4xb7HwAAAJqRu/9X4pZO9v/G+/+JIFb/r//X/+v/W+r/V9H/nw/9/zT9/wr6f8//9/x//T9rdbX/P/j1cFv9f+7+X41bOtn/AAAA0IPc/b8Wt9j/AAAA0Izc/ffFLfY/AAAANCN3/6/HLZ3sf8//1//r//X/+v/x19f/L5P+f5r+f4X4R0H9v/5f/6//Zz0OPP//Gtvq/3P33x+3dLL/AQAAoAe5+x+IW+x/AAAAaEbu/t+IW+x/AAAAaEbu/t+MWzrZ//r/zfb/+XH9v/5/0P/r//X/56Lb/n9n7Feio47p/5/5ustfcfAjvfb/nv+v/9f/6/9Zq1n0/1eu/tNl7v7fils62f8AAADQg9z9vx232P8AAADQjNz9vxO32P8AAADQjNz9vxu3nHL/f/5a39X50f97/r/+X/+v/x9/ff3/MnXb/5+Q5/+voP/X/+v/9f+s1Sz6/2v+PHf/78Utvv8PAAAAzcjd//txi/0PAAAAzcjd/wdxi/0PAAAAzcjd/4dxSyf7X/+v/9f/6//1/+Ovf739/+4wTv9/PvT/0/T/K+j/m+r/v3IYBv2//p/tmlv/n7v/wbilk/0PAAAAPcjd/1DcYv8DAABAM3L3/1HcYv8DAABAM3L3/3Hc0sn+1//r//X/+n/9//jre/7/Mun/p+n/h2F4eOINjPX/Vy7q/xfa/3v+v/6f7Ztb/5+7/0/ilk72PwAAAPQgd//DcYv9DwAAAM3I3f9I3GL/AwAAQDNy9/9p3NLJ/tf/6//1/1vu/2/Q/+v/9f/rpP+fpv9fwfP/9f/6f/0/azW3/j93/6NxSyf7HwAAAHqQu/+xuMX+BwAAgGbk7v+zuMX+BwAAgGbk7n88bulk/+v/9f/6f8//30j/f1n/f5j+/3xsrv8f9P8b7f9f+7xB/6//X/j71//r/znqvPr/V+Pr/ar+P3f/n8ctnex/AAAA6EHu/ifiFvsfAAAAmpG7/y/iFvsfAAAAmpG7/y/jlk72v/5f/6//1/97/v/46+v/l8nz/6fNt//fp//X/y/5/ev/9f8cdV79/3G9/+E/z93/V3FLJ/sfAAAAepC7/8m4xf4HAACAZuTufypusf8BAACgGbn7/zpu6WT/6//1/wf7/2HQ/+v/9f/7zqH/3x30/2un/5+m/19B/99m/3/D0FD/f+nYz9f/M0dz6/9z9/9N3NLJ/gcAAIAe5O7/27jF/gcAAIBm5O7/u7jF/gcAAIBm5O7/+7ilpf3/2vHp2/L7/4uHPlH/PwzDC7d7/r/+f+L19f+z6f/r76r+f330/9P0/yvo/9vs/z3/X//P1syt/8/d/w9xS0v7HwAAADqXu/8f4xb7HwAAAJqRu/+f4hb7HwAAAJqRu/+f45ZO9v/y+//Dn6j/H870/H/9/94H9P/6f/3/Yp21v79/N35N0//r//X/o/38zjH/3DPo//X/+n9GzK3/z93/L3FLJ/sfAAAAepC7/+m4xf4HAACAZuTufyZusf8BAACgGbn7/zVu6WT/6//1//r/Zfb/u/p//b/+f9Rcnv9/yy1f/pz+X//fYv8/Rf+v/9f/c9jc+v/c/f8Wt3Sy/wEAAKAHufv/PW6x/wEAAKAZufufjVvsfwAAAGjGs3sh5+7wH8PQ5f4/2v/fOOwXqvvG+v9o1PT/19D/H3z/+v/xnx+e/6//1/9v3lz6f8//v773r//X/y/5/Z+q//+io5+v/6dFc+v/c/c/F7d0sv8BAACgB7n7/zNusf8BAACgGbn7/ytusf8BAACgGbn7n49bOtn/nv+v/9f/6//1/+Ovr/9fJv3/NP3/Cvr/s/fz+VVV/7/c5/9/jv6f9Zlb/5+7/7/jlr3h98Wfe53/MwEAAIAZyd3/P3FLJ9//BwAAgB7k7v/fuMX+BwAAgGbk7v+/uKWT/a//1//r//X/+v/x19f/L5P+f5r+f4V++v/dsQ9uu58/q22//2b6f8//Z43m1v/n7v//uKWT/Q8AAABte2Xvj7n73xC32P8AAADQjNz9b4xb7H8AAABoRu7+F+KWTva//l//337//zX6/0Ovr//X/7dM/5+/oo/T/6/QT/8/atv9/NLfv/5f/89Rc+v/c/e/GLd0sv8BAACgB7n73xS32P8AAADQjNz9b45b7H8AAABoRu7+t8QtTez/Cyt/hP6/r/5/Z+ix//f8f/2//r8Dlbwvp/9/YPQXac//1//r/5f7/vX/+n+Omlv/n7v/pZ0LDe5/AAAAaNdXfcnXv3jSH/vS3h93h7fGLfY/AAAANCN3/9viFvsfAAAAmpG7/+1xSyf7X//fV//f5/P/9f/6f/1/T5bT/4/T/+v/9f/Lff/6f/0/R82t/8/d/4645Zrht/r/RQ8AAAA4Vzed7ofn7n9n3NLJ9/8BAACgB7n73xW3HNn/V074u9oBAACAucnd/+64pZPv/+v/Z97/Dxvq/+PH6f/36f/1/2Ovr/9fJv3/tDP2/1d29P/6/wkL6P93N/n+9f/6f46aW/+fu/+JR4cu9z8AAAA06sC/UXjP3h93h/fGLfY/AAAANCN3//viFvsfAAAAmpG7//1xSyf7X/8/8/7/up7/f6n+k+f/d97/37U7+vr6/yb6/52xrzvo/1fx/P8V9P+t9/8bff/6f/0/R52i/98bpJvu/3P3fyBu6WT/AwAAQA9y938wbrH/AQAAoBm5+z8Ut9j/AAAA0Izc/R+OWzrZ//r/LfT/d18cho32/yd4/r/+v4/+/5jXb6f//4KbLz/91V/7yINd9v+e/3+M8+z/8+eC/l//r//fp//X/+v/OWxuz//P3f+RuKWT/Q8AAAA9yN3/ctxi/wMAAEAzcvd/NG55ff8/ta13BQAAAKxT7v6PxS2dfP9f/9/i8/+X2f/n3+st9P+Xl9f/Z1Pce//f9fP/9f/H8Pz/afr/FfT/+n/9v/6ftZpb/5+7/+NxSyf7HwAAAHqQu/8TcUvu/51T/6t7AAAAYGZy938ybvH9fwAAAGhG7v5X4pZO9r/+X/+/gf7/kuf/j//88Px//b/+f/P0/9P0/yvo//X/+n/9P2s1t/4/d/+n4pZO9j8AAAD0IHf/q3GL/Q8AAADNyN3/6bjF/gcAAIBm5O7/TNzSyf7X/+v/5/L8/6T/v/p5+v99+n/9/2no/6fp/1fQ/+v/9f/6f9Zqbv1/7v7PBgAA//+PXGeS") creat(&(0x7f0000000080)='./file1\x00', 0x28) 1.426643386s ago: executing program 2 (id=9831): r0 = openat$sndseq(0xffffff9c, &(0x7f0000000240), 0x80003) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f00000002c0)={0x42, 0x2, {0x2, 0x3, 0xfefffffb, 0x3, 0x3}, 0x7ff}) 1.343939971s ago: executing program 1 (id=9832): r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x180000, @remote}, 0x1a) 1.294466592s ago: executing program 0 (id=9834): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xe, &(0x7f0000000000), &(0x7f0000000040)=0x4) 1.22418919s ago: executing program 2 (id=9835): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x102, 0x0, 0x0, 0x1, [@typed={0xc, 0x2, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f"]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.154509628s ago: executing program 3 (id=9836): r0 = syz_open_dev$video(&(0x7f00000000c0), 0xcf35, 0x2000) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000380)={0x1, @pix_mp={0x0, 0x0, 0x38416761, 0x0, 0x0, [], 0x0, 0x7}}) 1.103086419s ago: executing program 0 (id=9837): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x7, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4c005}, 0xc0) 1.052358909s ago: executing program 3 (id=9838): pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x80) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000140)='`', 0x1}], 0x1, 0x9) 1.004094241s ago: executing program 1 (id=9839): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x10}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x25}]}, @NFT_MSG_NEWSETELEM={0x7c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x50, 0x3, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x40, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x10}]}}}, {0x10, 0x1, 0x0, 0x1, @bitwise={{0xc}, @void}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x100}}, 0x40cc4) 984.681137ms ago: executing program 2 (id=9840): munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x3, 0x0, 0x0, 0xf}]}}, &(0x7f0000000f80)=""/4115, 0x26, 0x1013, 0x1}, 0x28) 932.311428ms ago: executing program 0 (id=9841): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, 0x1410, 0x1, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000000) 839.344761ms ago: executing program 3 (id=9842): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000080)=0xfffffffe, 0x4) 779.62425ms ago: executing program 1 (id=9843): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r0, &(0x7f0000000180)}, 0x20) 779.234321ms ago: executing program 0 (id=9844): setitimer(0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0xea60}}, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0xb4, 0x516f}, &(0x7f0000000180)) 713.039678ms ago: executing program 2 (id=9845): r0 = memfd_create(&(0x7f0000001440)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\xff\xff\x10\x04\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5U\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:Z>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262-\x00\x00\x00\x00\xc8X\xdaNz\x0eu\x8f\x01\x00\x00\x00\x80\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x00\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\xf1\x0e\xccq*\xabM\x97}\x18\x8c5\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[R\xc36b\xa2]\xed\xe8\xb0\xfa\"\xa2\xd27)\xd5yQ\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\x00\x00\x00\x00\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*\x7f]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9bW\x02\xd2K\xba8~\x83\x19\xfa\xf7\x9b\f\xfa\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x00P\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XIkh\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\x05\x00\x00\x00\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\xf6]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1l 1\x8d \xc1\xab\x19\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00KT2\x1b\x16=\x10\xd3\x9a\xf0\xb7;\xc0-\x9c\xac\xb9~\x9a\xdc\x15\x8d\xee*\x17\x82\x1e\xd2m+$\xb4\x8cOJ0\x85\x7f\xa0\x7f\xa8\xcc#\x0e\xa4\x86\x0fmO\xca\xa4\xd2\x9a\x16\xbb\x16\xb1\xd46l2ak[\xec\xe33\xae=\xaf\xffU)\x1fQ`\x81\xa2:\xf61\xafQ\xa6V-K;\xc50\n,\xb1j\x9b\x8f\xd0\xbd|\xbd\xb1+\x06\x98\xd4\x04\r!2\xe8\x16?H\x96\x182(\xcf\xf2\"\xf7.\x85\xc1-\xa3)|\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x5) fcntl$addseals(r0, 0x40a, 0x4) 656.474338ms ago: executing program 3 (id=9846): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x48, 0x2, 0x6, 0x1, 0x6000000, 0x0, {0x0, 0x0, 0x404}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0) 601.459978ms ago: executing program 1 (id=9847): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000e80)={'filter\x00', 0xb001, 0x4, 0x3c8, 0x2e0, 0x110, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x7fffffe, 0x0, {[{{@arp={@empty, @local, 0x0, 0xff000000, 0x4, 0x6, {@mac=@broadcast, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@mac=@local, {[0x0, 0x0, 0xff, 0x0, 0xff]}}, 0x1, 0x2, 0x7ff, 0x2, 0xfffb, 0x7f6, 'wlan1\x00', 'veth1_vlan\x00', {0xff}, {}, 0x0, 0x28}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}}}, {{@uncond, 0xc0, 0xe8, 0x0, {0x0, 0x1e03}}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f8}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x31caf518}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 566.265422ms ago: executing program 0 (id=9848): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x800000, &(0x7f00000002c0)={[{@noauto_da_alloc}, {@jqfmt_vfsold}, {@noquota}, {@norecovery}, {}]}, 0x1, 0x4be, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUvyMZ/KYYUgyiwQykHkQyw+G2DOzmdXMLAJDA920kLq24rqWLWPJaWwCddpdFl2UlhZKF10W+g+0m2bVUChdt/uSRUlpUxfaQkFFV5IjP+SKxo7A9/eDG517zo2+cyy+46uja90AUutc7Z9MxFBEfBoRx+q7Ww84V3/YeHBzurZlolq98nUmOa623zy0+f+ORsR6RPRHxBP/iXg2szNueXVtfqpYLCw39vOVhaV8eXXt4tzC1GxhtrA4OnFpcnJiZHxsct/GevuV529f/uB/ve99//L9u69+9GGtW0ONttZx7Kf60HviREvdkYj410EE64JcYzwD3e4Iv0rt9ftdRJxP8v9Y5JJXE0iDarVa/ana1655vQocWtnkHDiTHY6IejmbHR6un8P/PgazxVK58rdrpZXFmfq58vHoyV6bKxZGGu8VjkdPprY/mpQf7o9t2x+PSM6BX8sNJPvD06XizOOd6oBtjm7L/+9y9fwHUsJbfkgv+Q/pJf8hveQ/pJf8h/SS/5Be8h/SS/5Desl/SC/5D+kl/yGV/n/5cm2rNv/+feb66sp86frFmUJ5fnhhZXp4urQcw7Olvvc7e75iqbQ0+vdYuZGvFMqVfHl17epCaWWxcnVuYWq2Nwo9BzweoHMnzt75PBMR6/8YSLaa3kabXIXDrfpi/TsAgPTJdXsCArrG0h+kl/f4wC5f0btFf7uGpUeK+kthgQOU7XYHgK65cNrnf5BW1v8hvaz/Q3ptPcd3NgBp1J31f6CbrP9Deg213P8n03L/r9+03LtrJCJ+GxGf5Xr6mvf6Ag6D7JeZRu5fOPanoe2tvZkfkkWB3oh44a0rb9yYqlSWR2v132zWV96s1/d2o/tAx5L8HWs8+kUOAKm28eDmdHPbrDx+8HG/+nf9IoSd8Y801ib7k88oBzcyW65VyOzTtQvrtyLi1G7xM437ndc/+RjcyO2If7LxmKk/RdLfI8l90x8l/r13O41/uiX+mZb4Zx75pwLpcKc2/4zslv/ZJKdjM/+2zj9D+3R9dPv5L7s5/+XazH9nO4zx3Nsv3Wsb/1bEmV3jN+P1J7G2x6/17UKH8e8//eQf2rVV36k/z27xm2qlfGVhKV9eXbs4tzA1W5gtLI5OXJqcnBgZH5vMJ2vU+eZK9U7/PPXJ3b3GP9gm/l7jr9X9pcPx//jHj586t0f8P5/f/fU/uUf8gYj4a4fxvx374pl2bbX4M23Gn90ev2WBr1Y33mH88uv/7evwUADgMSivrs1PFYuFZQUFBYXNQrdnJuCgPUz6bvcEAAAAAAAAAAAA6NTjuJy422MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgMfg4AAP//Zn/SgA==") renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 550.345469ms ago: executing program 2 (id=9849): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000000080)) 397.357232ms ago: executing program 3 (id=9850): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086602, &(0x7f0000000040)) 392.663881ms ago: executing program 2 (id=9851): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4003, &(0x7f0000000c00)=0xc, 0x6, 0x2) 307.053546ms ago: executing program 1 (id=9852): r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000380), 0x4) 158.600189ms ago: executing program 4 (id=9853): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="52010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0}, 0x0) 102.846639ms ago: executing program 3 (id=9854): r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000000)={[{@noload}]}, 0x0, 0x5e5, &(0x7f0000000ac0)="$eJzs3c1vVFUbAPDn3k4Lpe/7ti8xKi5MoyGQKC0tYPBjAXtC8GPnxkoLQcpHaI0WTSwJbkyMGxckrlyI/4US3boyunDhxpUhQWNIDMboNXd6ZxjamXZaZnqx8/slw9xzzsycc0ufnnPPPXduAD1rNP8njdgVEReTiOGGskoUhaNLr7v927sn80cSWfbyr0kkRV7t9UnxPFS8+a/hiG+/SmJn38p65xYun52anZ25VKTH589dHJ9buLzvzLmp0zOnZ85PPjN5+NDBQ4cn9t/X/qUN28euvvHW8AfHX/3skz+Tic9/PJ7Ekfjl1FJZ4350ymiMxp0se295fv5zPdzpykrSV/89uStZnsEDq1LESH9EPBLD0dfwvzkc779YauOArsqSiAzoUYn4hx5VGwfUju3bOw5OuzwqATbDraNRPfpfGf+VpbnBGKnODexe9r4mU3obktfxzdfHr+aPaDkPt71DtQGNFq9sK7aWx39Sjc2RIvZ23E7vmefNRwAniuc8/6UN1j+6LN2NeXigucUrEfFos/H/2vH/WkP8v77B+sU/AAAAAAAAdM6NoxHxdLPzf2lxbm57PFE9/5csnf/7/u4Vgkc6UP/a5//Smx2oBmji1tGIF5qu/62v8R3pK1L/XVoNmJw6MzuzPyL+FxF7o39bnp5YpY59H+681qqscf1f/sjrr60FLNpxs7Lt3vdMT81P3c8+A0tuXYl4rNJ6/U/e/yeN/X8h/3twsc06du6+fqJV2drxD3RL9mnEnqb9f1J/TbL693OMV8cD47VRwUqPv/PRF63qF/9Qnrz/37F6/I8kjd/XM7e+zx+IiAMLlaxV+UbH/wPJK321z8+9PTU/f2kiYiA5tjJ/cn1thq2qFg+1eMnjf++Tq8//1cf/DXE4GBGLbdb58N9DP7UqG43Iio/V/8Mmy+N/ukn/P9iy/1//xuT1kS9b1d9e/3+w2qfvLXLM/8Hq2g3QstsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9GaUT8J5J0rL6dpmNjEUMR8VDsSGcvzM0/derCm+en87Lq/f/T2p1+h5fSSe3+/yMN6cll6QMR8f+I+LhvsJoeO3lhdrrsnQcAAAAAAAAAAAAAAAAAAIAHxFCL6/9zP/eV3Tqg6yrFs3iH3lMpuwFAacQ/9C7xD71L/EPvaiP+72xGO4DNt8H+3+kC2AKM/6FX9bf3su3dbgdQBv0/AAAAAABsKTeef/ZaEhGLzw1WH7mBoqx+YnCwrNYB3ZSW3QCgNNbwQu+y9Ad6V5uLf4EtLKlv/ZE1K2+9+j/pToMAAAAAAAAAAAAAgBX27Lrxw5rX/wNbUhpxpOw2AOVw/T/0Ltf/Q+9qcYzvmAB6yFpX8W/o+n+3DAQAAAAAAAAAAACAjppbuHx2qnYT8KnZ2ZlL1RwbW3Tju9+zbF3vyrLyfjf6I6L0n1gpGwON4bkZlUbE4oocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADggfBPAAAA//9wQh8o") fsync(r0) 441.441µs ago: executing program 0 (id=9855): r0 = socket$tipc(0x1e, 0x2, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, 0x0, 0xffffffffffffffff) 0s ago: executing program 1 (id=9856): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@ipv4_delrule={0x38, 0x21, 0xb12becd5a2b54ddf, 0x70bd2a, 0x0, {0x2, 0x0, 0x10}, [@FRA_SRC={0x8, 0x2, @rand_addr=0x64010101}, @FRA_GENERIC_POLICY=@FRA_OIFNAME={0x14, 0x11, 'netdevsim0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) kernel console output (not intermixed with test programs): 0 to 1024 [ 862.647645][T22525] netlink: 'syz.0.8010': attribute type 21 has an invalid length. [ 862.664984][T22525] netlink: 144 bytes leftover after parsing attributes in process `syz.0.8010'. [ 862.802402][T22527] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 862.895218][ T34] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 863.000588][T22513] loop4: detected capacity change from 0 to 32768 [ 863.041673][T22513] (syz.4.8004,22513,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 863.070001][T22513] (syz.4.8004,22513,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 863.126716][ T34] usb 3-1: Using ep0 maxpacket: 32 [ 863.134374][ T34] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 863.154378][T22513] JBD2: Ignoring recovery information on journal [ 863.164314][ T34] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 863.196822][ T34] usb 3-1: config 0 descriptor?? [ 863.222306][ T34] gspca_main: sq930x-2.14.0 probing 041e:403c [ 863.249025][T22541] loop1: detected capacity change from 0 to 2048 [ 863.266308][T22541] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 863.285729][T22513] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 863.344701][T22544] loop3: detected capacity change from 0 to 16 [ 863.365282][T22541] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 863.419492][T22544] erofs: (device loop3): mounted with root inode @ nid 36. [ 863.441922][ T34] gspca_sq930x: reg_r 001f failed -71 [ 863.448026][ T34] sq930x: probe of 3-1:0.0 failed with error -71 [ 863.514026][ T34] usb 3-1: USB disconnect, device number 32 [ 863.528081][ T4284] ocfs2: Unmounting device (7,4) on (node local) [ 863.962592][T22555] loop1: detected capacity change from 0 to 4096 [ 864.021310][T22555] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 864.157157][T22572] netlink: 292 bytes leftover after parsing attributes in process `syz.0.8032'. [ 864.157342][T22555] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 864.450905][ T4269] EXT4-fs (loop1): unmounting filesystem. [ 864.527737][T22585] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8037'. [ 864.579491][T22585] device vlan0 entered promiscuous mode [ 864.619286][T22588] vim2m vim2m.0: Fourcc format (0x56595559) invalid. [ 864.693447][ T26] audit: type=1326 audit(49004588.197:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22590 comm="syz.3.8040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 864.771110][T22589] loop4: detected capacity change from 0 to 4096 [ 864.783255][ T26] audit: type=1326 audit(49004588.197:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22590 comm="syz.3.8040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 864.870202][T22596] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 864.892592][T22589] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 864.914992][ T26] audit: type=1326 audit(49004588.243:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22590 comm="syz.3.8040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 864.972693][T22589] Remounting filesystem read-only [ 865.003566][ T26] audit: type=1326 audit(49004588.243:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22590 comm="syz.3.8040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 865.003602][ T26] audit: type=1326 audit(49004588.243:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22590 comm="syz.3.8040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 865.574549][T22618] loop1: detected capacity change from 0 to 4096 [ 865.657674][T22627] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 865.722358][T22618] NILFS error (device loop1): nilfs_dotdot: directory #12 missing '.' [ 865.800115][T22618] Remounting filesystem read-only [ 866.107279][ T34] usb 5-1: new full-speed USB device number 69 using dummy_hcd [ 866.235682][ T5083] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 866.343979][ T34] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 866.367626][ T34] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 866.395789][ T34] usb 5-1: config 0 has no interface number 0 [ 866.425601][ T34] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 30768, setting to 64 [ 866.454824][ T34] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 866.474301][ T5083] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 866.498197][ T5083] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 866.525049][ T34] usb 5-1: config 0 interface 52 has no altsetting 0 [ 866.545157][ T5083] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 32768, setting to 1024 [ 866.557672][ T34] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 866.568220][ T34] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 866.576313][ T34] usb 5-1: Manufacturer: syz [ 866.581065][ T5083] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 866.602081][ T5083] usb 1-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 866.626945][ T34] usb 5-1: config 0 descriptor?? [ 866.638442][ T34] hub 5-1:0.52: bad descriptor, ignoring hub [ 866.646929][ T5083] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 866.663011][ T34] hub: probe of 5-1:0.52 failed with error -5 [ 866.671230][ T5083] usb 1-1: config 0 descriptor?? [ 866.683542][T22669] vim2m vim2m.0: Fourcc format (0x56595559) invalid. [ 866.863405][ T34] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input50 [ 866.931627][ T5083] usb 1-1: USB disconnect, device number 78 [ 867.232008][ T6637] usb 5-1: USB disconnect, device number 69 [ 867.541471][T22683] loop3: detected capacity change from 0 to 32768 [ 867.551034][T22683] XFS: attr2 mount option is deprecated. [ 867.647458][T22683] XFS (loop3): Mounting V5 Filesystem [ 867.764361][ T5083] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 867.833521][T22683] XFS (loop3): Ending clean mount [ 867.865018][T22683] XFS (loop3): Quotacheck needed: Please wait. [ 867.959642][T22683] XFS (loop3): Quotacheck: Done. [ 868.020797][ T5083] usb 2-1: Using ep0 maxpacket: 16 [ 868.027634][ T5083] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 868.069657][ T5083] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 868.113497][ T5083] usb 2-1: config 0 has no interface number 0 [ 868.117131][ T6637] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 868.120757][ T5083] usb 2-1: config 0 interface 128 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 868.139150][ T5083] usb 2-1: config 0 interface 128 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 868.153759][ T4276] XFS (loop3): Unmounting Filesystem [ 868.161168][ T5083] usb 2-1: New USB device found, idVendor=1b3d, idProduct=01d3, bcdDevice= 1.16 [ 868.182503][ T5083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 868.190540][ T5083] usb 2-1: Product: syz [ 868.213158][ T5083] usb 2-1: Manufacturer: syz [ 868.217949][ T5083] usb 2-1: SerialNumber: syz [ 868.253455][ T5083] usb 2-1: config 0 descriptor?? [ 868.284116][ T5083] ftdi_sio 2-1:0.128: FTDI USB Serial Device converter detected [ 868.300533][ T5083] usb 2-1: Detected SIO [ 868.304819][ T5083] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 1 [ 868.318856][ T5083] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 868.342678][ T6637] usb 1-1: Using ep0 maxpacket: 16 [ 868.364065][ T6637] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 868.378041][ T6637] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 868.398967][ T6637] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 868.408824][ T6637] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 868.415230][T22723] loop2: detected capacity change from 0 to 1024 [ 868.418884][ T6637] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 868.435076][ T6637] usb 1-1: config 1 interface 0 has no altsetting 0 [ 868.457766][ T6637] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 868.468036][ T6637] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 868.513910][ T6637] ums-sddr09 1-1:1.0: USB Mass Storage device detected [ 868.564995][ T129] usb 2-1: USB disconnect, device number 69 [ 868.581787][ T129] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 868.647377][T22727] loop2: detected capacity change from 0 to 136 [ 868.660237][ T129] ftdi_sio 2-1:0.128: device disconnected [ 868.741570][ T6637] scsi host1: usb-storage 1-1:1.0 [ 868.783502][T22719] loop4: detected capacity change from 0 to 32768 [ 868.871576][T22719] XFS (loop4): Mounting V5 Filesystem [ 869.008739][T22719] XFS (loop4): Ending clean mount [ 869.034271][ T129] usb 1-1: USB disconnect, device number 79 [ 869.055008][T22742] loop2: detected capacity change from 0 to 2048 [ 869.087177][T22742] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 869.187658][T22745] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 869.188362][T22742] syz.2.8104: attempt to access beyond end of device [ 869.188362][T22742] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 869.231288][ T4284] XFS (loop4): Unmounting Filesystem [ 869.496043][ T6637] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 869.710027][ T6637] usb 4-1: Using ep0 maxpacket: 16 [ 869.725154][ T6637] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 869.752593][ T6637] usb 4-1: config 0 has no interface number 0 [ 869.758745][ T6637] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 869.818487][ T6637] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 869.838194][ T6637] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 869.846332][ T6637] usb 4-1: Product: syz [ 869.873855][ T6637] usb 4-1: SerialNumber: syz [ 869.881425][ T6637] usb 4-1: config 0 descriptor?? [ 869.906432][ T6637] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input51 [ 869.920655][T22754] ubi0: attaching mtd0 [ 869.928662][T22754] ubi0 error: ubi_attach_mtd_dev: bad VID header (18806) or data offsets (18870) [ 870.137980][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 870.142822][ T5088] usb 4-1: USB disconnect, device number 60 [ 870.145274][ C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 870.160820][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.176552][T22761] loop2: detected capacity change from 0 to 256 [ 870.233752][T22761] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66dc59, utbl_chksum : 0xe619d30d) [ 870.251588][ T5088] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 870.385263][T22765] loop1: detected capacity change from 0 to 8 [ 870.407625][T22765] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 870.423740][ T4261] udevd[4261]: incorrect cramfs checksum on /dev/loop1 [ 870.450779][T22765] cramfs: Error -3 while decompressing! [ 870.483263][T22765] cramfs: ffffffff96d8e1e8(26)->ffff8880503c5000(4096) [ 870.511486][T22765] cramfs: Error -5 while decompressing! [ 870.523008][T22765] cramfs: ffffffff96d8e202(26)->ffff8880503c6000(4096) [ 870.529910][T22765] cramfs: Error -3 while decompressing! [ 870.585827][T22768] loop0: detected capacity change from 0 to 1024 [ 870.586579][T22765] cramfs: ffffffff96d8e21c(16)->ffff8880503c7000(4096) [ 870.628780][T22765] cramfs: Error -3 while decompressing! [ 870.657014][T22765] cramfs: ffffffff96d8e1e8(26)->ffff8880503c5000(4096) [ 870.699244][ T26] audit: type=1800 audit(49004593.818:89): pid=22765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.8117" name="file2" dev="loop1" ino=348 res=0 errno=0 [ 870.818736][T22775] netlink: 'syz.4.8121': attribute type 27 has an invalid length. [ 871.088600][T22787] loop1: detected capacity change from 0 to 2048 [ 871.207341][T22793] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 871.234565][T22787] NILFS (loop1): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0 [ 871.243493][T22794] loop3: detected capacity change from 0 to 2048 [ 871.280903][T22787] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 871.354172][T22787] Remounting filesystem read-only [ 871.414467][T22787] NILFS (loop1): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0 [ 871.447377][T22800] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 871.467589][T22787] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 871.479911][T22794] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 871.506035][T22787] NILFS (loop1): error -5 truncating bmap (ino=16) [ 871.509211][T22802] netlink: 'syz.0.8133': attribute type 10 has an invalid length. [ 871.533643][T22794] Remounting filesystem read-only [ 871.553566][T22794] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 871.583102][T22794] NILFS (loop3): error -5 truncating bmap (ino=16) [ 871.624760][T22802] team0: Device vxcan1 is of different type [ 871.738894][ T4269] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 871.758795][ T4276] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 871.974018][T22809] loop3: detected capacity change from 0 to 2048 [ 871.993820][T22809] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 872.042974][T22790] loop2: detected capacity change from 0 to 32768 [ 872.112737][T22790] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 872.145049][T22790] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 872.198271][T22790] (syz.2.8128,22790,1):ocfs2_parse_options:1458 ERROR: Invalid heartbeat mount options [ 872.368004][ T4268] ocfs2: Unmounting device (7,2) on (node local) [ 873.002712][T22848] IPv6: Can't replace route, no match found [ 873.032626][T22820] loop1: detected capacity change from 0 to 32768 [ 873.058948][T22820] [ 873.058948][T22820] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.058948][T22820] [ 873.085709][T22820] [ 873.085709][T22820] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.085709][T22820] [ 873.085867][T22820] [ 873.085867][T22820] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.085867][T22820] [ 873.086087][T22820] [ 873.086087][T22820] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.086087][T22820] [ 873.086140][T22820] [ 873.086140][T22820] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.086140][T22820] [ 873.086192][T22820] [ 873.086192][T22820] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.086192][T22820] [ 873.086244][T22820] [ 873.086244][T22820] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.086244][T22820] [ 873.146607][ T108] [ 873.146607][ T108] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.146607][ T108] [ 873.251427][ T4269] [ 873.251427][ T4269] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.251427][ T4269] [ 873.251693][ T4269] [ 873.251693][ T4269] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 873.251693][ T4269] [ 873.757666][T22875] program syz.1.8167 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 873.876722][T22880] netlink: 'syz.0.8170': attribute type 10 has an invalid length. [ 873.914195][T22880] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8170'. [ 873.954888][T22880] bridge0: port 3(veth0_vlan) entered blocking state [ 873.969116][T22880] bridge0: port 3(veth0_vlan) entered disabled state [ 874.016217][T22880] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 874.185690][T22889] loop2: detected capacity change from 0 to 4096 [ 874.233927][T22889] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 874.523505][T22905] loop0: detected capacity change from 0 to 1024 [ 874.561539][T22905] hfsplus: invalid length 32517 has been corrected to 255 [ 874.569609][ T4268] ntfs3: loop2: ntfs_sync_fs r=1a failed, -22. [ 874.594009][ T4268] ntfs3: loop2: ntfs_evict_inode r=1a failed, -22. [ 874.661828][ T4268] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 874.840259][ T9] hfsplus: b-tree write err: -5, ino 20 [ 874.867298][T22917] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 875.075657][T22925] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 875.493703][ T6636] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 875.692298][T22948] netlink: 'syz.0.8204': attribute type 3 has an invalid length. [ 875.702127][ T6636] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 875.704931][T22948] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.8204'. [ 875.723385][ T6636] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 875.751785][ T6636] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 875.771583][ T6637] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 875.811819][ T6636] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 875.834083][ T6636] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 875.857057][ T6636] usb 5-1: Product: syz [ 875.861266][ T6636] usb 5-1: Manufacturer: syz [ 875.865876][ T6636] usb 5-1: SerialNumber: syz [ 875.887308][ T6636] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 875.914700][ T6636] cdc_ncm 5-1:1.0: bind() failure [ 875.988062][ T6637] usb 3-1: unable to get BOS descriptor or descriptor too short [ 876.009459][ T6637] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7 [ 876.028023][ T6637] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 116, changing to 7 [ 876.055313][ T6637] usb 3-1: string descriptor 0 read error: -22 [ 876.080968][ T6637] usb 3-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 876.132912][ T6637] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 876.151485][ T5088] usb 5-1: USB disconnect, device number 70 [ 876.236134][T22967] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 876.244136][T22967] IPv6: NLM_F_CREATE should be set when creating new route [ 876.251410][T22967] IPv6: NLM_F_CREATE should be set when creating new route [ 876.612911][ T6637] usb 3-1: Can't set UAC3 power state to 1 for id 10 [ 876.638191][ T6637] usb 3-1: 2:0: failed to get current value for ch 0 (-71) [ 876.659869][ T6637] usb 3-1: 2:0: cannot get min/max values for control 2 (id 2) [ 876.746849][ T6637] usb 3-1: USB disconnect, device number 33 [ 876.858088][T22989] set_capacity_and_notify: 1 callbacks suppressed [ 876.858104][T22989] loop0: detected capacity change from 0 to 2048 [ 876.916116][T22989] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 877.050791][ T6593] udevd[6593]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 877.354292][T23009] netlink: 'syz.3.8233': attribute type 10 has an invalid length. [ 877.522461][T23015] netlink: 'syz.3.8236': attribute type 24 has an invalid length. [ 877.588962][ T6637] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 877.652719][T22997] loop1: detected capacity change from 0 to 32768 [ 877.675883][T22997] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.8227 (22997) [ 877.744374][T22997] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 877.765950][T22997] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 877.792041][ T6637] usb 3-1: Using ep0 maxpacket: 16 [ 877.798882][ T6637] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 877.813342][T22997] BTRFS info (device loop1): enabling auto defrag [ 877.838426][T22997] BTRFS info (device loop1): use no compression [ 877.855561][ T6637] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 24929, setting to 1024 [ 877.868817][T22997] BTRFS info (device loop1): max_inline at 4096 [ 877.875101][T22997] BTRFS info (device loop1): using free space tree [ 877.882110][ T6637] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 877.939733][ T6637] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 877.989513][ T6637] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 878.009429][ T6637] usb 3-1: SerialNumber: syz [ 878.039401][T23007] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 878.057109][T23007] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 878.326926][T22997] BTRFS info (device loop1): enabling ssd optimizations [ 878.338887][ T6637] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 878.354073][ T6637] usb 3-1: USB disconnect, device number 34 [ 878.561961][ T4269] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 878.934358][T23080] ieee802154 phy0 wpan0: encryption failed: -90 [ 879.258679][T23090] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8263'. [ 879.382426][T23096] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 879.749086][T23114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8273'. [ 880.047307][T23125] loop2: detected capacity change from 0 to 2048 [ 880.146158][T23125] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 880.203570][T23134] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 880.274805][T23125] NILFS (loop2): error -2 truncating bmap (ino=16) [ 880.649330][T23150] netlink: 'syz.2.8288': attribute type 1 has an invalid length. [ 880.767186][T23154] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8293'. [ 880.792793][T23157] loop0: detected capacity change from 0 to 164 [ 880.850324][T23157] Unable to read rock-ridge attributes [ 880.879680][T23157] Unable to read rock-ridge attributes [ 881.280044][T23176] loop1: detected capacity change from 0 to 2048 [ 881.316695][T23176] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 881.349312][T23178] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (6) [ 881.549998][T23182] loop3: detected capacity change from 0 to 4096 [ 881.584378][T23182] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 881.655018][T23187] loop0: detected capacity change from 0 to 2048 [ 881.744262][T23182] ntfs3: loop3: failed to convert "c46c" to iso8859-9 [ 881.752451][T23187] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 881.908078][T23199] loop4: detected capacity change from 0 to 1024 [ 882.056960][ T4279] EXT4-fs error (device loop0): ext4_readdir:263: inode #2: block 16: comm syz-executor: path /1592/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 882.107249][T21731] hfsplus: b-tree write err: -5, ino 25 [ 882.113391][T23205] loop3: detected capacity change from 0 to 64 [ 882.127229][T21731] hfsplus: b-tree write err: -5, ino 4 [ 882.143074][T21731] hfsplus: b-tree write err: -5, ino 2 [ 882.171517][T21731] hfsplus: b-tree write err: -5, ino 26 [ 882.295197][ T4279] EXT4-fs (loop0): unmounting filesystem. [ 882.825208][T23232] program syz.4.8330 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 882.864798][T23236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8332'. [ 882.989378][T23239] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 883.058014][T23243] CIFS mount error: No usable UNC path provided in device string! [ 883.058014][T23243] [ 883.105263][T23243] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 883.129947][T23245] loop0: detected capacity change from 0 to 2048 [ 883.194369][T23245] loop0: p1 < > p4 < > [ 883.286473][T23252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8339'. [ 883.396938][ T9357] udevd[9357]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 883.456494][ T9357] udevd[9357]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 883.536379][T23259] raw_sendmsg: syz.2.8341 forgot to set AF_INET. Fix it! [ 883.824556][T23275] loop4: detected capacity change from 0 to 256 [ 883.916735][T23275] FAT-fs (loop4): Directory bread(block 64) failed [ 883.955565][T23275] FAT-fs (loop4): Directory bread(block 65) failed [ 883.979554][T23275] FAT-fs (loop4): Directory bread(block 66) failed [ 883.996303][T23283] loop2: detected capacity change from 0 to 16 [ 884.010058][T23275] FAT-fs (loop4): Directory bread(block 67) failed [ 884.026795][T23283] erofs: (device loop2): mounted with root inode @ nid 36. [ 884.040677][T23275] FAT-fs (loop4): Directory bread(block 68) failed [ 884.050001][T23275] FAT-fs (loop4): Directory bread(block 69) failed [ 884.068767][T23275] FAT-fs (loop4): Directory bread(block 70) failed [ 884.084019][T23283] erofs: (device loop2): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 884.099516][T10059] usb 4-1: new low-speed USB device number 61 using dummy_hcd [ 884.119523][T23275] FAT-fs (loop4): Directory bread(block 71) failed [ 884.133656][T23283] erofs: (device loop2): z_erofs_read_folio: failed to read, err [-117] [ 884.141599][T23275] FAT-fs (loop4): Directory bread(block 72) failed [ 884.148412][T23283] erofs: (device loop2): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 884.157372][T23275] FAT-fs (loop4): Directory bread(block 73) failed [ 884.304219][T10059] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 884.321802][T10059] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 884.355982][T10059] usb 4-1: config 0 has no interface number 0 [ 884.394329][T10059] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 884.429729][T10059] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 884.461195][T10059] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 884.491089][T10059] usb 4-1: config 0 descriptor?? [ 884.972769][T23316] loop2: detected capacity change from 0 to 2048 [ 885.037742][T23316] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 885.104472][ T3599] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 885.235759][T23326] unsupported nlmsg_type 40 [ 885.317719][ T3599] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 885.338236][ T3599] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 885.358101][ T3599] usb 2-1: Product: syz [ 885.368551][ T3599] usb 2-1: Manufacturer: syz [ 885.377311][ T3599] usb 2-1: SerialNumber: syz [ 885.422980][ T3599] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 885.473696][ T3599] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 885.612266][T23340] kernel read not supported for file /  (pid: 23340 comm: syz.2.8380) [ 885.630047][ T26] audit: type=1800 audit(49004607.784:90): pid=23340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.8380" name=200120 dev="mqueue" ino=87451 res=0 errno=0 [ 885.848840][T23350] netlink: 'syz.0.8385': attribute type 3 has an invalid length. [ 885.954893][ T4313] usb 2-1: USB disconnect, device number 70 [ 886.177894][T23362] tipc: Can't bind to reserved service type 0 [ 886.444760][T23376] netlink: 128 bytes leftover after parsing attributes in process `syz.0.8398'. [ 886.654557][ T3599] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 886.661605][ T3599] ath9k_htc: Failed to initialize the device [ 886.703016][ T4313] usb 2-1: ath9k_htc: USB layer deinitialized [ 887.089022][ T4313] usb 4-1: USB disconnect, device number 61 [ 887.130047][T23404] netlink: 88 bytes leftover after parsing attributes in process `syz.1.8411'. [ 887.367753][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.406597][T23417] x_tables: ip_tables: osf match: only valid for protocol 6 [ 887.424788][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.449906][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.485437][T23413] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 887.571557][T23413] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 887.686782][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.704327][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.712517][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.764798][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.788729][T23413] wg1 speed is unknown, defaulting to 1000 [ 887.926947][ T6637] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 888.129836][ T6637] usb 3-1: Using ep0 maxpacket: 16 [ 888.136951][ T6637] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 888.183891][T23423] loop1: detected capacity change from 0 to 32768 [ 888.190605][ T6637] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 888.215436][ T6637] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 888.218382][T23423] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.8421 (23423) [ 888.247434][ T6637] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 888.290971][ T6637] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 888.320292][ T6637] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 888.336163][T23423] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 888.346801][ T6637] usb 3-1: Product: syz [ 888.356340][ T6637] usb 3-1: Manufacturer: syz [ 888.371258][ T6637] usb 3-1: SerialNumber: syz [ 888.377419][T23423] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 888.397930][T23423] BTRFS info (device loop1): turning off barriers [ 888.418504][T23423] BTRFS info (device loop1): setting nodatasum [ 888.424726][T23423] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 888.461197][T23423] BTRFS info (device loop1): use zstd compression, level 3 [ 888.468462][T23423] BTRFS info (device loop1): using free space tree [ 888.515145][T23452] bridge0: port 2(bridge_slave_1) entered disabled state [ 888.522465][T23452] bridge0: port 1(bridge_slave_0) entered disabled state [ 888.555386][T23456] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8437'. [ 888.605008][T23456] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8437'. [ 888.843669][ T6637] usb 3-1: 0:2 : does not exist [ 888.881748][ T6637] usb 3-1: USB disconnect, device number 35 [ 888.942399][T23484] xt_TCPMSS: Only works on TCP SYN packets [ 888.971563][ T4269] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 889.153626][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 889.741209][T23507] autofs4:pid:23507:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.2), cmd(0xc0189374) [ 889.778163][T23507] autofs4:pid:23507:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374) [ 890.004158][T23518] loop1: detected capacity change from 0 to 1024 [ 890.308685][T23534] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.315955][T23534] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.428342][ T6637] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 890.574942][T23540] loop1: detected capacity change from 0 to 4096 [ 890.642396][ T6637] usb 5-1: Using ep0 maxpacket: 32 [ 890.649533][ T6637] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 890.714068][ T6637] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 890.740255][T23540] ntfs3: loop1: no free space to extend mft [ 890.752666][ T6637] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 890.783524][ T6637] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 890.792431][T23546] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8473'. [ 890.813115][ T6637] usb 5-1: Product: syz [ 890.824074][ T6637] usb 5-1: Manufacturer: syz [ 890.843373][ T6637] hub 5-1:4.0: USB hub found [ 890.955680][T23550] loop2: detected capacity change from 0 to 256 [ 891.021185][ T26] audit: type=1326 audit(49004612.826:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23551 comm="syz.1.8475" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7fa0d9c799 code=0x0 [ 891.060226][T23550] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 891.076136][ T6637] hub 5-1:4.0: 5 ports detected [ 891.097116][ T6637] hub 5-1:4.0: insufficient power available to use all downstream ports [ 891.102231][ T26] audit: type=1326 audit(49004612.900:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.3.8477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 891.209281][ T26] audit: type=1326 audit(49004612.900:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.3.8477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 891.264741][ T26] audit: type=1326 audit(49004612.938:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.3.8477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 891.286848][ C0] vkms_vblank_simulate: vblank timer overrun [ 891.303848][ T26] audit: type=1326 audit(49004612.938:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.3.8477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 891.332957][ T6637] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 891.347712][ T6637] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 891.401921][ T6637] usb 5-1: USB disconnect, device number 71 [ 891.452998][ T26] audit: type=1326 audit(49004612.938:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.3.8477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 891.476463][T23560] program syz.3.8479 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 891.677306][T23542] loop0: detected capacity change from 0 to 40427 [ 891.728268][T23542] F2FS-fs (loop0): invalid crc value [ 891.744896][T23542] F2FS-fs (loop0): Found nat_bits in checkpoint [ 891.806801][T23572] libceph: resolve '0' (ret=-3): failed [ 891.874169][T23542] F2FS-fs (loop0): Start checkpoint disabled! [ 891.903594][T23542] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 892.091519][T23582] Lens A: ================= START STATUS ================= [ 892.123644][T23582] Lens A: Focus, Absolute: 0 [ 892.145416][T23582] Lens A: ================== END STATUS ================== [ 892.337252][T23589] loop4: detected capacity change from 0 to 128 [ 892.444395][T23597] siw: device registration error -23 [ 892.500042][T23599] tmpfs: Bad value for 'mpol' [ 892.626736][T23601] loop2: detected capacity change from 0 to 512 [ 892.670366][T23601] EXT4-fs: Ignoring removed orlov option [ 892.713846][T23601] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 892.753261][T23601] EXT4-fs (loop2): orphan cleanup on readonly fs [ 892.823960][T23601] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.8498: bg 0: block 248: padding at end of block bitmap is not set [ 892.854047][T23601] Quota error (device loop2): write_blk: dquota write failed [ 892.871256][T23601] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 892.940768][T23601] EXT4-fs error (device loop2): ext4_acquire_dquot:6835: comm syz.2.8498: Failed to acquire dquot type 1 [ 892.979184][T23601] EXT4-fs (loop2): 1 truncate cleaned up [ 893.006870][T23601] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 893.080112][T23601] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 893.141675][T23601] EXT4-fs error (device loop2): __ext4_remount:6644: comm syz.2.8498: Abort forced by user [ 893.159191][T23601] EXT4-fs (loop2): Remounting filesystem read-only [ 893.186491][T23601] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 893.285738][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 893.400602][T23630] siw: device registration error -23 [ 893.404264][T23605] loop3: detected capacity change from 0 to 32768 [ 893.463696][T23605] jfs_lookup: iget failed on inum 32 [ 893.486762][T23605] jfs_lookup: iget failed on inum 32 [ 893.592710][ T5086] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 893.798208][ T5086] usb 1-1: unable to get BOS descriptor or descriptor too short [ 893.834272][ T5086] usb 1-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config [ 893.879707][ T5086] usb 1-1: config 66 has 1 interface, different from the descriptor's value: 2 [ 893.910234][T23642] loop3: detected capacity change from 0 to 8192 [ 893.910606][ T5086] usb 1-1: config 66 has no interface number 0 [ 893.942750][T23650] netlink: 'syz.2.8520': attribute type 21 has an invalid length. [ 893.961143][ T5086] usb 1-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95 [ 893.971445][T23642] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 893.981335][ T5086] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 893.993070][ T5086] usb 1-1: Product: syz [ 893.997247][ T5086] usb 1-1: Manufacturer: syz [ 894.002253][ T5086] usb 1-1: SerialNumber: syz [ 894.063147][T23642] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 894.072420][T23642] REISERFS (device loop3): using ordered data mode [ 894.130683][T23642] reiserfs: using flush barriers [ 894.161759][T23642] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 894.214549][T23642] REISERFS (device loop3): checking transaction log (loop3) [ 894.241437][ T5086] usb 1-1: USB disconnect, device number 80 [ 894.249711][T23642] REISERFS (device loop3): Using r5 hash to sort names [ 894.265831][T23642] REISERFS (device loop3): using 3.5.x disk format [ 894.284187][T23642] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 894.339598][T23661] IPv6: NLM_F_CREATE should be specified when creating new route [ 895.193692][T23689] netlink: 68 bytes leftover after parsing attributes in process `syz.2.8541'. [ 895.440864][T23697] loop1: detected capacity change from 0 to 4096 [ 896.116678][ T26] audit: type=1400 audit(49004617.596:97): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=23727 comm="syz.0.8560" [ 896.512272][T23747] netlink: 45 bytes leftover after parsing attributes in process `syz.4.8569'. [ 896.553638][T23750] netlink: 'syz.1.8570': attribute type 1 has an invalid length. [ 896.618141][ T5084] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 896.704742][T23755] ieee802154 phy0 wpan0: encryption failed: -22 [ 896.842648][ T5084] usb 1-1: Using ep0 maxpacket: 8 [ 896.849711][ T5084] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 2746, setting to 1024 [ 896.879190][ T5084] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 896.911122][ T5084] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 896.942183][ T5084] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 896.965343][ T5084] usb 1-1: config 0 descriptor?? [ 896.970982][T23741] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 896.996666][ T5084] iowarrior 1-1:0.0: no interrupt-in endpoint found [ 897.093661][T23743] loop3: detected capacity change from 0 to 32768 [ 897.171460][T23743] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 897.198184][T23743] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 897.243982][ T4313] usb 1-1: USB disconnect, device number 81 [ 897.312782][T23743] (syz.3.8567,23743,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=0, inode=281474976710721, rec_len=32768, name_len=1 [ 897.340703][T23743] (syz.3.8567,23743,1):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 897.370586][T23743] (syz.3.8567,23743,1):ocfs2_mknod:298 ERROR: status = -2 [ 897.395516][T23743] (syz.3.8567,23743,1):ocfs2_mknod:502 ERROR: status = -2 [ 897.429661][T23743] (syz.3.8567,23743,1):ocfs2_create:676 ERROR: status = -2 [ 897.565584][ T4276] ocfs2: Unmounting device (7,3) on (node local) [ 897.583638][T23785] loop2: detected capacity change from 0 to 4096 [ 897.732530][T23785] ntfs3: loop2: no free space to extend mft [ 897.778329][T23793] IPv6: NLM_F_CREATE should be specified when creating new route [ 898.024554][T23798] usb usb1: usbfs: process 23798 (syz.2.8593) did not claim interface 0 before use [ 898.484812][T23813] loop4: detected capacity change from 0 to 4096 [ 898.506211][T23813] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 898.561133][T23823] netlink: 830 bytes leftover after parsing attributes in process `syz.3.8605'. [ 898.598595][T23813] ntfs3: loop4: failed to convert "c46c" to macromanian [ 899.228129][T23815] loop2: detected capacity change from 0 to 32768 [ 899.300197][T23815] I/O error, dev loop14, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3 [ 899.349014][T23815] lbmIODone: I/O error in JFS log [ 899.362419][T23815] *** Log Format Error ! *** [ 899.388401][T23815] lmLogInit: exit(-22) [ 899.397064][T23815] lmLogOpen: exit(-22) [ 899.602692][T23853] netlink: 188 bytes leftover after parsing attributes in process `syz.2.8620'. [ 899.700432][T23855] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8621'. [ 899.772918][T23858] netlink: 'syz.0.8622': attribute type 7 has an invalid length. [ 899.817657][T23858] netlink: 'syz.0.8622': attribute type 8 has an invalid length. [ 900.046150][ T26] audit: type=1326 audit(49004621.263:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23866 comm="syz.0.8627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 900.127986][ T26] audit: type=1326 audit(49004621.300:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23866 comm="syz.0.8627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 900.177133][T23871] netlink: 6 bytes leftover after parsing attributes in process `syz.2.8630'. [ 900.187165][ T26] audit: type=1326 audit(49004621.300:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23866 comm="syz.0.8627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 900.187202][ T26] audit: type=1326 audit(49004621.300:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23866 comm="syz.0.8627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 900.257057][T23871] netlink: 6 bytes leftover after parsing attributes in process `syz.2.8630'. [ 900.359405][T23847] loop1: detected capacity change from 0 to 32768 [ 900.410127][T23847] (syz.1.8617,23847,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 900.428171][T23847] (syz.1.8617,23847,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 900.500248][T23847] (syz.1.8617,23847,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 900.537358][T23880] loop2: detected capacity change from 0 to 4096 [ 900.543894][ T5090] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 900.570437][T23847] JBD2: Ignoring recovery information on journal [ 900.643616][T23880] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 900.726237][T23847] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 900.755573][ T5090] usb 5-1: Using ep0 maxpacket: 32 [ 900.762305][ T5090] usb 5-1: config 9 has an invalid interface number: 221 but max is 1 [ 900.781229][T23880] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 900.795583][T23880] ntfs3: loop2: mft corrupted [ 900.800747][ T5090] usb 5-1: config 9 has an invalid interface number: 221 but max is 1 [ 900.810260][T23880] ntfs3: loop2: Failed to load $Extend. [ 900.815901][ T5090] usb 5-1: config 9 has 1 interface, different from the descriptor's value: 2 [ 900.825380][ T5090] usb 5-1: config 9 has no interface number 0 [ 900.843130][ T5090] usb 5-1: config 9 interface 221 altsetting 64 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 900.863424][ T5090] usb 5-1: config 9 interface 221 altsetting 64 endpoint 0xA has invalid wMaxPacketSize 0 [ 900.874306][T23880] ntfs3: loop2: ino=1b, "file0" attr_set_size [ 900.899797][ T5090] usb 5-1: config 9 interface 221 has no altsetting 0 [ 900.908462][T23888] loop3: detected capacity change from 0 to 1024 [ 900.936511][ T5090] usb 5-1: New USB device found, idVendor=0582, idProduct=74ce, bcdDevice=ba.38 [ 900.941415][T23888] EXT4-fs: inline encryption not supported [ 900.965717][ T5090] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 900.978476][ T5090] usb 5-1: Product: syz [ 900.984741][ T5090] usb 5-1: Manufacturer: syz [ 900.989430][ T5090] usb 5-1: SerialNumber: syz [ 901.039705][T23888] EXT4-fs error (device loop3): ext4_free_blocks:6219: comm syz.3.8636: Freeing blocks not in datazone - block = 0, count = 4096 [ 901.065436][T23888] EXT4-fs (loop3): Remounting filesystem read-only [ 901.072260][T23888] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.8636: Invalid inode bitmap blk 0 in block_group 0 [ 901.098801][T23888] EXT4-fs (loop3): Remounting filesystem read-only [ 901.106695][T23888] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 901.129628][T23888] EXT4-fs (loop3): Remounting filesystem read-only [ 901.136261][T23888] EXT4-fs (loop3): 1 orphan inode deleted [ 901.150951][T23888] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 901.249153][ T5090] usb 5-1: USB disconnect, device number 72 [ 901.296511][T23888] EXT4-fs error (device loop3): ext4_search_dir:1549: inode #2: block 16: comm syz.3.8636: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 901.326855][T23888] EXT4-fs (loop3): Remounting filesystem read-only [ 901.340141][ T4269] ocfs2: Unmounting device (7,1) on (node local) [ 901.420957][ T4276] EXT4-fs (loop3): unmounting filesystem. [ 901.483054][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:9.221/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 901.919801][T23901] loop2: detected capacity change from 0 to 4096 [ 901.949626][T23901] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 902.351416][T23920] loop3: detected capacity change from 0 to 4096 [ 902.373522][T23920] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 902.535772][T23920] ntfs: volume version 3.1. [ 903.082579][T23953] usb usb1: usbfs: process 23953 (syz.1.8663) did not claim interface 0 before use [ 903.245850][T23963] loop4: detected capacity change from 0 to 736 [ 903.620514][ T3599] usb 2-1: new full-speed USB device number 71 using dummy_hcd [ 903.825299][ T3599] usb 2-1: config 8 has an invalid interface number: 80 but max is 0 [ 903.838682][ T3599] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 903.881955][ T3599] usb 2-1: config 8 has no interface number 0 [ 903.909537][ T3599] usb 2-1: config 8 interface 80 altsetting 0 has an invalid endpoint with address 0xE7, skipping [ 903.932105][ T3599] usb 2-1: config 8 interface 80 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 904.016267][ T3599] usb 2-1: config 8 interface 80 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 904.026072][ T3599] usb 2-1: config 8 interface 80 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 14 [ 904.083113][ T3599] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.6f [ 904.118865][ T3599] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 904.164096][ T3599] usb 2-1: NFC: intf ffff8880568e5000 id ffffffff8d4055e0 [ 904.233929][T23994] loop4: detected capacity change from 0 to 4096 [ 904.299817][T23994] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 904.333834][T23970] loop3: detected capacity change from 0 to 32768 [ 904.343401][T23994] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 904.395683][T23994] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 904.450588][T23994] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 904.524544][T23994] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 904.595778][T23994] ntfs: volume version 3.1. [ 904.935538][T24016] netlink: 32 bytes leftover after parsing attributes in process `syz.4.8689'. [ 905.101354][T24018] netlink: 'syz.0.8690': attribute type 4 has an invalid length. [ 905.428712][ T4313] usb 2-1: USB disconnect, device number 71 [ 905.755375][T24005] loop2: detected capacity change from 0 to 40427 [ 905.815255][T24005] F2FS-fs (loop2): invalid crc value [ 905.831460][T24005] F2FS-fs (loop2): Found nat_bits in checkpoint [ 906.016437][T24005] F2FS-fs (loop2): Start checkpoint disabled! [ 906.048794][T24005] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 906.644078][T24035] loop0: detected capacity change from 0 to 32768 [ 906.666972][T24068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8707'. [ 906.691918][T24035] [ 906.691918][T24035] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 906.691918][T24035] [ 906.747783][T24066] loop4: detected capacity change from 0 to 4096 [ 906.812841][T24066] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 906.900889][ T4279] [ 906.900889][ T4279] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 906.900889][ T4279] [ 906.963037][ T4279] [ 906.963037][ T4279] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 906.963037][ T4279] [ 906.967177][T24066] ntfs3: loop4: ntfs3_write_inode r=1e failed, -22. [ 907.080511][T24075] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 907.221620][ T4284] ntfs3: loop4: ntfs_evict_inode r=1e failed, -22. [ 907.244665][ T4284] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 907.343632][T24061] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 907.518353][T24088] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8712'. [ 907.871086][T24105] netlink: 'syz.1.8722': attribute type 1 has an invalid length. [ 907.903051][T24107] loop2: detected capacity change from 0 to 64 [ 908.195649][T24120] netlink: 'syz.4.8728': attribute type 1 has an invalid length. [ 908.228495][T24121] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8729'. [ 908.237533][T24121] netlink: 7 bytes leftover after parsing attributes in process `syz.2.8729'. [ 908.511701][T24128] loop1: detected capacity change from 0 to 4096 [ 908.549637][T24128] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 908.600544][T24128] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 908.616868][T24138] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8737'. [ 908.632715][T24128] ntfs3: loop1: mft corrupted [ 908.641844][T24138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8737'. [ 908.645342][T24128] ntfs3: loop1: Failed to load $Extend. [ 908.731695][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 908.731711][ T26] audit: type=1326 audit(49004629.392:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 908.777879][ T93] block nbd2: Attempted send on invalid socket [ 908.784451][ T93] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3 [ 908.795018][T24143] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 908.834389][ T26] audit: type=1326 audit(49004629.392:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 908.843799][T24128] ntfs3: loop1: ino=1b, "file0" attr_set_size [ 908.858191][ T26] audit: type=1326 audit(49004629.392:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 908.917791][ T26] audit: type=1326 audit(49004629.392:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 909.025936][ T26] audit: type=1326 audit(49004629.392:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 909.136499][ T26] audit: type=1326 audit(49004629.392:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 909.217871][ T26] audit: type=1326 audit(49004629.392:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 909.297231][ T3599] usb 1-1: new full-speed USB device number 82 using dummy_hcd [ 909.305027][ T26] audit: type=1326 audit(49004629.392:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.0.8738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 909.535263][ T3599] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 909.573446][ T3599] usb 1-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 909.617435][ T3599] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 909.640983][ T3599] usb 1-1: Product: syz [ 909.645200][ T3599] usb 1-1: Manufacturer: syz [ 909.649824][ T3599] usb 1-1: SerialNumber: syz [ 909.700188][ T3599] usb 1-1: config 0 descriptor?? [ 909.726642][ T3599] powermate: probe of 1-1:0.0 failed with error -5 [ 909.983511][ T6637] usb 1-1: USB disconnect, device number 82 [ 910.437069][T24206] loop2: detected capacity change from 0 to 512 [ 910.451865][ T3599] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 910.464021][T24206] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 910.532319][T24206] EXT4-fs (loop2): 1 orphan inode deleted [ 910.556071][T24206] EXT4-fs (loop2): 1 truncate cleaned up [ 910.566742][T24206] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 910.583103][T24206] EXT4-fs error (device loop2): ext4_search_dir:1549: inode #12: block 7: comm syz.2.8770: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 910.620563][T24206] EXT4-fs (loop2): Remounting filesystem read-only [ 910.665710][ T3599] usb 5-1: Using ep0 maxpacket: 32 [ 910.672596][ T3599] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 910.694461][ T3599] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 256 [ 910.715987][ T3599] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 910.731349][T24212] loop3: detected capacity change from 0 to 512 [ 910.760920][ T3599] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 910.772939][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 910.781501][T24212] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 910.823995][ T3599] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 910.847567][ T3599] usb 5-1: SerialNumber: syz [ 910.897340][T24205] loop1: detected capacity change from 0 to 32768 [ 910.912879][T24193] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 910.913211][T24205] (syz.1.8769,24205,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 910.923830][ T3599] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 910.938498][T24205] (syz.1.8769,24205,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 911.025482][T24205] JBD2: Ignoring recovery information on journal [ 911.051586][ T4276] EXT4-fs (loop3): unmounting filesystem. [ 911.165221][ T3599] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 911.181760][T24205] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 911.211061][ T3599] usb 5-1: USB disconnect, device number 73 [ 911.602442][ T4269] ocfs2: Unmounting device (7,1) on (node local) [ 911.797209][T24246] loop0: detected capacity change from 0 to 512 [ 911.905744][ T3599] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 911.915956][T24246] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.8786: bad orphan inode 11862016 [ 912.034672][T24246] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 912.133069][ T26] audit: type=1326 audit(49004632.572:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24257 comm="syz.2.8791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 912.147829][ T3599] usb 4-1: unable to get BOS descriptor or descriptor too short [ 912.163708][ T26] audit: type=1326 audit(49004632.600:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24257 comm="syz.2.8791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 912.260197][ T3599] usb 4-1: not running at top speed; connect to a high speed hub [ 912.269071][ T4279] EXT4-fs (loop0): unmounting filesystem. [ 912.283883][T24262] loop4: detected capacity change from 0 to 256 [ 912.296800][ T3599] usb 4-1: config 4 has an invalid interface number: 175 but max is 0 [ 912.297516][T24262] exfat: Deprecated parameter 'utf8' [ 912.311118][ T3599] usb 4-1: config 4 has no interface number 0 [ 912.332536][ T3599] usb 4-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice=dc.17 [ 912.344219][T24262] exfat: Deprecated parameter 'namecase' [ 912.349923][T24262] exfat: Deprecated parameter 'namecase' [ 912.373546][ T3599] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 912.410037][T24262] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011e8b, chksum : 0xf0cee8ef, utbl_chksum : 0xe619d30d) [ 912.414014][ T3599] usb 4-1: Product: syz [ 912.464967][ T3599] usb 4-1: Manufacturer: syz [ 912.469616][ T3599] usb 4-1: SerialNumber: syz [ 912.627337][T24272] ipt_CLUSTERIP: bad num_local_nodes 32 [ 912.720290][ T3599] usb 4-1: NDI device with a latency value of 1 [ 912.727302][ T3599] ftdi_sio 4-1:4.175: FTDI USB Serial Device converter detected [ 912.743272][ T3599] ftdi_sio ttyUSB0: unknown device type: 0xdc17 [ 912.775887][ T3599] usb 4-1: USB disconnect, device number 62 [ 912.784711][ T3599] ftdi_sio 4-1:4.175: device disconnected [ 912.846954][T24276] overlayfs: missing 'lowerdir' [ 913.197193][T24295] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 913.212566][T24297] netlink: 'syz.4.8809': attribute type 1 has an invalid length. [ 913.227045][T24297] netlink: 220 bytes leftover after parsing attributes in process `syz.4.8809'. [ 913.263603][T24297] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8809'. [ 913.759963][T24321] loop1: detected capacity change from 0 to 1024 [ 913.853637][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 913.860054][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 914.135850][T24336] loop3: detected capacity change from 0 to 512 [ 914.173547][T24336] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 914.328617][T24341] loop0: detected capacity change from 0 to 4096 [ 914.371067][T24341] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 914.449291][T24349] cgroup: Invalid name [ 914.517876][T24341] ntfs3: loop0: no free space to extend mft [ 914.574274][T24351] loop3: detected capacity change from 0 to 4096 [ 914.665784][T24351] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 914.816445][ T4279] ntfs3: loop0: ntfs_sync_fs r=1a failed, -22. [ 914.829797][ T4279] ntfs3: loop0: ntfs_evict_inode r=1a failed, -22. [ 914.849773][ T4276] EXT4-fs (loop3): unmounting filesystem. [ 914.878045][ T4279] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 915.641974][T24397] loop0: detected capacity change from 0 to 256 [ 915.660554][T24397] exfat: Deprecated parameter 'utf8' [ 915.665942][T24397] exfat: Deprecated parameter 'namecase' [ 915.722317][T24397] exfat: Deprecated parameter 'namecase' [ 915.761571][T24399] netlink: 'syz.2.8860': attribute type 21 has an invalid length. [ 915.785309][T24397] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e8b, chksum : 0xf0cee8ef, utbl_chksum : 0xe619d30d) [ 915.809018][T24399] netlink: 'syz.2.8860': attribute type 1 has an invalid length. [ 916.791381][ T3599] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 916.839570][T24445] loop4: detected capacity change from 0 to 1024 [ 916.887525][T24445] hfsplus: Filesystem is marked locked, mounting read-only. [ 916.941984][T24449] netlink: 'syz.0.8882': attribute type 9 has an invalid length. [ 916.983757][ T3599] usb 2-1: Using ep0 maxpacket: 32 [ 916.990847][ T3599] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 917.026457][ T3599] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 917.070330][ T3599] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 917.125662][T24453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8884'. [ 917.129801][ T3599] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 917.186990][ T3599] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 917.195376][ T3599] usb 2-1: Product: syz [ 917.220781][ T3599] usb 2-1: Manufacturer: syz [ 917.225435][ T3599] usb 2-1: SerialNumber: syz [ 917.272246][ T3599] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input54 [ 917.456438][T24440] loop3: detected capacity change from 0 to 32768 [ 917.506785][T24465] netlink: 1096 bytes leftover after parsing attributes in process `syz.2.8890'. [ 917.520297][ T6636] usb 2-1: USB disconnect, device number 72 [ 917.535231][T24440] [ 917.535231][T24440] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 917.535231][T24440] [ 917.560108][ T6636] appletouch 2-1:1.0: input: appletouch disconnected [ 917.715893][ T4276] [ 917.715893][ T4276] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 917.715893][ T4276] [ 917.746403][T24470] loop2: detected capacity change from 0 to 16 [ 917.758525][ T4276] [ 917.758525][ T4276] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 917.758525][ T4276] [ 917.770945][T24471] xt_CT: You must specify a L4 protocol and not use inversions on it [ 917.785831][T24470] erofs: (device loop2): mounted with root inode @ nid 36. [ 917.827545][T24470] erofs: (device loop2): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 917.865033][T24470] erofs: (device loop2): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 917.900082][T24470] erofs: (device loop2): z_erofs_readahead: readahead error at page 0 @ nid 89 [ 917.924381][T24470] erofs: (device loop2): z_erofs_pcluster_readmore: readmore error at page 2 @ nid 89 [ 917.951230][T24470] erofs: (device loop2): z_erofs_pcluster_readmore: readmore error at page 1 @ nid 89 [ 917.974753][T24470] erofs: (device loop2): z_erofs_read_folio: failed to read, err [-117] [ 917.986877][ T26] kauditd_printk_skb: 128 callbacks suppressed [ 917.986892][ T26] audit: type=1800 audit(49004638.044:240): pid=24470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.8892" name="file3" dev="loop2" ino=89 res=0 errno=0 [ 918.110854][ T26] audit: type=1326 audit(49004638.166:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24479 comm="syz.0.8898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 918.160792][ T26] audit: type=1326 audit(49004638.175:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24479 comm="syz.0.8898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 918.272535][ T26] audit: type=1326 audit(49004638.175:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24479 comm="syz.0.8898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 918.346205][ T26] audit: type=1326 audit(49004638.175:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24479 comm="syz.0.8898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 918.467669][T24494] loop0: detected capacity change from 0 to 256 [ 918.531459][T24494] FAT-fs (loop0): Directory bread(block 64) failed [ 918.565374][T24494] FAT-fs (loop0): Directory bread(block 65) failed [ 918.598292][T24494] FAT-fs (loop0): Directory bread(block 66) failed [ 918.604878][T24494] FAT-fs (loop0): Directory bread(block 67) failed [ 918.614723][T24500] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8906'. [ 918.680563][T24494] FAT-fs (loop0): Directory bread(block 68) failed [ 918.694800][T24494] FAT-fs (loop0): Directory bread(block 69) failed [ 918.701523][T24494] FAT-fs (loop0): Directory bread(block 70) failed [ 918.748063][T24494] FAT-fs (loop0): Directory bread(block 71) failed [ 918.754757][T24494] FAT-fs (loop0): Directory bread(block 72) failed [ 918.796083][T24494] FAT-fs (loop0): Directory bread(block 73) failed [ 918.957965][T24512] netlink: 'syz.1.8914': attribute type 5 has an invalid length. [ 919.054707][T24512] device ip6erspan0 entered promiscuous mode [ 919.557077][T24528] loop1: detected capacity change from 0 to 4096 [ 919.626844][T24528] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 919.711497][T24528] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 919.731292][T24540] netlink: 'syz.2.8927': attribute type 2 has an invalid length. [ 919.739084][T24540] netlink: 224 bytes leftover after parsing attributes in process `syz.2.8927'. [ 919.837625][ T26] audit: type=1326 audit(49004639.775:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24541 comm="syz.4.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 919.929952][ T26] audit: type=1326 audit(49004639.803:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24541 comm="syz.4.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 920.038249][ T26] audit: type=1326 audit(49004639.803:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24541 comm="syz.4.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 920.078202][T24544] loop3: detected capacity change from 0 to 4096 [ 920.156094][T24550] binder: BC_ATTEMPT_ACQUIRE not supported [ 920.163163][ T26] audit: type=1326 audit(49004639.812:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24541 comm="syz.4.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 920.180523][T24550] binder: 24549:24550 ioctl c0306201 2000000001c0 returned -22 [ 920.197559][T24544] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 920.281376][ T26] audit: type=1326 audit(49004639.812:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24541 comm="syz.4.8928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 920.396844][T24544] ntfs3: loop3: no free space to extend mft [ 920.562914][ T4276] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22. [ 920.579417][ T4276] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22. [ 920.629348][ T4276] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 920.659681][T24564] loop2: detected capacity change from 0 to 1024 [ 920.717976][T24568] loop4: detected capacity change from 0 to 128 [ 920.759043][T24568] FAT-fs (loop4): Directory bread(block 162) failed [ 920.775944][T24564] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 920.788431][T24568] FAT-fs (loop4): Directory bread(block 163) failed [ 920.795611][T24568] FAT-fs (loop4): Directory bread(block 164) failed [ 920.804112][T24568] FAT-fs (loop4): Directory bread(block 165) failed [ 920.810841][T24568] FAT-fs (loop4): Directory bread(block 166) failed [ 920.817670][T24568] FAT-fs (loop4): Directory bread(block 167) failed [ 920.824559][T24568] FAT-fs (loop4): Directory bread(block 168) failed [ 920.831194][T24568] FAT-fs (loop4): Directory bread(block 169) failed [ 920.838163][T24568] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 920.857747][T24568] FAT-fs (loop4): Directory bread(block 162) failed [ 920.865298][T24568] FAT-fs (loop4): Directory bread(block 163) failed [ 920.875335][T24568] syz.4.8943: attempt to access beyond end of device [ 920.875335][T24568] loop4: rw=3, sector=226, nr_sectors = 6 limit=128 [ 920.889486][T24568] syz.4.8943: attempt to access beyond end of device [ 920.889486][T24568] loop4: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 920.891741][T24564] EXT4-fs error (device loop2): ext4_empty_dir:3177: inode #11: block 32: comm syz.2.8939: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=255, rec_len=0, size=1024 fake=0 [ 920.923381][ C1] vkms_vblank_simulate: vblank timer overrun [ 921.171057][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 921.253708][ T6636] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 921.280162][T24587] loop2: detected capacity change from 0 to 64 [ 921.399142][ T3599] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 921.455096][ T6636] usb 1-1: config 0 has an invalid interface number: 199 but max is 1 [ 921.477203][ T6636] usb 1-1: config 0 has no interface number 1 [ 921.483374][ T6636] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 921.500312][ T6636] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 921.533993][ T6636] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 921.557922][ T6636] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 921.568414][ T6636] usb 1-1: SerialNumber: syz [ 921.596680][ T6636] usb 1-1: config 0 descriptor?? [ 921.608491][ T6636] usb 1-1: Found UVC 0.00 device (0002:0000) [ 921.620201][ T3599] usb 5-1: Using ep0 maxpacket: 8 [ 921.630166][ T6636] usb 1-1: No valid video chain found. [ 921.644630][ T3599] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 921.676577][ T3599] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 921.696577][ T3599] usb 5-1: Product: syz [ 921.703073][ T3599] usb 5-1: Manufacturer: syz [ 921.707699][ T3599] usb 5-1: SerialNumber: syz [ 921.745702][ T3599] usb 5-1: config 0 descriptor?? [ 921.768500][ T3599] gspca_main: sq930x-2.14.0 probing 2770:930c [ 921.874506][ T4313] usb 1-1: USB disconnect, device number 83 [ 922.194017][ T3599] gspca_sq930x: ucbus_write failed -71 [ 922.218417][T24619] loop3: detected capacity change from 0 to 2048 [ 922.227141][T24621] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 922.256037][T24619] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=27485, location=27485 [ 922.283594][T24619] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 922.446614][ T3599] gspca_sq930x: Sensor ov9630 not yet treated [ 922.452794][ T3599] sq930x: probe of 5-1:0.0 failed with error -22 [ 922.486541][ T3599] usb 5-1: USB disconnect, device number 74 [ 922.626175][T24635] loop1: detected capacity change from 0 to 256 [ 922.665732][T24635] exfat: Deprecated parameter 'utf8' [ 922.686664][T24635] exfat: Deprecated parameter 'namecase' [ 922.708218][T24635] exfat: Deprecated parameter 'namecase' [ 922.776825][T24635] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f81e, utbl_chksum : 0xe619d30d) [ 923.145637][T24653] loop0: detected capacity change from 0 to 2048 [ 923.169439][T24653] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=27485, location=27485 [ 923.208418][T24653] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 923.217706][ T5084] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 923.248950][T24659] tmpfs: Bad value for 'mpol' [ 923.440980][ T5084] usb 5-1: Using ep0 maxpacket: 16 [ 923.455925][ T5084] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 923.481648][ T5084] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 923.504038][ T5084] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 923.504069][ T5084] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 923.504090][ T5084] usb 5-1: Product: syz [ 923.504104][ T5084] usb 5-1: Manufacturer: syz [ 923.504119][ T5084] usb 5-1: SerialNumber: syz [ 923.519796][ T5084] r8152-cfgselector 5-1: config 0 descriptor?? [ 923.611511][T24670] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8990'. [ 923.779941][ T5084] usbip-host 5-1: 5-1 is not in match_busid table... skip! [ 924.009366][ T5090] usb 5-1: USB disconnect, device number 75 [ 924.075013][T24681] netlink: 'syz.3.8995': attribute type 5 has an invalid length. [ 924.254883][T24685] loop2: detected capacity change from 0 to 512 [ 924.284405][T24674] loop0: detected capacity change from 0 to 32768 [ 924.304183][T24674] XFS (loop0): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 924.321355][T24685] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 924.387945][T24693] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8998'. [ 924.408270][T24685] EXT4-fs error (device loop2): xattr_find_entry:297: inode #15: comm syz.2.8997: corrupted xattr entries [ 924.510364][T24685] EXT4-fs (loop2): Remounting filesystem read-only [ 924.531447][T24685] EXT4-fs (loop2): 1 truncate cleaned up [ 924.537160][T24685] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 924.579310][T24685] EXT4-fs (loop2): unmounting filesystem. [ 924.582504][ T4279] XFS (loop0): Unmounting Filesystem [ 925.124997][T24719] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9010'. [ 925.368694][T24727] PKCS7: Unknown OID: [4] 0.0 [ 925.373423][T24727] PKCS7: Only support pkcs7_signedData type [ 925.562858][T24740] xt_l2tp: v2 doesn't support IP mode [ 925.573524][T24739] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 925.724990][T24745] cgroup: Unknown subsys name 'pcr' [ 925.769882][T24749] loop3: detected capacity change from 0 to 164 [ 925.806527][T24749] ISOFS: unable to read i-node block [ 925.812553][T24749] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 925.932301][ T5090] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 926.156399][ T5090] usb 3-1: Using ep0 maxpacket: 32 [ 926.168524][ T5090] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 926.220393][ T5090] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 926.244443][ T5090] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 926.319054][ T5090] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 926.347306][ T5090] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 926.372025][ T5090] usb 3-1: Product: syz [ 926.376236][ T5090] usb 3-1: Manufacturer: syz [ 926.393949][ T5090] usb 3-1: SerialNumber: syz [ 926.444981][ T5090] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input56 [ 926.659746][ T5090] usb 3-1: USB disconnect, device number 36 [ 926.673764][T24777] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.9038'. [ 926.707613][ T5090] appletouch 3-1:1.0: input: appletouch disconnected [ 927.266464][T24779] loop4: detected capacity change from 0 to 32768 [ 927.426919][T24779] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.9039 (24779) [ 927.494339][T24795] MTD: Couldn't look up './bus': -15 [ 927.499848][T24779] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 927.546279][T24779] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 927.555456][T24779] BTRFS info (device loop4): using free space tree [ 927.709944][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 927.709959][ T26] audit: type=1400 audit(49004647.145:254): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=24802 comm="syz.2.9049" [ 927.744407][T24810] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9048'. [ 927.907151][T24789] loop1: detected capacity change from 0 to 32768 [ 927.937064][T24789] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop1 scanned by syz.1.9044 (24789) [ 927.993407][T24789] BTRFS info (device loop1): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 928.031704][T24779] BTRFS info (device loop4): enabling ssd optimizations [ 928.031801][T24789] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 928.089672][T24789] BTRFS info (device loop1): using free space tree [ 928.313276][T24843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9056'. [ 928.380949][ T4284] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 928.438658][T24789] BTRFS info (device loop1): enabling ssd optimizations [ 928.628497][ T9357] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by udevd (9357) [ 928.936678][ T4269] BTRFS info (device loop1): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 928.965620][ T26] audit: type=1326 audit(49004648.315:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24867 comm="syz.2.9065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 929.040697][ T26] audit: type=1326 audit(49004648.333:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24867 comm="syz.2.9065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 929.157903][ T26] audit: type=1326 audit(49004648.343:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24867 comm="syz.2.9065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 929.261962][ T26] audit: type=1326 audit(49004648.343:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24867 comm="syz.2.9065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 929.385899][ T26] audit: type=1326 audit(49004648.343:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24867 comm="syz.2.9065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 929.400652][ T4261] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 9 /dev/loop1 scanned by udevd (4261) [ 929.480417][T24878] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.9068'. [ 929.688114][T24880] loop3: detected capacity change from 0 to 4096 [ 929.736086][T24880] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 930.130724][ T26] audit: type=1326 audit(49004649.409:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24896 comm="syz.2.9078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 930.234653][ T26] audit: type=1326 audit(49004649.409:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24896 comm="syz.2.9078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 930.334875][ T26] audit: type=1326 audit(49004649.447:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24896 comm="syz.2.9078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 930.390979][ T26] audit: type=1326 audit(49004649.447:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24896 comm="syz.2.9078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 930.392266][T24905] netdevsim netdevsim4 netdevsim0: set [1, 2] type 2 family 0 port 35163 - 0 [ 930.413161][ C1] vkms_vblank_simulate: vblank timer overrun [ 930.563291][T24905] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 35163 - 0 [ 930.605683][T24905] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 35163 - 0 [ 930.636219][T24917] loop2: detected capacity change from 0 to 1024 [ 930.643574][T24905] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 35163 - 0 [ 930.685058][T24905] netdevsim netdevsim4 netdevsim0: set [1, 3] type 2 family 0 port 37729 - 0 [ 930.737110][T24917] hfsplus: cannot replace xattr [ 930.748837][T24905] netdevsim netdevsim4 netdevsim1: set [1, 3] type 2 family 0 port 37729 - 0 [ 930.813142][T24921] program syz.3.9089 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 930.815530][T24905] netdevsim netdevsim4 netdevsim2: set [1, 3] type 2 family 0 port 37729 - 0 [ 930.881633][T24905] netdevsim netdevsim4 netdevsim3: set [1, 3] type 2 family 0 port 37729 - 0 [ 930.908083][T24905] device geneve3 entered promiscuous mode [ 931.061737][T24929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9092'. [ 931.258722][T24937] loop2: detected capacity change from 0 to 256 [ 931.327297][T24937] FAT-fs (loop2): Directory bread(block 64) failed [ 931.365556][T24937] FAT-fs (loop2): Directory bread(block 65) failed [ 931.384625][T24937] FAT-fs (loop2): Directory bread(block 66) failed [ 931.391249][T24937] FAT-fs (loop2): Directory bread(block 67) failed [ 931.477588][T24937] FAT-fs (loop2): Directory bread(block 68) failed [ 931.518450][T24937] FAT-fs (loop2): Directory bread(block 69) failed [ 931.539872][T24937] FAT-fs (loop2): Directory bread(block 70) failed [ 931.560612][T24937] FAT-fs (loop2): Directory bread(block 71) failed [ 931.588594][T24937] FAT-fs (loop2): Directory bread(block 72) failed [ 931.595159][T24937] FAT-fs (loop2): Directory bread(block 73) failed [ 932.153793][ T6637] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 932.356926][ T6637] usb 5-1: Using ep0 maxpacket: 8 [ 932.364853][ T6637] usb 5-1: unable to get BOS descriptor or descriptor too short [ 932.395989][ T6637] usb 5-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0 [ 932.429209][ T6637] usb 5-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0 [ 932.454995][ T6637] usb 5-1: config 8 interface 0 has no altsetting 0 [ 932.487142][ T6637] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 932.511206][ T6637] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 932.534956][ T6637] usb 5-1: Product: syz [ 932.549922][ T6637] usb 5-1: Manufacturer: syz [ 932.565308][ T6637] usb 5-1: SerialNumber: syz [ 932.802951][T24991] cgroup: Unexpected value for 'cpuset_v2_mode' [ 932.818297][ T6637] usb 5-1: selecting invalid altsetting 0 [ 932.891243][ T6637] snd-usb-audio: probe of 5-1:8.0 failed with error -12 [ 932.945226][ T6637] usb 5-1: USB disconnect, device number 76 [ 933.034950][T25000] binder: 24998:25000 ioctl c018620c 200000000040 returned -1 [ 933.056890][T25002] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9127'. [ 933.086774][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 933.086789][ T26] audit: type=1326 audit(49004652.178:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24997 comm="syz.0.9125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 933.156630][ T26] audit: type=1326 audit(49004652.178:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24997 comm="syz.0.9125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 933.245672][ T4260] udevd[4260]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 933.257689][T25006] tmpfs: Bad value for 'mpol' [ 933.837972][ T26] audit: type=1326 audit(49004652.879:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25033 comm="syz.1.9144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fa0d9c799 code=0x7ffc0000 [ 933.907320][ T26] audit: type=1326 audit(49004652.879:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25033 comm="syz.1.9144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fa0d9c799 code=0x7ffc0000 [ 933.992601][ T26] audit: type=1326 audit(49004652.879:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25033 comm="syz.1.9144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f7fa0d9c799 code=0x7ffc0000 [ 934.076899][ T26] audit: type=1326 audit(49004652.879:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25033 comm="syz.1.9144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fa0d9c799 code=0x7ffc0000 [ 934.163934][ T26] audit: type=1326 audit(49004652.879:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25033 comm="syz.1.9144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fa0d9c799 code=0x7ffc0000 [ 934.254867][T25050] Cannot find del_set index 4 as target [ 934.437543][T25056] ALSA: mixer_oss: invalid OSS volume 'u' [ 934.504117][T25026] loop0: detected capacity change from 0 to 32768 [ 934.541944][T25059] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9154'. [ 934.578350][T25059] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9154'. [ 934.622840][T25059] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9154'. [ 935.052904][T25081] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 935.072518][ T6637] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 935.295890][ T6637] usb 1-1: Using ep0 maxpacket: 32 [ 935.309077][ T6637] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 935.358738][ T6637] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 935.378915][ T6637] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 935.393551][ T6637] usb 1-1: Product: syz [ 935.397754][ T6637] usb 1-1: Manufacturer: syz [ 935.412711][ T6637] usb 1-1: SerialNumber: syz [ 935.430254][ T6637] usb 1-1: config 0 descriptor?? [ 935.452729][T25069] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 935.488385][T25099] netlink: 'syz.1.9173': attribute type 30 has an invalid length. [ 935.614151][T25104] loop3: detected capacity change from 0 to 256 [ 935.739405][T25110] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9178'. [ 935.763778][T10059] usb 1-1: USB disconnect, device number 84 [ 935.911075][ T26] audit: type=1326 audit(49004654.816:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25115 comm="syz.4.9180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 935.957772][ T26] audit: type=1326 audit(49004654.844:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25115 comm="syz.4.9180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 936.029610][ T26] audit: type=1326 audit(49004654.844:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25115 comm="syz.4.9180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7fcc7b79c799 code=0x7ffc0000 [ 936.083456][T25119] netlink: 'syz.2.9182': attribute type 3 has an invalid length. [ 936.966616][T25149] loop0: detected capacity change from 0 to 4096 [ 937.027281][T25149] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 937.076761][T25149] ntfs3: loop0: Failed to load $Extend. [ 937.966915][T25196] loop4: detected capacity change from 0 to 256 [ 937.999436][T25196] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x76dfe516, utbl_chksum : 0xe619d30d) [ 938.161468][T25201] loop2: detected capacity change from 0 to 1024 [ 938.353001][T25206] netlink: 'syz.1.9225': attribute type 2 has an invalid length. [ 938.782097][T25222] comedi comedi4: bad chanlist[0]=0x00000009 chan=9 range length=2 [ 938.851080][T25224] loop0: detected capacity change from 0 to 1024 [ 938.928735][T25226] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9234'. [ 939.027554][ T1117] hfsplus: b-tree write err: -5, ino 25 [ 939.027945][ T1117] hfsplus: b-tree write err: -5, ino 4 [ 939.028021][ T1117] hfsplus: b-tree write err: -5, ino 2 [ 939.028218][ T1117] hfsplus: b-tree write err: -5, ino 22 [ 939.081824][T25232] netlink: 'syz.2.9237': attribute type 1 has an invalid length. [ 939.243699][T25240] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9241'. [ 939.243735][T25240] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9241'. [ 939.329735][T25236] loop0: detected capacity change from 0 to 4096 [ 939.409992][T25236] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 939.957333][T25264] netlink: set zone limit has 4 unknown bytes [ 940.148554][T25272] ptrace attach of "./syz-executor exec"[4268] was attempted by ""[25272] [ 940.437127][T25288] xt_hashlimit: max too large, truncated to 1048576 [ 940.449783][T18991] usb 4-1: new low-speed USB device number 63 using dummy_hcd [ 940.665744][T18991] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 940.692330][T18991] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 940.718032][T18991] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 940.749124][T18991] usb 4-1: config 1 interface 0 has no altsetting 0 [ 940.772327][T18991] usb 4-1: string descriptor 0 read error: -22 [ 940.800285][T18991] usb 4-1: New USB device found, idVendor=0644, idProduct=800e, bcdDevice= 0.40 [ 940.838844][T18991] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3 [ 940.871745][T18991] usb 4-1: 0:2 : does not exist [ 940.908838][T18991] usb-storage 4-1:1.1: USB Mass Storage device detected [ 941.323122][T18991] us122l: couldn't allocate write buffer [ 941.330371][T25319] xt_l2tp: v2 doesn't support IP mode [ 941.333898][T18991] snd-usb-us122l: probe of 4-1:1.1 failed with error -22 [ 941.364411][T18991] usb 4-1: USB disconnect, device number 63 [ 941.611348][T25306] loop1: detected capacity change from 0 to 32768 [ 941.646583][ T9357] udevd[9357]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 941.727310][T25306] XFS (loop1): Mounting V5 Filesystem [ 941.857993][T25306] XFS (loop1): Ending clean mount [ 942.101607][ T4269] XFS (loop1): Unmounting Filesystem [ 942.188229][T25345] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9288'. [ 942.201536][T25345] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9288'. [ 942.295659][T25345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9288'. [ 942.308503][T25325] loop2: detected capacity change from 0 to 32768 [ 942.365534][T25349] loop4: detected capacity change from 0 to 2048 [ 942.406033][T25349] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 942.450883][T25325] XFS (loop2): Mounting V5 Filesystem [ 942.594762][T10059] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 942.596278][T25325] XFS (loop2): Ending clean mount [ 942.647029][T25325] XFS (loop2): Quotacheck needed: Please wait. [ 942.775289][T25325] XFS (loop2): Quotacheck: Done. [ 942.812304][T10059] usb 4-1: Using ep0 maxpacket: 32 [ 942.819519][T10059] usb 4-1: unable to get BOS descriptor or descriptor too short [ 942.834940][T10059] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 942.860171][T10059] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 942.876435][T10059] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 942.903063][T10059] usb 4-1: Product: syz [ 942.907428][T10059] usb 4-1: Manufacturer: syz [ 942.934623][ T3599] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 942.944300][T10059] usb 4-1: SerialNumber: syz [ 942.971872][ T4268] XFS (loop2): Unmounting Filesystem [ 943.132987][ T3599] usb 5-1: Using ep0 maxpacket: 32 [ 943.140353][ T3599] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 943.191222][ T3599] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 943.200979][T10059] usb 4-1: Invalid number of CPorts: 0 [ 943.229919][T10059] es2_ap_driver: probe of 4-1:7.0 failed with error -22 [ 943.237685][ T3599] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 943.288156][T25378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9301'. [ 943.288809][ T3599] usb 5-1: Product: syz [ 943.307179][ T3599] usb 5-1: Manufacturer: syz [ 943.311810][ T3599] usb 5-1: SerialNumber: syz [ 943.335069][ T3599] usb 5-1: config 0 descriptor?? [ 943.354731][T25363] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 943.480091][ T3599] usb 4-1: USB disconnect, device number 64 [ 943.582319][T25385] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 943.705487][ T6637] usb 5-1: USB disconnect, device number 77 [ 943.872819][T25395] loop0: detected capacity change from 0 to 64 [ 943.886134][T25397] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 943.993071][T25399] binder: 25398:25399 ioctl c018620c 200000000700 returned -22 [ 944.168470][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 944.168484][ T26] audit: type=1326 audit(49004662.533:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25404 comm="syz.3.9315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 944.267559][ T26] audit: type=1326 audit(49004662.580:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25404 comm="syz.3.9315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 944.333344][ T26] audit: type=1326 audit(49004662.580:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25404 comm="syz.3.9315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 944.432972][ T26] audit: type=1326 audit(49004662.580:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25404 comm="syz.3.9315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 944.467310][T25418] netlink: 'syz.0.9319': attribute type 21 has an invalid length. [ 944.518945][ T26] audit: type=1326 audit(49004662.580:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25404 comm="syz.3.9315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 944.541141][ C1] vkms_vblank_simulate: vblank timer overrun [ 944.552914][T25418] netlink: 128 bytes leftover after parsing attributes in process `syz.0.9319'. [ 944.595339][T25418] netlink: 'syz.0.9319': attribute type 4 has an invalid length. [ 944.607404][T25418] netlink: 3 bytes leftover after parsing attributes in process `syz.0.9319'. [ 945.479419][ T26] audit: type=1326 audit(49004663.768:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.9341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 945.501598][ C1] vkms_vblank_simulate: vblank timer overrun [ 945.562572][ T26] audit: type=1326 audit(49004663.805:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.9341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 945.677304][ T26] audit: type=1326 audit(49004663.814:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.9341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 945.699489][ C1] vkms_vblank_simulate: vblank timer overrun [ 945.719596][T25470] loop3: detected capacity change from 0 to 8 [ 945.745787][ T26] audit: type=1326 audit(49004663.814:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.9341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 945.763588][T25470] /dev/loop3: Can't open blockdev [ 945.853990][ T26] audit: type=1326 audit(49004663.814:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.9341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fb19c799 code=0x7ffc0000 [ 945.876161][ C1] vkms_vblank_simulate: vblank timer overrun [ 946.288929][T25456] loop4: detected capacity change from 0 to 32768 [ 946.295658][T25492] syz.0.9356 (25492): drop_caches: 0 [ 946.388195][T25456] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 946.464978][T25456] XFS (loop4): Mounting V5 Filesystem [ 946.676932][T25509] loop3: detected capacity change from 0 to 1024 [ 946.683912][T25513] loop0: detected capacity change from 0 to 256 [ 946.717076][T25456] XFS (loop4): Ending clean mount [ 946.789888][T25513] FAT-fs (loop0): Directory bread(block 64) failed [ 946.796487][T25513] FAT-fs (loop0): Directory bread(block 65) failed [ 946.811647][T25509] EXT4-fs: Ignoring removed nomblk_io_submit option [ 946.818390][T25509] /dev/loop3: Can't open blockdev [ 946.845415][T25513] FAT-fs (loop0): Directory bread(block 66) failed [ 946.852297][T25513] FAT-fs (loop0): Directory bread(block 67) failed [ 946.917215][T25513] FAT-fs (loop0): Directory bread(block 68) failed [ 946.938801][T25513] FAT-fs (loop0): Directory bread(block 69) failed [ 946.945877][T25513] FAT-fs (loop0): Directory bread(block 70) failed [ 946.962047][ T4284] XFS (loop4): Unmounting Filesystem [ 946.990011][T25513] FAT-fs (loop0): Directory bread(block 71) failed [ 947.035134][T25513] FAT-fs (loop0): Directory bread(block 72) failed [ 947.041896][T25513] FAT-fs (loop0): Directory bread(block 73) failed [ 948.014648][T25549] loop2: detected capacity change from 0 to 256 [ 948.335739][T25569] loop1: detected capacity change from 0 to 512 [ 948.378525][T25569] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 948.455783][T25563] xt_CT: No such helper "snmp_trap" [ 948.520168][T25569] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.9390: iget: bogus i_mode (5) [ 948.585692][T25577] loop2: detected capacity change from 0 to 164 [ 948.613745][T25578] netlink: 'syz.0.9391': attribute type 32 has an invalid length. [ 948.641548][T25569] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.9390: couldn't read orphan inode 15 (err -117) [ 948.673716][T25577] Unable to read rock-ridge attributes [ 948.712844][T25577] Unable to read rock-ridge attributes [ 948.724553][T25569] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 948.845860][T25569] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #2: comm syz.1.9390: Directory hole found for htree leaf block 0 [ 949.006238][ T4269] EXT4-fs (loop1): unmounting filesystem. [ 949.599078][T25617] loop1: detected capacity change from 0 to 1024 [ 949.695110][T21731] hfsplus: b-tree write err: -5, ino 25 [ 949.760163][T21731] hfsplus: b-tree write err: -5, ino 4 [ 949.790894][T21731] hfsplus: b-tree write err: -5, ino 2 [ 950.530973][ T6637] usb 4-1: new full-speed USB device number 65 using dummy_hcd [ 950.736007][ T6637] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 950.768409][ T6637] usb 4-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55 [ 950.804780][ T6637] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 950.824225][T25631] loop0: detected capacity change from 0 to 32768 [ 950.831294][ T6637] usb 4-1: Product: syz [ 950.842103][ T6637] usb 4-1: Manufacturer: syz [ 950.846732][ T6637] usb 4-1: SerialNumber: syz [ 950.897606][ T6637] usb 4-1: config 0 descriptor?? [ 950.933893][T25671] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9437'. [ 950.940993][T25631] XFS (loop0): Mounting V5 Filesystem [ 951.098769][T25683] netlink: 'syz.4.9441': attribute type 4 has an invalid length. [ 951.126103][ T6637] cdc_subset: probe of 4-1:0.0 failed with error -22 [ 951.151878][T25631] XFS (loop0): Ending clean mount [ 951.204447][ T6635] usb 2-1: new full-speed USB device number 73 using dummy_hcd [ 951.329312][ T4279] XFS (loop0): Unmounting Filesystem [ 951.408158][ T6637] usb 4-1: USB disconnect, device number 65 [ 951.429382][ T6635] usb 2-1: config 8 has an invalid interface number: 177 but max is 0 [ 951.437598][ T6635] usb 2-1: config 8 has no interface number 0 [ 951.446441][ T6635] usb 2-1: config 8 interface 177 altsetting 9 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 951.461720][ T6635] usb 2-1: config 8 interface 177 has no altsetting 0 [ 951.469565][ T6635] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 951.479109][ T6635] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.524294][T25676] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 951.670925][T25697] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 951.768434][ T6635] usb 2-1: string descriptor 0 read error: -71 [ 951.785812][ C0] ir_toy 2-1:8.177: out urb status: -71 [ 952.113976][T25713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 952.132574][T25713] bridge0: port 1(bridge_slave_0) entered disabled state [ 952.204016][T25713] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 952.326955][ T6635] ir_toy 2-1:8.177: could not write reset command: -110 [ 952.334086][ T6635] ir_toy: probe of 2-1:8.177 failed with error -110 [ 952.396315][ T6635] usb 2-1: USB disconnect, device number 73 [ 953.046316][T25755] netlink: 'syz.2.9476': attribute type 3 has an invalid length. [ 953.321793][T25765] loop2: detected capacity change from 0 to 1024 [ 953.361338][T25765] hfsplus: cannot replace xattr [ 953.410356][T25768] loop4: detected capacity change from 0 to 1024 [ 953.469732][ T1117] hfsplus: b-tree write err: -5, ino 25 [ 953.480980][ T1117] hfsplus: b-tree write err: -5, ino 4 [ 953.496619][ T1117] hfsplus: b-tree write err: -5, ino 2 [ 953.873359][T25779] loop2: detected capacity change from 0 to 4096 [ 953.920723][T25779] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 954.123087][T25794] netlink: 'syz.0.9495': attribute type 13 has an invalid length. [ 954.187712][T25794] gretap0: refused to change device tx_queue_len [ 954.198196][T25794] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 954.892115][T25824] loop4: detected capacity change from 0 to 512 [ 954.950035][T25828] loop2: detected capacity change from 0 to 8 [ 954.995953][T25824] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 955.025936][T25828] SQUASHFS error: Unable to read directory block [1d0:0] [ 955.067758][T25824] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #15: comm syz.4.9509: iget: bogus i_mode (5) [ 955.139284][T25824] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.9509: couldn't read orphan inode 15 (err -117) [ 955.195998][T25824] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 955.246330][T25824] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #2: comm syz.4.9509: Directory hole found for htree leaf block 0 [ 955.402917][ T4284] EXT4-fs (loop4): unmounting filesystem. [ 955.445036][T25826] loop0: detected capacity change from 0 to 32768 [ 955.550101][T25844] netlink: 'syz.1.9517': attribute type 2 has an invalid length. [ 955.667489][T25826] XFS (loop0): Mounting V5 Filesystem [ 955.765777][T25860] loop2: detected capacity change from 0 to 512 [ 955.807533][T25860] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 955.832089][T25862] x_tables: duplicate underflow at hook 1 [ 955.901302][T25860] EXT4-fs error (device loop2): ext4_xattr_block_get:543: inode #15: comm syz.2.9521: corrupted xattr block 33 [ 955.998667][T25826] XFS (loop0): Ending clean mount [ 956.113902][T25860] EXT4-fs error (device loop2): ext4_get_inode_usage:835: inode #15: comm syz.2.9521: corrupted xattr block 33 [ 956.240291][ T4279] XFS (loop0): Unmounting Filesystem [ 956.336477][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 956.381816][T25878] netlink: 'syz.4.9532': attribute type 10 has an invalid length. [ 956.624925][T25878] team0: Port device wlan1 added [ 957.270401][T25914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9549'. [ 957.320538][T25914] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 957.338421][T25912] loop3: detected capacity change from 0 to 4096 [ 957.389674][T25912] /dev/loop3: Can't open blockdev [ 957.625911][T25921] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 957.873944][T25900] loop1: detected capacity change from 0 to 32768 [ 957.919506][T25900] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 12 [ 958.288224][ T9357] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 12 [ 958.653145][T25955] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 958.706402][T25955] overlayfs: missing 'lowerdir' [ 958.900053][T25936] loop4: detected capacity change from 0 to 32768 [ 958.969167][T25936] jfs_mkdir: dtInsert returned -EIO [ 958.985301][T25936] ERROR: (device loop4): jfs_mkdir: [ 958.985301][T25936] [ 959.020782][T25936] ERROR: (device loop4): remounting filesystem as read-only [ 959.400201][T25981] IPv6: ADDRCONF(NETDEV_CHANGE): netdevsim0: link becomes ready [ 959.420815][T25981] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 959.551907][T25985] loop4: detected capacity change from 0 to 8 [ 960.043251][T26006] loop4: detected capacity change from 0 to 256 [ 960.053345][T10059] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 960.074756][T26006] exfat: Deprecated parameter 'namecase' [ 960.092950][T26006] exfat: Deprecated parameter 'utf8' [ 960.135087][T26006] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d) [ 960.259693][T10059] usb 2-1: Using ep0 maxpacket: 16 [ 960.262717][T10059] usb 2-1: config index 0 descriptor too short (expected 176, got 162) [ 960.262745][T10059] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 960.262763][T10059] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 960.262791][T10059] usb 2-1: config 1 interface 0 has no altsetting 0 [ 960.269121][T10059] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 960.269149][T10059] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 960.269170][T10059] usb 2-1: Product: syz [ 960.269185][T10059] usb 2-1: Manufacturer: syz [ 960.269199][T10059] usb 2-1: SerialNumber: syz [ 960.288155][T26015] loop3: detected capacity change from 0 to 64 [ 960.509133][T10059] usb 2-1: 0:2 : does not exist [ 960.518740][T10059] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 960.529739][T26022] loop3: detected capacity change from 0 to 65 [ 960.532524][T10059] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 960.536645][T26022] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway [ 960.540736][T10059] usb 2-1: 5:0: cannot get min/max values for control 4 (id 5) [ 960.590726][T10059] usb 2-1: USB disconnect, device number 74 [ 960.598047][T26023] loop2: detected capacity change from 0 to 764 [ 960.685779][T26023] rock: directory entry would overflow storage [ 960.696058][T26023] rock: sig=0x4654, size=5, remaining=4 [ 960.827887][T26027] loop3: detected capacity change from 0 to 512 [ 960.856733][T26027] /dev/loop3: Can't open blockdev [ 960.870082][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 961.044912][T26033] ipt_REJECT: TCP_RESET invalid for non-tcp [ 961.592400][T26059] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9621'. [ 961.631126][T26059] device lo entered promiscuous mode [ 961.668316][T26059] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 961.707811][T10059] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 961.786994][T26067] netlink: 'syz.1.9625': attribute type 2 has an invalid length. [ 961.817524][T26067] netlink: 'syz.1.9625': attribute type 1 has an invalid length. [ 961.959583][T10059] usb 1-1: Using ep0 maxpacket: 8 [ 961.982225][T10059] usb 1-1: unable to get BOS descriptor or descriptor too short [ 962.024512][T10059] usb 1-1: config 0 has an invalid interface number: 88 but max is 0 [ 962.032632][T10059] usb 1-1: config 0 has no interface number 0 [ 962.075088][T10059] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 962.110159][T10059] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 962.141714][T10059] usb 1-1: config 0 interface 88 has no altsetting 0 [ 962.160530][T10059] usb 1-1: string descriptor 0 read error: -22 [ 962.195139][T10059] usb 1-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 962.204224][T10059] usb 1-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 962.252447][T10059] usb 1-1: config 0 descriptor?? [ 962.278018][T10059] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.88/input/input60 [ 962.415864][ T4261] udevd[4261]: Error opening device "/dev/input/event4": Input/output error [ 962.470786][ T4261] udevd[4261]: Unable to EVIOCGABS device "/dev/input/event4" [ 962.493807][ T4261] udevd[4261]: Unable to EVIOCGABS device "/dev/input/event4" [ 962.566574][T10059] usb 1-1: USB disconnect, device number 85 [ 962.752969][T26107] netlink: 'syz.1.9644': attribute type 21 has an invalid length. [ 962.782616][T26109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9645'. [ 962.791508][T26107] IPv6: NLM_F_CREATE should be specified when creating new route [ 962.791602][T26107] netlink: 'syz.1.9644': attribute type 1 has an invalid length. [ 963.353613][T18991] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 963.552057][T18991] usb 2-1: Using ep0 maxpacket: 32 [ 963.571328][T18991] usb 2-1: config 1 has an invalid interface number: 108 but max is 0 [ 963.611451][T18991] usb 2-1: config 1 has no interface number 0 [ 963.616850][T26145] MPI: mpi too large (107144 bits) [ 963.625203][T18991] usb 2-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 963.651300][T18991] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 963.673606][T18991] usb 2-1: Product: syz [ 963.677816][T18991] usb 2-1: Manufacturer: syz [ 963.699931][T18991] usb 2-1: SerialNumber: syz [ 963.719278][T18991] hub 2-1:1.108: bad descriptor, ignoring hub [ 963.760249][T18991] hub: probe of 2-1:1.108 failed with error -5 [ 963.921828][T26159] xt_hashlimit: max too large, truncated to 1048576 [ 963.943277][T18991] usb 2-1: palm_os_4_probe - error -71 getting connection info [ 963.967467][T18991] visor 2-1:1.108: Handspring Visor / Palm OS converter detected [ 964.000513][T18991] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 964.021682][T26164] kAFS: unable to lookup cell '(,c¾Ì' [ 964.031773][T18991] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 964.130039][T18991] usb 2-1: USB disconnect, device number 75 [ 964.188103][T18991] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 964.224602][T18991] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 964.251191][T18991] visor 2-1:1.108: device disconnected [ 964.257753][T26137] loop2: detected capacity change from 0 to 32768 [ 964.364290][T26137] XFS (loop2): Mounting V5 Filesystem [ 964.500259][T26137] XFS (loop2): Ending clean mount [ 964.793290][ T4268] XFS (loop2): Unmounting Filesystem [ 964.836631][T26195] xt_TPROXY: Can be used only with -p tcp or -p udp [ 965.442719][T26217] netlink: 'syz.1.9694': attribute type 1 has an invalid length. [ 965.545406][ T26] audit: type=1326 audit(49004682.532:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26223 comm="syz.2.9683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 965.567577][ C1] vkms_vblank_simulate: vblank timer overrun [ 965.589786][ T26] audit: type=1326 audit(49004682.550:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26223 comm="syz.2.9683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 965.727407][ T26] audit: type=1326 audit(49004682.550:295): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=26223 comm="syz.2.9683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 965.732938][T26228] loop0: detected capacity change from 0 to 22 [ 965.832065][T26228] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 965.853844][ T26] audit: type=1326 audit(49004682.550:296): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=26223 comm="syz.2.9683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 965.889839][T26228] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 966.412120][T26259] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 966.847396][T26277] netlink: 'syz.4.9722': attribute type 5 has an invalid length. [ 966.871026][T26277] netlink: 'syz.4.9722': attribute type 11 has an invalid length. [ 967.005286][T26285] netlink: 144 bytes leftover after parsing attributes in process `syz.1.9728'. [ 967.081321][T26291] JFS: discard option not supported on device [ 967.101697][T26291] Mount JFS Failure: -22 [ 967.123695][T26291] jfs_mount failed w/return code = -22 [ 967.396165][T26305] loop2: detected capacity change from 0 to 164 [ 967.484446][T26305] rock: directory entry would overflow storage [ 967.497703][T26305] rock: sig=0x66, size=4, remaining=3 [ 967.550343][T18991] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 967.562337][T26305] rock: directory entry would overflow storage [ 967.568526][T26305] rock: sig=0x66, size=4, remaining=3 [ 967.764106][T18991] usb 2-1: Using ep0 maxpacket: 16 [ 967.771126][T18991] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 255 [ 967.830959][T18991] usb 2-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 967.859389][T18991] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 967.880741][T18991] usb 2-1: Product: syz [ 967.885474][T18991] usb 2-1: Manufacturer: syz [ 967.890087][T18991] usb 2-1: SerialNumber: syz [ 967.922498][T18991] usb 2-1: config 0 descriptor?? [ 967.932974][T26297] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 967.995600][T18991] mcba_usb 2-1:0.0: Microchip CAN BUS Analyzer connected [ 968.204889][ C1] mcba_usb 2-1:0.0 can0: Tx URB aborted (-71) [ 968.211084][ C1] mcba_usb 2-1:0.0 can0: Tx URB aborted (-71) [ 968.219475][T18991] usb 2-1: USB disconnect, device number 76 [ 968.244562][T18991] mcba_usb 2-1:0.0 can0: device disconnected [ 968.281842][T26331] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 969.133220][T26356] loop1: detected capacity change from 0 to 4096 [ 969.343448][T26334] loop3: detected capacity change from 0 to 32768 [ 969.382524][T26334] /dev/loop3: Can't open blockdev [ 969.464237][T10059] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 969.670996][T10059] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 969.704035][T10059] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 969.732845][T10059] usb 3-1: Product: syz [ 969.752750][T10059] usb 3-1: Manufacturer: syz [ 969.757529][T10059] usb 3-1: SerialNumber: syz [ 969.827680][T10059] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 969.900446][T26379] loop3: detected capacity change from 0 to 4096 [ 969.963766][T26390] loop1: detected capacity change from 0 to 64 [ 970.069687][T26390] hfs: keylen 40 too large [ 970.240179][T10059] vp7045: USB control message 'in' went wrong. [ 970.268373][T10059] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 970.308550][T10059] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 970.353167][T10059] usb 3-1: USB disconnect, device number 37 [ 970.677429][T26414] capability: warning: `syz.3.9779' uses 32-bit capabilities (legacy support in use) [ 971.234737][ T26] audit: type=1326 audit(49004687.854:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26437 comm="syz.2.9789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 971.366837][ T26] audit: type=1326 audit(49004687.854:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26437 comm="syz.2.9789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 971.443914][ T26] audit: type=1326 audit(49004687.854:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26437 comm="syz.2.9789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 971.466084][ C1] vkms_vblank_simulate: vblank timer overrun [ 971.559535][ T26] audit: type=1326 audit(49004687.854:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26437 comm="syz.2.9789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bb999c799 code=0x7ffc0000 [ 971.910828][ T26] audit: type=1326 audit(49004688.490:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26462 comm="syz.3.9800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 972.004130][ T26] audit: type=1326 audit(49004688.490:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26462 comm="syz.3.9800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 972.104581][ T26] audit: type=1326 audit(49004688.500:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26462 comm="syz.3.9800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 972.222638][ T26] audit: type=1326 audit(49004688.500:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26462 comm="syz.3.9800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 972.274452][T26432] loop1: detected capacity change from 0 to 32768 [ 972.306872][ T26] audit: type=1326 audit(49004688.500:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26462 comm="syz.3.9800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32bab9c799 code=0x7ffc0000 [ 972.488053][T26432] XFS (loop1): Mounting V5 Filesystem [ 972.634649][T26432] XFS (loop1): Ending clean mount [ 972.799129][ T4269] XFS (loop1): Unmounting Filesystem [ 973.946645][T26543] netlink: 224 bytes leftover after parsing attributes in process `syz.2.9835'. [ 973.962465][T26543] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9835'. [ 974.498439][T26532] loop4: detected capacity change from 0 to 32768 [ 974.529233][T26532] [ 974.529233][T26532] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.529233][T26532] [ 974.583111][T26532] [ 974.583111][T26532] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.583111][T26532] [ 974.627031][T26532] [ 974.627031][T26532] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.627031][T26532] [ 974.654373][T26568] loop0: detected capacity change from 0 to 512 [ 974.663324][T26532] [ 974.663324][T26532] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.663324][T26532] [ 974.719424][T26532] [ 974.719424][T26532] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.719424][T26532] [ 974.735562][T26568] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 974.811794][T26532] [ 974.811794][T26532] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.811794][T26532] [ 974.860174][ T107] [ 974.860174][ T107] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.860174][ T107] [ 974.877518][T26568] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 974.951528][ T75] [ 974.951528][ T75] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 974.951528][ T75] [ 975.024148][ T75] [ 975.024148][ T75] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 975.024148][ T75] [ 975.065133][ T4284] [ 975.065133][ T4284] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 975.065133][ T4284] [ 975.101337][ T4284] [ 975.101337][ T4284] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 975.101337][ T4284] [ 975.127394][T26582] loop3: detected capacity change from 0 to 1024 [ 975.135130][ T4279] EXT4-fs (loop0): unmounting filesystem. [ 975.146933][ T107] [ 975.146933][ T107] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 975.146933][ T107] [ 975.163106][ T75] Quota error (device loop0): remove_tree: Cycle in quota tree detected: block 5 index 0 [ 975.196791][T26582] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 975.205157][ T107] ================================================================== [ 975.215744][ T107] BUG: KASAN: use-after-free in txEnd+0x329/0x520 [ 975.222178][ T107] Write of size 8 at addr ffff88807890a840 by task jfsCommit/107 [ 975.229911][ T107] [ 975.232240][ T107] CPU: 0 PID: 107 Comm: jfsCommit Not tainted syzkaller #0 [ 975.239442][ T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 975.240649][T26582] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869) [ 975.249485][ T107] Call Trace: [ 975.249497][ T107] [ 975.249504][ T107] dump_stack_lvl+0x188/0x24e [ 975.249530][ T107] ? read_lock_is_recursive+0x10/0x10 [ 975.249552][ T107] ? show_regs_print_info+0x12/0x12 [ 975.249570][ T107] ? load_image+0x400/0x400 [ 975.249587][ T107] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 975.249604][ T107] ? __virt_addr_valid+0x188/0x540 [ 975.249624][ T107] ? __virt_addr_valid+0x465/0x540 [ 975.249643][ T107] ? txEnd+0x329/0x520 [ 975.249659][ T107] print_report+0xa8/0x210 [ 975.249676][ T107] kasan_report+0x10b/0x140 [ 975.249696][ T107] ? mutex_unlock+0x10/0x10 [ 975.318163][ T107] ? txEnd+0x329/0x520 [ 975.322236][ T107] kasan_check_range+0x235/0x290 [ 975.327171][ T107] txEnd+0x329/0x520 [ 975.331057][ T107] jfs_lazycommit+0x5a0/0xa70 [ 975.335724][ T107] ? txFreelock+0x5a0/0x5a0 [ 975.340217][ T107] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 975.346098][ T107] ? do_task_dead+0xd0/0xd0 [ 975.350595][ T107] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 975.356476][ T107] ? __kthread_parkme+0x162/0x1c0 [ 975.361493][ T107] kthread+0x29d/0x330 [ 975.365550][ T107] ? txFreelock+0x5a0/0x5a0 [ 975.370050][ T107] ? kthread_blkcg+0xd0/0xd0 [ 975.374629][ T107] ret_from_fork+0x1f/0x30 [ 975.379040][ T107] [ 975.382046][ T107] [ 975.384354][ T107] Allocated by task 26532: [ 975.388756][ T107] kasan_set_track+0x4b/0x70 [ 975.393340][ T107] __kasan_kmalloc+0x8e/0xa0 [ 975.397921][ T107] lmLogOpen+0x2c0/0xf90 [ 975.402158][ T107] jfs_mount_rw+0xf8/0x5c0 [ 975.406562][ T107] jfs_fill_super+0x594/0xad0 [ 975.411225][ T107] mount_bdev+0x287/0x3c0 [ 975.415538][ T107] legacy_get_tree+0xe6/0x180 [ 975.420200][ T107] vfs_get_tree+0x88/0x270 [ 975.424600][ T107] do_new_mount+0x24a/0xa40 [ 975.429088][ T107] __se_sys_mount+0x2e3/0x3d0 [ 975.433752][ T107] do_syscall_64+0x4c/0xa0 [ 975.438157][ T107] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 975.444037][ T107] [ 975.446341][ T107] Freed by task 4284: [ 975.450300][ T107] kasan_set_track+0x4b/0x70 [ 975.454876][ T107] kasan_save_free_info+0x2d/0x50 [ 975.459885][ T107] ____kasan_slab_free+0x126/0x1e0 [ 975.464981][ T107] slab_free_freelist_hook+0x131/0x1a0 [ 975.470424][ T107] __kmem_cache_free+0xb6/0x1f0 [ 975.475261][ T107] lmLogClose+0x293/0x520 [ 975.479576][ T107] jfs_umount+0x28f/0x360 [ 975.483892][ T107] jfs_put_super+0x88/0x190 [ 975.488384][ T107] generic_shutdown_super+0x130/0x340 [ 975.493741][ T107] kill_block_super+0x7c/0xe0 [ 975.498401][ T107] deactivate_locked_super+0x93/0xf0 [ 975.503667][ T107] cleanup_mnt+0x42c/0x4b0 [ 975.508065][ T107] task_work_run+0x1d0/0x260 [ 975.512640][ T107] exit_to_user_mode_loop+0xe6/0x110 [ 975.517912][ T107] exit_to_user_mode_prepare+0xee/0x180 [ 975.523447][ T107] syscall_exit_to_user_mode+0x16/0x40 [ 975.528891][ T107] do_syscall_64+0x58/0xa0 [ 975.533295][ T107] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 975.539173][ T107] [ 975.541477][ T107] Last potentially related work creation: [ 975.547172][ T107] kasan_save_stack+0x3a/0x60 [ 975.551835][ T107] __kasan_record_aux_stack+0xb2/0xc0 [ 975.557193][ T107] kvfree_call_rcu+0x103/0x870 [ 975.561944][ T107] neigh_periodic_work+0x3f3/0xd70 [ 975.567039][ T107] process_one_work+0x8a2/0x1160 [ 975.571962][ T107] worker_thread+0xaa2/0x1270 [ 975.576623][ T107] kthread+0x29d/0x330 [ 975.580672][ T107] ret_from_fork+0x1f/0x30 [ 975.585078][ T107] [ 975.587385][ T107] The buggy address belongs to the object at ffff88807890a800 [ 975.587385][ T107] which belongs to the cache kmalloc-1k of size 1024 [ 975.601419][ T107] The buggy address is located 64 bytes inside of [ 975.601419][ T107] 1024-byte region [ffff88807890a800, ffff88807890ac00) [ 975.614689][ T107] [ 975.617001][ T107] The buggy address belongs to the physical page: [ 975.623404][ T107] page:ffffea0001e24200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78908 [ 975.633545][ T107] head:ffffea0001e24200 order:3 compound_mapcount:0 compound_pincount:0 [ 975.641852][ T107] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 975.649848][ T107] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888017441dc0 [ 975.658432][ T107] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 975.667004][ T107] page dumped because: kasan: bad access detected [ 975.673412][ T107] page_owner tracks the page as allocated [ 975.679108][ T107] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 9, tgid 9 (kworker/u4:0), ts 66723068510, free_ts 61621927308 [ 975.700714][ T107] post_alloc_hook+0x173/0x1a0 [ 975.705479][ T107] get_page_from_freelist+0x1a1e/0x1ab0 [ 975.711012][ T107] __alloc_pages+0x1ec/0x4f0 [ 975.715589][ T107] alloc_slab_page+0x5d/0x160 [ 975.720249][ T107] new_slab+0x87/0x2c0 [ 975.724303][ T107] ___slab_alloc+0xbc6/0x1240 [ 975.728961][ T107] __kmem_cache_alloc_node+0x1a0/0x260 [ 975.734404][ T107] __kmalloc_node_track_caller+0x9e/0x230 [ 975.740112][ T107] __alloc_skb+0x22a/0x7e0 [ 975.744517][ T107] ndisc_alloc_skb+0xa6/0x450 [ 975.749183][ T107] ndisc_send_rs+0x2a2/0x610 [ 975.753760][ T107] addrconf_rs_timer+0x2d1/0x630 [ 975.758679][ T107] call_timer_fn+0x1ac/0x670 [ 975.763254][ T107] __run_timers+0x53e/0x800 [ 975.767739][ T107] run_timer_softirq+0x63/0xf0 [ 975.772485][ T107] handle_softirqs+0x2a1/0x930 [ 975.777234][ T107] page last free stack trace: [ 975.781887][ T107] free_unref_page_prepare+0x8b4/0x9a0 [ 975.787335][ T107] free_unref_page+0x2e/0x3f0 [ 975.792001][ T107] qlist_free_all+0x76/0xe0 [ 975.796491][ T107] kasan_quarantine_reduce+0x144/0x160 [ 975.801934][ T107] __kasan_slab_alloc+0x1e/0x80 [ 975.806773][ T107] slab_post_alloc_hook+0x4b/0x480 [ 975.811875][ T107] kmem_cache_alloc_node+0x14d/0x320 [ 975.817142][ T107] __alloc_skb+0xfc/0x7e0 [ 975.821457][ T107] alloc_skb_with_frags+0xa7/0x710 [ 975.826559][ T107] sock_alloc_send_pskb+0x87f/0x9a0 [ 975.831741][ T107] unix_dgram_sendmsg+0x539/0x16e0 [ 975.836838][ T107] __sys_sendto+0x497/0x650 [ 975.841326][ T107] __x64_sys_sendto+0xda/0xf0 [ 975.845989][ T107] do_syscall_64+0x4c/0xa0 [ 975.850395][ T107] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 975.856275][ T107] [ 975.858581][ T107] Memory state around the buggy address: [ 975.864191][ T107] ffff88807890a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 975.872233][ T107] ffff88807890a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 975.880274][ T107] >ffff88807890a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 975.888317][ T107] ^ [ 975.894447][ T107] ffff88807890a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 975.902490][ T107] ffff88807890a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 975.910544][ T107] ================================================================== [ 975.922129][T26582] EXT4-fs (loop3): invalid journal inode [ 975.929146][T26582] EXT4-fs (loop3): can't get journal size [ 975.953132][ T75] EXT4-fs error (device loop0): ext4_release_dquot:6871: comm kworker/u4:4: Failed to release dquot type 1 [ 975.963311][T26582] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 975.992923][ T107] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 976.000159][ T107] CPU: 0 PID: 107 Comm: jfsCommit Not tainted syzkaller #0 [ 976.007365][ T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 976.017424][ T107] Call Trace: [ 976.020746][ T107] [ 976.023687][ T107] dump_stack_lvl+0x188/0x24e [ 976.028382][ T107] ? memcpy+0x3c/0x60 [ 976.032371][ T107] ? show_regs_print_info+0x12/0x12 [ 976.037587][ T107] ? load_image+0x400/0x400 [ 976.042104][ T107] panic+0x2e5/0x730 [ 976.046014][ T107] ? bpf_jit_dump+0xd0/0xd0 [ 976.050560][ T107] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 976.056553][ T107] ? _raw_spin_unlock+0x40/0x40 [ 976.061418][ T107] check_panic_on_warn+0x80/0xa0 [ 976.066362][ T107] ? txEnd+0x329/0x520 [ 976.070438][ T107] end_report+0x66/0x110 [ 976.074692][ T107] kasan_report+0x118/0x140 [ 976.079204][ T107] ? mutex_unlock+0x10/0x10 [ 976.083719][ T107] ? txEnd+0x329/0x520 [ 976.087795][ T107] kasan_check_range+0x235/0x290 [ 976.092740][ T107] txEnd+0x329/0x520 [ 976.096649][ T107] jfs_lazycommit+0x5a0/0xa70 [ 976.101374][ T107] ? txFreelock+0x5a0/0x5a0 [ 976.105898][ T107] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 976.111808][ T107] ? do_task_dead+0xd0/0xd0 [ 976.116332][ T107] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 976.122233][ T107] ? __kthread_parkme+0x162/0x1c0 [ 976.127274][ T107] kthread+0x29d/0x330 [ 976.131344][ T107] ? txFreelock+0x5a0/0x5a0 [ 976.135859][ T107] ? kthread_blkcg+0xd0/0xd0 [ 976.140447][ T107] ret_from_fork+0x1f/0x30 [ 976.144864][ T107] [ 976.148202][ T107] Kernel Offset: disabled [ 976.152514][ T107] Rebooting in 86400 seconds..