last executing test programs: 1m23.053666007s ago: executing program 4 (id=2038): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000600)=0x6, 0x42) 1m22.82202455s ago: executing program 4 (id=2042): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002d80), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000080)={{0x9, 0x7}, {0xf8, 0x7}, 0x3, 0x3, 0x10}) 1m22.637364393s ago: executing program 4 (id=2046): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xd, 0x5}, {0x6, 0x2}, {0x3, 0x3}]}]}}, &(0x7f0000000f40)=""/4089, 0x4a, 0xff9, 0x1, 0x0, 0x0, @void, @value}, 0x28) 1m22.499676785s ago: executing program 4 (id=2047): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f6465636f6d706f73652c6e6c733d63703733372c626172726965722c747970653df268d6512c706172743d307830303030303030303030302c00"], 0x3, 0x6bf, &(0x7f0000000a80)="$eJzs3V2IXGf9B/DvmWxmM/lDum3TNH8RsjRQtMFkN0NNBKFRRHIRJOhNb5dk0yzZpGWzlbSImahV8Mor6YUXFYkXFUFEhApCsV4LQm+8yn3AOy8Cvqycl9md3Z1sZvOys7afD5w5zzPPc57nd34558zMmSwT4FPr7KvZ20uRs8fO3Sjrd253F+/c7l7tl5NMJmklE/UqRScpPkrOpF7y/+WTzXDF/eZ5+e4HxcS773fr2kSzVP1bW223ydCevWTfamVPkum6+K+Rh900XrVU41xYG+8hFatxlwk72k8cjNvKJr21xtYDNx/9vAV2rZv16+YmU8n+1K+u5fuANFeHB18ZxqGzrrbltan3pGMBAACAJ2/oZ/lBT93LvdzIgZ0JBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Zivo3A4tmafXL0yn6v//fHvhN/faYw31E71yqVt98atyBAAAAAAAAAMAjOXIv93IjB/r1laL6zv+FqnKwevy/vJnrmc9SjudG5rKc5SxlNsnUwEDtG3PLy0uzm7f8acotV1ZWbjZbnhy65cn1cfU2Bjrsfxps6gQAAAAAAAAAn1rfy9m17/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA3KJI99apaDvbLU2lNJNmXpF1Mr3ZvjzXYR1KH/uG4wwAAAICdc6D4T11YKarP/Ieqz/378mauZTkLWc5i5nOxuhdQf3Ru/bXXXbxzu3u1XDYP+JW/b2v+asTU9x6GzzxT9XhudYuz+Xq+lWOZzvksZSHfzlyWM5/pfK0qzaXIVHP3YurO7U76sW6O98y62vmNsR0ZKJfxHa4i6eRSFqrYjudCux96q+l3eGC237eTDTPeKrNTvNIYMUcXm3W5Rz9p1rvDVLXne1czMtPkvszG04N535z7bR4nG2eaTWv1HtTBtVnK6saZHirn+5v1DuR62K20P96/+/pM9H5c1vpH36Gtc558/uM/nb/cunbl8qXrx3bPYfSQNh4T3YFMPD9SJhbLTPQeIRP7HiX+x6fdZKO+im7vavlCte2BLOQbeT0XM59TmclsTmcmX8rJdHNyIK/PbZ3X6lxrbe9cO/q5ptBJ8qNmvaMm79dQ5vXpgbwOXummqrbBZ9ay9MwIWSraGZ6lvw0NZeIzTaGc4/sDrzjjtzETswOZeHbrTPz83ytJri9eu7J0ee6NEed7sVmXp+0766/Rv3gsO7R9ze6Wx8sz5T9WWflh1h0dZduz/bYN+Wo337hMNIOta2unOp/rtgedqeVIh24NG6lue37oLN2q7fBA27p3OXk9i6vvQgDYtVrZ/9L+dudu5y+d9zo/6FzunNv31cnTk59tZ++fJ/6w5zetX7a+XLyU9/LdHBh3rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Elw/a23r8wtLs4v7cJCWiN0/nVGH/DW0KZ+Kupn2o9rL/65MrypnuzDX409vY+10D+QJrc6on6bZItx2uMIvpPkyU5xZLTOmdiBXZ7MkKZzq890ktZqPEmu7JIfuAOehBPLV984cf2tt7+wcHXutfnX5q+dPH3qlVPdL87ePHFpYXF+pn4cd5TAk7DxfSkAAAAAAAAAAACw++3EX1kMmbbojWFfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9NZ1/N3l6KzM4cnynrd253F8ulX17rOZGklaT4TlJ8lJxJvWRqYLjifvO8fPeDn7347vvdtbEm+v3LQT8e6Pq7f6ysbHMves2S6SR7mvWDTY403oWB8XrbDKxWrGamTNjRfuJg3P4bAAD//9mbBys=") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 1m22.18616468s ago: executing program 4 (id=2050): r0 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, 0x0) 1m21.730146857s ago: executing program 4 (id=2055): r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef80"], 0xfe33) 1m21.138534446s ago: executing program 32 (id=2055): r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef80"], 0xfe33) 3.19412733s ago: executing program 2 (id=3058): syz_mount_image$msdos(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x8, &(0x7f0000000300)={[{@fat=@nfs_stale_rw}]}, 0x1, 0x23b, &(0x7f0000000340)="$eJzs3c1qM1UYB/Bj3trmjfRjJejGg250M2i9giAtiAGlNqIuhClNNSQmJRMwEcGuXXkRropLd4K4dNO7cFcE6aorR9L0u/WjknZS8/tBmaf8M+E5HCY8E0hy+OG3n7d2smQn7YdSOYa58MteOA5hJZTCkzD2zOmxdFLPh8v2wmvf9Y++ef+jj9+p1mprGzGuVzffXI0xLr300xdfff/yz/3nPvhh6ceFcLDyyeHvq78ePH/wwuEfm581s9jMYqfbj2nc6nb76Va7EbebWSuJ8b12nuf56OkbvSv5Tru7uzuMaWd7sbLba2RZTDvD2GoMY78b+71hTD9Nm52YJElcrAT+SX1/YyOtFt0F96vXq6aja/npjaS+X0hDAEChbs7/YRrm/0aaNWKzk12f/8vB/D9B5v9ZMJr/K6fX71XmfwAAAAAAAAAAAAAAeAyO83w5z/Pls+PZ30IIoRxCOPv/5pnlItplwv77/vN/YP9n2933/+si22XCLn1wtxzCb3uD+qA+Po7z9bdra6/HEysXZx0NBvUn5/kb4zxezZ8NldN89dZ8Prz6yjgfZW+9W7uWPw3b9798AAAAmAlJPHfr/X2S/FU+ri69P3Dt/n0uvDj3YMsAAAAA/kY2/LKVttuN3r8o5u/y4AcqSic/ElR4G4+6WJiONhRTVRT9ygQAAEzaxdBfdCcAAAAAAAAAAAAAAAAAAAAwux7i68SKXiMAAAAAAAAAAAAAAAAAAAAAAEybPwMAAP//kbcBaQ==") syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 2.5793033s ago: executing program 2 (id=3066): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x5c, 0xa, 0x0, "3258c546dacccfae1e008faa00000000f4ff4000", 0x43564548}) 2.381190363s ago: executing program 5 (id=3069): r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80) ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000001c0)={&(0x7f0000000000)=[{0x47, 0x0, 0x0, 0x0}, {0x7, 0xc00, 0xfffffe2f, 0x0}], 0x2}) 2.319240554s ago: executing program 2 (id=3070): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000000000000000000000000008500000061000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000e40)="e02742e8680d85ff9782763ff02e", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.258376375s ago: executing program 3 (id=3071): r0 = syz_open_dev$video(&(0x7f0000000040), 0x7fffffffffff7ffd, 0x141000) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000280)={0xe, @capture={0x1000, 0x0, {0xd45c, 0x2}, 0x1, 0x8}}) 2.142629156s ago: executing program 5 (id=3073): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0x0, @remote}, {0x2, 0x4e21, @empty}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}) 2.065372288s ago: executing program 3 (id=3074): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@ipv6_delrule={0x30, 0x21, 0x121, 0x70bd2a, 0x0, {0xa, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x18}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'ip6erspan0\x00'}]}, 0x30}}, 0x80c4) 1.871835971s ago: executing program 5 (id=3077): r0 = socket$unix(0x1, 0x5, 0x0) read(r0, &(0x7f0000000280)=""/184, 0xb8) 1.871293011s ago: executing program 3 (id=3078): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f0000003a00)=[{{&(0x7f0000000140)={0xa, 0x4e22, 0xffffff7f, @dev={0xfe, 0x80, '\x00', 0x11}, 0x9}, 0x18, &(0x7f0000000ac0)=[{&(0x7f0000000600)="1b", 0x1}], 0x1}}], 0x1, 0x400c0c0) 1.699468834s ago: executing program 5 (id=3080): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000000)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x98, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x0, 0x7ee}}]}, {0x4}, {0xc}, {0xc}}}, @m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0xfe8d, 0x1, {{0xfffffffb, 0x3, 0x20000000, 0x80800000, 0x8001}, 0x81}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xac}}, 0x0) 1.684403534s ago: executing program 3 (id=3081): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x1900, 0x0, 0x0, 0x0, 0x1, 0x4000}) 1.511964616s ago: executing program 1 (id=3083): r0 = syz_open_dev$video4linux(&(0x7f0000000840), 0x0, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000008c0)={0x9c0000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 1.444236147s ago: executing program 3 (id=3084): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000002c0)='./file0\x00', 0x44, &(0x7f00000000c0)=ANY=[], 0x1, 0x6216, &(0x7f000000cb40)="$eJzs3c2OHFfZB/Cn+ms+/CaxsojyRghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmWhSeaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoZs4Z1zTT7rGd7uqZ8/tJk6qnTtX0qfy7prtdVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjvffcHZ6qIuPTztOB4xP9FP6IXsdLUaxGxsnY8rz+IiOdjuzmei4jhUkSVG5+JeCMiPn464t792+vNorMH7Md3/vi33/7w2Pf/+vvhqX//6Ub/zUnr3bz5q3/9+c7j7y8AAACUqK7rukof819In+97XXcKAJiL/PpfJ3m5euHqzQXrj1qtVqsPYd1W7+9Ou4iIzfY2zXsGp+MB4JDZjE+67gIdkn/RBhFxrOtOAAut6roDzMS9+7fXq5Rv1X49WNtpz9eC7Ml/s9q9v2PSdJrxa0zm9fzain48O6E/K3PqwyLJ+ffG87+00z5K6806/3mZlP9o59an4uT8++P5jzk6+ff2zb9UOf/BI+Xflz8AAAAAACyw/O//xzs+/7v05LtyIA87/7s2pz4AAAAAAAAAwGftScf/21UZ/w8AAAAWVfNZvfHrpx8sm/RdbM3yi1XEU2PrA4VJN8usdt0PAAAAAAAAAAAAACjJYOca3otVxDAinlpdreu6+Wkbrx/Vk25/2JW+/1Cyrv/IAwDAjo+fHruXv4pYjoiL6bv+hqurq3W9vLJar9YrS/n97GhpuV5pfa7N02bZ0ugAb4gHo7r5Zcut7dqmfV6e1j7++5rHGtX9A3RsPjoMHAAiYufV6J5XpCOmrp+Jrt/lcDg4/o8exz8H0fXzFAAAAJi9uq7rKn2d9wvpnH+v604BAHORX//Hzwuo1Wq1Wq0+enVbvb877SIiNtvbNO8ZDMcPAIfMZnzSdRfokPyLNoiI57vuBLDQqq47wEzcu397vUr5Vu3XgzS+e74WZE/+m9X2dnn7/abTjF9jMq/n11b049kJ/XluTn1YJDn/3nj+l3baR2m9Wec/L5Pyb/bzeAf96VrOvz+e/5ijk39v3/xLlfMfPFL+ffkDAAAAAMACy//+f3yhzv+OHnd3pnrY+d+1mT0qAAAAAAAAAMzWvfu31/N9r/n8/+f2Wc/9n0dTzr+Sf5Fy/un+/90Lb14ZW6/fmr/7zoP8/3n/9vrvbvzj//P0oPkv5ZkqPbOq9Iyo0iNVgzR9zB2bYGvYHzWPNKx6/UG65qcevhdX4mpsxOk96/bS8fCg/cye9qanw+32ur/TfnZP+2C3PW9/bk/7MF3pVK/k9pOxHj+Jq/HudnvTtjRl/5entNdT2nP+fcd/kXL+g9ZPk/9qaq/Gpo27H/X+57hvT/d7nLevfP6Xp2e/O1NtRX9339qa/Xupg/5s/z85disiNq6dvHn5xo1rZyJNjo3iZ9fz0rORJp+xnP8w/eT8X3l5pz3/3W8fr3c/Gj1y/otiKwYT83+5Nd/s76tz7lsXcv6j9JPzfze173/8H+b8Jx//r3XQHwAAAAAAAAAAAAAAAHiYuq63bxF9OyLOp/t/uro3EwCYr/z6Xyd5+bzq/uNu/4e9+9FV/9XqOdfVgvVnrvWn9WL1R72Q9X8WrD8LV7fV+3urXUTEX9rbNO8ZfrHfLwMAFtmnEfH3rjtBZ+RfsPx9f830RNedAebq+oe3fnT56tWNa9e77gkAAAAAAAAA8Ljy+J9rrfGfT9R1fWdsvT3jv74Ta086/ucgz+wOMDphoOr+o+/Tw2z1Rv1ea7jxF2PS+N/D3bmHjf89mPJ4wyntoyntS1Pal6e073ujR0vO/8XWeOcnIuKFseHXSxj/dXzM+xLk/F9qPZ+b/L80tl47//o3hzn/3p78T9344Kenrn946/UrH1x+f+P9jR+fO3Pm9Lnz5y9cuHDqvStXN07v/LfDHs9Wzj+Pfe060LLk/HPm8i9Lzv8LqZZ/WXL+X0y1/MuS88/v9+Rflpx//uwj/7Lk/F9NtfzLkvP/cqrlX5ac/2upln9Zcv5fSbX8y5Lzfz3V8i9Lzv9kquVflpz/qVQfMP+VWfeL+cj55zNcjv+y5PzzlQ3yL0vO/2yq5V+WnP+5VMu/LDn/N1It/7Lk/L+aavmXJed/PtXyL0vO/2upln9Zcv4XUi3/suT8v55q+Zcl5/+NVMu/LDn/N1Mt/7Lk/L+ZavmXJef/rVTLvyw5/2+nWv5lyfm/lWr5l+XB9/+bMWNmRjODw3egdf2XCQAAAAAAAAAAAAAYN4/LibveRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKe/cWI9dd3wH8zN68diA2EFInNWHtGGOcTXZ9iS+0LiZcG24lIRR6wXa9a7PgG167BBrVjgIlEkZFFW3DQ1tAqM1LhVXxQKuA8oBaVapE2gf6gqhQeYiqgAJSVVpBtpo5//9/Z2ZnZ3a9483Zcz4fKfllZ87MOXPmP7P7tfPdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg2dY3TX+mlmVZrVbLL9iUZS+pz/VjmxqXvP7FPT4AAABg5X7R+PfzG9MFR5Zwo6Zt/umO73x9bm5uLvvA4J8Of2FuLl0xlmXD67KscV107QcfrDVvEzyWjdYGmr4e6LH7wR7XD/W4frjH9SM9rl/X4/rRHtcvOAELrM9q6c62N/5zU35Ks1uy4cZ12zvc6rHauoH6uUu3zWqN28wNn8xmstPZdDbZsn2+ba2x/VNb6/t6exb3NdC0ry31FfKTR07EY6iFc7y9ZV/z9xn96I3Z2E9/8siJv7743G2dZs/T0HJ/+XHu3FY/zk+FS/JjrWXr0jmJxznQdJxbOjwngy3HWWvcrv7f7cf5/BKPc3D+MFdV+3M+mg00/vuZxnkaqmUdztOWcNnP7syy7Mr8Ybdvs2Bf2UC2oeWSgfnnZzRfkfX7qC+ll2dDy1qnW5ewTutzanvrOm1/TcTnf2u43dAix9D8NP3o0ZGm5/3nc9ezTqP6o17stdK+Bvv9WinKGozr4pnGg3684xrcHh7/IzsWX4Md106HNZged9Ma3NZrDQ6MDDaOOT0JtcZt5tfg7pbtBxt7qjXmszu6r8GJi2fOT8x+4pN3z5w5fmr61PTZvbt3T+7dv//gwYMTJ2dOT0/m/77Os118G7KB9BrYFs5dfA28tm3b5qU69+WRBe+/1/s6HO3yOtzUtm2/X4dD7Q+utjovyIVrOn9tvK9+0kevDmSLvMYaz8+ulb8O0+Nueh0ONb0OO35P6fA6HFrC67C+zfldS/uZZajpn07HsPj3gpWtwU1Na7D955H2Ndjvn0eKsgZHw7r43q7FvxdsCcf7+Phyfx4ZXLAG08MN7z31S9LP+6MHG6PTury9fsVNI9ml2ekL9zx8/OLFC7uzMFbFK5rWSvt63dD0mLIF63Vg2ev1yMwdj9/e4fJN4VyN3l3/1+iiz1V9m333dH+uGt/dOp/Plkv3ZGH02Wqfz07fzevncyTLvvjtRx/45iNffNOi57OeNz81sfKfxVMubXr/HV7k/Tfm/hfy/aW7emxweCh//Q6mszPc8n7c+lQNNd67ao19Pz+xtPfj4fDPar8f39Ll/Xhz27b9fj8ebn9w8f241utPO1am/fkcDevk9GT39+P6Npv3LHdNDnV9P74zzFo4/68LSSHloqa1s9i6TfsaGhoOj2so7qF1ne5t2X44ZLP6vp7cc33rdOed+X0Npkc3b7XW6Vjbtv1ep+nPvhZbp7Vef/p2fdqfz9GwLm7Z232d1rd5et/K3zvXx/9seu8c6bUGhwdH6sc8nBZh4/0+m1sf1+A92YnsXHY6m2pcO9JYT7XGvsbvXdoaHAn/rPZ75eYua3Bn27b9XoPp+9hia682tPDB90H78zka1sUT93Zfg/Vt3nygvz+77gyXpG2afnZt//O1xf7M6/a203Sj1spQOM5vH+j+Z7P1bU4fXG7O7H6e7gqX3NThPLW/fhd7TU1lq3OeNofjfO7g4uepfjz1bb5waInr6UiWZZc/dl/jz3vD36/83aXvfr3l7106/Z3O5Y/d9+OXnvzH5Rw/AGvfC/nYkH+va/qbqaX8/T8AAACwJsTcPxBmIv8DAABAacTcH/+v8ET+BwAAgNKIuX8ozKQi+X/zm5+beeFylpr5c0G8Pp2G+/PtYsd1Mnw9Njevfvl9X53+73+4vLR9D2RZ9vP7/6Dj9pvvj8eVGwvHee0trZcv8PW7l7TvYw9dTvtt7q9/Kdx/fDxLXQadKriTWZY9tfFzjf2MffBqYz59/7HGfODK44/Vt3n+UP51vP2zr8i3/4tQ/j1y8njL7Z8N5+GHYU6+o/P5iLf72tXXbTnw/vn9xdvVtt3ceNhPfCi/3/h7cj7/WL59PM+LHf83P/vk1+rbP/yazsd/eaDz8T8Z7verYf7vq/Ltm5+D+tfxdp8Oxx/3F293z1e+1fH4r30m3/78W/PtjoUZ978zfL39rc/NNJ+vh2vHWx5X9rZ8u7j/ye/+ceP6eH/x/tuPf/To1Zbz0b4+nv63/H4m2raPl8f9RH/ftv/6/TSvz7j/J//oWMt57rX/aw88+6r6/bbv/6627c5/bFdj//P31/obm/7y05/ruL94PEf+9nzL4zny3vA6Dvt/4kNhPYbr/+9afn/tv13h2Htb33/i9l/adLnl8URv/2m+/2tvONWY60bXb7jpJS+9+cqr6+cuy55Zl99fr/2f+qtzLcf/5Vvz8xGvjx399v0vJu7/wsfHz56bvTQzlc7qIxsbvzvnnfnxxOPdGN5b278+eu7ih6cvjE2OTWbZWHl/hd51+0qYP87Hle5bzy14B931UHg+b//zpzbs+NfPxsv//X355VffkX/fem3Y7vPh8k3h+Vve/hd6Yuutjdd37elwhHMLf1/wSmzZ/l8Hl7RhePztPxfE9X7+lR9unIf6dY3vG/F1vcLj//5Ufj/fCOd1Lvxm5m23zu+vefv4uxGuPpi/3ld8/sLbXHxe/yY83+/6YX7/8bji4/1++DnmW5tb3+/i+vjG5YH2+2/8Fo8r4f0ku5JfH7eK5/vq87d2PLz4e0iyK7c1vv6TdD+3LethLmb2E7MTp2fOXnp44uL07MWJ2U988uiZc5fOXjza+F2eRz/S6/bz708bGu9PU9P792WNd6tz+bjBXuzjP//QiakDkzumpk8ev3Ty4kPnpy+cOjE7e2J6anbH8ZMnpz/e6/YzU4d37zm098Ce8VMzU4cPHjq099D4zNlz9cPID6qH/ZMfHT974WjjJrOH9x3afe+9+ybHz5ybmj58YHJy/FKv2ze+N43Xb/374xemTx+/OHNmenx25pPTh3cf2r9/T8/fBnjm/MnZsYkLl85OXJqdvjCRP5axi42L69/7et2ecpr9j/zn2Xa1/BfxZe+5a3/6/ax1X3100bvKN2n7BaLPhd9F888vO39wKV/H3D8cZlKR/A8AAABVEHP/SJiJ/A8AAAClEXP/ujAT+R8AAABKI+b+0TCTiuT/0vX/N19e0v71//X/m8+X/n/F+v8PFq3/n79f6P/3x0r79/r/gf6//r/+v/6//j99ULT+f8z967OskvkfAAAAqiDm/g1hJvI/AAAAlEbM/TeFmcj/AAAAUBox978kzKQi+V//X/9f/1//X/+/8/71/9cm/f/u9P970P+fyKrV/7/Sz+PX/9f/Z6Gi9f9j7n9pmElF8j8AAABUQcz9N4eZyP8AAABQGjH3bwwzkf8BAACgNGLu3xRmUpH8r//ftf/fXkNelP5/6/Hr/3deH/r/+v/6/zee/n93+v896P/7/H/9f/1/+qpo/f+Y+18WZlKR/A8AAABVEHP/y8NM5H8AAAAonqHru1nM/a8IM1mQ/69zBwAAAMCLLub+W7K2InhF/v5f/9/n/xe//78uXaf/r/+fFbL/P5jp/xeH/n93+v896P/r/+v/6//TV0Xr/zdyfzaavTLMpCL5HwAAAKog5v5bw0zkfwAAACiNmPt/KcxE/gcAAIDSiLl/c5hJRfK//r/+f/H7/z7/X/+/6P1/n/9fJPr/3en/96D/r/+v/6//T18Vrf8fc/9tYSYVyf8AAABQBTH33x5mIv8DAABAacTc/8thJvI/AAAAlEbM/VvCTCqS//X/C97/j81R/X/9f/1//X/9/yXR/+9O/78H/X/9f/1//X/6qmj9/5j7XxVmUpH8DwAAAFUQc/8dYSbyPwAAAJRGzP2vDjOR/wEAAKA0Yu4fCzOpSP7X/y94/z/vwY/4/H/9f/1//X/9/6XR/+9O/78H/X/9/770/+cu6//r/5MrWv8/5v6tYSYVyf8AAABQBTH3bwszkf8BAACgNGLuvzPMRP4HAACA0oi5f3uYSUXyv/7/muj/Z/r/+v/6//r/+v9Lo//fnf5/D/r/+v8+/1//n74qWv8/5v7XhJlUJP8DAABAFcTcvyPMRP4HAACA0oi5/7VhJvI/AAAAlEbM/TvDTCqS//X/9f/1//X/9f8771//f23S/+9O/78H/X/9f/1//X/6qmj9/5j7XxdmUpH8DwAAAFUQc/+uMBP5HwAAAEoj5v67wkzkfwAAACiNmPvHw0wqkv/1//X/9f/1//X/O+9f/39t0v/vTv+/B/1//X/9f/1/+qpo/f+Y++8OM6lI/gcAAIAqiLn/njAT+R8AAABKI+b+iTAT+R8AAABKI+b+yTCTiuR//X/9f/1//f9l9f9fPX+/+v85/f9i0f/vTv+/B/1//f8Xvf8/rP9PqRSt/x9z/+4wk4rkfwAAAKiCmPv3hJnI/wAAAFAaMffvDTOR/wEAAKA0Yu7fF2ZSkfyv/6//r/+v/+/z/zvvX/9/bdL/767//f/4EPX/9f/1/33+v/4/CxWt/x9z/71hJhXJ/wAAAFAFMffvDzOR/wEAAKA0Yu4/EGYi/wMAAEBpxNx/MMykIvlf/1//X/9f/1//v/P+9f/XJv3/7nz+fw/6//r/+v/6/6zQg3/Y/FXR+v8x9x8KM6lI/gcAAIAqiLn/9WEm8j8AAACURsz9vxJmIv8DAABAacTc/6thJhXJ//r/Ld3z+sPV/9f/1//X/2/Q/1+b9P+70//vQf9f/1//X/+fvlq0/x+i92r3/2PuPxxmUpH8DwAAAFUQc/+vhZnI/wAAAFAaMfe/IcxE/gcAAIDSiLn/SJhJRfK//r/P/9f/1//X/++8/9Xu/4/E+9X/XxH9/+70/3vQ/9f/1//X/6evivb5/zH3vzHMpCL5HwAAAKog5v77wkzkfwAAACiNmPvfFGYi/wMAAEBpxNz/5jCTiuR//X/9f/1//X/9/8779/n/a5P+f3f6/8GdGzsfgP6//r/+v/4/fVW0/n/M/W8JM6lI/gcAAIAqiLn/rWEm8j8AAACURsz9bwszkf8BAACgNGLuf3uYSUXyv/6//r/+v/6//n/n/ev/r036/93p//eg/6//r/+v/09fFa3/H3P/r4eZVCT/AwAAQBXE3H9/mIn8DwAAAKURc/87wkzkfwAAACiNmPvfGWZSkfyv/6//r/+v/6//33n/+v9rk/5/d2us//+Lm8Pl+v85/f9iH/9y+/9DbV/fkP7/Dxbr/8+ta7+9/j83QtH6/zH3vyvMpCL5HwAAAKog5v53h5nI/wAAAFAaMfe/J8xE/gcAAIDSiLn/N8JMKpL/9f/rxzHfXtb/L2v/f0D/X/9f/78i9P+7W2P9f5//30b/v9jH7/P/9f9ZqGj9/5j73xtmUpH8DwAAAFUQc/8DYSbyPwAAAJRGzP0PhpnI/wAAAFAaMfe/L8ykIvlf/9/n/1ej/+/z/zP9f/3/itD/707/vwf9f/3/ovX//1P/n7WtaP3/mPsfCjOpSP4HAACAKoi5//1hJvI/AAAAlEbM/b8ZZiL/AwAAQGnE3P+BMJOK5H/9/7XS/x9bo/3/R/X/b2D//46b8+30//X/maf/353+fw/6//r/Rev/+/x/1rii9f9j7v9gmMnS8//okrcEAAAAXhQx9/9WmElF/v4fAAAAqiDm/t8OM5H/AQAAoDRi7v+dMJOK5H/9/7XS//f5/5n+v8//b3s8+v/6/52sXv8/vvPo/+v/6/9H+v/6//r/tCta/z/m/t8NM6lI/gcAAIAqiLn/Q2Em8j8AAACsCZ3+n+x2MfcfDTOR/wEAAKA0Yu4/FmZSkfyv/6//r/9f0P7/n237l+99593Hduv/6//r/y/Lqn7+f/3F7/P/9f/1/xP9f/1//X/aFa3/H3P/8TCTiuR/AAAAqIKY+38vzET+BwAAgNKIuf9EmIn8DwAAAKURc/9UmElF8r/+v/6//n9B+/9r+PP/4/nQ/2/Vt/5/fNPV/+8o79+nVXRj+//vn++J6/8vt/8/0vFS/X/9/7V8/Pr/+v8sVLT+f8z902EmFcn/AAAAUAUh9w+czOf8FfI/AAAAlEbM/afCTOR/AAAAKI2Y+z8cZlKR/K//r/+v/6//7/P/O++/W/+/NuTz/4sq9e9/1nih6P+3KU7/vzP9f/3/tXz8+v/6/yxUtP5/zP0zYSYVyf8AAABQBTH3fyTMRP4HAACA0oi5/6NhJvI/AAAAlEbM/afDTCqS//X/9f/1//X/9f8777+wn/+v/9/VSvv3+v+B/n+1+///o/+v/6//T38Urf8fc/+ZMJOK5H8AAACogv9n706aLKvLPI7f7C66soJe9K4X3YuO6N71S2DRve5+AS7cuDHCcIEKKs4UziOKirMiOA84gCCigvMATiiKA6g4izNOiBJlkPU8T1Vmnjw3s+pm5jn//+ezqEfSSu6VqKjiV1lfT+7+8+MW+x8AAACakbv/UXGL/Q8AAADNyN3/6Lilk/2v/z+b/v9Upaz/3/z+J9H//4/+f6fX1//r/1um/x+n/19C/+/5//p//T8rNbX+P3f/Y+KWTvY/AAAA9CB3/wVxi/0PAAAAzcjdf2HcYv8DAABAM3L3PzZu6WT/b+n/1xZ99v+Z8Xr+f0v9v+f/7/j6+n/9f8sOtv+/5MGf+fT/+n/9f9D/76r/P7rT5+v/adHU+v/c/Y+LWzrZ/wAAANCD3P2Pj1vsfwAAAGhG7v6L4hb7HwAAAJqRu/8JcUsn+391z/8/tvHxmfb/Rf+v/9/4gP5f/6//ny3P/x/XU/9/4e3nnn/v9f92w15eX/+v//f8f/0/qzW1/j93/xPjlk72PwAAAPQgd/+T4hb7HwAAAJqRu//JcYv9DwAAAM3I3f+UuKWT/b+6/n/Wz/8v+n/9/8YH9P/6f/3/bOn/x/XU/5/J6+v/9f/6f/0/qzW1/j93/1Pjlk72PwAAAPQgd//T4hb7HwAAAJqRu//iuMX+BwAAgGbk7j8et3Sy//X/+9//P6D/1//H1f/r//X/+0//P07/v4T+X/+v/9f/s1JT6/9z918St3Sy/wEAAKAHufufHrfY/wAAANCM3P3PiFvsfwAAAGhG7v5nxi2d7H/9v+f/6/+X9/8X6P+D/l//P336/3H6/yX0/2fbz5+j/9f/6/853R77//tHftpeSf+fu/9ZcUsn+x8AAAB6kLv/2XGL/Q8AAADNyN3/nLjF/gcAAIBm5O5/btzSyf7X/+v/9f+e/3/G/f/2H3ob9P/D9P8HQ/8/bjL9/9qRwQ/r/2ff/3v+v/5f/88mU3v+f+7+58Utnex/AAAA6EHu/ufHLSP7f8+/mQ8AAAAcqtz9L4hbfP0fAAAAZi+rs9z9L4xbOtn/+n/9v/5f/+/5/8OvP9b/33Da+9P/T4v+f9xk+v8d6P/1/3N+//p//T/bTa3/z93/orilk/0PAAAAPcjdf2ncYv8DAABAM3L3vzhusf8BAACgGbn7XxK3dLL/h/v/U/+9/n939P+b37/+f/jHx6r6//w76v9H+///9fz/Pun/xx18/39U/7/576//30eH/f4b7/+PLft8/T9Dptb/5+6/LG7pZP8DAABAD3L3vzRusf8BAACgGbn7Xxa32P8AAADQjNz9L49bOtn/nv+v/9f/z6//9/z/kw7z+f+LA+//j+j/d0n/P87z/5fQ/+v/9f+e/89KTa3/z91/edzSyf4HAACAHlx+32Jj979isbD/AQAAYI5O/7MDW/9Aacjd/8q4xf4HAACAZuTuf1Xc0sn+1//r//X/+n/9//DrT6v/9/z/3dL/j9P/L6H/349+/khj/f8VO33+FPr/i/X/TMym/v+mUx8/rP4/d/+r45ZO9j8AAAD0IHf/a+IW+x8AAACakbv/tXGL/Q8AAADNyN3/urilk/2/7/3/sZ1fe+b9/6byRP+/+f3r/zfT/8ePB/2//v8A6P/H6f+X0P97/r/n/+v/WalT/f/mnw8Pq//P3f/6uKWT/Q8AAAA9yN3/hrjF/gcAAIBm5O6/Im6x/wEAAKAZufvfGLd0sv89/9/z//X/+n/9//Dr6//nSf8/Tv+/hP5f/6//1/+zUpue/3+aw+r/c/dfGbd0sv8BAACgB7n7r4pb7H8AAABoRu7+N8Ut9j8AAAA0I3f/m+OWTva//n9/+//8uP5f/7/Q/+v/9f8Hotv+f23oV6Ltduj/b33E8f/f/BH9v/5f/6//1/+zApPo/0+c+rfL3P1viVs62f8AAADQg9z9b41b7H8AAABoRu7+t8Ut9j8AAAA0I3f/2+OWPe7/f1npuzo4+n/P/9f/6//1/8Ovr/+fp277/13y/P8l9P/6f/2//p+VmkT/f9pf5+5/R9zi6/8AAADQjNz974xb7H8AAABoRu7+d8Ut9j8AAAA0I3f/u+OWTva//l//r/+fZf9/XnwX/f8E+//1xTD9/8HQ/4/T/y+h/9f/6//1/6zU1Pr/3P1Xxy2d7H8AAADoQe7+98Qt9j8AAAA0I3f/e+MW+x8AAACakbv/fXFLJ/tf/6//1//Psv/3/P8J9/870f8fDP3/OP3/YrG4ZuQNDPX/J47q//X/+n/9P2doav1/7v73xy2d7H8AAADoQe7+a+IW+x8AAACakbv/2rjF/gcAAIBm5O7/QNzSyf7X/+v/9f/6f/3/8Ovr/+dJ/z9O/7+E5//r//X/+n9Wamr9f+7+6+KWTvY/AAAA9CB3//Vxi/0PAAAAzcjd/8G4xf4HAACAZuTuvyFu6WT/6//1//p//f++9P/H9f9b6f8Pxv71/wv9v/5f/7+E/l//r/9nq4Pq/++Pn++X9f+5+z8Ut3Sy/wEAAKAHuftvjFvsfwAAAGhG7v4Pxy32PwAAADQjd/9H4pZO9r/+X/+v/9f/e/7/8Ovr/+fJ8//H6f+X0P/r//X/+n9W6qD6/516/61/nbv/o3FLJ/sfAAAAepC7/6a4xf4HAACAZuTuvzlusf8BAACgGbn7Pxa3dLL/9f/6/839/2Kh/9f/6/9POoD+f32h/185/f84/f8S+v82+/9/WDTU/x/b8fP1/0zR1Pr/3P0fj1s62f8AAADQg9z9n4hb7H8AAABoRu7+T8Yt9j8AAAA0I3f/p+KWlvb/Azunb/Pv/49u+UT9/2KxuPMiz//X/4+8vv5/Mv1//VPV/6+O/n/cv//XPXes7+Y76v/1/y31/57/r//n0Eyt/8/d/+m4paX9DwAAAJ3L3f+ZuMX+BwAAgGbk7v9s3GL/AwAAQDNy938ubulk/8+//9/6ifr/xVk9/1//v/EB/b/+X/8/W2fb31+5Hr+mtdv/e/7/GP3/0n5+bYd/71no//X/+n8GTK3/z93/+bilk/0PAAAAPcjdf0vcYv8DAABAM3L33xq32P8AAADQjNz9X4hbOtn/+n/9/5z6/3X9f/X/6/p//b/+f9BUnv9/3nn/d5v+X//fYv8/Rv+v/9f/s9XU+v/c/V+MWzrZ/wAAANCD3P1filvsfwAAAGhG7v4vxy32PwAAADQjd/9X4pZO9v/2/v+cxclC9aSh/j8aNf3/afT/m9+/5/8P//jw/H/9v/5//02l//f8/zN7//p//f+c3/+e+v//2P75+n9aNLX+P3f/bXFLJ/sfAAAAepC7/6txi/0PAAAAzcjd/7W4xf4HAACAZuTuvz1u6WT/e/6//l//r//X/w+/vv5/nvT/4/T/S+j/z76fz59V9f/zff7/P+r/WZ2p9f+5+78et2wMv//85zP8nwkAAABMSO7+b8QtnXz9HwAAAHqQu/+OuMX+BwAAgGbk7v9m3NLJ/tf/6//1//p//f/w6+v/50n/P07/v0Q//f/60AcPu58/W4f9/pvp/z3/nxWaWv+fu/9bcUsn+x8AAADadt/Gt7n7vx232P8AAADQjNz934lb7H8AAABoRu7+O+OWTva//l//337//zD9/5bX1//r/1um/89f0Yfp/5fop/8fdNj9/Nzfv/5f/892U+v/c/ffFbd0sv8BAACgB7n7vxu32P8AAADQjNz934tb7H8AAABoRu7+78ctnex//X9f/f/aosf+3/P/9f/6/57Mp/+/6sjQRz3/X/+v/5/v+9f/6//Zbmr9f+7+u9eOdLn/AQAAYK4e8t+PvGu33/fujW/XFz+IW+x/AAAAaEbu/h/GLfY/AAAANCN3/4/ilk72v/6/r/6/z+f/6//1//r/nsyn/x+m/9f/6//n+/576P//aeTz9f8MmVr/n7v/x3HLacNv8P+gBwAAADg8Y78pNSB3/0/ilk6+/g8AAAA9yN3/07hl2/4/scs/1Q4AAABMTe7+n8UtnXz9X/8/8f5/sU/9f3w//f9J+n/9/9Dr6//nSf8/7iz7/xNr+n/9/wj9f/v9/xj9P0Om1v/n7r/xukWX+x8AAAAatel3FH6+8e364p64xf4HAACAZuTu/0XcYv8DAABAM3L3/zJu6WT/6/8n3v+f0fP/j9V/8vz/zvv/S9cHX1//r/9vmf5/nOf/L6H/1//r//X/rNQe+v+NQbrf/X/u/l/FLZ3sfwAAAOhB7v5fxy32PwAAADQjd/9v4hb7HwAAAJqRu/+3cUsn+1//fwj9/2VHF4t97f938fx//X8f/f8Or99O//+v5x6/5aEPv/Zq/T+nHGT/nz8W9P/6f/3/Sfp//b/+n62m9vz/3P2/i1s62f8AAADQg9z998Yt9j8AAAA0I3f/7+OWB/f/zYf1rgAAAIBVyt3/h7ilk6//6/9bfP7/PPv//Gd9CP3/8fn1/9kU997/e/6//n87z/8fp/9fQv+v/9f/6/9Zqan1/7n7/xi3dLL/AQAAoAe5+/8Ut+T+X9vzb90DAAAAE5O7/89xi6//AwAAQDNy998Xt3Sy//X/+v+p9P/J8/9PfZ7n/5+k/9f/74X+f5z+fwn9v/5f/6//Z6Wm1v/n7v9L3NLJ/gcAAIAe5O6/P26x/wEAAKAZufv/GrfY/wAAANCM3P1/i1s62f/6f/2//l//r/8ffn39/zzp/8fp/5fQ/+v/9f/6f1Zqav1/7v6/BwAA//+l7G5O") setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file1\x00', &(0x7f0000000300), &(0x7f0000000240)=ANY=[], 0xa9, 0x1) 1.392463308s ago: executing program 5 (id=3086): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'ipvlan1\x00', &(0x7f0000000080)=@ethtool_link_settings={0x4c, 0x2, 0x81, 0x0, 0xe, 0x1, 0x6, 0x65, 0x7, 0x3, [0x2, 0x4, 0x29d, 0x6, 0x7, 0x9, 0x7, 0x5582]}}) 1.27811038s ago: executing program 1 (id=3087): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x28) 1.206450351s ago: executing program 5 (id=3088): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7d}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002cc2cdf40630731203fad0102030109021200015f6562700904010800ff"], &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0}) 1.139832352s ago: executing program 1 (id=3089): r0 = fsopen(&(0x7f0000000680)='erofs\x00', 0x1) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000300)='acl\x00\x9a\v\x9e\xd4\x10\x18\xe6\xca\xf1\x0f\xc8H\xc8#A@\x9a\xe4r\x89h8\x1b\xab\x84<\x85\xe5\x88j_<(nW4\xe4\xbb\xe9PF\x1b|\xc4\xa1\xa0\x9e\x81\xa0lZS\'\x8f\x91\xf7\x03\xa2\x8cd\x1f\xd3y\xce\x1asj\x98\xb5\x95\xdf\x915\a\x97=\xa9\xe7A\x12\xc2\xf5_\x11\b\x00\x00\x00\x00\x00\x00\x00\x1c\x1e:^\xdeNT\xe8O\xe8\x1ez\x9e\xc8\x8eo@Ti\xf6\xe5F\x0fv\xf1H\xdf\xf1\xe1\x9en\xc1\xd1\xca\xca\x89\"\xe4\x9c\xe6\xc2\xd8\xaa\xf6\f>\x19\x15t=\x1eXp\xba~\xb8xd>\x92LO\x06\xa3\xfdS\x01\xd1GE\x0f\x98L\x99#\xef5\xed[H\x104\xcd\xe23l\xd1\x9fc5\x87\xb4\xd7\xf6\xecr)\x0f\xc7\xe4\x1d[\x82\xc3\x18\xa4{\xecF\x81\xdb', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xffffffffffffff9c) 1.127901142s ago: executing program 0 (id=3090): r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f0000002200)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e068000000110000000000000000dbc790ad000000fc000000000000001400000000000000000000000200000004000000000000001c000000000000000000000008"], 0x68}, 0x0) 955.422475ms ago: executing program 1 (id=3091): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x114, 0x1e, 0x1, 0x70bd26, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x2}, @typed={0x14, 0x3, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0) 955.113365ms ago: executing program 2 (id=3092): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0) 944.621395ms ago: executing program 0 (id=3093): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000061103000000000000fa00000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) 784.151178ms ago: executing program 0 (id=3094): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="88010000170a0101"], 0x188}}, 0x0) 690.229159ms ago: executing program 1 (id=3095): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./bus\x00', 0x2000082, &(0x7f0000000180)={[{@numtail}, {@uni_xlateno}, {@rodir}, {@rodir}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@iocharset={'iocharset', 0x3d, 'cp857'}}, {@fat=@tz_utc}, {@shortname_mixed}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'macroman'}}, {@fat=@gid}, {@uni_xlate}, {@fat=@nfs}, {@utf8}, {@uni_xlate}]}, 0x26, 0x358, &(0x7f0000000480)="$eJzs3T9oXHUcAPDv9aW5JFhzg1B0Ot0EKU3EQaeEUqGYQSuH/xYPm/ondxZyeBCHXG5RipPiIujk1kHHzuIg4ubgagWpiovdCg0+ubt3/+/sBbxY8fMZwpfv7/d9v+97eeS9hOSXVxuxc+lkXL5162YsLeViYePcRtzORSFORBIdBzHRB4uT8wDAPe52msYfacfdZ3+00o08+wHgv6v9/H/9VD+RP0Lx1fvm0RIAMGczfv//7MTslbm1BQDM0djz/5Gh4ZEf8y/0fiegY3n+DQIA/7jnX3r5mc2tiIvF4lJE9f16qV6Kp/rjm5fjzajEdpyN1TiM6LwodN4WWh+fvrB1/myx5ZdClFoV9VJEtVEvdd4UNpN2fT7WYjUKWX3aq09a9Wvt+mJEHDTa60c1Vy+djJVs/R9XYjvWYzUeGKuPuLB1fr2YHaBU7dY3Ipqx1D2JVv9nYjW+fy2uRCUuRau23//+WrF4Lt0aqq9fy7fnAQAAAAAAAAAAAAAAAAAAAADAPJwp9hR6+9+k1Ub9vYujEwpD++OUOsPZ/kDNzv5Aab67O8/VZHR/oOH9eeqlhTjxr545AAAAAAAAAAAAAAAAAAAA3Dtqe4tRrlS2d2t77+4MBo2BzNvffvH1cnSHFrLSt5J+VWTJoeN0Jw4cOYneEmmvPE2G5mRBEtGdfFC+dr3X8eCcfO8sxspbQX5sKJf1VK5UTj3886eTqv5sBQftTBJjl2U4yGXrDwxV728lliLicFrV9GD9LnNupGk6rXz/k9FMthVD48htzBB8c/ONBx+vnX6infkqW+nRx1ZfuPHx57/tlCvR7FyZSmVxt3aYznDkyEWMDyUD908uu865CXfC5KDZzzR3a3vl5IffX3zow+9GJieT7590MPPO9LW+HM0sdoJcRKF7Ef6u1ZMTbv7JwSt3enfv0T9xpz/bKF/f/+nXWasGvkjYqAMAAAAAAAAAAAAAAAAAAI5F/49+RwbSNG1MrXryubk3BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHqP///weC5lhmluBOI8aH8tu7tamLLx/rqQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8D/2VwAAAP//wGN9HA==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) 585.15198ms ago: executing program 2 (id=3096): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGL2TPSTATS(r0, 0x40047459, 0x0) 584.55734ms ago: executing program 0 (id=3097): r0 = semget$private(0x0, 0x20000000102, 0x420) semctl$SETALL(r0, 0x0, 0x11, 0x0) 368.253844ms ago: executing program 2 (id=3098): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfff2}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x1200000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 304.684045ms ago: executing program 0 (id=3099): r0 = mq_open(&(0x7f000084dff0)='\x04\x00\x00\x00\x00\x00\x00\x00selinux\x00', 0x6e93ebbbcc0884f2, 0x81, 0x0) preadv(r0, &(0x7f0000000b80)=[{&(0x7f0000000380)=""/3, 0x3}], 0x1, 0xfffbffff, 0x1) 167.297267ms ago: executing program 3 (id=3100): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000001000000000000000000008500000036000000c50000000800000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0xe, 0xfffffffffffffd85, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x739d, 0x0, 0x0, 0xfffffffffffffff3}, 0x28) 111.809337ms ago: executing program 0 (id=3101): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100182e5e74033073004fb35000000010902120001000040400904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) 0s ago: executing program 1 (id=3102): seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) times(0x0) kernel console output (not intermixed with test programs): : config 6 has no interfaces? [ 210.170472][ T5956] usb 1-1: config 6 has no interfaces? [ 210.180896][ T5956] usb 1-1: config 6 has no interfaces? [ 210.210504][ T5956] usb 1-1: config 6 has no interfaces? [ 210.227443][ T5956] usb 1-1: config 6 has no interfaces? [ 210.237951][ T8277] loop3: detected capacity change from 0 to 128 [ 210.247279][ T5956] usb 1-1: config 6 has no interfaces? [ 210.287553][ T5956] usb 1-1: string descriptor 0 read error: -71 [ 210.300950][ T5956] usb 1-1: New USB device found, idVendor=09c0, idProduct=0200, bcdDevice=58.3c [ 210.332172][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.345401][ T8277] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 210.360556][ T5956] usb 1-1: rejected 8 configurations due to insufficient available bus power [ 210.379677][ T8277] ext4 filesystem being mounted at /347/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.398846][ T26] audit: type=1326 audit(1747710660.937:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8284 comm="syz.1.1699" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8aa338e969 code=0x0 [ 210.400395][ T1042] block nbd4: Attempted send on invalid socket [ 210.428042][ T1042] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 210.441150][ T5956] usb 1-1: no configuration chosen from 8 choices [ 210.448827][ T5956] usb 1-1: USB disconnect, device number 8 [ 210.462681][ T4331] udevd[4331]: setting mode of /dev/bus/usb/001/008 to 020664 failed: No such file or directory [ 210.481868][ T4331] udevd[4331]: setting owner of /dev/bus/usb/001/008 to uid=0, gid=0 failed: No such file or directory [ 210.605597][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 211.009405][ T8303] netlink: 'syz.0.1708': attribute type 32 has an invalid length. [ 211.309423][ T5956] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 211.509540][ T5956] usb 2-1: Using ep0 maxpacket: 16 [ 211.517295][ T5956] usb 2-1: config index 0 descriptor too short (expected 18, got 14) [ 211.553598][ T5956] usb 2-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config [ 211.559400][ T8325] program syz.3.1718 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 211.592464][ T5956] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 211.637691][ T5956] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 211.656431][ T5956] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.681517][ T5956] usb 2-1: Product: syz [ 211.685742][ T5956] usb 2-1: Manufacturer: syz [ 211.737632][ T5956] usb 2-1: SerialNumber: syz [ 211.766536][ T5956] r8152-cfgselector 2-1: config 0 descriptor?? [ 211.815368][ T26] audit: type=1326 audit(1747710662.357:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.1721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 211.870148][ T8333] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1722'. [ 211.886828][ T8333] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1722'. [ 211.898889][ T26] audit: type=1326 audit(1747710662.387:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.1721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 211.940873][ T26] audit: type=1326 audit(1747710662.407:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.1721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 212.006914][ T5956] usbip-host 2-1: 2-1 is not in match_busid table... skip! [ 212.032026][ T26] audit: type=1326 audit(1747710662.407:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.1721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 212.097833][ T46] usb 2-1: config 0 descriptor?? [ 212.117962][ T26] audit: type=1326 audit(1747710662.407:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.1721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 212.265972][ T46] usb 2-1: can't set config #0, error -71 [ 212.272113][ T4877] usb 2-1: USB disconnect, device number 8 [ 212.359431][ T5956] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 212.619291][ T5956] usb 5-1: Using ep0 maxpacket: 16 [ 212.626294][ T5956] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 212.663964][ T5956] usb 5-1: config 0 has no interface number 0 [ 212.676067][ T5956] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 212.707078][ T5956] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 212.747595][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 212.755818][ T5956] usb 5-1: Product: syz [ 212.765982][ T5956] usb 5-1: SerialNumber: syz [ 212.782317][ T5956] usb 5-1: config 0 descriptor?? [ 212.828667][ T5956] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input9 [ 212.835767][ T8341] loop3: detected capacity change from 0 to 32768 [ 212.891758][ T8341] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.1726 (8341) [ 212.998718][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 213.009348][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 213.018662][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 213.025879][ T5956] usb 5-1: USB disconnect, device number 9 [ 213.060790][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -2 [ 213.068675][ T5956] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 213.078082][ T8341] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 213.100806][ T8341] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 213.133183][ T8341] BTRFS info (device loop3): using free space tree [ 213.442600][ T8341] BTRFS info (device loop3): enabling ssd optimizations [ 213.483963][ T8369] loop1: detected capacity change from 0 to 4096 [ 213.510335][ T8369] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 213.617482][ T8369] ntfs3: loop1: failed to convert "c46c" to iso8859-3 [ 213.646620][ T4256] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 214.292016][ T8403] loop2: detected capacity change from 0 to 64 [ 214.307809][ T8402] loop1: detected capacity change from 0 to 1024 [ 214.376219][ T8403] hfs: keylen 94 too large [ 214.517954][ T7665] hfsplus: b-tree write err: -5, ino 4 [ 214.623830][ T8411] overlayfs: missing 'lowerdir' [ 214.744245][ T8409] loop3: detected capacity change from 0 to 4096 [ 215.450276][ T8405] loop4: detected capacity change from 0 to 32768 [ 215.498121][ T8437] loop0: detected capacity change from 0 to 16 [ 215.524792][ T8405] jfs_strtoUCS: char2uni returned -22. [ 215.551708][ T8405] charset = cp932, char = 0xfc [ 215.558323][ T8437] erofs: (device loop0): mounted with root inode @ nid 36. [ 215.612456][ T8437] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 215.667076][ T8437] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -5 in[46, 4050] out[1851] [ 215.704985][ T8437] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117] [ 216.373911][ T8461] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1777'. [ 216.562900][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1784'. [ 217.113948][ T8494] loop3: detected capacity change from 0 to 4096 [ 217.200072][ T8494] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 217.264958][ T8504] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1797'. [ 217.506484][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 217.801629][ T8523] loop2: detected capacity change from 0 to 16 [ 217.832968][ T8524] loop0: detected capacity change from 0 to 1024 [ 217.835547][ T8523] erofs: (device loop2): mounted with root inode @ nid 36. [ 217.877910][ T8524] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 217.882508][ T8523] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 217.908572][ T8526] xt_CT: You must specify a L4 protocol and not use inversions on it [ 217.949374][ T8523] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -5 in[46, 4050] out[1851] [ 217.967296][ T8524] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 217.998711][ T8523] erofs: (device loop2): z_erofs_read_folio: failed to read, err [-117] [ 218.027788][ T8524] EXT4-fs error (device loop0): ext4_empty_dir:3166: inode #11: block 623: comm syz.0.1816: Attempting to read directory block (623) that is past i_size (638464) [ 218.116489][ T8524] EXT4-fs (loop0): Remounting filesystem read-only [ 218.251720][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 218.513976][ T8546] netlink: 'syz.3.1818': attribute type 1 has an invalid length. [ 218.828175][ T8558] netlink: del zone limit has 4 unknown bytes [ 219.105784][ T8566] loop1: detected capacity change from 0 to 16 [ 219.167474][ T8568] loop3: detected capacity change from 0 to 64 [ 219.188798][ T8566] erofs: (device loop1): mounted with root inode @ nid 36. [ 219.254569][ T8572] usb usb1: usbfs: process 8572 (syz.2.1829) did not claim interface 0 before use [ 219.273690][ T8566] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 219.302332][ T8566] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -5 in[46, 4050] out[1851] [ 219.349263][ T8566] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117] [ 219.770354][ T8578] loop3: detected capacity change from 0 to 4096 [ 220.256916][ T8592] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1841'. [ 220.414984][ T8584] loop0: detected capacity change from 0 to 32768 [ 220.587971][ T8584] XFS (loop0): Mounting V5 Filesystem [ 220.718091][ T8584] XFS (loop0): Ending clean mount [ 220.934608][ T4249] XFS (loop0): Unmounting Filesystem [ 221.373996][ T8625] netlink: 'syz.3.1853': attribute type 6 has an invalid length. [ 221.620194][ T8632] loop2: detected capacity change from 0 to 512 [ 221.693083][ T8632] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 221.786957][ T8614] loop1: detected capacity change from 0 to 32768 [ 221.804801][ T8632] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 221.838896][ T8632] ext4 filesystem being mounted at /338/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.862233][ T8614] XFS (loop1): Mounting V5 Filesystem [ 221.979413][ T8614] XFS (loop1): Ending clean mount [ 222.069577][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 222.088825][ T8614] XFS (loop1): syz.1.1847 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 222.185976][ T4260] XFS (loop1): Unmounting Filesystem [ 222.370361][ T8658] netlink: 'syz.2.1864': attribute type 3 has an invalid length. [ 222.382088][ T8633] loop3: detected capacity change from 0 to 32768 [ 222.402291][ T8633] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.1857 (8633) [ 222.448536][ T8633] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 222.479952][ T8633] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 222.507494][ T8633] BTRFS info (device loop3): using free space tree [ 222.711076][ T8672] loop2: detected capacity change from 0 to 512 [ 222.751028][ T8672] EXT4-fs: Ignoring removed nobh option [ 222.882959][ T8672] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1866: invalid indirect mapped block 256 (level 2) [ 222.889344][ T8633] BTRFS info (device loop3): enabling ssd optimizations [ 223.009813][ T8672] EXT4-fs (loop2): 2 truncates cleaned up [ 223.015635][ T8672] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 223.169854][ T8656] loop0: detected capacity change from 0 to 40427 [ 223.189643][ T4256] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 223.223571][ T8656] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 223.248463][ T26] audit: type=1326 audit(1747710673.787:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8688 comm="syz.4.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 223.286871][ T8656] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 223.345900][ T26] audit: type=1326 audit(1747710673.837:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8688 comm="syz.4.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 223.409285][ T8656] F2FS-fs (loop0): invalid crc value [ 223.449638][ T26] audit: type=1326 audit(1747710673.837:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8688 comm="syz.4.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 223.512746][ T8656] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 9809626597) [ 223.517230][ T26] audit: type=1326 audit(1747710673.837:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8688 comm="syz.4.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f618e969 code=0x7ffc0000 [ 223.773916][ T26] audit: type=1800 audit(1747710674.317:65): pid=8672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1866" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 223.809262][ T8656] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 223.828469][ T8656] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 223.918944][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 223.931831][ T8704] loop1: detected capacity change from 0 to 64 [ 224.009591][ T5270] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 224.014640][ T8704] hfs: request for non-existent node -117440513 in B*Tree [ 224.048427][ T8656] fscrypt (loop0, inode 3): Error -61 getting encryption context [ 224.049376][ T8704] hfs: request for non-existent node -117440513 in B*Tree [ 224.181409][ T5956] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 224.222796][ T5270] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 224.252194][ T5270] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 224.287336][ T5270] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.299694][ T5270] usb 5-1: Product: syz [ 224.303940][ T5270] usb 5-1: Manufacturer: syz [ 224.308688][ T5270] usb 5-1: SerialNumber: syz [ 224.331995][ T5270] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 224.383230][ T5956] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 224.418515][ T5956] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.449319][ T5956] usb 4-1: Product: syz [ 224.453543][ T5956] usb 4-1: Manufacturer: syz [ 224.458162][ T5956] usb 4-1: SerialNumber: syz [ 224.503263][ T5956] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 224.572482][ T5956] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 224.767840][ T5270] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 224.841667][ T5270] usb 5-1: USB disconnect, device number 10 [ 225.047222][ T41] usb 4-1: USB disconnect, device number 12 [ 225.418051][ T8740] xt_cgroup: invalid path, errno=-2 [ 225.699526][ T5956] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 225.709302][ T26] audit: type=1326 audit(1747710676.247:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8749 comm="syz.0.1897" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f268838e969 code=0x0 [ 225.742139][ T5956] ath9k_htc: Failed to initialize the device [ 225.748739][ T41] usb 4-1: ath9k_htc: USB layer deinitialized [ 225.818145][ T8757] loop3: detected capacity change from 0 to 1024 [ 225.940311][ T8757] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 226.040587][ T8767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1902'. [ 226.109465][ T8767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1902'. [ 226.264174][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 226.722723][ T8794] netlink: 'syz.1.1911': attribute type 10 has an invalid length. [ 226.841962][ T8794] team0: Port device syz_tun added [ 227.397863][ T8815] loop4: detected capacity change from 0 to 4096 [ 227.484616][ T8815] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 227.537253][ T26] audit: type=1326 audit(1747710678.077:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8826 comm="syz.1.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8aa338e969 code=0x7ffc0000 [ 227.570226][ T8815] EXT4-fs error (device loop4): ext4_empty_dir:3154: inode #12: block 80: comm syz.4.1922: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 227.669441][ T26] audit: type=1326 audit(1747710678.087:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8826 comm="syz.1.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f8aa338e969 code=0x7ffc0000 [ 227.733069][ T8815] EXT4-fs warning (device loop4): ext4_empty_dir:3156: inode #12: comm syz.4.1922: directory missing '..' [ 227.754129][ T8835] overlayfs: workdir and upperdir must be separate subtrees [ 227.763446][ T26] audit: type=1326 audit(1747710678.087:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8826 comm="syz.1.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8aa338e969 code=0x7ffc0000 [ 227.908972][ T8837] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1930'. [ 227.953994][ T4257] EXT4-fs (loop4): unmounting filesystem. [ 228.204030][ T4266] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 228.487620][ T8853] loop3: detected capacity change from 0 to 4096 [ 228.620172][ T8857] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 228.648135][ T8857] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 228.756647][ T8828] loop0: detected capacity change from 0 to 40427 [ 228.815353][ T8828] F2FS-fs (loop0): Corrupted extension count (64 + 1 > 64) [ 228.848979][ T8828] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 228.891468][ T8828] F2FS-fs (loop0): Fix alignment : done, start(4096) end(16896) block(12288) [ 228.994730][ T8828] F2FS-fs (loop0): Found nat_bits in checkpoint [ 229.241064][ T8828] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 229.255327][ T8828] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 229.357570][ T8879] loop3: detected capacity change from 0 to 256 [ 229.429252][ T8879] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe40551cd, utbl_chksum : 0xe619d30d) [ 229.534596][ T8841] loop1: detected capacity change from 0 to 32768 [ 229.586668][ T8841] gfs2: fsid=statfs_quantum: Trying to join cluster "lock_nolock", "statfs_quantum" [ 229.629396][ T8841] gfs2: fsid=statfs_quantum: Now mounting FS (format 1801)... [ 229.693907][ T8841] gfs2: fsid=statfs_quantum.s: journal 0 mapped with 16 extents in 0ms [ 229.996669][ T8841] gfs2: fsid=statfs_quantum.s: first mount done, others may mount [ 230.009732][ T8895] loop2: detected capacity change from 0 to 512 [ 230.175889][ T8895] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 230.215856][ T8895] ext4 filesystem being mounted at /368/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 230.285173][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 230.645940][ T8908] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1964'. [ 230.812764][ T8914] usb usb8: usbfs: process 8914 (syz.3.1966) did not claim interface 0 before use [ 231.034700][ T8922] loop2: detected capacity change from 0 to 512 [ 231.088226][ T8922] EXT4-fs: Ignoring removed nomblk_io_submit option [ 231.105491][ T8922] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 231.161629][ T8922] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002] [ 231.175373][ T8922] System zones: 0-2, 18-18, 34-34 [ 231.196490][ T8922] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 231.244915][ T8926] loop1: detected capacity change from 0 to 2048 [ 231.340421][ T8926] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 231.379324][ T8922] EXT4-fs (loop2): 1 truncate cleaned up [ 231.387283][ T8922] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 231.442372][ T8922] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 3: comm syz.2.1969: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 231.523291][ T8922] EXT4-fs (loop2): Remounting filesystem read-only [ 231.561795][ T8940] loop4: detected capacity change from 0 to 8 [ 231.695331][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 232.175686][ T8954] loop1: detected capacity change from 0 to 4096 [ 232.208905][ T8954] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 232.286645][ T8954] ntfs3: loop1: Failed to load $Extend. [ 232.303331][ T8962] netlink: 'syz.0.1986': attribute type 1 has an invalid length. [ 232.313669][ T8965] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1989'. [ 232.334133][ T8962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1986'. [ 232.898003][ T8984] loop3: detected capacity change from 0 to 512 [ 232.986087][ T8984] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 232.998707][ T8984] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 233.072527][ T8984] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 233.109354][ T8984] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 233.174213][ T8984] System zones: 0-2, 18-18, 34-35 [ 233.226740][ T8999] netlink: 192 bytes leftover after parsing attributes in process `syz.1.2007'. [ 233.256942][ T8984] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 233.456065][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 233.570418][ T9009] loop2: detected capacity change from 0 to 256 [ 233.636429][ T9009] FAT-fs (loop2): Directory bread(block 64) failed [ 233.699775][ T9009] FAT-fs (loop2): Directory bread(block 65) failed [ 233.758599][ T9009] FAT-fs (loop2): Directory bread(block 66) failed [ 233.775815][ T9009] FAT-fs (loop2): Directory bread(block 67) failed [ 233.780476][ T26] audit: type=1326 audit(1747710684.317:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9016 comm="syz.3.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 233.804566][ T9009] FAT-fs (loop2): Directory bread(block 68) failed [ 233.804718][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.816789][ T9009] FAT-fs (loop2): Directory bread(block 69) failed [ 233.843857][ T9009] FAT-fs (loop2): Directory bread(block 70) failed [ 233.880987][ T9009] FAT-fs (loop2): Directory bread(block 71) failed [ 233.887668][ T9009] FAT-fs (loop2): Directory bread(block 72) failed [ 233.929640][ T9009] FAT-fs (loop2): Directory bread(block 73) failed [ 233.946217][ T26] audit: type=1326 audit(1747710684.397:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9016 comm="syz.3.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 233.971536][ T9020] loop4: detected capacity change from 0 to 2048 [ 234.047237][ T26] audit: type=1326 audit(1747710684.397:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9016 comm="syz.3.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 234.049648][ T9020] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 234.119120][ T26] audit: type=1326 audit(1747710684.397:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9016 comm="syz.3.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 234.141436][ C1] vkms_vblank_simulate: vblank timer overrun [ 234.227479][ T9029] loop1: detected capacity change from 0 to 2048 [ 234.239838][ T9029] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 234.287884][ T9020] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 234.405126][ T9033] loop2: detected capacity change from 0 to 8 [ 234.433455][ T9033] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 234.470207][ T4257] EXT4-fs (loop4): unmounting filesystem. [ 234.485748][ T9033] cramfs: Error -3 while decompressing! [ 234.529268][ T5270] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 234.538161][ T9033] cramfs: ffffffff96b4b568(26)->ffff88804bbc8000(4096) [ 234.572247][ T9033] cramfs: Error -3 while decompressing! [ 234.577930][ T9033] cramfs: ffffffff96b4b582(26)->ffff88804bbc9000(4096) [ 234.595136][ T9002] loop0: detected capacity change from 0 to 32768 [ 234.605125][ T9033] cramfs: Error -3 while decompressing! [ 234.614944][ T9033] cramfs: ffffffff96b4b59c(16)->ffff88804bbca000(4096) [ 234.655928][ T9033] cramfs: Error -3 while decompressing! [ 234.679779][ T9033] cramfs: ffffffff96b4b568(26)->ffff88804bbc8000(4096) [ 234.749506][ T5270] usb 4-1: Using ep0 maxpacket: 32 [ 234.756913][ T5270] usb 4-1: config 0 has an invalid interface number: 15 but max is 0 [ 234.778826][ T9039] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2023'. [ 234.788924][ T5270] usb 4-1: config 0 has no interface number 0 [ 234.811763][ T5270] usb 4-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice=66.ee [ 234.831257][ T5270] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.880140][ T5270] usb 4-1: Product: syz [ 234.884361][ T5270] usb 4-1: Manufacturer: syz [ 234.889008][ T5270] usb 4-1: SerialNumber: syz [ 234.911727][ T5270] usb 4-1: config 0 descriptor?? [ 235.125652][ T5270] speedtch 4-1:0.15: speedtch_bind: wrong device class 42 [ 235.138271][ T5270] speedtch 4-1:0.15: usbatm_usb_probe: bind failed: -19! [ 235.383211][ T5270] usb 4-1: USB disconnect, device number 13 [ 235.465407][ T9059] loop1: detected capacity change from 0 to 64 [ 235.689388][ T4495] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 235.879394][ T4495] usb 1-1: Using ep0 maxpacket: 16 [ 235.898363][ T4495] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 235.924473][ T4495] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.946931][ T4495] usb 1-1: Product: syz [ 235.964784][ T4495] usb 1-1: Manufacturer: syz [ 235.971619][ T4495] usb 1-1: SerialNumber: syz [ 236.005053][ T4495] r8152-cfgselector 1-1: config 0 descriptor?? [ 236.098615][ T9082] netlink: 'syz.3.2044': attribute type 2 has an invalid length. [ 236.246335][ T4495] r8152-cfgselector 1-1: Unknown version 0x0000 [ 236.342755][ T9089] loop4: detected capacity change from 0 to 1024 [ 236.459130][ T4495] r8152-cfgselector 1-1: Unknown version 0x0000 [ 236.466775][ T4495] r8152-cfgselector 1-1: bad CDC descriptors [ 236.489403][ T4495] r8152-cfgselector 1-1: Unknown version 0x0000 [ 236.500489][ T4495] r8152-cfgselector 1-1: USB disconnect, device number 9 [ 236.524389][ T4257] hfsplus: bad catalog entry type [ 236.830712][ T9099] netlink: 'syz.3.2053': attribute type 10 has an invalid length. [ 236.844516][ T9099] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2053'. [ 236.878446][ T9099] device vcan0 entered promiscuous mode [ 236.892016][ T9099] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 236.915529][ T9099] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check. [ 236.917387][ T46] hfsplus: b-tree write err: -5, ino 4 [ 237.032006][ T9085] loop2: detected capacity change from 0 to 32768 [ 237.120152][ T4338] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.123036][ T9101] loop1: detected capacity change from 0 to 4096 [ 237.138600][ T9101] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 237.176872][ T9085] XFS (loop2): Mounting V5 Filesystem [ 237.184575][ T9101] ntfs: (device loop1): check_mft_mirror(): $MFTMirr location mismatch. Run chkdsk. [ 237.196564][ T9101] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 237.233701][ T9101] ntfs: volume version 3.1. [ 237.385748][ T9085] XFS (loop2): Ending clean mount [ 237.433760][ T4338] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.540920][ T4338] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.552880][ T4250] XFS (loop2): Unmounting Filesystem [ 237.762109][ T4338] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.929522][ T5956] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 238.119342][ T5956] usb 4-1: Using ep0 maxpacket: 32 [ 238.130927][ T5956] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.193365][ T5956] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.244160][ T5956] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 238.284657][ T5956] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.302976][ T9130] loop0: detected capacity change from 0 to 2048 [ 238.341612][ T5956] hub 4-1:4.0: USB hub found [ 238.380548][ T9130] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 238.461924][ T9130] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.536430][ T5956] hub 4-1:4.0: 2 ports detected [ 238.542304][ T4267] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 238.554445][ T5956] usb 4-1: selecting invalid altsetting 1 [ 238.560713][ T5956] hub 4-1:4.0: Using single TT (err -22) [ 238.566450][ T4267] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 238.584185][ T4267] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 238.595167][ T4267] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 238.615155][ T4267] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 238.629345][ T4267] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 238.745677][ T5956] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 238.769261][ T5956] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 238.810091][ T5956] usb 4-1: USB disconnect, device number 14 [ 239.839389][ T4300] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 239.953513][ T9135] chnl_net:caif_netlink_parms(): no params data found [ 240.029333][ T4300] usb 2-1: Using ep0 maxpacket: 8 [ 240.038492][ T4300] usb 2-1: config 6 has an invalid interface number: 2 but max is 0 [ 240.079059][ T4300] usb 2-1: config 6 has no interface number 0 [ 240.106460][ T4300] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 240.137090][ T4300] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 240.170127][ T4300] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 240.201491][ T4300] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.220248][ T4300] usb 2-1: Product: syz [ 240.232305][ T4300] usb 2-1: Manufacturer: syz [ 240.251398][ T4300] usb 2-1: SerialNumber: syz [ 240.261870][ T4300] hso 2-1:6.2: Failed to find INT IN ep [ 240.409934][ T4338] IPVS: stopping backup sync thread 5953 ... [ 240.507436][ T4300] usb 2-1: USB disconnect, device number 9 [ 240.659403][ T4266] Bluetooth: hci3: command 0x0409 tx timeout [ 240.825539][ T9135] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.843349][ T9135] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.878622][ T9135] device bridge_slave_0 entered promiscuous mode [ 240.934985][ T9135] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.944668][ T9135] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.977064][ T9135] device bridge_slave_1 entered promiscuous mode [ 241.093905][ T9222] loop3: detected capacity change from 0 to 256 [ 241.144551][ T9222] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x3eebdab2, utbl_chksum : 0xe619d30d) [ 241.204873][ T9188] loop2: detected capacity change from 0 to 32768 [ 241.245119][ T9188] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.2082 (9188) [ 241.282841][ T9226] capability: warning: `syz.1.2093' uses 32-bit capabilities (legacy support in use) [ 241.306094][ T9222] exFAT-fs (loop3): error, found bogus dentry(11) beyond unused empty group(10) (start_clu : 5, cur_clu : 5) [ 241.320298][ T9222] exFAT-fs (loop3): Filesystem has been set read-only [ 241.351725][ T9188] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 241.405789][ T9188] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 241.407377][ T9135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.455162][ T9188] BTRFS info (device loop2): using free space tree [ 241.539888][ T4338] device hsr_slave_0 left promiscuous mode [ 241.591829][ T4338] device hsr_slave_1 left promiscuous mode [ 241.624868][ T4338] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 241.692603][ T4338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 241.755756][ T9246] loop0: detected capacity change from 0 to 512 [ 241.762811][ T4338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 241.785440][ T9246] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 241.840704][ T4338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 241.866190][ T4338] device bridge_slave_1 left promiscuous mode [ 241.867196][ T9246] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 241.880869][ T4338] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.881855][ T9188] BTRFS info (device loop2): enabling ssd optimizations [ 241.903123][ T9246] ext4 filesystem being mounted at /391/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 241.917050][ T4338] device bridge_slave_0 left promiscuous mode [ 241.924832][ T4338] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.066798][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 242.098838][ T4338] device veth1_macvtap left promiscuous mode [ 242.107563][ T4338] device veth0_macvtap left promiscuous mode [ 242.115476][ T4338] device veth1_vlan left promiscuous mode [ 242.132884][ T4338] device veth0_vlan left promiscuous mode [ 242.200115][ T4250] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 242.513760][ T9268] loop0: detected capacity change from 0 to 512 [ 242.535620][ T9268] EXT4-fs: Ignoring removed nobh option [ 242.612682][ T9268] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.2101: invalid indirect mapped block 256 (level 2) [ 242.656978][ T9270] loop2: detected capacity change from 0 to 4096 [ 242.703164][ T9268] EXT4-fs (loop0): 2 truncates cleaned up [ 242.709804][ T9268] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 242.739341][ T4266] Bluetooth: hci3: command 0x041b tx timeout [ 242.744106][ T9273] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 242.838637][ T9270] NILFS error (device loop2): nilfs_dotdot: directory #12 missing '.' [ 242.904958][ T9270] Remounting filesystem read-only [ 243.049550][ T9272] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 243.363109][ T4338] team0 (unregistering): Port device vlan0 removed [ 243.436140][ T26] audit: type=1800 audit(1747710693.977:74): pid=9268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2101" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 243.540493][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 243.904236][ T4338] team0 (unregistering): Port device team_slave_1 removed [ 243.956909][ T4338] team0 (unregistering): Port device team_slave_0 removed [ 244.004448][ T4338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 244.060190][ T5261] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 244.072301][ T4338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 244.246389][ T5261] usb 1-1: Using ep0 maxpacket: 32 [ 244.255783][ T5261] usb 1-1: config 0 has an invalid interface number: 83 but max is 0 [ 244.264408][ T5261] usb 1-1: config 0 has no interface number 0 [ 244.273184][ T5261] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=ba.af [ 244.282766][ T5261] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.291104][ T5261] usb 1-1: Product: syz [ 244.296119][ T5261] usb 1-1: Manufacturer: syz [ 244.301154][ T5261] usb 1-1: SerialNumber: syz [ 244.315139][ T5261] usb 1-1: config 0 descriptor?? [ 244.331657][ T5261] usb_ehset_test: probe of 1-1:0.83 failed with error -32 [ 244.545399][ T5261] usb 1-1: USB disconnect, device number 10 [ 244.736632][ T4338] bond0 (unregistering): Released all slaves [ 244.819727][ T4266] Bluetooth: hci3: command 0x040f tx timeout [ 244.834678][ T9135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.858448][ T9275] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2103'. [ 245.008720][ T9135] team0: Port device team_slave_0 added [ 245.065064][ T9135] team0: Port device team_slave_1 added [ 245.074909][ T9288] loop1: detected capacity change from 0 to 256 [ 245.171141][ T9288] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x3eebdab2, utbl_chksum : 0xe619d30d) [ 245.286820][ T9288] exFAT-fs (loop1): invalid start cluster (520) [ 245.333655][ T9135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.351168][ T9135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.469290][ T9135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.508192][ T9135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.559360][ T9135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.599480][ T4300] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 245.645856][ T9135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 245.812777][ T4300] usb 4-1: Using ep0 maxpacket: 32 [ 245.823924][ T4300] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 245.859475][ T4300] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.867523][ T4300] usb 4-1: Product: syz [ 245.879298][ T4300] usb 4-1: Manufacturer: syz [ 245.884011][ T4300] usb 4-1: SerialNumber: syz [ 245.910701][ T4300] usb 4-1: config 0 descriptor?? [ 245.955161][ T9135] device hsr_slave_0 entered promiscuous mode [ 245.987094][ T9135] device hsr_slave_1 entered promiscuous mode [ 246.008653][ T9306] loop1: detected capacity change from 0 to 4096 [ 246.027232][ T9306] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 246.124909][ T4300] snd-usb-6fire 4-1:0.0: unknown device firmware state received from device: [ 246.149295][ T4300] eb 00 00 00 00 00 00 00 [ 246.153960][ T4300] snd-usb-6fire: probe of 4-1:0.0 failed with error -5 [ 246.224969][ T9306] ntfs3: loop1: failed to convert "c46c" to cp1250 [ 246.364264][ T4300] usb 4-1: USB disconnect, device number 15 [ 246.523772][ T9135] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 246.563108][ T9135] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 246.627608][ T9135] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 246.665743][ T9135] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 246.899389][ T4266] Bluetooth: hci3: command 0x0419 tx timeout [ 246.961218][ T9135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.980146][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.988736][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.993624][ T9333] loop0: detected capacity change from 0 to 256 [ 247.002500][ T9135] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.069135][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.117620][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.130665][ T9333] FAT-fs (loop0): Directory bread(block 64) failed [ 247.137338][ T9333] FAT-fs (loop0): Directory bread(block 65) failed [ 247.166890][ T4296] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.174119][ T4296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.179437][ T9333] FAT-fs (loop0): Directory bread(block 66) failed [ 247.217889][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.229443][ T9333] FAT-fs (loop0): Directory bread(block 67) failed [ 247.236107][ T9333] FAT-fs (loop0): Directory bread(block 68) failed [ 247.250632][ T9333] FAT-fs (loop0): Directory bread(block 69) failed [ 247.257561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.295251][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.317694][ T9333] FAT-fs (loop0): Directory bread(block 70) failed [ 247.346979][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.355441][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.363325][ T9333] FAT-fs (loop0): Directory bread(block 71) failed [ 247.370120][ T9333] FAT-fs (loop0): Directory bread(block 72) failed [ 247.376830][ T9333] FAT-fs (loop0): Directory bread(block 73) failed [ 247.398575][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.424762][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.463996][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 247.490586][ T9343] loop2: detected capacity change from 0 to 1024 [ 247.501794][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 247.553135][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 247.635725][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 247.664833][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 247.673423][ T9343] hfsplus: inconsistency in B*Tree (1,0,2,1,0) [ 247.697752][ T9343] hfsplus: cannot replace xattr [ 247.707300][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 247.716618][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 247.773622][ T9135] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 247.844306][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 247.856490][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 247.866255][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 247.978047][ T9357] netlink: 'syz.1.2135': attribute type 16 has an invalid length. [ 248.414171][ T9373] loop1: detected capacity change from 0 to 4096 [ 248.521432][ T9373] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 248.611593][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 248.637188][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 248.669657][ T9135] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.697925][ T9388] loop3: detected capacity change from 0 to 64 [ 248.730891][ T4260] EXT4-fs (loop1): unmounting filesystem. [ 248.936548][ T9394] loop2: detected capacity change from 0 to 2048 [ 248.997386][ T9394] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 249.048292][ T9394] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 249.829812][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 249.850025][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 249.900140][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 249.968341][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 250.010947][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 250.058461][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 250.096323][ T9135] device veth0_vlan entered promiscuous mode [ 250.128003][ T9135] device veth1_vlan entered promiscuous mode [ 250.227357][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 250.260322][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 250.268792][ T9441] loop1: detected capacity change from 0 to 2048 [ 250.291929][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 250.324182][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 250.369762][ T9135] device veth0_macvtap entered promiscuous mode [ 250.416015][ T9135] device veth1_macvtap entered promiscuous mode [ 250.487203][ T9135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.559304][ T9135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.586851][ T9135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.613709][ T9135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.659654][ T9135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.698121][ T9135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.740982][ T9135] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.748341][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 250.805356][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 250.846658][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 250.908292][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 250.957258][ T9464] loop0: detected capacity change from 0 to 1764 [ 250.977970][ T9135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.027514][ T9135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.091573][ T9135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.121439][ T9135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.170166][ T9135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.191957][ T9135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.240199][ T9135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.250852][ T9135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.293414][ T9135] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 251.319913][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 251.351538][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 251.396746][ T9135] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.427475][ T9482] loop2: detected capacity change from 0 to 65 [ 251.435558][ T9135] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.451993][ T9135] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.473184][ T9482] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway [ 251.483652][ T9135] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.519340][ T5261] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 251.739704][ T5261] usb 4-1: Using ep0 maxpacket: 8 [ 251.746623][ T5261] usb 4-1: config 0 interface 0 has no altsetting 0 [ 251.803681][ T5261] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 251.812281][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.830081][ T5261] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.854291][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.860812][ T9490] loop2: detected capacity change from 0 to 64 [ 251.879123][ T5261] usb 4-1: Product: syz [ 251.888428][ T5261] usb 4-1: Manufacturer: syz [ 251.912278][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 251.930378][ T5261] usb 4-1: SerialNumber: syz [ 251.954813][ T5261] usb 4-1: config 0 descriptor?? [ 251.961746][ T7665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.991488][ T7665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.022934][ T5261] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 252.075764][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 252.220172][ T5261] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 252.243925][ T5261] snd_usb_toneport: probe of 4-1:0.0 failed with error -22 [ 252.454836][ T5261] usb 4-1: USB disconnect, device number 16 [ 252.675703][ T9480] loop0: detected capacity change from 0 to 32768 [ 252.764015][ T9480] XFS (loop0): Mounting V5 Filesystem [ 252.945799][ T9480] XFS (loop0): Ending clean mount [ 252.995711][ T9480] XFS (loop0): Quotacheck needed: Please wait. [ 253.058708][ T9480] XFS (loop0): Quotacheck: Done. [ 253.322878][ T4249] XFS (loop0): Unmounting Filesystem [ 253.366759][ T9542] loop5: detected capacity change from 0 to 256 [ 254.182633][ T9565] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2208'. [ 254.443071][ T9575] loop3: detected capacity change from 0 to 1764 [ 254.499154][ T9580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2210'. [ 254.548078][ T9580] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2210'. [ 255.258994][ T9608] netlink: 'syz.0.2222': attribute type 1 has an invalid length. [ 255.294078][ T9612] loop1: detected capacity change from 0 to 256 [ 255.369855][ T9612] FAT-fs (loop1): Directory bread(block 64) failed [ 255.398172][ T9612] FAT-fs (loop1): Directory bread(block 65) failed [ 255.429757][ T9612] FAT-fs (loop1): Directory bread(block 66) failed [ 255.436353][ T9612] FAT-fs (loop1): Directory bread(block 67) failed [ 255.483771][ T9612] FAT-fs (loop1): Directory bread(block 68) failed [ 255.519367][ T9612] FAT-fs (loop1): Directory bread(block 69) failed [ 255.526047][ T9612] FAT-fs (loop1): Directory bread(block 70) failed [ 255.579418][ T9612] FAT-fs (loop1): Directory bread(block 71) failed [ 255.586155][ T9612] FAT-fs (loop1): Directory bread(block 72) failed [ 255.617626][ T9619] IPv6: Can't replace route, no match found [ 255.621582][ T9612] FAT-fs (loop1): Directory bread(block 73) failed [ 255.631696][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.638016][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.665194][ T9584] loop2: detected capacity change from 0 to 32768 [ 255.767143][ T9584] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.2212 (9584) [ 255.865840][ T9584] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 255.930461][ T9584] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 255.963229][ T9629] loop0: detected capacity change from 0 to 128 [ 255.970318][ T9584] BTRFS info (device loop2): force zlib compression, level 3 [ 256.015178][ T9629] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 256.019380][ T9584] BTRFS info (device loop2): force clearing of disk cache [ 256.063033][ T9584] BTRFS info (device loop2): setting nodatasum [ 256.079549][ T9584] BTRFS info (device loop2): allowing degraded mounts [ 256.092759][ T9584] BTRFS info (device loop2): enabling disk space caching [ 256.125941][ T9584] BTRFS info (device loop2): disk space caching is enabled [ 256.134355][ T9629] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 256.149323][ T4300] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 256.362426][ T4300] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 256.380620][ T4300] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.388991][ T4300] usb 6-1: Product: syz [ 256.393596][ T4300] usb 6-1: Manufacturer: syz [ 256.398230][ T4300] usb 6-1: SerialNumber: syz [ 256.432364][ T4300] usb 6-1: config 0 descriptor?? [ 256.472977][ T9584] BTRFS info (device loop2): rebuilding free space tree [ 256.490600][ T9584] BTRFS info (device loop2): disabling free space tree [ 256.500149][ T9584] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 256.510026][ T9584] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 256.576086][ T4300] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 002 [ 256.618944][ T9663] loop3: detected capacity change from 0 to 512 [ 256.637461][ T9663] EXT4-fs: Ignoring removed i_version option [ 256.697024][ T9663] EXT4-fs error (device loop3): ext4_get_journal_inode:5723: comm syz.3.2238: inode #196608: comm syz.3.2238: iget: illegal inode # [ 256.768730][ T4300] (null): failure setting delay to 10us [ 256.775166][ T4300] i2c-tiny-usb: probe of 6-1:0.0 failed with error -5 [ 256.785364][ T9663] EXT4-fs (loop3): no journal found [ 256.793486][ T9663] EXT4-fs (loop3): can't get journal size [ 256.826193][ T4300] usb 6-1: USB disconnect, device number 2 [ 256.827444][ T9663] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 256.937114][ T9663] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 256.945310][ T4250] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 256.965328][ T9663] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 257.031902][ T9675] loop1: detected capacity change from 0 to 256 [ 257.092618][ T9663] EXT4-fs error (device loop3): ext4_append:79: inode #2: comm syz.3.2238: Logical block already allocated [ 257.162245][ T9675] exfat: Deprecated parameter 'utf8' [ 257.235347][ T9675] cifs: Unknown parameter '\SbX1oIT&:"1:ӭ'4,Zz-#F<]%gC [ 257.235347][ T9675] SȘȞZ6' [ 257.406608][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 257.579371][ T9682] tmpfs: Bad value for 'mpol' [ 257.593588][ T9684] IPv6: Can't replace route, no match found [ 257.697888][ T9689] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 257.913024][ T9694] tmpfs: Bad value for 'mpol' [ 257.998918][ T9699] loop5: detected capacity change from 0 to 1024 [ 258.180511][ T9699] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 258.238582][ T9710] tmpfs: Bad value for 'nr_blocks' [ 258.253866][ T9699] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.361716][ T9699] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.2248: inode #458752: comm syz.5.2248: iget: illegal inode # [ 258.452104][ T9699] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.2248: error while reading EA inode 458752 err=-117 [ 258.479591][ T9703] loop3: detected capacity change from 0 to 4096 [ 258.677540][ T9135] EXT4-fs (loop5): unmounting filesystem. [ 258.947055][ T9730] IPv6: Can't replace route, no match found [ 259.053810][ T9734] loop3: detected capacity change from 0 to 256 [ 259.153087][ T9734] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x2f5a013b, utbl_chksum : 0xe619d30d) [ 259.333243][ T9747] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode active-backup(1) [ 259.409919][ T9749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2266'. [ 259.469712][ T9749] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2266'. [ 259.647148][ T9754] loop0: detected capacity change from 0 to 4096 [ 259.731802][ T9754] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 259.846922][ T9763] binder: 9762:9763 ioctl c018620b 0 returned -14 [ 259.877125][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 260.139640][ T9772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2276'. [ 260.194358][ T9772] device bridge_slave_1 left promiscuous mode [ 260.210815][ T9772] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.249817][ T9772] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.402645][ T9779] netlink: 'syz.5.2280': attribute type 5 has an invalid length. [ 260.412249][ T9779] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2280'. [ 260.722579][ T9797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2289'. [ 260.953988][ T9803] device ip6tnl2 entered promiscuous mode [ 261.234237][ T9816] loop1: detected capacity change from 0 to 1764 [ 261.349474][ T9822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2301'. [ 261.353458][ T9823] netlink: 'syz.5.2302': attribute type 21 has an invalid length. [ 261.393441][ T9823] netlink: 144 bytes leftover after parsing attributes in process `syz.5.2302'. [ 261.928228][ T26] audit: type=1326 audit(1747710712.467:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9841 comm="syz.2.2312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 262.010815][ T26] audit: type=1326 audit(1747710712.477:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9841 comm="syz.2.2312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 262.069835][ T26] audit: type=1326 audit(1747710712.477:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9841 comm="syz.2.2312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 262.202185][ T26] audit: type=1326 audit(1747710712.477:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9841 comm="syz.2.2312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 262.305083][ T9856] netlink: 45 bytes leftover after parsing attributes in process `syz.3.2318'. [ 262.464548][ T9860] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2321'. [ 262.499419][ T9860] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2321'. [ 262.680404][ T9870] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 262.709072][ T9872] loop0: detected capacity change from 0 to 64 [ 262.923985][ T9878] loop3: detected capacity change from 0 to 64 [ 263.255878][ T9892] loop1: detected capacity change from 0 to 16 [ 263.303324][ T9892] erofs: (device loop1): mounted with root inode @ nid 36. [ 263.367616][ T9895] program syz.0.2337 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.905303][ T9917] binder: 9916:9917 ioctl 541b 200000000240 returned -22 [ 264.025389][ T9919] loop5: detected capacity change from 0 to 4096 [ 264.095850][ T9919] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 264.174729][ T9921] loop3: detected capacity change from 0 to 4096 [ 264.216764][ T9921] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 264.390406][ T9921] ntfs: volume version 3.1. [ 264.447405][ T9933] loop0: detected capacity change from 0 to 512 [ 264.474674][ T9933] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 264.588006][ T9921] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 264.608626][ C0] vkms_vblank_simulate: vblank timer overrun [ 264.627654][ T9933] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 264.656635][ T9921] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 264.681689][ T9921] ntfs: (device loop3): __ntfs_bitmap_set_bits_in_run(): Failed to map first page (error -5), aborting. [ 264.693219][ T9921] ntfs: (device loop3): __ntfs_cluster_free(): Failed to clear first run (error -5), aborting. [ 264.704837][ T9921] ntfs: (device loop3): ntfs_truncate(): Failed to release cluster(s) (error code -5). Unmount and run chkdsk to recover the lost cluster(s). [ 264.717024][ T9933] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.2355: attempt to clear invalid blocks 2 len 1 [ 264.829483][ T9933] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 264.850808][ T9933] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2355: invalid indirect mapped block 1819239214 (level 0) [ 264.865369][ T9933] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2355: invalid indirect mapped block 1819239214 (level 1) [ 264.917099][ T9933] EXT4-fs (loop0): 1 truncate cleaned up [ 264.977407][ T9933] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 265.029835][ T9933] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 265.112216][ T9933] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 265.228240][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 265.688743][ T9966] loop3: detected capacity change from 0 to 4096 [ 265.718916][ T9966] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 265.776744][ T9971] loop2: detected capacity change from 0 to 22 [ 265.792534][ T9971] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 265.825722][ T9971] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 265.845637][ T9966] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 265.889307][ T9677] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 266.089496][ T9677] usb 1-1: Using ep0 maxpacket: 16 [ 266.098929][ T9677] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 266.131773][ T9677] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 266.159334][ T9677] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.208092][ T9677] usb 1-1: Product: syz [ 266.225520][ T9677] usb 1-1: Manufacturer: syz [ 266.242892][ T9677] usb 1-1: SerialNumber: syz [ 266.273113][ T9677] usb 1-1: config 0 descriptor?? [ 266.293146][ T9677] hub 1-1:0.0: bad descriptor, ignoring hub [ 266.309282][ T9677] hub: probe of 1-1:0.0 failed with error -5 [ 266.339633][ T9677] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input11 [ 266.524958][ T9985] xt_l2tp: missing protocol rule (udp|l2tpip) [ 266.598710][ T9943] loop5: detected capacity change from 0 to 65536 [ 266.708112][ T9943] XFS (loop5): Mounting V5 Filesystem [ 266.909634][ T9943] XFS (loop5): Ending clean mount [ 267.112321][ T9135] XFS (loop5): Unmounting Filesystem [ 267.452205][T10013] overlayfs: unrecognized mount option "\" or missing value [ 267.678017][T10020] loop2: detected capacity change from 0 to 256 [ 268.142749][T10034] __nla_validate_parse: 2 callbacks suppressed [ 268.142767][T10034] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2398'. [ 268.297306][T10041] netlink: 'syz.3.2401': attribute type 32 has an invalid length. [ 268.403139][T10045] sctp: [Deprecated]: syz.2.2402 (pid 10045) Use of int in max_burst socket option. [ 268.403139][T10045] Use struct sctp_assoc_value instead [ 268.439427][T10046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2403'. [ 268.517275][T10049] netlink: 'syz.5.2405': attribute type 4 has an invalid length. [ 268.569306][T10049] netlink: 128124 bytes leftover after parsing attributes in process `syz.5.2405'. [ 268.711638][T10056] loop0: detected capacity change from 0 to 2048 [ 268.790378][T10056] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 268.895172][T10065] cgroup2: Unknown parameter 'permit_directio' [ 268.910662][T10058] loop1: detected capacity change from 0 to 4096 [ 268.917974][T10058] __ntfs_warning: 6 callbacks suppressed [ 268.917988][T10058] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 269.000484][T10058] ntfs: volume version 3.1. [ 269.031634][T10068] loop5: detected capacity change from 0 to 1024 [ 269.144573][T10058] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 269.148637][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 269.252543][T10058] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 269.315472][T10058] ntfs: (device loop1): __ntfs_bitmap_set_bits_in_run(): Failed to map first page (error -5), aborting. [ 269.359115][T10077] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2416'. [ 269.374773][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2416'. [ 269.385324][T10077] netlink: 35 bytes leftover after parsing attributes in process `syz.3.2416'. [ 269.389715][T10058] ntfs: (device loop1): __ntfs_cluster_free(): Failed to clear first run (error -5), aborting. [ 269.403459][T10077] netlink: 'syz.3.2416': attribute type 3 has an invalid length. [ 269.439530][T10058] ntfs: (device loop1): ntfs_truncate(): Failed to release cluster(s) (error code -5). Unmount and run chkdsk to recover the lost cluster(s). [ 269.462134][T10077] netlink: 'syz.3.2416': attribute type 2 has an invalid length. [ 269.644688][ T4260] ntfs: (device loop1): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 270.049363][T10104] netdevsim netdevsim5: Firmware load for './file0/../file0' refused, path contains '..' component [ 270.102563][T10107] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2425'. [ 270.129315][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2425'. [ 270.268551][T10112] loop3: detected capacity change from 0 to 512 [ 270.371193][T10112] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 270.390576][T10112] ext4 filesystem being mounted at /490/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.533594][T10112] EXT4-fs error (device loop3): ext4_empty_dir:3139: inode #12: comm syz.3.2428: Directory hole found for htree leaf block 0 [ 270.761617][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 270.807306][ T26] audit: type=1326 audit(1747710721.347:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.2437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 270.817604][T10126] loop1: detected capacity change from 0 to 4096 [ 270.916390][ T26] audit: type=1326 audit(1747710721.387:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.2437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 270.990328][ T26] audit: type=1326 audit(1747710721.397:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.2437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 271.173658][ T4877] usb 1-1: USB disconnect, device number 11 [ 271.192920][T10144] loop2: detected capacity change from 0 to 512 [ 271.213561][T10126] ntfs3: loop1: ino=5, "/" directory corrupted [ 271.247885][T10144] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.2440: casefold flag without casefold feature [ 271.256333][T10126] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 271.273667][T10144] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.2440: couldn't read orphan inode 15 (err -117) [ 271.294519][T10144] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 271.523957][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 271.794740][T10165] loop3: detected capacity change from 0 to 1024 [ 271.835239][T10165] EXT4-fs: Ignoring removed nomblk_io_submit option [ 271.987277][T10165] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 272.061272][T10180] netlink: 960 bytes leftover after parsing attributes in process `syz.0.2452'. [ 272.166835][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 272.182927][T10183] loop5: detected capacity change from 0 to 256 [ 272.264423][T10183] exfat: Deprecated parameter 'utf8' [ 272.304760][T10183] exfat: Deprecated parameter 'utf8' [ 272.353702][T10183] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 272.537975][T10198] loop1: detected capacity change from 0 to 512 [ 272.560926][T10190] loop0: detected capacity change from 0 to 4096 [ 272.588302][T10198] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 272.611660][T10198] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 272.659876][T10198] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 272.713320][T10190] ntfs3: loop0: ino=5, "/" directory corrupted [ 272.733399][T10198] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 272.746854][T10190] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 272.801654][T10198] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 272.900866][T10198] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e018, mo2=0080] [ 272.948908][T10198] EXT4-fs (loop1): orphan cleanup on readonly fs [ 273.015734][T10198] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.2459: bg 0: block 34: padding at end of block bitmap is not set [ 273.171083][T10198] EXT4-fs error (device loop1): ext4_acquire_dquot:6802: comm syz.1.2459: Failed to acquire dquot type 1 [ 273.187600][T10219] loop0: detected capacity change from 0 to 256 [ 273.215997][T10198] EXT4-fs (loop1): 1 truncate cleaned up [ 273.260958][T10198] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 273.318175][T10198] EXT4-fs (loop1): unmounting filesystem. [ 274.068219][T10250] --map-set only usable from mangle table [ 274.839372][T10283] 9pnet_fd: p9_fd_create_tcp (10283): problem connecting socket to 127.0.0.1 [ 275.126704][T10295] loop2: detected capacity change from 0 to 512 [ 275.196951][T10295] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 275.350603][T10295] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 275.374612][T10295] ext4 filesystem being mounted at /483/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 275.497236][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 275.497254][ T26] audit: type=1326 audit(1747710726.037:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10311 comm="syz.1.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8aa338e969 code=0x7ffc0000 [ 275.639360][ T26] audit: type=1326 audit(1747710726.057:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10311 comm="syz.1.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=139 compat=0 ip=0x7f8aa338e969 code=0x7ffc0000 [ 275.690973][ T4250] EXT4-fs (loop2): unmounting filesystem. [ 275.771976][ T26] audit: type=1326 audit(1747710726.057:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10311 comm="syz.1.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8aa338e969 code=0x7ffc0000 [ 275.875925][ T26] audit: type=1326 audit(1747710726.057:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10311 comm="syz.1.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8aa338e969 code=0x7ffc0000 [ 275.922924][T10319] loop1: detected capacity change from 0 to 4096 [ 275.988322][T10319] ntfs: (device loop1): ntfs_is_extended_system_file(): Inode hard link count doesn't match number of name attributes. You should run chkdsk. [ 276.072968][T10319] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 276.105350][T10319] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 276.123145][T10286] loop5: detected capacity change from 0 to 32768 [ 276.157353][T10286] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.2491 (10286) [ 276.169914][T10319] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 276.214506][T10319] ntfs: volume version 3.1. [ 276.224654][T10286] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 276.240282][T10319] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Invalid LCN < -1 in mapping pairs array. [ 276.269399][T10286] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 276.293393][T10319] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x5, attribute type 0xa0, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 276.349831][T10286] BTRFS info (device loop5): using free space tree [ 276.433863][T10337] loop2: detected capacity change from 0 to 1024 [ 276.575893][T10286] BTRFS info (device loop5): enabling ssd optimizations [ 276.886904][ T9135] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 276.904600][T10362] openvswitch: netlink: Message has 1 unknown bytes. [ 277.291740][T10370] netlink: 'syz.0.2518': attribute type 10 has an invalid length. [ 277.378696][T10378] ieee802154 phy0 wpan0: encryption failed: -22 [ 277.518108][T10370] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 277.543346][T10381] loop5: detected capacity change from 0 to 164 [ 278.122345][T10402] netlink: 'syz.0.2529': attribute type 3 has an invalid length. [ 278.174896][T10402] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2529'. [ 278.259525][ T5275] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 278.444243][T10413] loop2: detected capacity change from 0 to 2048 [ 278.491254][ T5275] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 278.504796][T10416] loop0: detected capacity change from 0 to 8 [ 278.513464][ T5275] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.533328][T10413] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 278.551185][ T5275] usb 6-1: config 0 descriptor?? [ 278.591631][T10413] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 278.721951][T10424] No such timeout policy "syz1" [ 278.767275][T10426] netlink: 304 bytes leftover after parsing attributes in process `syz.0.2537'. [ 278.799650][T10426] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2537'. [ 278.988047][ T5275] ath6kl: Failed to submit usb control message: -71 [ 278.998716][ T5275] ath6kl: unable to send the bmi data to the device: -71 [ 279.022431][ T5275] ath6kl: Unable to send get target info: -71 [ 279.049529][ T5275] ath6kl: Failed to init ath6kl core: -71 [ 279.102884][T10433] netlink: 'syz.1.2540': attribute type 4 has an invalid length. [ 279.168242][ T5275] ath6kl_usb: probe of 6-1:0.0 failed with error -71 [ 279.196040][ T5275] usb 6-1: USB disconnect, device number 3 [ 279.356923][T10443] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2542'. [ 280.032347][T10469] netlink: 'syz.1.2552': attribute type 1 has an invalid length. [ 280.222992][T10478] netlink: 'syz.0.2557': attribute type 11 has an invalid length. [ 280.259409][T10478] netlink: 228 bytes leftover after parsing attributes in process `syz.0.2557'. [ 280.393360][T10485] loop1: detected capacity change from 0 to 512 [ 280.447728][T10485] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 280.514014][T10485] System zones: 1-12 [ 280.560426][T10485] EXT4-fs (loop1): orphan cleanup on readonly fs [ 280.617721][T10485] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.2559: bg 0: block 328: padding at end of block bitmap is not set [ 280.695072][T10485] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 280.730024][T10485] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2559: invalid indirect mapped block 65280 (level 0) [ 280.792659][T10485] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.2559: attempt to clear invalid blocks 33619980 len 1 [ 280.878357][T10485] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2559: invalid indirect mapped block 1819239214 (level 0) [ 280.928793][T10485] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2559: invalid indirect mapped block 1819239214 (level 1) [ 280.994815][T10485] EXT4-fs (loop1): 1 orphan inode deleted [ 281.039029][T10485] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 281.116221][T10485] EXT4-fs error (device loop1): ext4_map_blocks:634: inode #2: block 2: comm syz.1.2559: lblock 0 mapped to illegal pblock 2 (length 1) [ 281.195302][T10485] EXT4-fs warning (device loop1): dx_probe:823: inode #2: lblock 0: comm syz.1.2559: error -117 reading directory block [ 281.335245][ T4260] EXT4-fs (loop1): unmounting filesystem. [ 281.441754][T10525] loop5: detected capacity change from 0 to 1764 [ 281.687606][T10536] device geneve2 entered promiscuous mode [ 281.961494][T10543] loop1: detected capacity change from 0 to 4096 [ 282.044494][T10549] loop2: detected capacity change from 0 to 1024 [ 282.062472][T10543] ntfs: volume version 3.1. [ 282.110334][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 282.110350][ T26] audit: type=1326 audit(1747710732.657:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10554 comm="syz.0.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 282.138357][T10553] loop3: detected capacity change from 0 to 2048 [ 282.188935][T10549] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 282.238627][T10557] Mount JFS Failure: -22 [ 282.245612][T10553] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 282.257723][T10557] jfs_mount failed w/return code = -22 [ 282.284348][ T26] audit: type=1326 audit(1747710732.657:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10554 comm="syz.0.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 282.417785][ T26] audit: type=1326 audit(1747710732.657:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10554 comm="syz.0.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 282.510857][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 282.546532][T10567] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 282.569036][ T26] audit: type=1326 audit(1747710732.657:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10554 comm="syz.0.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 282.626882][T10570] loop2: detected capacity change from 0 to 1024 [ 282.934126][ T7665] hfsplus: b-tree write err: -5, ino 4 [ 283.204613][T10591] Non-string source [ 283.255058][T10593] loop5: detected capacity change from 0 to 2048 [ 283.341963][T10593] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=26504, location=26504 [ 283.450199][T10593] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 283.476183][T10602] netlink: 'syz.1.2602': attribute type 1 has an invalid length. [ 284.235822][T10619] loop2: detected capacity change from 0 to 4096 [ 284.246565][T10600] loop3: detected capacity change from 0 to 32768 [ 284.265050][T10619] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 284.296310][T10600] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.2601 (10600) [ 284.410847][T10600] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 284.438666][T10619] ntfs3: loop2: failed to convert "c46c" to koi8-u [ 284.442273][T10600] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 284.469362][T10600] BTRFS info (device loop3): force clearing of disk cache [ 284.481375][T10600] BTRFS info (device loop3): force zlib compression, level 3 [ 284.539514][T10600] BTRFS info (device loop3): enabling auto defrag [ 284.556377][T10600] BTRFS info (device loop3): max_inline at 0 [ 284.576624][T10600] BTRFS info (device loop3): using free space tree [ 284.802713][T10600] BTRFS info (device loop3): enabling ssd optimizations [ 284.812045][T10600] BTRFS info (device loop3): rebuilding free space tree [ 285.159415][ T5275] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 285.297115][T10675] netlink: 'syz.1.2628': attribute type 10 has an invalid length. [ 285.334070][T10675] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 285.381328][ T5275] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 285.417623][ T5275] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 285.479509][ T5275] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 285.488619][ T5275] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.513869][T10679] netlink: 'syz.2.2630': attribute type 1 has an invalid length. [ 285.524612][ T4256] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 285.808177][T10684] netlink: 404 bytes leftover after parsing attributes in process `syz.5.2634'. [ 285.823908][T10684] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2634'. [ 285.859322][T10684] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2634'. [ 285.868375][T10684] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2634'. [ 285.944193][ T5275] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 285.956588][T10685] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2635'. [ 285.970757][ T5275] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input12 [ 285.983292][ T5275] input: failed to attach handler kbd to device input12, error: -5 [ 286.070155][ T5275] usb 1-1: USB disconnect, device number 12 [ 286.216135][T10691] loop2: detected capacity change from 0 to 256 [ 286.290828][T10691] UBIFS error (pid: 10691): cannot open "ubifs", error -22 [ 286.482271][T10701] loop3: detected capacity change from 0 to 16 [ 286.558131][T10701] erofs: (device loop3): mounted with root inode @ nid 36. [ 286.601568][T10701] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 286.658018][T10705] sp0: Synchronizing with TNC [ 286.663987][T10701] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -38 in[52, 4044] out[1851] [ 286.685787][T10701] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 286.706968][T10704] [U] [ 286.822444][T10710] xt_hashlimit: max too large, truncated to 1048576 [ 286.850839][T10711] loop2: detected capacity change from 0 to 2048 [ 286.902776][T10714] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 287.120468][T10714] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 287.155513][T10714] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 287.274892][T10714] Remounting filesystem read-only [ 287.288086][ T4250] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 287.536876][T10736] loop5: detected capacity change from 0 to 256 [ 287.636074][T10736] FAT-fs (loop5): Directory bread(block 64) failed [ 287.646757][T10738] loop1: detected capacity change from 0 to 2048 [ 287.652671][T10736] FAT-fs (loop5): Directory bread(block 65) failed [ 287.699865][T10738] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 287.715216][T10736] FAT-fs (loop5): Directory bread(block 66) failed [ 287.739284][T10736] FAT-fs (loop5): Directory bread(block 67) failed [ 287.746044][T10736] FAT-fs (loop5): Directory bread(block 68) failed [ 287.805152][ T26] audit: type=1800 audit(1747710738.347:97): pid=10738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2660" name="bus" dev="loop1" ino=1367 res=0 errno=0 [ 287.839359][T10736] FAT-fs (loop5): Directory bread(block 69) failed [ 287.858581][T10736] FAT-fs (loop5): Directory bread(block 70) failed [ 287.895371][T10736] FAT-fs (loop5): Directory bread(block 71) failed [ 287.914541][T10736] FAT-fs (loop5): Directory bread(block 72) failed [ 287.939410][T10736] FAT-fs (loop5): Directory bread(block 73) failed [ 287.963369][T10746] loop3: detected capacity change from 0 to 2048 [ 287.982245][T10748] loop0: detected capacity change from 0 to 2048 [ 287.997530][T10746] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 288.030304][T10746] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 288.085552][T10750] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 288.113953][T10748] NILFS error (device loop0): nilfs_lookup: deleted inode referenced: 12 [ 288.218662][T10748] Remounting filesystem read-only [ 288.729907][T10767] loop0: detected capacity change from 0 to 256 [ 288.755085][T10742] loop2: detected capacity change from 0 to 32768 [ 288.777811][T10742] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.2663 (10742) [ 288.798217][T10767] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 288.845917][T10771] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2676'. [ 288.869511][T10742] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 288.899338][T10742] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 288.908489][T10742] BTRFS info (device loop2): setting nodatacow, compression disabled [ 288.970244][T10742] BTRFS info (device loop2): force clearing of disk cache [ 289.006111][T10742] BTRFS info (device loop2): enabling ssd optimizations [ 289.040830][T10774] RDS: rds_bind could not find a transport for 0:0:4::1, load rds_tcp or rds_rdma? [ 289.055838][T10742] BTRFS info (device loop2): using spread ssd allocation scheme [ 289.093745][T10742] BTRFS info (device loop2): doing ref verification [ 289.103936][T10742] BTRFS info (device loop2): force zlib compression, level 3 [ 289.138703][T10742] BTRFS info (device loop2): not using ssd optimizations [ 289.185518][T10742] BTRFS info (device loop2): not using spread ssd allocation scheme [ 289.202571][T10742] BTRFS info (device loop2): using free space tree [ 289.402355][T10797] loop0: detected capacity change from 0 to 47 [ 289.599634][T10742] BTRFS info (device loop2): rebuilding free space tree [ 289.806062][ T26] audit: type=1326 audit(1747710740.347:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10814 comm="syz.0.2688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 289.890243][ T26] audit: type=1326 audit(1747710740.357:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10814 comm="syz.0.2688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 289.973387][ T4250] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 290.035471][ T26] audit: type=1326 audit(1747710740.357:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10814 comm="syz.0.2688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 290.198862][ T26] audit: type=1326 audit(1747710740.357:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10814 comm="syz.0.2688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 290.287114][ T26] audit: type=1326 audit(1747710740.357:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10814 comm="syz.0.2688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f268838e969 code=0x7ffc0000 [ 290.829425][T10801] loop5: detected capacity change from 0 to 32768 [ 290.850004][T10801] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.2682 (10801) [ 290.952394][T10801] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 290.986049][T10801] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 291.008387][T10801] BTRFS info (device loop5): force clearing of disk cache [ 291.033037][T10848] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead [ 291.055479][T10801] BTRFS info (device loop5): force zlib compression, level 3 [ 291.069448][T10801] BTRFS info (device loop5): enabling auto defrag [ 291.079599][T10801] BTRFS info (device loop5): max_inline at 0 [ 291.090167][T10801] BTRFS info (device loop5): using free space tree [ 291.322134][T10801] BTRFS info (device loop5): enabling ssd optimizations [ 291.340225][T10801] BTRFS info (device loop5): rebuilding free space tree [ 291.588383][ T9135] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 291.599037][ T26] audit: type=1326 audit(1747710742.127:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.3.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 291.657782][ T26] audit: type=1326 audit(1747710742.147:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.3.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 291.755715][ T26] audit: type=1326 audit(1747710742.147:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.3.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 291.879283][ T26] audit: type=1326 audit(1747710742.147:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.3.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e718e969 code=0x7ffc0000 [ 291.948781][T10843] loop1: detected capacity change from 0 to 32768 [ 291.976040][T10843] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.2702 (10843) [ 292.179806][T10884] loop0: detected capacity change from 0 to 4096 [ 292.224341][T10884] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 292.283018][T10843] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 292.314460][T10843] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 292.354213][T10843] BTRFS info (device loop1): setting nodatacow, compression disabled [ 292.393001][T10843] BTRFS info (device loop1): force clearing of disk cache [ 292.405752][T10884] ntfs3: loop0: failed to convert "c46c" to iso8859-7 [ 292.429737][T10843] BTRFS info (device loop1): enabling ssd optimizations [ 292.471867][T10843] BTRFS info (device loop1): using spread ssd allocation scheme [ 292.502565][T10843] BTRFS info (device loop1): doing ref verification [ 292.529603][T10843] BTRFS info (device loop1): force zlib compression, level 3 [ 292.557495][T10843] BTRFS info (device loop1): not using ssd optimizations [ 292.599887][T10843] BTRFS info (device loop1): not using spread ssd allocation scheme [ 292.617506][T10843] BTRFS info (device loop1): using free space tree [ 292.822639][T10907] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 292.872657][T10919] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2722'. [ 292.974572][T10843] BTRFS info (device loop1): rebuilding free space tree [ 293.091661][T10932] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2729'. [ 293.129553][T10932] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2729'. [ 293.301829][ T4260] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 294.021304][T10959] netlink: 'syz.1.2733': attribute type 12 has an invalid length. [ 294.692422][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.755266][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.799205][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.889633][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.912250][T10991] loop5: detected capacity change from 0 to 4096 [ 294.919534][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.946462][T10991] ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 294.971749][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.017135][T10988] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.047150][T10988] device batadv_slave_0 entered promiscuous mode [ 295.185958][T10991] ntfs: (device loop5): parse_options(): NLS character set iso8(;3 not found. Using previous one utf8. [ 295.211010][T10991] ntfs: (device loop5): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 295.289570][T10991] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 295.326514][T10991] ntfs: (device loop5): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 295.349091][T10991] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 295.407767][T10991] ntfs: (device loop5): check_mft_mirror(): Failed to read $MFTMirr. [ 295.431649][T10991] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 295.491015][T10991] ntfs: volume version 3.1. [ 295.529359][T10991] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Index entry with child node found in a leaf node in directory inode 0x5. [ 295.549254][ T5272] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 295.567179][T10991] ntfs: (device loop5): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 295.615655][T11018] netlink: 'syz.1.2770': attribute type 1 has an invalid length. [ 295.624414][T11018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2770'. [ 295.741171][ T5272] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 295.775615][ T5272] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 295.810662][ T5272] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 295.867573][ T5272] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 295.898596][ T5272] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.923963][T11026] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2773'. [ 295.934572][ T5272] usb 3-1: Product: syz [ 295.939090][ T5272] usb 3-1: Manufacturer: syz [ 295.960427][T11028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2775'. [ 295.966145][ T5272] usb 3-1: SerialNumber: syz [ 296.204167][ T5272] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 296.227377][ T5272] cdc_ncm 3-1:1.0: bind() failure [ 296.247649][ T5272] usb 3-1: USB disconnect, device number 12 [ 296.328320][T11040] device gtp0 entered promiscuous mode [ 296.642039][T11048] loop0: detected capacity change from 0 to 2048 [ 296.698377][T11049] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 296.744824][ T5261] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 296.753181][T11048] syz.0.2785: attempt to access beyond end of device [ 296.753181][T11048] loop0: rw=0, sector=19791209300040, nr_sectors = 2 limit=2048 [ 296.767380][T11032] loop1: detected capacity change from 0 to 32768 [ 296.794751][T11048] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=1) [ 296.970365][ T5261] usb 4-1: Using ep0 maxpacket: 8 [ 296.977344][ T5261] usb 4-1: config 0 has an invalid interface number: 6 but max is 2 [ 297.017219][ T5261] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 297.038555][ T5261] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 297.054771][ T5261] usb 4-1: config 0 has no interface number 1 [ 297.064989][T11057] loop0: detected capacity change from 0 to 128 [ 297.071514][ T5261] usb 4-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 297.082649][ T5261] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.123510][ T5261] usb 4-1: config 0 descriptor?? [ 297.172930][ T5261] usb 4-1: unknown number of interfaces: 2 [ 297.299375][ T5272] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 297.430070][ T128] usb 4-1: USB disconnect, device number 17 [ 297.496072][ T5272] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 297.516027][ T5272] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.539488][ T5272] usb 6-1: Product: syz [ 297.549568][ T5272] usb 6-1: Manufacturer: syz [ 297.554224][ T5272] usb 6-1: SerialNumber: syz [ 297.592557][ T5272] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 297.653337][ T5272] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 297.884642][ C1] usb 6-1: ath9k_htc: invalid pkt_len (ff62) [ 298.136290][T11087] loop1: detected capacity change from 0 to 132 [ 298.162451][ T5261] usb 6-1: USB disconnect, device number 4 [ 298.461058][ T4877] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 298.675318][ T4877] usb 2-1: Using ep0 maxpacket: 32 [ 298.692293][ T4877] usb 2-1: config 1 has an invalid descriptor of length 138, skipping remainder of the config [ 298.723471][ T4877] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 298.745518][ T5272] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 298.765521][ T4877] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 298.767337][ T5272] ath9k_htc: Failed to initialize the device [ 298.814446][ T5261] usb 6-1: ath9k_htc: USB layer deinitialized [ 298.847456][ T4877] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 298.874852][ T4877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 298.893246][ T4877] usb 2-1: SerialNumber: syz [ 299.056317][T11121] loop3: detected capacity change from 0 to 64 [ 299.156604][ T4877] usb 2-1: USB disconnect, device number 10 [ 300.452763][T11141] loop5: detected capacity change from 0 to 32768 [ 300.515576][T11141] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.2831 (11141) [ 300.547204][T11141] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 300.586523][T11173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.593390][T11141] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 300.630790][T11173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.672477][T11141] BTRFS info (device loop5): using free space tree [ 300.682819][T11173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.719275][T11173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.760447][T11173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.800369][T11173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.013216][T11141] BTRFS info (device loop5): enabling ssd optimizations [ 301.237986][ T9135] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 301.398822][T11218] loop1: detected capacity change from 0 to 512 [ 301.416879][ T5272] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 301.423900][T11218] ext4: Unknown parameter 'noacl' [ 301.623150][ T5272] usb 3-1: config 6 has an invalid interface number: 109 but max is 0 [ 301.659480][ T5272] usb 3-1: config 6 has no interface number 0 [ 301.665635][ T5272] usb 3-1: config 6 interface 109 has no altsetting 0 [ 301.709821][ T5272] usb 3-1: New USB device found, idVendor=046d, idProduct=0821, bcdDevice=62.59 [ 301.719040][ T5272] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.739999][T11226] binfmt_misc: register: failed to install interpreter file ./file0/../file0 [ 301.815708][ T5272] usb 3-1: Found UVC 0.00 device (046d:0821) [ 301.846010][ T5272] usb 3-1: No valid video chain found. [ 301.897999][T11230] loop3: detected capacity change from 0 to 512 [ 301.994400][T11230] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 302.015200][T11230] ext4 filesystem being mounted at /582/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 302.035066][ T4330] usb 3-1: USB disconnect, device number 13 [ 302.053461][T11237] netlink: 'syz.5.2859': attribute type 10 has an invalid length. [ 302.123744][T11237] team0: Device veth1_vlan failed to register rx_handler [ 302.159265][ T5272] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 302.197660][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 302.358585][ T5272] usb 1-1: Using ep0 maxpacket: 8 [ 302.369568][ T5272] usb 1-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 302.389060][ T5272] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.409541][ T5272] usb 1-1: Product: syz [ 302.415524][ T5272] usb 1-1: Manufacturer: syz [ 302.438851][ T5272] usb 1-1: SerialNumber: syz [ 302.456940][ T5272] usb 1-1: config 0 descriptor?? [ 302.472327][ T5272] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 302.771761][T11259] loop1: detected capacity change from 0 to 64 [ 302.914815][ T5272] gspca_vc032x: reg_w err -71 [ 302.927061][ T5272] vc032x: probe of 1-1:0.0 failed with error -71 [ 302.937258][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 302.937275][ T26] audit: type=1107 audit(1747710753.477:108): pid=11260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='L<5' [ 303.002343][ T5272] usb 1-1: USB disconnect, device number 13 [ 303.155833][ T26] audit: type=1326 audit(1747710753.697:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.2.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 303.157881][T11269] netlink: 'syz.1.2883': attribute type 10 has an invalid length. [ 303.267422][ T26] audit: type=1326 audit(1747710753.757:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.2.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 303.305044][T11269] team0: Device veth1_vlan failed to register rx_handler [ 303.319051][ T26] audit: type=1326 audit(1747710753.757:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.2.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 303.418322][ T26] audit: type=1326 audit(1747710753.757:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.2.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 303.433217][T11271] loop5: detected capacity change from 0 to 8192 [ 303.605100][T11271] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 303.693530][T11271] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 303.739681][T11271] loop5: unable to read partition table [ 303.745576][T11271] loop_reread_partitions: partition scan of loop5 () failed (rc=-5) [ 304.540018][T11306] netlink: 'syz.1.2902': attribute type 1 has an invalid length. [ 304.568406][T11306] netlink: 'syz.1.2902': attribute type 1 has an invalid length. [ 304.618788][T11284] loop0: detected capacity change from 0 to 32768 [ 304.668699][T11302] loop2: detected capacity change from 0 to 8192 [ 304.696536][T11284] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.2890 (11284) [ 304.733686][T11302] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 304.752752][T11302] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 304.768507][T11280] loop3: detected capacity change from 0 to 40427 [ 304.776428][T11284] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 304.787278][T11284] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 304.796522][T11302] REISERFS (device loop2): using ordered data mode [ 304.804251][T11284] BTRFS info (device loop0): using free space tree [ 304.818942][T11280] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3ffff [ 304.829021][T11302] reiserfs: using flush barriers [ 304.834731][T11280] F2FS-fs (loop3): invalid crc value [ 304.869245][T11302] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 304.936967][T11280] F2FS-fs (loop3): Found nat_bits in checkpoint [ 304.999830][T11302] REISERFS (device loop2): checking transaction log (loop2) [ 305.071970][T11302] REISERFS (device loop2): Using rupasov hash to sort names [ 305.080787][T11302] REISERFS (device loop2): using 3.5.x disk format [ 305.088733][T11302] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 305.101045][T11302] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 305.112315][T11331] loop5: detected capacity change from 0 to 256 [ 305.122376][T11302] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 305.156473][T11280] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 305.187089][T11302] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 305.188066][T11284] BTRFS info (device loop0): enabling ssd optimizations [ 305.205081][T11331] FAT-fs (loop5): Directory bread(block 64) failed [ 305.217959][T11335] tmpfs: Bad value for 'mpol' [ 305.247548][T11302] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 305.269447][T11331] FAT-fs (loop5): Directory bread(block 65) failed [ 305.285171][T11302] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 305.329504][T11331] FAT-fs (loop5): Directory bread(block 66) failed [ 305.357172][T11331] FAT-fs (loop5): Directory bread(block 67) failed [ 305.361229][T11302] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 305.371247][T11280] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix. [ 305.389582][T11331] FAT-fs (loop5): Directory bread(block 68) failed [ 305.409343][T11331] FAT-fs (loop5): Directory bread(block 69) failed [ 305.416017][T11331] FAT-fs (loop5): Directory bread(block 70) failed [ 305.449331][T11331] FAT-fs (loop5): Directory bread(block 71) failed [ 305.486521][T11331] FAT-fs (loop5): Directory bread(block 72) failed [ 305.507859][ T4249] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 305.528645][T11331] FAT-fs (loop5): Directory bread(block 73) failed [ 306.399511][ T4492] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 306.610840][ T4492] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 306.635816][ T4492] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.666721][ T4492] usb 6-1: config 0 has no interface number 0 [ 306.692269][ T4492] usb 6-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 306.725054][ T4492] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.733651][ T4492] usb 6-1: Product: syz [ 306.737858][ T4492] usb 6-1: Manufacturer: syz [ 306.757719][ T4492] usb 6-1: SerialNumber: syz [ 306.799032][ T4492] usb 6-1: config 0 descriptor?? [ 306.848364][T11365] loop1: detected capacity change from 0 to 8192 [ 306.915894][T11365] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 306.930256][T11365] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 306.942138][T11365] REISERFS (device loop1): using ordered data mode [ 306.948695][T11365] reiserfs: using flush barriers [ 306.964109][T11365] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 306.999743][T11365] REISERFS (device loop1): checking transaction log (loop1) [ 307.012722][T11365] REISERFS (device loop1): Using rupasov hash to sort names [ 307.037125][ T4492] usb 6-1: Found UVC 0.08 device syz (046d:0823) [ 307.050647][ T4492] usb 6-1: No valid video chain found. [ 307.058617][T11365] REISERFS (device loop1): using 3.5.x disk format [ 307.102735][T11365] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 307.150099][T11365] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 307.172059][T11365] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 307.229824][T11365] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 307.262852][T11365] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 307.276764][ T5261] usb 6-1: USB disconnect, device number 5 [ 307.364898][T11365] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 307.415352][T11365] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 307.425176][T11390] loop2: detected capacity change from 0 to 128 [ 307.473875][T11390] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 307.495299][T11390] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 307.790542][ T26] audit: type=1326 audit(1747710758.337:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11398 comm="syz.2.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 307.886137][ T26] audit: type=1326 audit(1747710758.397:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11398 comm="syz.2.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 307.908587][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.045849][ T26] audit: type=1326 audit(1747710758.397:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11398 comm="syz.2.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 308.094728][T11406] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2940'. [ 308.136940][T11406] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2940'. [ 308.138848][ T26] audit: type=1326 audit(1747710758.397:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11398 comm="syz.2.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679fd8e969 code=0x7ffc0000 [ 308.794807][T11432] loop5: detected capacity change from 0 to 4096 [ 308.833261][T11432] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 308.992696][T11432] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 309.026815][T11432] ntfs3: loop5: ino=1b, "file0" attr_set_size [ 309.164268][ T9135] ntfs3: loop5: ntfs_sync_fs r=1a failed, -22. [ 309.207012][ T9135] ntfs3: loop5: ntfs_evict_inode r=1a failed, -22. [ 309.616510][T11464] loop2: detected capacity change from 0 to 128 [ 309.704862][T11467] IPv6: sit1: Disabled Multicast RS [ 309.723974][ T4331] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 309.845976][T11469] loop5: detected capacity change from 0 to 4096 [ 309.906851][T11469] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 309.996001][T11469] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 310.252707][T11482] loop0: detected capacity change from 0 to 2048 [ 310.316000][T11482] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 310.619985][T11495] netlink: 'syz.5.2982': attribute type 30 has an invalid length. [ 310.949289][ T4492] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 311.067309][T11511] loop1: detected capacity change from 0 to 16 [ 311.090511][T11511] erofs: (device loop1): mounted with root inode @ nid 36. [ 311.133244][ T4492] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 311.134750][T11511] erofs: (device loop1): z_erofs_pcluster_readmore: readmore error at page 1 @ nid 89 [ 311.155454][ T5261] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 311.159359][ T4492] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 311.176628][T11511] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117] [ 311.213495][ T4492] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 311.259235][ T4492] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 311.291689][ T4492] usb 1-1: config 1 interface 1 has no altsetting 0 [ 311.334913][ T4492] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 311.356230][ T5261] usb 4-1: Using ep0 maxpacket: 32 [ 311.364706][ T5261] usb 4-1: config 0 has an invalid interface number: 35 but max is 0 [ 311.369574][ T4492] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.393397][ T4492] usb 1-1: Product: syz [ 311.397613][ T4492] usb 1-1: Manufacturer: syz [ 311.422615][ T4492] usb 1-1: SerialNumber: syz [ 311.431423][ T5261] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 311.444394][T11499] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 311.456974][ T5261] usb 4-1: config 0 has no interface number 0 [ 311.460727][ T4492] cdc_ncm 1-1:1.0: NCM or ECM functional descriptors missing [ 311.478728][ T5261] usb 4-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 311.487165][T11519] loop2: detected capacity change from 0 to 4096 [ 311.498262][ T4492] cdc_ncm 1-1:1.0: bind() failure [ 311.512488][ T5261] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 311.529064][T11519] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 311.577747][ T5261] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.602548][ T5261] usb 4-1: Product: syz [ 311.606807][ T5261] usb 4-1: Manufacturer: syz [ 311.647853][ T5261] usb 4-1: SerialNumber: syz [ 311.669949][ T5261] usb 4-1: config 0 descriptor?? [ 311.681561][ T5261] radio-si470x 4-1:0.35: could not find interrupt in endpoint [ 311.700113][ T5261] radio-si470x: probe of 4-1:0.35 failed with error -5 [ 311.774779][T11525] loop1: detected capacity change from 0 to 4096 [ 311.798456][T11525] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 311.866550][T11529] loop5: detected capacity change from 0 to 64 [ 311.891144][ T5261] radio-raremono 4-1:0.35: this is not Thanko's Raremono. [ 311.912660][ T5261] usbhid 4-1:0.35: couldn't find an input interrupt endpoint [ 311.966738][ T4492] usb 1-1: USB disconnect, device number 14 [ 312.106188][ T5261] usb 4-1: USB disconnect, device number 18 [ 312.260984][ T26] audit: type=1326 audit(1747710762.807:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11538 comm="syz.5.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4eb8e969 code=0x7ffc0000 [ 312.319676][ T26] audit: type=1326 audit(1747710762.837:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11538 comm="syz.5.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f7b4eb8e969 code=0x7ffc0000 [ 312.390159][ T26] audit: type=1326 audit(1747710762.837:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11538 comm="syz.5.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4eb8e969 code=0x7ffc0000 [ 312.413916][T11541] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3005'. [ 312.704808][T11552] ax25_connect(): syz.0.3009 uses autobind, please contact jreuter@yaina.de [ 313.756610][T11593] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3031'. [ 314.006918][T11600] loop0: detected capacity change from 0 to 1764 [ 314.326286][T11611] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3040'. [ 314.333039][T11575] loop5: detected capacity change from 0 to 32768 [ 314.397180][T11611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3040'. [ 314.426961][T11575] jfs_rename did not expect dtDelete to return rc = -2 [ 314.461330][T11575] ERROR: (device loop5): jfs_rename: [ 314.461330][T11575] [ 314.498714][T11575] ERROR: (device loop5): remounting filesystem as read-only [ 314.648414][T11619] loop2: detected capacity change from 0 to 64 [ 314.725845][T11623] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3045'. [ 315.067577][T11629] loop0: detected capacity change from 0 to 4096 [ 315.145996][T11632] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 315.236946][T11638] loop3: detected capacity change from 0 to 256 [ 315.303395][T11640] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3054'. [ 315.360918][T11638] FAT-fs (loop3): Directory bread(block 64) failed [ 315.367547][T11638] FAT-fs (loop3): Directory bread(block 65) failed [ 315.440396][T11638] FAT-fs (loop3): Directory bread(block 66) failed [ 315.446995][T11638] FAT-fs (loop3): Directory bread(block 67) failed [ 315.448658][T11644] syz.1.3056 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 315.500187][T11638] FAT-fs (loop3): Directory bread(block 68) failed [ 315.526036][T11638] FAT-fs (loop3): Directory bread(block 69) failed [ 315.559669][T11638] FAT-fs (loop3): Directory bread(block 70) failed [ 315.566260][T11638] FAT-fs (loop3): Directory bread(block 71) failed [ 315.627822][T11638] FAT-fs (loop3): Directory bread(block 72) failed [ 315.646799][T11638] FAT-fs (loop3): Directory bread(block 73) failed [ 315.654272][T11648] loop2: detected capacity change from 0 to 128 [ 315.701187][T11648] FAT-fs (loop2): Directory bread(block 3236) failed [ 315.738447][T11648] FAT-fs (loop2): Directory bread(block 3237) failed [ 315.765958][T11648] FAT-fs (loop2): Directory bread(block 3238) failed [ 315.806538][T11648] FAT-fs (loop2): Directory bread(block 3239) failed [ 315.842476][T11648] FAT-fs (loop2): Directory bread(block 3240) failed [ 315.864876][T11648] FAT-fs (loop2): Directory bread(block 3241) failed [ 315.885071][T11648] FAT-fs (loop2): Directory bread(block 3242) failed [ 315.918663][T11648] FAT-fs (loop2): Directory bread(block 3243) failed [ 315.969048][T11648] FAT-fs (loop2): Directory bread(block 3236) failed [ 315.977137][T11648] FAT-fs (loop2): Directory bread(block 3237) failed [ 316.105139][T11659] xt_NFQUEUE: number of total queues is 0 [ 316.116576][T11660] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3064'. [ 317.064122][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.074917][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.165990][T11696] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3080'. [ 317.869855][T11715] netlink: 'syz.1.3091': attribute type 1 has an invalid length. [ 317.877653][T11715] netlink: 'syz.1.3091': attribute type 3 has an invalid length. [ 317.900490][T11715] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3091'. [ 317.959356][ T5266] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 317.992322][T11721] netlink: 372 bytes leftover after parsing attributes in process `syz.0.3094'. [ 318.116350][T11723] loop1: detected capacity change from 0 to 256 [ 318.170554][ T5266] usb 6-1: not running at top speed; connect to a high speed hub [ 318.190989][ T5266] usb 6-1: config 95 has an invalid interface number: 1 but max is 0 [ 318.206759][T11700] loop3: detected capacity change from 0 to 32768 [ 318.219308][ T5266] usb 6-1: config 95 has no interface number 0 [ 318.239565][ T5266] usb 6-1: config 95 interface 1 has no altsetting 0 [ 318.256445][T11700] [ 318.256445][T11700] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.256445][T11700] [ 318.269445][T11723] FAT-fs (loop1): Directory bread(block 64) failed [ 318.276789][ T5266] usb 6-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f [ 318.283779][T11723] FAT-fs (loop1): Directory bread(block 65) failed [ 318.303833][T11723] FAT-fs (loop1): Directory bread(block 66) failed [ 318.311171][T11723] FAT-fs (loop1): Directory bread(block 67) failed [ 318.328566][ T5266] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.350953][T11723] FAT-fs (loop1): Directory bread(block 68) failed [ 318.357545][T11723] FAT-fs (loop1): Directory bread(block 69) failed [ 318.360047][T11700] __jfs_setxattr: xattr_size = 243, new_size = 337 [ 318.370838][ T5266] usb 6-1: Product: syz [ 318.375088][ T5266] usb 6-1: Manufacturer: syz [ 318.376378][T11723] FAT-fs (loop1): Directory bread(block 70) failed [ 318.382943][ T5266] usb 6-1: SerialNumber: syz [ 318.438208][T11723] FAT-fs (loop1): Directory bread(block 71) failed [ 318.448450][T11723] FAT-fs (loop1): Directory bread(block 72) failed [ 318.463388][T11723] FAT-fs (loop1): Directory bread(block 73) failed [ 318.638956][ T75] [ 318.638956][ T75] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.638956][ T75] [ 318.674467][ T75] [ 318.674467][ T75] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.674467][ T75] [ 318.706073][ T107] [ 318.706073][ T107] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.706073][ T107] [ 318.717694][ T5266] usb 6-1: USB disconnect, device number 6 [ 318.734417][ T4256] [ 318.734417][ T4256] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.734417][ T4256] [ 318.752874][ T4256] [ 318.752874][ T4256] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.752874][ T4256] [ 318.783888][ T107] ================================================================== [ 318.792039][ T107] BUG: KASAN: use-after-free in txEnd+0x329/0x520 [ 318.798477][ T107] Write of size 8 at addr ffff88802418b840 by task jfsCommit/107 [ 318.806202][ T107] [ 318.808547][ T107] CPU: 1 PID: 107 Comm: jfsCommit Not tainted 6.1.135-syzkaller #0 [ 318.816445][ T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 318.826518][ T107] Call Trace: [ 318.829807][ T107] [ 318.832740][ T107] dump_stack_lvl+0x168/0x22e [ 318.837429][ T107] ? __lock_acquire+0x7c50/0x7c50 [ 318.842465][ T107] ? show_regs_print_info+0x12/0x12 [ 318.847671][ T107] ? load_image+0x3b0/0x3b0 [ 318.852179][ T107] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 318.857560][ T107] ? __virt_addr_valid+0x188/0x540 [ 318.862681][ T107] ? __virt_addr_valid+0x465/0x540 [ 318.867812][ T107] ? txEnd+0x329/0x520 [ 318.871887][ T107] print_report+0xa8/0x220 [ 318.876308][ T107] kasan_report+0x10b/0x140 [ 318.880833][ T107] ? txEnd+0x329/0x520 [ 318.884934][ T107] kasan_check_range+0x27b/0x290 [ 318.889887][ T107] txEnd+0x329/0x520 [ 318.893792][ T107] jfs_lazycommit+0x5a2/0xa50 [ 318.898493][ T107] ? txFreelock+0x5a0/0x5a0 [ 318.903007][ T107] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 318.908922][ T107] ? do_task_dead+0xd0/0xd0 [ 318.913439][ T107] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 318.919346][ T107] ? __kthread_parkme+0x162/0x1c0 [ 318.924383][ T107] kthread+0x29d/0x330 [ 318.928469][ T107] ? txFreelock+0x5a0/0x5a0 [ 318.932979][ T107] ? kthread_blkcg+0xd0/0xd0 [ 318.937583][ T107] ret_from_fork+0x1f/0x30 [ 318.942020][ T107] [ 318.945041][ T107] [ 318.947362][ T107] Allocated by task 11700: [ 318.951777][ T107] kasan_set_track+0x4b/0x70 [ 318.956385][ T107] __kasan_kmalloc+0x8e/0xa0 [ 318.960987][ T107] lmLogOpen+0x2c0/0xf90 [ 318.965237][ T107] jfs_mount_rw+0xf2/0x5c0 [ 318.969697][ T107] jfs_fill_super+0x58e/0xac0 [ 318.974398][ T107] mount_bdev+0x287/0x3c0 [ 318.978756][ T107] legacy_get_tree+0xe6/0x180 [ 318.983453][ T107] vfs_get_tree+0x88/0x270 [ 318.987884][ T107] do_new_mount+0x24a/0xa40 [ 318.992397][ T107] __se_sys_mount+0x2d6/0x3c0 [ 318.997078][ T107] do_syscall_64+0x4c/0xa0 [ 319.001500][ T107] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 319.007403][ T107] [ 319.009733][ T107] Freed by task 4256: [ 319.013709][ T107] kasan_set_track+0x4b/0x70 [ 319.018308][ T107] kasan_save_free_info+0x2d/0x50 [ 319.023351][ T107] ____kasan_slab_free+0x126/0x1e0 [ 319.028510][ T107] slab_free_freelist_hook+0x131/0x1a0 [ 319.033983][ T107] __kmem_cache_free+0xb6/0x1f0 [ 319.038845][ T107] lmLogClose+0x293/0x520 [ 319.043180][ T107] jfs_umount+0x28f/0x360 [ 319.047520][ T107] jfs_put_super+0x88/0x190 [ 319.052028][ T107] generic_shutdown_super+0x130/0x340 [ 319.057429][ T107] kill_block_super+0x7c/0xe0 [ 319.062112][ T107] deactivate_locked_super+0x93/0xf0 [ 319.067399][ T107] cleanup_mnt+0x463/0x4f0 [ 319.071824][ T107] task_work_run+0x1ca/0x250 [ 319.076419][ T107] exit_to_user_mode_loop+0xe6/0x110 [ 319.081729][ T107] exit_to_user_mode_prepare+0xb1/0x140 [ 319.087284][ T107] syscall_exit_to_user_mode+0x16/0x40 [ 319.092755][ T107] do_syscall_64+0x58/0xa0 [ 319.097175][ T107] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 319.103138][ T107] [ 319.105459][ T107] The buggy address belongs to the object at ffff88802418b800 [ 319.105459][ T107] which belongs to the cache kmalloc-1k of size 1024 [ 319.119514][ T107] The buggy address is located 64 bytes inside of [ 319.119514][ T107] 1024-byte region [ffff88802418b800, ffff88802418bc00) [ 319.132791][ T107] [ 319.135116][ T107] The buggy address belongs to the physical page: [ 319.141535][ T107] page:ffffea0000906200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24188 [ 319.151688][ T107] head:ffffea0000906200 order:3 compound_mapcount:0 compound_pincount:0 [ 319.160011][ T107] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 319.168007][ T107] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888017441dc0 [ 319.176590][ T107] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 319.185198][ T107] page dumped because: kasan: bad access detected [ 319.191617][ T107] page_owner tracks the page as allocated [ 319.197334][ T107] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 46, tgid 46 (kworker/u4:3), ts 82769858890, free_ts 78286999421 [ 319.217658][ T107] post_alloc_hook+0x173/0x1a0 [ 319.222434][ T107] get_page_from_freelist+0x1a26/0x1ac0 [ 319.227991][ T107] __alloc_pages+0x1df/0x4e0 [ 319.232593][ T107] alloc_slab_page+0x5d/0x160 [ 319.237292][ T107] new_slab+0x87/0x2c0 [ 319.241367][ T107] ___slab_alloc+0xbc6/0x1220 [ 319.246045][ T107] __kmem_cache_alloc_node+0x1a0/0x260 [ 319.251511][ T107] __kmalloc+0xa0/0x240 [ 319.255669][ T107] ieee802_11_parse_elems_full+0xb2/0x1230 [ 319.261481][ T107] ieee80211_ibss_rx_queued_mgmt+0x3c4/0x2b10 [ 319.267647][ T107] ieee80211_iface_work+0x726/0xc80 [ 319.272857][ T107] process_one_work+0x898/0x1160 [ 319.277808][ T107] worker_thread+0xaa2/0x1250 [ 319.282504][ T107] kthread+0x29d/0x330 [ 319.286579][ T107] ret_from_fork+0x1f/0x30 [ 319.291000][ T107] page last free stack trace: [ 319.295678][ T107] free_unref_page_prepare+0x8b4/0x9a0 [ 319.301147][ T107] free_unref_page+0x2e/0x3f0 [ 319.305856][ T107] qlist_free_all+0x76/0xe0 [ 319.310364][ T107] kasan_quarantine_reduce+0x144/0x160 [ 319.315825][ T107] __kasan_slab_alloc+0x1e/0x80 [ 319.320683][ T107] slab_post_alloc_hook+0x4b/0x480 [ 319.325803][ T107] __kmem_cache_alloc_node+0x140/0x260 [ 319.331264][ T107] __kmalloc+0xa0/0x240 [ 319.335421][ T107] fib6_info_alloc+0x2e/0xe0 [ 319.340012][ T107] ip6_route_info_create+0x44f/0x1210 [ 319.345393][ T107] ip6_route_add+0x24/0x130 [ 319.349904][ T107] addrconf_add_dev+0x253/0x330 [ 319.354754][ T107] addrconf_init_auto_addrs+0x6b1/0xb30 [ 319.360305][ T107] addrconf_notify+0xaca/0xf40 [ 319.365069][ T107] raw_notifier_call_chain+0xcb/0x160 [ 319.370453][ T107] netdev_state_change+0xd2/0x140 [ 319.375486][ T107] [ 319.377807][ T107] Memory state around the buggy address: [ 319.383607][ T107] ffff88802418b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 319.391667][ T107] ffff88802418b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 319.399728][ T107] >ffff88802418b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 319.407789][ T107] ^ [ 319.413939][ T107] ffff88802418b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 319.422000][ T107] ffff88802418b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 319.430058][ T107] ================================================================== [ 319.498540][ T107] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 319.505908][ T107] CPU: 0 PID: 107 Comm: jfsCommit Not tainted 6.1.135-syzkaller #0 [ 319.513834][ T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 319.523921][ T107] Call Trace: [ 319.527217][ T107] [ 319.530202][ T107] dump_stack_lvl+0x168/0x22e [ 319.534923][ T107] ? memcpy+0x3c/0x60 [ 319.538972][ T107] ? show_regs_print_info+0x12/0x12 [ 319.544245][ T107] ? load_image+0x3b0/0x3b0 [ 319.548779][ T107] panic+0x2c9/0x710 [ 319.552707][ T107] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 319.558893][ T107] ? bpf_jit_dump+0xd0/0xd0 [ 319.563415][ T107] ? _raw_spin_unlock_irqrestore+0xf6/0x100 [ 319.569316][ T107] ? _raw_spin_unlock+0x40/0x40 [ 319.574176][ T107] check_panic_on_warn+0x80/0xa0 [ 319.579136][ T107] ? txEnd+0x329/0x520 [ 319.583214][ T107] end_report+0x66/0x110 [ 319.587466][ T107] kasan_report+0x118/0x140 [ 319.591979][ T107] ? txEnd+0x329/0x520 [ 319.596087][ T107] kasan_check_range+0x27b/0x290 [ 319.601041][ T107] txEnd+0x329/0x520 [ 319.604949][ T107] jfs_lazycommit+0x5a2/0xa50 [ 319.609676][ T107] ? txFreelock+0x5a0/0x5a0 [ 319.614222][ T107] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 319.620136][ T107] ? do_task_dead+0xd0/0xd0 [ 319.624652][ T107] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 319.630555][ T107] ? __kthread_parkme+0x162/0x1c0 [ 319.635593][ T107] kthread+0x29d/0x330 [ 319.639684][ T107] ? txFreelock+0x5a0/0x5a0 [ 319.644192][ T107] ? kthread_blkcg+0xd0/0xd0 [ 319.648966][ T107] ret_from_fork+0x1f/0x30 [ 319.653397][ T107] [ 319.656698][ T107] Kernel Offset: disabled [ 319.661049][ T107] Rebooting in 86400 seconds..