last executing test programs: 4.351901451s ago: executing program 1 (id=1817): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[{0x10, 0x1, 0x10000}, {0x10, 0x117, 0x2}], 0x20}}], 0x2, 0x0) 4.150440161s ago: executing program 1 (id=1821): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000003c0)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000000)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYBLOB="613ff3df9a92a98be924297cd7956310c8537e1dc0be494c"]) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3.398617309s ago: executing program 0 (id=1832): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x400000f2}]}) 3.165266171s ago: executing program 3 (id=1836): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x3f, &(0x7f0000000340)={@link_local={0x1, 0x80, 0xc2, 0x3}, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "000001", 0x9, 0x11, 0x0, @private2, @mcast2, {[], {0x0, 0xe22, 0x9, 0x0, @opaque="ff"}}}}}}, 0x0) 3.102683294s ago: executing program 0 (id=1837): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0xfffc, r0, 0x0}]) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0) 3.003820329s ago: executing program 3 (id=1838): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 2.963987081s ago: executing program 3 (id=1840): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) 2.855870327s ago: executing program 0 (id=1841): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x200, 0x0, 0x25dfdbfb, {{@in=@loopback, @in6=@local, 0xfffc, 0x4, 0x0, 0x0, 0xa, 0x60, 0x20, 0x32}, {0x0, 0x4, 0x5, 0x0, 0x40, 0xfffffffffffffffd, 0x2}, {0xfffffffffffffffe, 0x0, 0x0, 0xcd17}, 0x9, 0x40000000, 0x0, 0x1, 0x2, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) 2.78718557s ago: executing program 0 (id=1842): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@ipv4_deladdr={0x34, 0x15, 0x1, 0x70bd27, 0x25dfdbec, {0x2, 0x18, 0xe1, 0xff, r2}, [@IFA_ADDRESS={0x8, 0x1, @multicast1}, @IFA_LABEL={0x14, 0x3, 'lo\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x880) 2.554401262s ago: executing program 0 (id=1843): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bde5a44070275290f515010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000500)={0x1c, &(0x7f00000003c0)={0x0, 0x8}, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 2.213541138s ago: executing program 3 (id=1844): socket$kcm(0x10, 0x2, 0x10) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000100000040000180060001000a00000008000500000000000c000700000000000000000008000900710000000700060072720000080008000000000008000b"], 0x54}}, 0x0) 2.109121554s ago: executing program 3 (id=1845): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") symlink(&(0x7f0000000080)='mnt\x00', &(0x7f00000000c0)='./file0\x00') syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0x2c600, 0x0, 0xbe, 0x0, &(0x7f00000007c0)) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus/file0\x00') 1.857587196s ago: executing program 1 (id=1849): r0 = socket$netlink(0x10, 0x3, 0x4) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000204e0000", 0x58}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) 1.620569428s ago: executing program 4 (id=1851): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000e40)=[{{&(0x7f0000000240)={0xa, 0x4e1f, 0x61, @private0, 0x3}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000440)="14", 0x1}], 0x1}}, {{&(0x7f00000000c0)={0xa, 0x4ea0, 0x10, @private0, 0x9}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000000)="95", 0x1}], 0x1}}], 0x2, 0x931766f6319eed40) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0100000000000000", 0x8) 1.507830004s ago: executing program 1 (id=1852): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000200000000000000000850000002a0000001801000020786c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000020085000000a800000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 1.378945681s ago: executing program 2 (id=1853): umount2(&(0x7f00000002c0)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x7) r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="1d000000", @ANYRES16=r0, @ANYBLOB="01002cbd0800fbdbdf2501"], 0x34}}, 0x4) 1.344156592s ago: executing program 1 (id=1854): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {0x0, 0x10, 0x2, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x40000, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x24, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x5f1, 0x6], [0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x4, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7, 0xfffffffc, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x400, 0x0, 0x200, 0x0, 0x2, 0x0, 0x3, 0x5, 0x0, 0x0, 0x2022de83, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x7, 0x0, 0x4d, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1000, 0x82, 0x0, 0x200, 0x0, 0xffffffff, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0xffffffff, 0x0, 0x2, 0x9fa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0xbda6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 1.343673412s ago: executing program 4 (id=1855): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x4800, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xe}, @NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4044031}, 0x40) 1.102270915s ago: executing program 4 (id=1856): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r0 = syz_io_uring_setup(0x111, &(0x7f0000000380)={0x0, 0xfdf1}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x241}}) io_uring_enter(r0, 0x47f6, 0x880e, 0x0, 0x0, 0x0) 1.015877419s ago: executing program 1 (id=1857): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0xffffffff80000202, 0xffffffffffffffff, 0x0) 1.015701459s ago: executing program 2 (id=1858): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendmsg(r0, &(0x7f00000019c0)={&(0x7f0000001840)=@ll={0x11, 0x3, r1, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}}, 0x80, &(0x7f0000001980)=[{&(0x7f0000000040)="cf74fcee1af1", 0x6}, {&(0x7f00000018c0)="9484352ad5", 0x5}], 0x2}, 0x24004045) 780.56557ms ago: executing program 4 (id=1859): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 733.572303ms ago: executing program 2 (id=1860): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x4, 0x9}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xd, 0x9, 0x4, 0x1, 0x0, r0, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r2, &(0x7f0000000d40), 0x0}, 0x20) 499.917265ms ago: executing program 2 (id=1861): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0x512, &(0x7f0000000280)={0x0, 0xc65f, 0x0, 0x9, 0x40}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, 0x2121, 0x0, {0x3}}) io_uring_enter(r1, 0x4b04, 0xb277, 0x0, 0x0, 0x0) 423.176199ms ago: executing program 4 (id=1862): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000000) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000100)=0xffff8000, 0x4) 267.557077ms ago: executing program 0 (id=1863): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x810) 187.78632ms ago: executing program 2 (id=1864): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f00000001c0)="03", 0x1, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000300)) keyctl$search(0xa, r0, &(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x0}, r0) 159.403032ms ago: executing program 4 (id=1865): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0xfffffffe, 0x0, 0x3a5f, 0x8}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'wg1\x00'}) 17.442719ms ago: executing program 2 (id=1866): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1e000000000000000300000003"], 0x50) unshare(0x28000600) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0d0000007f000000040000000809000000000000", @ANYRES32=r0], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xd, 0x7f, 0x4, 0x8, 0x1, r1, 0x2}, 0x50) 0s ago: executing program 3 (id=1867): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) kernel console output (not intermixed with test programs): uclogic 0003:5543:0781.0003: unknown main item tag 0x0 [ 127.341248][ T27] uclogic 0003:5543:0781.0003: unknown main item tag 0x0 [ 127.341270][ T27] uclogic 0003:5543:0781.0003: unknown main item tag 0x0 [ 127.341290][ T27] uclogic 0003:5543:0781.0003: unexpected long global item [ 127.341898][ T27] uclogic 0003:5543:0781.0003: parse failed [ 127.378370][ T5593] loop0: detected capacity change from 0 to 256 [ 127.399178][ T5594] loop3: detected capacity change from 0 to 512 [ 127.520674][ T27] uclogic: probe of 0003:5543:0781.0003 failed with error -22 [ 127.532602][ T5594] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 127.571074][ T27] usb 5-1: USB disconnect, device number 5 [ 127.577474][ T5594] ext4 filesystem being mounted at /94/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.754785][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 127.759676][ T5604] mmap: syz.0.503 (5604) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 128.239932][ T4795] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 128.450119][ T4795] usb 1-1: Using ep0 maxpacket: 8 [ 128.458778][ T4795] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 128.485824][ T4795] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 128.497318][ T4795] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 128.504314][ T5628] loop4: detected capacity change from 0 to 136 [ 128.514077][ T4795] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 128.525196][ T4795] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 128.539470][ T4795] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 128.550844][ T5628] Attempt to read inode for relocated directory [ 128.579593][ T4795] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.849726][ T4795] usb 1-1: GET_CAPABILITIES returned 0 [ 128.855294][ T4795] usbtmc 1-1:16.0: can't read capabilities [ 129.107596][ T4313] usb 1-1: USB disconnect, device number 7 [ 129.368276][ T5652] loop3: detected capacity change from 0 to 512 [ 129.469691][ T4312] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 129.582141][ T5656] loop3: detected capacity change from 0 to 16 [ 129.614430][ T5656] erofs: (device loop3): mounted with root inode @ nid 36. [ 129.682308][ T4312] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 129.704906][ T4312] usb 2-1: config 0 has no interface number 0 [ 129.719161][ T5656] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 129.720399][ T4312] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 129.795679][ T5640] loop4: detected capacity change from 0 to 32768 [ 129.802514][ T4312] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 129.854666][ T4312] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 129.875013][ T4312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.955567][ T4312] usb 2-1: config 0 descriptor?? [ 129.991367][ T5646] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 129.998125][ T5640] XFS (loop4): Mounting V5 Filesystem [ 130.012757][ T4312] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 130.199444][ T5640] XFS (loop4): Ending clean mount [ 130.241708][ T5640] XFS (loop4): Quotacheck needed: Please wait. [ 130.313947][ T5640] XFS (loop4): Quotacheck: Done. [ 130.374309][ T4312] usb 2-1: USB disconnect, device number 3 [ 130.619255][ T4270] XFS (loop4): Unmounting Filesystem [ 131.631567][ T5696] sctp: [Deprecated]: syz.1.543 (pid 5696) Use of int in maxseg socket option. [ 131.631567][ T5696] Use struct sctp_assoc_value instead [ 131.857847][ T5688] loop0: detected capacity change from 0 to 32768 [ 131.958215][ T5688] XFS (loop0): Mounting V5 Filesystem [ 132.094214][ T5688] XFS (loop0): Ending clean mount [ 132.150213][ T5712] loop4: detected capacity change from 0 to 64 [ 132.240104][ T5688] XFS (loop0): User initiated shutdown received. [ 132.246916][ T5688] XFS (loop0): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:499). Shutting down filesystem. [ 132.299488][ T5688] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 132.453194][ T5714] loop1: detected capacity change from 0 to 4096 [ 132.461799][ T4274] XFS (loop0): Unmounting Filesystem [ 132.516722][ T5714] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 132.663306][ T5714] ntfs: (device loop1): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 132.747139][ T5714] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 132.836682][ T5714] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 132.875027][ T5714] ntfs: volume version 3.1. [ 132.934535][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.940936][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.123009][ T4272] ntfs: (device loop1): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 133.422705][ T5736] netlink: 'syz.3.558': attribute type 3 has an invalid length. [ 133.860962][ T5748] loop0: detected capacity change from 0 to 64 [ 134.027262][ T5748] hfs: request for non-existent node 1280 in B*Tree [ 134.069459][ T5748] hfs: request for non-existent node 1280 in B*Tree [ 134.099125][ T5756] loop3: detected capacity change from 0 to 512 [ 134.125428][ T5756] EXT4-fs: inline encryption not supported [ 134.138631][ T5756] EXT4-fs: Ignoring removed i_version option [ 134.207352][ T5756] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.566: inode has both inline data and extents flags [ 134.231969][ T5756] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.566: couldn't read orphan inode 15 (err -117) [ 134.244442][ T5756] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 134.289402][ T4312] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 134.301068][ T4323] hfs: request for non-existent node 1280 in B*Tree [ 134.309069][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 134.322330][ T4323] hfs: request for non-existent node 1280 in B*Tree [ 134.496984][ T4312] usb 2-1: unable to get BOS descriptor or descriptor too short [ 134.523397][ T4312] usb 2-1: not running at top speed; connect to a high speed hub [ 134.554125][ T4312] usb 2-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 134.599913][ T4312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.607994][ T4312] usb 2-1: Product: syz [ 134.636443][ T4312] usb 2-1: Manufacturer: syz [ 134.656815][ T4312] usb 2-1: SerialNumber: syz [ 134.737903][ T5766] loop0: detected capacity change from 0 to 4096 [ 134.744597][ T4283] Bluetooth: hci4: link tx timeout [ 134.750580][ T4283] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 134.772890][ T5766] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 134.945105][ T5766] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 134.951906][ T4795] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 134.989029][ T5773] loop3: detected capacity change from 0 to 128 [ 135.060937][ T5773] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 135.127447][ T35] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22. [ 135.142665][ T4274] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 135.149922][ T4274] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 135.156995][ T4274] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 135.161165][ T4795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 135.178549][ T4318] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22. [ 135.185905][ T5773] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.211865][ T4274] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 135.219964][ T4795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.227905][ T4274] ntfs3: loop0: ntfs_evict_inode r=3 failed, -22. [ 135.281358][ T4795] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 135.336469][ T4795] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.400541][ T4795] usb 5-1: config 0 descriptor?? [ 135.464096][ T4795] hub 5-1:0.0: USB hub found [ 135.493690][ T4312] usb 2-1: USB disconnect, device number 4 [ 135.631054][ T5769] loop4: detected capacity change from 0 to 512 [ 135.696513][ T5769] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #15: comm syz.4.572: inode has both inline data and extents flags [ 135.739769][ T4283] Bluetooth: hci3: command 0x2020 tx timeout [ 135.758868][ T5769] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.572: couldn't read orphan inode 15 (err -117) [ 135.829097][ T5769] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 135.937317][ T4795] hub 5-1:0.0: 1 port detected [ 136.358652][ T4795] usb 5-1: USB disconnect, device number 6 [ 136.737096][ T5802] loop3: detected capacity change from 0 to 512 [ 136.784027][ T5802] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 136.830436][ T5802] EXT4-fs (loop3): 1 truncate cleaned up [ 136.836152][ T5802] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 136.851122][ T4283] Bluetooth: hci4: command 0x0406 tx timeout [ 136.862284][ T5686] Set syz1 is full, maxelem 65536 reached [ 137.053701][ T4270] EXT4-fs (loop4): unmounting filesystem. [ 137.084130][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 138.354574][ T5840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 138.371806][ T5848] netlink: 56 bytes leftover after parsing attributes in process `syz.3.606'. [ 138.382196][ T5847] sp0: Synchronizing with TNC [ 139.146363][ T5870] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 140.345574][ T5906] netlink: 'syz.2.633': attribute type 3 has an invalid length. [ 140.369541][ T4311] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 140.571235][ T4311] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 140.592149][ T4311] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.627219][ T4311] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 140.654630][ T4311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.678230][ T4311] usb 1-1: Product: syz [ 140.693033][ T4311] usb 1-1: Manufacturer: syz [ 140.706996][ T4311] usb 1-1: SerialNumber: syz [ 140.736833][ T4311] cdc_mbim 1-1:1.0: skipping garbage [ 140.850109][ T5894] loop4: detected capacity change from 0 to 40427 [ 140.876543][ T5894] F2FS-fs (loop4): invalid crc value [ 140.905809][ T5894] F2FS-fs (loop4): Found nat_bits in checkpoint [ 140.969137][ T5921] loop1: detected capacity change from 0 to 512 [ 141.040253][ T5894] F2FS-fs (loop4): Start checkpoint disabled! [ 141.054489][ T5921] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 141.084294][ T5921] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.095478][ T5894] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 141.419578][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 141.466721][ T46] kworker/u4:3: attempt to access beyond end of device [ 141.466721][ T46] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 141.573349][ T4311] cdc_mbim 1-1:1.0: SET_NTB_FORMAT failed [ 141.597718][ T4311] cdc_mbim 1-1:1.0: bind() failure [ 141.626788][ T4311] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 141.649886][ T4311] cdc_ncm 1-1:1.1: bind() failure [ 141.663258][ T5933] loop1: detected capacity change from 0 to 1024 [ 141.689560][ T4311] usb 1-1: USB disconnect, device number 8 [ 141.710582][ T5933] EXT4-fs: Ignoring removed nobh option [ 141.744122][ T5933] EXT4-fs: inline encryption not supported [ 141.750054][ T5932] device batadv0 entered promiscuous mode [ 141.759946][ T5932] device bond0 entered promiscuous mode [ 141.790669][ T5932] device bond_slave_0 entered promiscuous mode [ 141.797867][ T5932] device bond_slave_1 entered promiscuous mode [ 141.814837][ T5933] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 141.840500][ T5932] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 141.856334][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 141.872940][ T5933] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 141.963312][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 142.127096][ T5937] loop1: detected capacity change from 0 to 256 [ 142.205765][ T5937] exfat: Deprecated parameter 'utf8' [ 142.238256][ T5937] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 142.772043][ T5954] program syz.1.651 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 143.011324][ T5964] netlink: 'syz.1.656': attribute type 1 has an invalid length. [ 143.044277][ T5964] netlink: 'syz.1.656': attribute type 2 has an invalid length. [ 143.104225][ T4795] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 143.289397][ T4795] usb 1-1: Using ep0 maxpacket: 16 [ 143.296542][ T4795] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 143.329243][ T4795] usb 1-1: config 0 has no interface number 0 [ 143.339439][ T4795] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 143.355869][ T4795] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 143.424431][ T4795] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 143.445236][ T4795] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 143.460589][ T4795] usb 1-1: Product: syz [ 143.464809][ T4795] usb 1-1: SerialNumber: syz [ 143.478765][ T4795] usb 1-1: config 0 descriptor?? [ 143.516695][ T4795] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 143.540614][ T4795] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input8 [ 143.756202][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 143.756297][ T4313] usb 1-1: USB disconnect, device number 9 [ 143.763450][ C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 143.840807][ T4313] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 146.411780][ T6022] loop1: detected capacity change from 0 to 32768 [ 146.441586][ T6022] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.679 (6022) [ 146.541023][ T6022] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 146.568755][ T6027] loop4: detected capacity change from 0 to 32768 [ 146.577077][ T6022] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 146.597879][ T6022] BTRFS info (device loop1): using free space tree [ 146.921151][ T6038] loop3: detected capacity change from 0 to 32768 [ 147.084946][ T6038] UFO tlock:0xffffc9000286a090 [ 147.170589][ T6038] MetaData crosses page boundary!! [ 147.186581][ T6038] lblock = 6300000010, size = -820051968 [ 147.195978][ T6038] CPU: 0 PID: 6038 Comm: syz.3.687 Not tainted syzkaller #0 [ 147.203337][ T6038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 147.204098][ T6022] BTRFS info (device loop1): enabling ssd optimizations [ 147.213411][ T6038] Call Trace: [ 147.213448][ T6038] [ 147.213457][ T6038] dump_stack_lvl+0x188/0x24e [ 147.213492][ T6038] ? __wake_up_bit+0x210/0x210 [ 147.213521][ T6038] ? show_regs_print_info+0x12/0x12 [ 147.213550][ T6038] ? load_image+0x400/0x400 [ 147.213584][ T6038] __get_metapage+0xaa8/0xfa0 [ 147.251509][ T6038] dtSearch+0x5d5/0x2050 [ 147.255886][ T6038] jfs_lookup+0x1ad/0x420 [ 147.260325][ T6038] ? jfs_get_parent+0xa0/0xa0 [ 147.265107][ T6038] ? d_alloc_parallel+0x13f2/0x1530 [ 147.270328][ T6038] ? lockdep_softirqs_off+0x430/0x430 [ 147.275841][ T6038] ? d_hash_and_lookup+0x1b0/0x1b0 [ 147.281080][ T6038] ? __init_waitqueue_head+0xa5/0x150 [ 147.286487][ T6038] __lookup_slow+0x29d/0x3f0 [ 147.291098][ T6038] ? lookup_one_len+0x2d0/0x2d0 [ 147.295968][ T6038] ? try_to_unlazy+0x34c/0x5a0 [ 147.300768][ T6038] ? down_read+0x1a8/0x2d0 [ 147.305389][ T6038] lookup_slow+0x53/0x70 [ 147.309764][ T6038] walk_component+0x2be/0x3f0 [ 147.314458][ T6038] ? path_lookupat+0x15c/0x440 [ 147.319324][ T6038] path_lookupat+0x169/0x440 [ 147.323927][ T6038] filename_lookup+0x224/0x560 [ 147.328701][ T6038] ? hashlen_string+0x110/0x110 [ 147.333588][ T6038] ? strncpy_from_user+0x1e3/0x350 [ 147.338720][ T6038] ? getname_flags+0x206/0x500 [ 147.343501][ T6038] user_path_at_empty+0x3e/0x60 [ 147.348370][ T6038] __se_sys_mount+0x2a4/0x3d0 [ 147.353062][ T6038] ? __x64_sys_mount+0xc0/0xc0 [ 147.357838][ T6038] ? lockdep_hardirqs_on+0x94/0x140 [ 147.363043][ T6038] ? __x64_sys_mount+0x1c/0xc0 [ 147.367819][ T6038] do_syscall_64+0x4c/0xa0 [ 147.372249][ T6038] ? clear_bhb_loop+0x60/0xb0 [ 147.376956][ T6038] ? clear_bhb_loop+0x60/0xb0 [ 147.381650][ T6038] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 147.387556][ T6038] RIP: 0033:0x7f58c9b9c799 [ 147.392068][ T6038] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.411792][ T6038] RSP: 002b:00007f58ca9c4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 147.420233][ T6038] RAX: ffffffffffffffda RBX: 00007f58c9e15fa0 RCX: 00007f58c9b9c799 [ 147.428227][ T6038] RDX: 0000000000000000 RSI: 00002000000020c0 RDI: 0000000000000000 [ 147.436215][ T6038] RBP: 00007f58c9c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 147.444296][ T6038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.452453][ T6038] R13: 00007f58c9e16038 R14: 00007f58c9e15fa0 R15: 00007ffd969985a8 [ 147.460463][ T6038] [ 147.491929][ T6038] bread failed! [ 147.517676][ T6038] jfs_lookup: dtSearch returned -5 [ 147.535087][ T6068] MetaData crosses page boundary!! [ 147.563813][ T6068] lblock = 6300000010, size = -820051968 [ 147.603507][ T6068] CPU: 0 PID: 6068 Comm: syz.3.687 Not tainted syzkaller #0 [ 147.610889][ T6068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 147.621068][ T6068] Call Trace: [ 147.624389][ T6068] [ 147.627358][ T6068] dump_stack_lvl+0x188/0x24e [ 147.632082][ T6068] ? __wake_up_bit+0x210/0x210 [ 147.636918][ T6068] ? show_regs_print_info+0x12/0x12 [ 147.642173][ T6068] ? load_image+0x400/0x400 [ 147.646838][ T6068] __get_metapage+0xaa8/0xfa0 [ 147.651670][ T6068] dtSearch+0x5d5/0x2050 [ 147.655996][ T6068] jfs_lookup+0x1ad/0x420 [ 147.660409][ T6068] ? jfs_get_parent+0xa0/0xa0 [ 147.665135][ T6068] ? d_alloc_parallel+0x13f2/0x1530 [ 147.670401][ T6068] ? d_hash_and_lookup+0x1b0/0x1b0 [ 147.675731][ T6068] ? __init_waitqueue_head+0xa5/0x150 [ 147.681149][ T6068] __lookup_slow+0x29d/0x3f0 [ 147.685779][ T6068] ? lookup_one_len+0x2d0/0x2d0 [ 147.690672][ T6068] ? try_to_unlazy+0x34c/0x5a0 [ 147.695535][ T6068] ? down_read+0x1a8/0x2d0 [ 147.700012][ T6068] lookup_slow+0x53/0x70 [ 147.704416][ T6068] link_path_walk+0x945/0xe70 [ 147.709162][ T6068] ? handle_lookup_down+0x130/0x130 [ 147.714422][ T6068] path_openat+0x286/0x2ee0 [ 147.719262][ T6068] ? verify_lock_unused+0x140/0x140 [ 147.724553][ T6068] ? do_syscall_64+0x4c/0xa0 [ 147.729207][ T6068] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 147.735334][ T6068] ? do_filp_open+0x430/0x430 [ 147.740092][ T6068] do_filp_open+0x1f1/0x430 [ 147.744651][ T6068] ? vfs_tmpfile+0x480/0x480 [ 147.749402][ T6068] ? _raw_spin_unlock+0x24/0x40 [ 147.754290][ T6068] ? alloc_fd+0x58f/0x630 [ 147.758675][ T6068] do_sys_openat2+0x150/0x4b0 [ 147.763395][ T6068] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 147.769327][ T6068] ? do_sys_open+0xe0/0xe0 [ 147.773770][ T6068] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 147.779771][ T6068] ? lock_chain_count+0x20/0x20 [ 147.784664][ T6068] __x64_sys_creat+0x8c/0xb0 [ 147.789292][ T6068] do_syscall_64+0x4c/0xa0 [ 147.793735][ T6068] ? clear_bhb_loop+0x60/0xb0 [ 147.798426][ T6068] ? clear_bhb_loop+0x60/0xb0 [ 147.803217][ T6068] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 147.809125][ T6068] RIP: 0033:0x7f58c9b9c799 [ 147.813571][ T6068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.833460][ T6068] RSP: 002b:00007f58ca9a3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 147.841976][ T6068] RAX: ffffffffffffffda RBX: 00007f58c9e16090 RCX: 00007f58c9b9c799 [ 147.849962][ T6068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 147.858025][ T6068] RBP: 00007f58c9c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 147.866003][ T6068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.873986][ T6068] R13: 00007f58c9e16128 R14: 00007f58c9e16090 R15: 00007ffd969985a8 [ 147.881977][ T6068] [ 147.895430][ T6068] bread failed! [ 147.939194][ T4272] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 148.146136][ T6068] jfs_lookup: dtSearch returned -5 [ 148.992575][ T6099] loop3: detected capacity change from 0 to 8 [ 149.163024][ T6099] SQUASHFS error: Unable to read directory block [629:fe] [ 149.399373][ T4311] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 149.513080][ T6113] netlink: 4576 bytes leftover after parsing attributes in process `syz.2.706'. [ 149.533217][ T6115] loop1: detected capacity change from 0 to 2048 [ 149.579224][ T6115] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 149.620402][ T4311] usb 5-1: Using ep0 maxpacket: 32 [ 149.627766][ T4311] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 149.646373][ T4311] usb 5-1: config 0 has no interface number 0 [ 149.662647][ T4311] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 149.669462][ T6121] comedi comedi3: comedi_test: 33787 microvolt, 16952 microsecond waveform attached [ 149.673790][ T6120] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 149.716119][ T6115] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 149.730037][ T4311] usb 5-1: config 0 interface 85 has no altsetting 0 [ 149.750459][ T4311] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 149.755050][ T6115] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 149.780012][ T4311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.798261][ T4311] usb 5-1: Product: syz [ 149.819568][ T4311] usb 5-1: Manufacturer: syz [ 149.838069][ T4311] usb 5-1: SerialNumber: syz [ 149.839351][ T6115] Remounting filesystem read-only [ 149.865858][ T4311] usb 5-1: config 0 descriptor?? [ 149.931716][ T6115] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 149.995725][ T6115] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 150.008881][ T6128] device macvtap1 entered promiscuous mode [ 150.028922][ T6128] device dummy0 entered promiscuous mode [ 150.036833][ T6115] NILFS (loop1): error -5 truncating bmap (ino=16) [ 150.066152][ T6128] team0: Device macvtap1 failed to register rx_handler [ 150.097468][ T6115] NILFS (loop1): the device already has a read-only mount. [ 150.100195][ T6128] device dummy0 left promiscuous mode [ 150.204184][ T4272] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 150.497838][ T4311] appletouch 5-1:0.85: Geyser mode initialized. [ 150.532065][ T4311] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input9 [ 150.732607][ T4311] usb 5-1: USB disconnect, device number 7 [ 150.732666][ C0] appletouch 5-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 150.780147][ T4311] appletouch 5-1:0.85: input: appletouch disconnected [ 150.945042][ T6153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.722'. [ 151.196021][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.1.726'. [ 151.216989][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.1.726'. [ 151.257869][ T6164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.726'. [ 151.289594][ T6164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.726'. [ 151.330241][ T6164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.726'. [ 151.379512][ T6164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.726'. [ 151.440623][ T6164] Zero length message leads to an empty skb [ 152.179580][ T4311] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 152.331187][ T6180] loop1: detected capacity change from 0 to 32768 [ 152.359440][ T6180] XFS (loop1): Mounting V5 Filesystem [ 152.401656][ T4311] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 152.450486][ T4311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.484684][ T4311] usb 5-1: config 0 descriptor?? [ 152.518041][ T4313] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x192/0x250, xfs_agf block 0x1 [ 152.534162][ T26] audit: type=1326 audit(1774073130.905:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 152.537173][ T4311] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 152.577201][ T4313] XFS (loop1): Unmount and run xfs_repair [ 152.589392][ T26] audit: type=1326 audit(1774073130.925:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 152.594370][ T4313] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 152.676464][ T4313] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 20 00 XAGF.......... . [ 152.686007][ T26] audit: type=1326 audit(1774073130.925:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 152.716670][ T4313] 00000010: 00 00 00 01 00 00 00 02 00 00 00 05 00 00 00 01 ................ [ 152.761473][ T4313] 00000020: 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 06 ................ [ 152.788490][ T26] audit: type=1326 audit(1774073130.925:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 152.807348][ T4313] 00000030: 00 00 00 06 00 00 13 e3 00 00 13 e0 00 00 00 00 ................ [ 152.857980][ T4313] 00000040: d7 dc 42 4e 79 ff 01 00 00 00 00 00 00 0a 10 1d ..BNy........... [ 152.889454][ T26] audit: type=1326 audit(1774073130.925:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 152.906153][ T4313] 00000050: 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 01 ................ [ 152.959135][ T4313] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 152.976057][ T26] audit: type=1326 audit(1774073130.925:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 152.989359][ T4313] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 153.045600][ T26] audit: type=1326 audit(1774073130.925:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 153.068491][ T6180] XFS (loop1): metadata I/O error in "xfs_read_agf+0x2b6/0x630" at daddr 0x1 len 1 error 74 [ 153.078783][ T6180] XFS (loop1): Error -117 reserving per-AG metadata reserve pool. [ 153.087403][ T6180] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1c6/0x1f0 (fs/xfs/xfs_fsops.c:587). Shutting down filesystem. [ 153.102984][ T6180] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 153.111698][ T6180] XFS (loop1): Ending clean mount [ 153.117737][ T6180] XFS (loop1): Unmounting Filesystem [ 153.157615][ T4311] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 153.186548][ T4311] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 153.224778][ T4311] usb 5-1: media controller created [ 153.230296][ T26] audit: type=1326 audit(1774073130.925:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 153.305646][ T4311] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 153.403887][ T4311] gp8psk_fe: Frontend attached [ 153.429875][ T4311] usb 5-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 153.486650][ T4311] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 153.614108][ T4311] gp8psk: usb in 138 operation failed. [ 153.629410][ T4311] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 153.639262][ T4311] gp8psk: found Genpix USB device pID = 203 (hex) [ 153.659702][ T4311] usb 5-1: USB disconnect, device number 8 [ 153.844283][ T4311] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 155.900005][ T4795] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 156.091640][ T4795] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.112930][ T4795] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.137460][ T4795] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 156.156709][ T4795] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.171092][ T4795] usb 1-1: config 0 descriptor?? [ 156.485829][ T26] audit: type=1326 audit(1774073134.855:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35c99c799 code=0x7ffc0000 [ 156.543582][ T26] audit: type=1326 audit(1774073134.885:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35c99c799 code=0x7ffc0000 [ 156.566119][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.612482][ T4795] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 156.629448][ T4795] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 156.647009][ T4795] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 156.673366][ T4795] cp2112 0003:10C4:EA90.0004: item fetching failed at offset 6/7 [ 156.714261][ T4795] cp2112 0003:10C4:EA90.0004: parse failed [ 156.736869][ T4795] cp2112: probe of 0003:10C4:EA90.0004 failed with error -22 [ 156.843681][ T4795] usb 1-1: USB disconnect, device number 10 [ 157.246485][ T6253] loop3: detected capacity change from 0 to 32768 [ 157.328005][ T6253] JFS: Invalid stbl[0] = -1 for inode 2, block = 0 [ 157.539383][ T26] kauditd_printk_skb: 1680 callbacks suppressed [ 157.539401][ T26] audit: type=1326 audit(1774073135.905:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe35c996517 code=0x7ffc0000 [ 157.654160][ T26] audit: type=1326 audit(1774073135.915:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe35c93db19 code=0x7ffc0000 [ 157.752771][ T26] audit: type=1326 audit(1774073135.915:2318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe35c996517 code=0x7ffc0000 [ 157.753596][ T6260] loop1: detected capacity change from 0 to 32768 [ 157.831104][ T26] audit: type=1326 audit(1774073135.915:2319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe35c93db19 code=0x7ffc0000 [ 157.937141][ T26] audit: type=1326 audit(1774073135.915:2320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe35c996517 code=0x7ffc0000 [ 158.086005][ T6260] XFS (loop1): Mounting V5 Filesystem [ 158.132401][ T26] audit: type=1326 audit(1774073135.915:2321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe35c93db19 code=0x7ffc0000 [ 158.169347][ T26] audit: type=1326 audit(1774073135.915:2322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe35c996517 code=0x7ffc0000 [ 158.198052][ T6260] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 158.225371][ T26] audit: type=1326 audit(1774073135.915:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe35c93db19 code=0x7ffc0000 [ 158.259406][ T26] audit: type=1326 audit(1774073135.915:2324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe35c996517 code=0x7ffc0000 [ 158.290686][ T6260] XFS (loop1): Starting recovery (logdev: internal) [ 158.299353][ T26] audit: type=1326 audit(1774073135.915:2325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6257 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe35c93db19 code=0x7ffc0000 [ 158.399717][ T6260] XFS (loop1): Ending recovery (logdev: internal) [ 158.868568][ T6292] loop4: detected capacity change from 0 to 8192 [ 158.924046][ T6292] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 159.268644][ T4272] XFS (loop1): Unmounting Filesystem [ 159.992447][ T6306] loop0: detected capacity change from 0 to 32768 [ 160.082393][ T6306] JFS: Invalid stbl[0] = -1 for inode 2, block = 0 [ 161.072028][ T4313] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 161.105473][ T6328] loop0: detected capacity change from 0 to 2048 [ 161.152468][ T6328] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.271462][ T4313] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 161.298043][ T4313] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 161.352014][ T4313] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 161.406992][ T4313] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.429421][ T4313] usb 5-1: Product: syz [ 161.433666][ T4313] usb 5-1: Manufacturer: syz [ 161.466999][ T4313] usb 5-1: SerialNumber: syz [ 161.484119][ T4313] usb 5-1: config 0 descriptor?? [ 161.505140][ T6326] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 161.523468][ T6326] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 161.664824][ T6336] bridge0: port 3(syz_tun) entered blocking state [ 161.682218][ T6336] bridge0: port 3(syz_tun) entered disabled state [ 161.703937][ T6336] device syz_tun entered promiscuous mode [ 161.725020][ T6336] bridge0: port 3(syz_tun) entered blocking state [ 161.731979][ T6336] bridge0: port 3(syz_tun) entered forwarding state [ 161.800372][ T6326] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 161.807692][ T6326] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 162.272421][ T4313] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 162.476066][ T4313] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 162.508830][ T4313] usb 5-1: USB disconnect, device number 9 [ 162.951371][ T6358] loop0: detected capacity change from 0 to 1024 [ 163.048553][ T6358] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 163.245408][ T6364] loop4: detected capacity change from 0 to 256 [ 163.288318][ T6364] exfat: Deprecated parameter 'utf8' [ 163.337686][ T6364] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d) [ 163.400458][ T26] kauditd_printk_skb: 59 callbacks suppressed [ 163.400476][ T26] audit: type=1800 audit(1774073141.765:2385): pid=6364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.804" name="file1" dev="loop4" ino=1048610 res=0 errno=0 [ 164.079380][ T14] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 164.321477][ T14] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 164.353374][ T14] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 164.395608][ T14] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 164.415825][ T14] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.545297][ T6372] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 164.717700][ T6383] loop3: detected capacity change from 0 to 32768 [ 164.745196][ T6383] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 164.753983][ T6383] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 164.888126][ T6383] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 164.915957][ T4313] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 164.929449][ T4313] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 165.039468][ T4313] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 110ms [ 165.063169][ T4313] gfs2: fsid=syz:syz.0: jid=0: Done [ 165.070303][ T6383] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 165.206940][ T6310] Set syz1 is full, maxelem 65536 reached [ 165.227661][ T6376] loop0: detected capacity change from 0 to 32768 [ 165.414023][ T6376] XFS (loop0): Mounting V5 Filesystem [ 165.453795][ T6376] XFS (loop0): Ending clean mount [ 165.627943][ T4274] XFS (loop0): Unmounting Filesystem [ 165.637446][ T14] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 165.649857][ T6397] netlink: 'syz.2.814': attribute type 9 has an invalid length. [ 165.657070][ T14] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input10 [ 165.678095][ T6397] netlink: 20 bytes leftover after parsing attributes in process `syz.2.814'. [ 165.704774][ T14] usb 5-1: USB disconnect, device number 10 [ 165.710942][ C0] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 165.727053][ T6383] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 165.727053][ T6383] bh = 68 (type: exp=2, found=65534) [ 165.727053][ T6383] function = gfs2_rgrp_go_instantiate, file = fs/gfs2/rgrp.c, line = 1224 [ 165.749378][ T6383] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 165.766353][ T6383] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 165.776754][ T6383] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 165.785593][ T6383] gfs2: fsid=syz:syz.0: File system withdrawn [ 165.791757][ T6383] CPU: 1 PID: 6383 Comm: syz.3.812 Not tainted syzkaller #0 [ 165.799083][ T6383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 165.809364][ T6383] Call Trace: [ 165.812687][ T6383] [ 165.815647][ T6383] dump_stack_lvl+0x188/0x24e [ 165.820371][ T6383] ? kobject_uevent_env+0x35f/0x8a0 [ 165.825617][ T6383] ? show_regs_print_info+0x12/0x12 [ 165.830869][ T6383] ? load_image+0x400/0x400 [ 165.835425][ T6383] ? kobject_uevent_env+0x35f/0x8a0 [ 165.840677][ T6383] gfs2_withdraw+0x1398/0x16c0 [ 165.845503][ T6383] ? gfs2_lm+0x240/0x240 [ 165.849875][ T6383] ? bit_waitqueue+0x30/0x30 [ 165.854518][ T6383] ? gfs2_meta_new+0x160/0x160 [ 165.859340][ T6383] gfs2_metatype_check_ii+0x74/0x90 [ 165.864588][ T6383] gfs2_rgrp_go_instantiate+0x397/0x12f0 [ 165.870280][ T6383] ? gfs2_glock_nq+0xcf0/0x14e0 [ 165.875182][ T6383] gfs2_instantiate+0x15e/0x210 [ 165.880078][ T6383] gfs2_glock_wait+0x1d0/0x2a0 [ 165.884894][ T6383] gfs2_inplace_reserve+0xd04/0x3460 [ 165.890229][ T6383] ? is_bpf_text_address+0x22/0x2a0 [ 165.895494][ T6383] ? gfs2_rgrp_out+0x700/0x700 [ 165.900310][ T6383] ? apparmor_capable+0x12c/0x190 [ 165.905473][ T6383] ? bpf_lsm_capable+0x5/0x10 [ 165.910168][ T6383] ? security_capable+0x85/0xb0 [ 165.915147][ T6383] ea_alloc_skeleton+0x297/0x560 [ 165.920105][ T6383] ? ea_alloc_skeleton+0x560/0x560 [ 165.925322][ T6383] ? ea_find_i+0x250/0x250 [ 165.929785][ T6383] ? stack_trace_save+0xa6/0xf0 [ 165.934996][ T6383] ? __stack_depot_save+0x421/0x460 [ 165.940390][ T6383] ea_init+0x179/0x1f0 [ 165.944484][ T6383] ? __gfs2_xattr_set+0xc60/0xc60 [ 165.949520][ T6383] ? __vfs_setxattr_noperm+0x129/0x5e0 [ 165.954997][ T6383] ? do_syscall_64+0x4c/0xa0 [ 165.959597][ T6383] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 165.965877][ T6383] __gfs2_xattr_set+0x628/0xc60 [ 165.970748][ T6383] ? gfs2_ea_get_copy+0x8c0/0x8c0 [ 165.975797][ T6383] ? __kmem_cache_alloc_node+0x140/0x260 [ 165.981445][ T6383] ? posix_acl_to_xattr+0x31b/0x3a0 [ 165.986665][ T6383] __gfs2_set_acl+0x102/0x180 [ 165.991362][ T6383] gfs2_set_acl+0x507/0x790 [ 165.995885][ T6383] ? __gfs2_set_acl+0x180/0x180 [ 166.000751][ T6383] ? __kmem_cache_alloc_node+0x140/0x260 [ 166.006397][ T6383] ? posix_acl_xattr_set+0x387/0x3f0 [ 166.011696][ T6383] ? vfs_set_acl_prepare+0x105/0x6c0 [ 166.016992][ T6383] ? __kmalloc+0xe1/0x240 [ 166.021342][ T6383] ? posix_acl_valid+0x320/0x3a0 [ 166.026293][ T6383] posix_acl_xattr_set+0x387/0x3f0 [ 166.031424][ T6383] ? posix_acl_xattr_get+0x550/0x550 [ 166.036748][ T6383] __vfs_setxattr+0x3e0/0x420 [ 166.041540][ T6383] __vfs_setxattr_noperm+0x129/0x5e0 [ 166.046933][ T6383] vfs_setxattr+0x167/0x2e0 [ 166.051461][ T6383] ? xattr_permission+0x500/0x500 [ 166.056506][ T6383] ? _copy_from_user+0x10b/0x170 [ 166.061545][ T6383] ? setxattr+0x2ce/0x360 [ 166.065898][ T6383] setxattr+0x346/0x360 [ 166.070249][ T6383] ? path_setxattr+0x290/0x290 [ 166.075046][ T6383] ? __mnt_want_write+0x21f/0x2a0 [ 166.080179][ T6383] path_setxattr+0x147/0x290 [ 166.084786][ T6383] ? simple_xattr_list_add+0xf0/0xf0 [ 166.090345][ T6383] ? lock_chain_count+0x20/0x20 [ 166.095215][ T6383] __x64_sys_setxattr+0xb7/0xd0 [ 166.100083][ T6383] do_syscall_64+0x4c/0xa0 [ 166.104517][ T6383] ? clear_bhb_loop+0x60/0xb0 [ 166.109216][ T6383] ? clear_bhb_loop+0x60/0xb0 [ 166.113914][ T6383] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 166.119820][ T6383] RIP: 0033:0x7f58c9b9c799 [ 166.124255][ T6383] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.143888][ T6383] RSP: 002b:00007f58ca9c4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 166.152415][ T6383] RAX: ffffffffffffffda RBX: 00007f58c9e15fa0 RCX: 00007f58c9b9c799 [ 166.160488][ T6383] RDX: 0000200000000140 RSI: 0000200000000000 RDI: 0000200000002a00 [ 166.168472][ T6383] RBP: 00007f58c9c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 166.176884][ T6383] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000000 [ 166.184876][ T6383] R13: 00007f58c9e16038 R14: 00007f58c9e15fa0 R15: 00007ffd969985a8 [ 166.192958][ T6383] [ 166.486839][ T6402] loop1: detected capacity change from 0 to 256 [ 166.502666][ T6402] exfat: Deprecated parameter 'utf8' [ 166.567091][ T6402] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d) [ 166.757759][ T26] audit: type=1800 audit(1774073145.125:2386): pid=6402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.817" name="file1" dev="loop1" ino=1048611 res=0 errno=0 [ 167.163073][ T6419] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 167.225502][ T6419] overlayfs: overlapping lowerdir path [ 167.360616][ T6424] loop1: detected capacity change from 0 to 128 [ 168.240913][ T6441] device ip6gretap1 entered promiscuous mode [ 168.757702][ T6428] loop0: detected capacity change from 0 to 32768 [ 168.765940][ T6456] loop8: detected capacity change from 0 to 7 [ 168.828576][ T5597] Dev loop8: unable to read RDB block 7 [ 168.840365][ T6428] XFS (loop0): Mounting V5 Filesystem [ 168.846562][ T5597] loop8: unable to read partition table [ 168.878368][ T5597] loop8: partition table beyond EOD, truncated [ 168.971927][ T6428] XFS (loop0): Ending clean mount [ 168.997665][ T6469] 9pnet_fd: Insufficient options for proto=fd [ 169.145989][ T6456] Dev loop8: unable to read RDB block 7 [ 169.147975][ T4274] XFS (loop0): Unmounting Filesystem [ 169.151980][ T6456] loop8: unable to read partition table [ 169.210166][ T6456] loop8: partition table beyond EOD, truncated [ 169.249490][ T6456] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 169.385363][ T6477] netlink: 72 bytes leftover after parsing attributes in process `syz.3.848'. [ 169.628702][ T6483] loop1: detected capacity change from 0 to 64 [ 169.917740][ T6492] rtc_cmos 00:00: Alarms can be up to one day in the future [ 170.052682][ T6490] Falling back ldisc for ttyS3. [ 170.647787][ T4311] rtc_cmos 00:00: Alarms can be up to one day in the future [ 170.669707][ T4311] rtc_cmos 00:00: Alarms can be up to one day in the future [ 170.718257][ T4311] rtc_cmos 00:00: Alarms can be up to one day in the future [ 170.759044][ T4311] rtc_cmos 00:00: Alarms can be up to one day in the future [ 170.802424][ T4311] rtc rtc0: __rtc_set_alarm: err=-22 [ 170.938883][ T6505] loop4: detected capacity change from 0 to 32768 [ 170.956761][ T6505] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 170.965127][ T6505] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 171.024302][ T6505] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 171.033479][ T4312] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 171.040428][ T4312] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 171.138347][ T4312] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 97ms [ 171.176520][ T4312] gfs2: fsid=syz:syz.0: jid=0: Done [ 171.196764][ T6505] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 171.883175][ T6505] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 171.883175][ T6505] bh = 68 (type: exp=2, found=65534) [ 171.883175][ T6505] function = gfs2_rgrp_go_instantiate, file = fs/gfs2/rgrp.c, line = 1224 [ 171.904287][ T6505] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 171.911624][ T4311] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 171.926707][ T6505] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 171.935575][ T6505] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 171.943817][ T6505] gfs2: fsid=syz:syz.0: File system withdrawn [ 171.950005][ T6505] CPU: 0 PID: 6505 Comm: syz.4.859 Not tainted syzkaller #0 [ 171.957327][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 171.967503][ T6505] Call Trace: [ 171.970821][ T6505] [ 171.973957][ T6505] dump_stack_lvl+0x188/0x24e [ 171.978760][ T6505] ? kobject_uevent_env+0x35f/0x8a0 [ 171.983970][ T6505] ? show_regs_print_info+0x12/0x12 [ 171.989188][ T6505] ? load_image+0x400/0x400 [ 171.993814][ T6505] ? kobject_uevent_env+0x35f/0x8a0 [ 171.999113][ T6505] gfs2_withdraw+0x1398/0x16c0 [ 172.003911][ T6505] ? gfs2_lm+0x240/0x240 [ 172.008176][ T6505] ? bit_waitqueue+0x30/0x30 [ 172.012787][ T6505] ? gfs2_meta_new+0x160/0x160 [ 172.017570][ T6505] gfs2_metatype_check_ii+0x74/0x90 [ 172.022782][ T6505] gfs2_rgrp_go_instantiate+0x397/0x12f0 [ 172.028441][ T6505] ? gfs2_glock_nq+0xcf0/0x14e0 [ 172.033306][ T6505] gfs2_instantiate+0x15e/0x210 [ 172.038176][ T6505] gfs2_glock_wait+0x1d0/0x2a0 [ 172.043042][ T6505] gfs2_inplace_reserve+0xd04/0x3460 [ 172.048347][ T6505] ? is_bpf_text_address+0x22/0x2a0 [ 172.053671][ T6505] ? gfs2_rgrp_out+0x700/0x700 [ 172.058447][ T6505] ? apparmor_capable+0x12c/0x190 [ 172.063486][ T6505] ? bpf_lsm_capable+0x5/0x10 [ 172.068313][ T6505] ? security_capable+0x85/0xb0 [ 172.073201][ T6505] ea_alloc_skeleton+0x297/0x560 [ 172.078169][ T6505] ? ea_alloc_skeleton+0x560/0x560 [ 172.083299][ T6505] ? ea_find_i+0x250/0x250 [ 172.087727][ T6505] ? stack_trace_save+0xa6/0xf0 [ 172.092593][ T6505] ? __stack_depot_save+0x35/0x460 [ 172.097725][ T6505] ea_init+0x179/0x1f0 [ 172.101811][ T6505] ? __gfs2_xattr_set+0xc60/0xc60 [ 172.106848][ T6505] ? __vfs_setxattr_noperm+0x129/0x5e0 [ 172.112325][ T6505] ? do_syscall_64+0x4c/0xa0 [ 172.116931][ T6505] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 172.123012][ T6505] __gfs2_xattr_set+0x628/0xc60 [ 172.127887][ T6505] ? gfs2_ea_get_copy+0x8c0/0x8c0 [ 172.132946][ T6505] ? __kmem_cache_alloc_node+0x140/0x260 [ 172.138679][ T6505] ? posix_acl_to_xattr+0x31b/0x3a0 [ 172.143900][ T6505] __gfs2_set_acl+0x102/0x180 [ 172.148854][ T6505] gfs2_set_acl+0x507/0x790 [ 172.153375][ T6505] ? __gfs2_set_acl+0x180/0x180 [ 172.158412][ T6505] ? __kmem_cache_alloc_node+0x140/0x260 [ 172.164059][ T6505] ? posix_acl_xattr_set+0x387/0x3f0 [ 172.169372][ T6505] ? vfs_set_acl_prepare+0x105/0x6c0 [ 172.174720][ T6505] ? __kmalloc+0xe1/0x240 [ 172.179089][ T6505] ? posix_acl_valid+0x320/0x3a0 [ 172.184087][ T6505] posix_acl_xattr_set+0x387/0x3f0 [ 172.189251][ T6505] ? posix_acl_xattr_get+0x550/0x550 [ 172.194669][ T6505] __vfs_setxattr+0x3e0/0x420 [ 172.199383][ T6505] __vfs_setxattr_noperm+0x129/0x5e0 [ 172.204742][ T6505] vfs_setxattr+0x167/0x2e0 [ 172.209369][ T6505] ? xattr_permission+0x500/0x500 [ 172.214410][ T6505] ? _copy_from_user+0x10b/0x170 [ 172.219456][ T6505] ? setxattr+0x2ce/0x360 [ 172.223809][ T6505] setxattr+0x346/0x360 [ 172.228080][ T6505] ? path_setxattr+0x290/0x290 [ 172.232893][ T6505] ? __mnt_want_write+0x21f/0x2a0 [ 172.237967][ T6505] path_setxattr+0x147/0x290 [ 172.242688][ T6505] ? simple_xattr_list_add+0xf0/0xf0 [ 172.247997][ T6505] ? lock_chain_count+0x20/0x20 [ 172.252872][ T6505] __x64_sys_setxattr+0xb7/0xd0 [ 172.257745][ T6505] do_syscall_64+0x4c/0xa0 [ 172.262179][ T6505] ? clear_bhb_loop+0x60/0xb0 [ 172.266872][ T6505] ? clear_bhb_loop+0x60/0xb0 [ 172.271655][ T6505] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 172.277672][ T6505] RIP: 0033:0x7fb43519c799 [ 172.282100][ T6505] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 172.301804][ T6505] RSP: 002b:00007fb4333f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 172.310229][ T6505] RAX: ffffffffffffffda RBX: 00007fb435415fa0 RCX: 00007fb43519c799 [ 172.318305][ T6505] RDX: 0000200000000140 RSI: 0000200000000000 RDI: 0000200000002a00 [ 172.326293][ T6505] RBP: 00007fb435232c99 R08: 0000000000000000 R09: 0000000000000000 [ 172.334272][ T6505] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000000 [ 172.342251][ T6505] R13: 00007fb435416038 R14: 00007fb435415fa0 R15: 00007fff54b08538 [ 172.350342][ T6505] [ 172.459496][ T4311] usb 2-1: Using ep0 maxpacket: 16 [ 172.471188][ T4311] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 172.525453][ T4311] usb 2-1: config 0 has no interface number 0 [ 172.551693][ T4311] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 172.676674][ T4311] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 172.715197][ T4311] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 172.749332][ T4311] usb 2-1: Manufacturer: syz [ 172.764321][ T4311] usb 2-1: SerialNumber: syz [ 172.802000][ T4311] usb 2-1: config 0 descriptor?? [ 173.424444][ T4311] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.214/input/input11 [ 173.650852][ T4311] usb 2-1: USB disconnect, device number 5 [ 173.846880][ T6560] loop0: detected capacity change from 0 to 8192 [ 173.907553][ T6560] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 173.935100][ T6560] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 173.949934][ T6560] REISERFS (device loop0): using ordered data mode [ 173.965203][ T6560] reiserfs: using flush barriers [ 173.986212][ T6536] loop3: detected capacity change from 0 to 40427 [ 174.000501][ T6560] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 174.021812][ T6536] F2FS-fs (loop3): Unrecognized mount option "whint_mode=user-based" or missing value [ 174.032231][ T6560] REISERFS (device loop0): checking transaction log (loop0) [ 174.383835][ T6569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.877'. [ 174.432730][ T6569] sit0: Master is either lo or non-ether device [ 174.447368][ T6560] REISERFS (device loop0): Using tea hash to sort names [ 174.464604][ T6569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.877'. [ 174.476849][ T6560] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 174.536746][ T6569] sit0: Master is either lo or non-ether device [ 176.043118][ T6592] loop3: detected capacity change from 0 to 32768 [ 176.140913][ T6592] XFS (loop3): Mounting V5 Filesystem [ 176.259236][ T6592] XFS (loop3): Ending clean mount [ 176.271082][ T6592] XFS (loop3): Quotacheck needed: Please wait. [ 176.394069][ T6592] XFS (loop3): Quotacheck: Done. [ 176.618522][ T4277] XFS (loop3): Unmounting Filesystem [ 176.997475][ T6633] netlink: 64 bytes leftover after parsing attributes in process `syz.0.900'. [ 178.434851][ T6669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.914'. [ 179.086541][ T6683] loop3: detected capacity change from 0 to 128 [ 179.161258][ T6683] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 179.189816][ T6683] ext4 filesystem being mounted at /187/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 179.401555][ T6695] loop4: detected capacity change from 0 to 24 [ 179.448635][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 179.900531][ T26] audit: type=1326 audit(1774073158.275:2387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6710 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35c99c799 code=0x7ffc0000 [ 179.938575][ T26] audit: type=1326 audit(1774073158.305:2388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6710 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7fe35c99c799 code=0x7ffc0000 [ 180.130235][ T6720] program syz.4.938 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 180.273801][ T6724] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input12 [ 180.465757][ T6702] loop0: detected capacity change from 0 to 32768 [ 180.902664][ T6737] loop4: detected capacity change from 0 to 1024 [ 181.742684][ T6763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.957'. [ 182.306787][ T6779] program syz.4.965 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 182.526939][ T6786] loop1: detected capacity change from 0 to 1024 [ 182.626871][ T6759] loop0: detected capacity change from 0 to 32768 [ 182.701763][ T6790] loop3: detected capacity change from 0 to 2048 [ 182.713675][ T6786] hfsplus: xattr search failed [ 182.716133][ T6790] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.807187][ T6759] XFS (loop0): Mounting V5 Filesystem [ 183.068995][ T6759] XFS (loop0): Ending clean mount [ 183.112592][ T6759] XFS (loop0): Quotacheck needed: Please wait. [ 183.229791][ T6808] input: syz0 as /devices/virtual/input/input13 [ 183.239477][ T6759] XFS (loop0): Quotacheck: Done. [ 183.472583][ T4274] XFS (loop0): Unmounting Filesystem [ 184.197125][ T6839] input: syz1 as /devices/virtual/input/input14 [ 184.730088][ T6832] loop4: detected capacity change from 0 to 32768 [ 184.762422][ T6832] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.987 (6832) [ 184.901897][ T6832] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 184.929190][ T6832] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 184.972874][ T6832] BTRFS info (device loop4): using free space tree [ 185.250075][ T6870] program syz.3.997 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 185.328060][ T6832] BTRFS info (device loop4): enabling ssd optimizations [ 185.728029][ T4270] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 185.849534][ T6887] program syz.0.1004 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 186.217227][ T6875] loop1: detected capacity change from 0 to 32768 [ 186.262952][ T26] audit: type=1800 audit(1774073164.635:2389): pid=6875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.998" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 187.630594][ T6902] loop4: detected capacity change from 0 to 40427 [ 187.656876][ T6902] F2FS-fs (loop4): Corrupted extension count (64 + 1 > 64) [ 187.679544][ T6902] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 187.708400][ T6902] F2FS-fs (loop4): Unrecognized mount option "flush_QVºe" or missing value [ 188.223450][ T6932] loop3: detected capacity change from 0 to 128 [ 188.254850][ T6932] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 188.327966][ T6932] hpfs: filesystem error: improperly stopped [ 188.359463][ T6932] hpfs: You really don't want any checks? You are crazy... [ 188.367081][ T6932] hpfs: hpfs_map_sector(): read error [ 188.399448][ T6932] hpfs: code page support is disabled [ 188.405073][ T6932] hpfs: hpfs_map_4sectors(): unaligned read [ 188.449539][ T6932] hpfs: hpfs_map_4sectors(): unaligned read [ 188.459206][ T6932] hpfs: filesystem error: unable to find root dir [ 188.520785][ T6932] hpfs: hpfs_map_4sectors(): unaligned read [ 188.528006][ T6932] hpfs: hpfs_map_sector(): read error [ 189.655786][ T6945] loop3: detected capacity change from 0 to 32768 [ 189.709479][ T4795] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 189.929558][ T4795] usb 5-1: Using ep0 maxpacket: 16 [ 189.940763][ T4795] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.982881][ T4795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 190.035746][ T4795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 190.058215][ T4795] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 190.088713][ T4795] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 190.113847][ T4795] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 190.134436][ T4795] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 190.191051][ T4795] usb 5-1: Manufacturer: syz [ 190.220388][ T4795] usb 5-1: config 0 descriptor?? [ 190.729404][ T4795] rc_core: IR keymap rc-hauppauge not found [ 190.739370][ T4795] Registered IR keymap rc-empty [ 190.744532][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 190.799510][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 190.847798][ T4795] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 190.897632][ T4795] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input15 [ 190.929525][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 190.959720][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.010770][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.059537][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.109424][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.149446][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.199698][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.255672][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.319418][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.359388][ T4795] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 191.396023][ T4795] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 191.419470][ T4795] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 191.454149][ T4795] usb 5-1: USB disconnect, device number 11 [ 191.946749][ T6987] loop1: detected capacity change from 0 to 32768 [ 193.391631][ T7051] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1074'. [ 193.926694][ T7066] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1080'. [ 194.375890][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.386048][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.684607][ T7064] loop4: detected capacity change from 0 to 40427 [ 194.704164][ T7064] F2FS-fs (loop4): invalid crc value [ 194.720562][ T7064] F2FS-fs (loop4): Found nat_bits in checkpoint [ 194.804129][ T7064] F2FS-fs (loop4): Start checkpoint disabled! [ 194.847116][ T7064] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 194.955305][ T7064] syz.4.1079: attempt to access beyond end of device [ 194.955305][ T7064] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 195.231924][ T35] kworker/u4:2: attempt to access beyond end of device [ 195.231924][ T35] loop4: rw=2049, sector=40960, nr_sectors = 40 limit=40427 [ 195.424267][ T7104] netlink: 340 bytes leftover after parsing attributes in process `syz.3.1098'. [ 195.681829][ T7114] loop3: detected capacity change from 0 to 64 [ 195.724732][ T7114] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 196.457216][ T4275] Bluetooth: hci1: command 0x0406 tx timeout [ 196.463369][ T4275] Bluetooth: hci2: command 0x0406 tx timeout [ 196.469661][ T4283] Bluetooth: hci3: command 0x0406 tx timeout [ 197.038927][ T7151] netlink: 'syz.1.1120': attribute type 2 has an invalid length. [ 197.485962][ T7142] loop3: detected capacity change from 0 to 32768 [ 197.513634][ T7142] XFS: attr2 mount option is deprecated. [ 197.616961][ T7142] XFS (loop3): Mounting V5 Filesystem [ 197.693363][ T7142] XFS (loop3): Ending clean mount [ 197.718148][ T7142] XFS (loop3): Quotacheck needed: Please wait. [ 197.782373][ T7142] XFS (loop3): Quotacheck: Done. [ 197.887460][ T4277] XFS (loop3): Unmounting Filesystem [ 198.065931][ T7168] loop0: detected capacity change from 0 to 32768 [ 198.094770][ T26] audit: type=1800 audit(1774073176.465:2390): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1128" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 198.839442][ T129] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 198.922079][ T7200] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1138'. [ 199.029536][ T129] usb 1-1: Using ep0 maxpacket: 32 [ 199.040317][ T129] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.076264][ T129] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.090355][ T129] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 199.119347][ T129] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.150531][ T129] usb 1-1: config 0 descriptor?? [ 199.169779][ T129] hub 1-1:0.0: USB hub found [ 199.282765][ T7207] loop1: detected capacity change from 0 to 1024 [ 199.312091][ T7207] EXT4-fs: Ignoring removed bh option [ 199.317633][ T7207] EXT4-fs: Ignoring removed oldalloc option [ 199.352426][ T7207] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 199.371018][ T129] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 199.448583][ T7207] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 199.596765][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 199.784218][ T129] hid-generic 0003:046D:C31C.0005: item fetching failed at offset 0/1 [ 199.820546][ T129] hid-generic: probe of 0003:046D:C31C.0005 failed with error -22 [ 200.109562][ T14] usb 1-1: USB disconnect, device number 11 [ 200.229408][ T129] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 200.409413][ T129] usb 2-1: Using ep0 maxpacket: 32 [ 200.420456][ T129] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 200.438896][ T129] usb 2-1: config 0 has no interface number 0 [ 200.445657][ T129] usb 2-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 200.457814][ T129] usb 2-1: config 0 interface 89 has no altsetting 0 [ 200.467507][ T129] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 200.479332][ T129] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.499456][ T129] usb 2-1: Product: syz [ 200.503772][ T129] usb 2-1: Manufacturer: syz [ 200.519750][ T129] usb 2-1: SerialNumber: syz [ 200.536735][ T129] usb 2-1: config 0 descriptor?? [ 200.592065][ T129] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 200.601745][ T129] em28xx 2-1:0.89: Video interface 89 found: [ 201.195497][ T129] em28xx 2-1:0.89: chip ID is em2710 [ 201.475649][ T129] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 201.504321][ T7271] loop3: detected capacity change from 0 to 64 [ 201.505922][ T129] em28xx 2-1:0.89: board has no eeprom [ 201.589350][ T129] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67) [ 201.634318][ T129] em28xx 2-1:0.89: analog set to bulk mode. [ 201.680509][ T129] usb 2-1: USB disconnect, device number 6 [ 201.704717][ T7278] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1170'. [ 201.727354][ T129] em28xx 2-1:0.89: Disconnecting em28xx [ 201.752503][ T6078] em28xx 2-1:0.89: Registering V4L2 extension [ 202.006279][ T6078] em28xx 2-1:0.89: Config register raw data: 0xffffffed [ 202.027915][ T6078] em28xx 2-1:0.89: AC97 chip type couldn't be determined [ 202.059851][ T6078] em28xx 2-1:0.89: No AC97 audio processor [ 202.111167][ T6078] usb 2-1: Decoder not found [ 202.115854][ T6078] em28xx 2-1:0.89: failed to create media graph [ 202.136557][ T6078] em28xx 2-1:0.89: V4L2 device video103 deregistered [ 202.169161][ T6078] em28xx 2-1:0.89: Registering snapshot button... [ 202.221491][ T6078] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input16 [ 202.288126][ T6078] em28xx 2-1:0.89: Remote control support is not available for this card. [ 202.304790][ T129] em28xx 2-1:0.89: Closing input extension [ 202.331294][ T129] em28xx 2-1:0.89: Deregistering snapshot button [ 202.453185][ T129] em28xx 2-1:0.89: Freeing device [ 203.068568][ T7324] loop3: detected capacity change from 0 to 2048 [ 203.115260][ T7324] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 203.129545][ T4795] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 203.186395][ T7324] UDF-fs: error (device loop3): udf_rename: directory (ino 1345) has parent entry pointing to another inode (1376 != 1367) [ 203.335883][ T7328] loop0: detected capacity change from 0 to 8192 [ 203.336149][ T4795] usb 2-1: Using ep0 maxpacket: 16 [ 203.354803][ T4795] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.383621][ T7331] loop4: detected capacity change from 0 to 1024 [ 203.405656][ T7328] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 203.415416][ T4795] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 203.419295][ T7328] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 203.439314][ T7328] REISERFS (device loop0): using journaled data mode [ 203.446038][ T7328] reiserfs: using flush barriers [ 203.457880][ T7328] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 203.493479][ T4795] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 203.494612][ T7328] REISERFS (device loop0): checking transaction log (loop0) [ 203.551177][ T7328] REISERFS (device loop0): Using r5 hash to sort names [ 203.558574][ T7328] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 203.581653][ T4795] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 203.621758][ T4795] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.653304][ T4795] usb 2-1: config 0 descriptor?? [ 203.660783][ T7328] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 203.742309][ T7336] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1195'. [ 203.961963][ T7331] EXT4-fs: inline encryption not supported [ 203.989723][ T7331] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 204.018671][ T7331] EXT4-fs (loop4): Test dummy encryption mode enabled [ 204.069008][ T7331] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 204.090069][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.097467][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.120507][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.138436][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.155919][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.167878][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.179354][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.196859][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.209800][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.227381][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.257765][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.276357][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.294081][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.319365][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.351884][ T4795] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 204.417248][ T7332] loop3: detected capacity change from 0 to 32768 [ 204.433541][ T4795] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input17 [ 204.458080][ T7332] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.1193 (7332) [ 204.484843][ T7353] device macsec1 entered promiscuous mode [ 204.494773][ T4270] EXT4-fs (loop4): unmounting filesystem. [ 204.582314][ T4795] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 204.585131][ T7332] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 204.669430][ T7332] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 204.716066][ T4795] usb 2-1: USB disconnect, device number 7 [ 204.716424][ T7332] BTRFS info (device loop3): using free space tree [ 204.822409][ T7361] vcan0: tx drop: invalid da for name 0x00000000000000f0 [ 204.873935][ T7365] device erspan0 entered promiscuous mode [ 205.059429][ T7332] BTRFS info (device loop3): enabling ssd optimizations [ 205.195740][ T7355] fido_id[7355]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 205.547476][ T4277] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 205.659350][ T6080] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 205.881158][ T6080] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 205.897412][ T6080] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 205.929245][ T6080] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 205.959363][ T6080] usb 2-1: config 220 has no interface number 2 [ 205.965724][ T6080] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 205.985579][ T7399] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1215'. [ 205.999424][ T6080] usb 2-1: config 220 interface 0 has no altsetting 0 [ 206.006264][ T6080] usb 2-1: config 220 interface 76 has no altsetting 0 [ 206.015105][ T7399] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1215'. [ 206.049985][ T6080] usb 2-1: config 220 interface 1 has no altsetting 0 [ 206.071408][ T6080] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 206.089719][ T6080] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.107905][ T6080] usb 2-1: Product: syz [ 206.116772][ T6080] usb 2-1: Manufacturer: syz [ 206.127246][ T6080] usb 2-1: SerialNumber: syz [ 206.375356][ T6080] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 206.405461][ T6080] usb 2-1: No valid video chain found. [ 206.432072][ T6080] usb 2-1: selecting invalid altsetting 0 [ 206.464297][ T6080] usb 2-1: selecting invalid altsetting 0 [ 206.478076][ T6080] usbtest: probe of 2-1:220.1 failed with error -22 [ 206.513238][ T6080] usb 2-1: USB disconnect, device number 8 [ 206.932886][ T7417] loop4: detected capacity change from 0 to 256 [ 207.484510][ T4796] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 207.694698][ T4796] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 207.729625][ T4796] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.737717][ T4796] usb 1-1: Product: syz [ 207.758487][ T4796] usb 1-1: Manufacturer: syz [ 207.763400][ T4796] usb 1-1: SerialNumber: syz [ 207.779888][ T4796] usb 1-1: config 0 descriptor?? [ 208.026861][ T4796] usb 1-1: USB disconnect, device number 12 [ 208.128810][ T7448] loop1: detected capacity change from 0 to 256 [ 209.359292][ C0] sched: RT throttling activated [ 209.714062][ T7468] program syz.0.1245 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 210.239841][ T7475] loop0: detected capacity change from 0 to 2048 [ 210.325759][ T7475] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 210.610900][ T7452] loop1: detected capacity change from 0 to 262144 [ 210.635797][ T7452] F2FS-fs (loop1): invalid crc value [ 210.711223][ T7452] F2FS-fs (loop1): Found nat_bits in checkpoint [ 210.754509][ T7452] F2FS-fs (loop1): Start checkpoint disabled! [ 210.782463][ T7452] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 211.085844][ T7488] Dead loop on virtual device ip6_vti0, fix it urgently! [ 212.089418][ T7400] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 212.297357][ T7400] usb 2-1: Using ep0 maxpacket: 32 [ 212.307426][ T7400] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 212.334185][ T7400] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.380016][ T7400] usb 2-1: Product: syz [ 212.396743][ T7400] usb 2-1: Manufacturer: syz [ 212.407280][ T7400] usb 2-1: SerialNumber: syz [ 212.443500][ T7400] usb 2-1: config 0 descriptor?? [ 212.682581][ T7400] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 009 [ 212.763122][ T7521] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1266'. [ 212.783712][ T7523] loop4: detected capacity change from 0 to 256 [ 212.794813][ T7521] device erspan0 entered promiscuous mode [ 212.904532][ T7507] i2c i2c-1: adapter quirk: no zero length (addr 0x07ff, size 0, read) [ 212.963459][ T7400] usb 2-1: USB disconnect, device number 9 [ 213.376392][ T7525] loop4: detected capacity change from 0 to 8192 [ 213.426039][ T7525] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 213.456862][ T7525] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 213.479595][ T7525] REISERFS (device loop4): using ordered data mode [ 213.535843][ T7525] reiserfs: using flush barriers [ 213.599426][ T7525] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 213.673396][ T7525] REISERFS (device loop4): checking transaction log (loop4) [ 213.714804][ T7525] REISERFS (device loop4): Using r5 hash to sort names [ 213.739428][ T7525] REISERFS (device loop4): using 3.5.x disk format [ 213.746363][ T7525] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 214.045751][ T7538] loop1: detected capacity change from 0 to 512 [ 214.229838][ T7538] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 214.238885][ T7538] ext4 filesystem being mounted at /239/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.339766][ T7538] EXT4-fs (loop1): shut down requested (1) [ 214.472310][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 215.114983][ T7559] loop1: detected capacity change from 0 to 1024 [ 215.133386][ T7557] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 215.146412][ T7559] EXT4-fs: inline encryption not supported [ 215.165771][ T7557] syzkaller1: linktype set to 776 [ 215.173377][ T7559] EXT4-fs: Ignoring removed bh option [ 215.209847][ T7559] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 215.307574][ T7559] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 215.565241][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 217.139360][ T4796] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 217.256040][ T7603] loop4: detected capacity change from 0 to 32768 [ 217.265850][ T7624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1309'. [ 217.296812][ T7603] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1301 (7603) [ 217.339357][ T4796] usb 1-1: Using ep0 maxpacket: 16 [ 217.351375][ T4796] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.366418][ T4796] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.366521][ T7624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1309'. [ 217.376870][ T4796] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 217.427405][ T4796] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 217.451715][ T4796] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.488560][ T7603] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 217.501597][ T4796] usb 1-1: config 0 descriptor?? [ 217.523475][ T7603] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 217.535647][ T7603] BTRFS info (device loop4): setting nodatacow, compression disabled [ 217.569379][ T7603] BTRFS info (device loop4): turning on flush-on-commit [ 217.599600][ T7603] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 217.629502][ T7603] BTRFS info (device loop4): use lzo compression, level 0 [ 217.656106][ T7603] BTRFS info (device loop4): setting nodatasum [ 217.692660][ T7603] BTRFS info (device loop4): use no compression [ 217.699057][ T7603] BTRFS info (device loop4): trying to use backup root at mount time [ 217.769659][ T7603] BTRFS info (device loop4): max_inline at 0 [ 217.775861][ T7603] BTRFS info (device loop4): using free space tree [ 217.933429][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 217.949590][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 217.997663][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.028087][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.064754][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.104539][ T35] BTRFS warning (device loop4): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 218.132291][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.181674][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.196250][ T7603] BTRFS warning (device loop4): couldn't read tree root [ 218.204002][ T7603] BTRFS warning (device loop4): try to load backup roots slot 1 [ 218.219680][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.232861][ T35] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 218.237184][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.274168][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.305281][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.321885][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.323863][ T7603] BTRFS warning (device loop4): couldn't read tree root [ 218.329237][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.351442][ T7603] BTRFS warning (device loop4): try to load backup roots slot 2 [ 218.364561][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.376934][ T7603] BTRFS error (device loop4): parent transid verify failed on logical 5255168 mirror 1 wanted 5 found 7 [ 218.388480][ T4796] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 218.395414][ T7603] BTRFS warning (device loop4): couldn't read tree root [ 218.403414][ T7603] BTRFS warning (device loop4): try to load backup roots slot 3 [ 218.420165][ T4796] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0007/input/input18 [ 218.460345][ T7603] BTRFS info (device loop4): enabling ssd optimizations [ 218.460562][ T4796] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 218.476261][ T7603] BTRFS info (device loop4): rebuilding free space tree [ 218.561423][ T4796] usb 1-1: USB disconnect, device number 13 [ 218.625018][ T7603] BTRFS info (device loop4): checking UUID tree [ 218.788906][ T7669] fido_id[7669]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 219.065899][ T4270] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 219.327239][ T7684] loop3: detected capacity change from 0 to 128 [ 219.447687][ T7684] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 219.492520][ T7684] ext4 filesystem being mounted at /274/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 219.539454][ T4796] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 219.561857][ T7684] fscrypt (loop3, inode 12): Unsupported encryption flags (0x08) [ 219.717384][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 219.761581][ T4796] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 219.805264][ T4796] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 219.849486][ T4796] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 219.886092][ T4796] usb 1-1: config 220 has no interface number 2 [ 219.909035][ T4796] usb 1-1: config 220 interface 1 altsetting 5 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 219.948456][ T7699] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 219.978887][ T4796] usb 1-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 220.020539][ T4796] usb 1-1: config 220 interface 0 has no altsetting 0 [ 220.037613][ T4796] usb 1-1: config 220 interface 76 has no altsetting 0 [ 220.060193][ T4796] usb 1-1: config 220 interface 1 has no altsetting 0 [ 220.074669][ T4796] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 220.095262][ T4796] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.119661][ T4796] usb 1-1: Product: syz [ 220.128383][ T4796] usb 1-1: Manufacturer: syz [ 220.140212][ T4796] usb 1-1: SerialNumber: syz [ 220.155180][ T7699] device batadv_slave_0 entered promiscuous mode [ 220.197841][ T7699] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 220.399563][ T4796] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 220.406333][ T4796] usb 1-1: No valid video chain found. [ 220.432108][ T4796] usb 1-1: selecting invalid altsetting 0 [ 220.485152][ T4796] usb 1-1: selecting invalid altsetting 0 [ 220.492810][ T4796] usbtest: probe of 1-1:220.1 failed with error -22 [ 220.512430][ T4796] usb 1-1: USB disconnect, device number 14 [ 220.799556][ T4798] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 220.989507][ T4798] usb 2-1: Using ep0 maxpacket: 8 [ 220.996615][ T4798] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 221.031650][ T4798] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 221.082989][ T4798] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 221.129850][ T4798] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 221.154827][ T4798] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 221.179362][ T4798] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.223886][ T7724] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1344'. [ 221.315303][ T7726] loop3: detected capacity change from 0 to 512 [ 221.395736][ T7726] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.1345: inode has both inline data and extents flags [ 221.443306][ T4798] usb 2-1: GET_CAPABILITIES returned 0 [ 221.448972][ T4798] usbtmc 2-1:16.0: can't read capabilities [ 221.558479][ T7726] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1345: couldn't read orphan inode 15 (err -117) [ 221.615271][ T7726] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 221.683039][ T4795] usb 2-1: USB disconnect, device number 10 [ 221.822000][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 222.348656][ T7760] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 222.632648][ T7773] bond0: option miimon: invalid value (18446744073334219755) [ 222.659403][ T7773] bond0: option miimon: allowed values 0 - 2147483647 [ 222.664272][ T7776] input: syz1 as /devices/virtual/input/input19 [ 223.521232][ T7803] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1379'. [ 223.819791][ T7812] loop4: detected capacity change from 0 to 64 [ 224.159492][ T7401] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 224.359370][ T7401] usb 2-1: Using ep0 maxpacket: 16 [ 224.366534][ T7401] usb 2-1: config 0 has no interfaces? [ 224.389078][ T7401] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 224.420126][ T7401] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 224.428366][ T7401] usb 2-1: SerialNumber: syz [ 224.476580][ T7401] usb 2-1: config 0 descriptor?? [ 224.730346][ T6088] usb 2-1: USB disconnect, device number 11 [ 225.043982][ T7826] loop4: detected capacity change from 0 to 32768 [ 225.092353][ T7826] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1390 (7826) [ 225.153576][ T7826] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 225.161661][ T7846] loop3: detected capacity change from 0 to 128 [ 225.179647][ T7826] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 225.188426][ T7826] BTRFS info (device loop4): setting nodatasum [ 225.226649][ T7826] BTRFS info (device loop4): force zlib compression, level 3 [ 225.240887][ T7826] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 225.274605][ T7826] BTRFS info (device loop4): use lzo compression, level 0 [ 225.308388][ T7826] BTRFS info (device loop4): turning on flush-on-commit [ 225.360828][ T7826] BTRFS info (device loop4): enabling auto defrag [ 225.395124][ T7826] BTRFS info (device loop4): max_inline at 4096 [ 225.409990][ T7826] BTRFS info (device loop4): using free space tree [ 225.485471][ T7852] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1401'. [ 225.573953][ T7836] loop0: detected capacity change from 0 to 32768 [ 225.628838][ T7826] BTRFS info (device loop4): enabling ssd optimizations [ 225.662020][ T7836] XFS: attr2 mount option is deprecated. [ 225.787280][ T7836] XFS (loop0): Mounting V5 Filesystem [ 226.041552][ T7836] XFS (loop0): Ending clean mount [ 226.051108][ T4270] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 226.061307][ T7836] XFS (loop0): Quotacheck needed: Please wait. [ 226.149486][ T7836] XFS (loop0): Quotacheck: Done. [ 226.425938][ T4350] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop4 scanned by udevd (4350) [ 226.541389][ T4274] XFS (loop0): Unmounting Filesystem [ 226.799745][ T7897] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 226.999455][ T7897] usb 2-1: Using ep0 maxpacket: 8 [ 227.006472][ T7897] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 227.044671][ T7897] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 227.085782][ T7897] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 227.119451][ T7897] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 227.153661][ T7897] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 227.199901][ T7897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.328087][ T7913] loop4: detected capacity change from 0 to 512 [ 227.390711][ T7913] EXT4-fs: Ignoring removed nobh option [ 227.396444][ T7913] EXT4-fs: Ignoring removed bh option [ 227.440320][ T7913] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 227.452001][ T7897] usb 2-1: GET_CAPABILITIES returned 0 [ 227.457533][ T7897] usbtmc 2-1:16.0: can't read capabilities [ 227.479099][ T7891] loop3: detected capacity change from 0 to 40427 [ 227.496825][ T7915] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 227.536795][ T7891] F2FS-fs (loop3): invalid crc value [ 227.556930][ T7913] EXT4-fs (loop4): 1 truncate cleaned up [ 227.570273][ T7913] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 227.594017][ T7891] F2FS-fs (loop3): Found nat_bits in checkpoint [ 227.654176][ T7891] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 227.668018][ T4796] usb 2-1: USB disconnect, device number 12 [ 227.808812][ T7923] loop0: detected capacity change from 0 to 16 [ 227.874062][ T7923] erofs: (device loop0): mounted with root inode @ nid 36. [ 227.893145][ T7891] syz.3.1410: attempt to access beyond end of device [ 227.893145][ T7891] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 227.917158][ T7923] erofs: (device loop0): erofs_fill_dentries: bogus dirent @ nid 36 [ 228.236784][ T4270] EXT4-fs (loop4): unmounting filesystem. [ 228.708655][ T7944] loop1: detected capacity change from 0 to 128 [ 228.772959][ T7944] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 228.807359][ T7944] ext4 filesystem being mounted at /265/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 228.990351][ T7951] loop4: detected capacity change from 0 to 2048 [ 229.006865][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 229.079745][ T7955] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 229.168175][ T7955] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 229.229319][ T7955] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 229.299903][ T7955] Remounting filesystem read-only [ 229.394730][ T4270] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 229.452254][ T7965] loop3: detected capacity change from 0 to 128 [ 230.847538][ T8003] loop0: detected capacity change from 0 to 4096 [ 230.942073][ T8009] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 231.351779][ T8023] program syz.1.1464 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 231.497646][ T8028] Attempt to restore checkpoint with obsolete wellknown handles [ 232.080170][ T8051] loop3: detected capacity change from 0 to 512 [ 232.103840][ T8051] EXT4-fs: Ignoring removed nobh option [ 232.140986][ T8051] EXT4-fs: Ignoring removed bh option [ 232.224851][ T8051] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 232.264696][ T8051] EXT4-fs (loop3): 1 truncate cleaned up [ 232.273087][ T8051] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 232.688027][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 232.717711][ T8078] netlink: 'syz.0.1487': attribute type 1 has an invalid length. [ 232.765158][ T8078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1487'. [ 233.605204][ T8103] loop1: detected capacity change from 0 to 64 [ 233.608788][ T8073] loop4: detected capacity change from 0 to 32768 [ 233.799386][ T6088] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 233.898274][ T8105] loop1: detected capacity change from 0 to 256 [ 233.968736][ T8105] FAT-fs (loop1): Directory bread(block 64) failed [ 233.992628][ T6088] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 233.996181][ T8105] FAT-fs (loop1): Directory bread(block 65) failed [ 234.006537][ T6088] usb 1-1: config 0 has no interface number 0 [ 234.018355][ T8105] FAT-fs (loop1): Directory bread(block 66) failed [ 234.038524][ T8105] FAT-fs (loop1): Directory bread(block 67) failed [ 234.049701][ T6088] usb 1-1: config 0 interface 41 has no altsetting 0 [ 234.065967][ T8105] FAT-fs (loop1): Directory bread(block 68) failed [ 234.080304][ T6088] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 234.094965][ T8105] FAT-fs (loop1): Directory bread(block 69) failed [ 234.112253][ T6088] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.132198][ T6088] usb 1-1: Product: syz [ 234.141314][ T8105] FAT-fs (loop1): Directory bread(block 70) failed [ 234.158862][ T6088] usb 1-1: Manufacturer: syz [ 234.163936][ T8105] FAT-fs (loop1): Directory bread(block 71) failed [ 234.181887][ T6088] usb 1-1: SerialNumber: syz [ 234.185180][ T8105] FAT-fs (loop1): Directory bread(block 72) failed [ 234.209612][ T6088] usb 1-1: config 0 descriptor?? [ 234.241959][ T8105] FAT-fs (loop1): Directory bread(block 73) failed [ 234.799793][ T6080] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 234.839599][ T6088] CoreChips: probe of 1-1:0.41 failed with error -71 [ 234.862738][ T6088] usb 1-1: USB disconnect, device number 15 [ 234.989477][ T6080] usb 4-1: Using ep0 maxpacket: 8 [ 234.997005][ T6080] usb 4-1: config 0 has no interfaces? [ 235.002968][ T6080] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 235.012838][ T6080] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.024362][ T6080] usb 4-1: config 0 descriptor?? [ 235.059413][ T7401] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 235.241188][ T7401] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 235.252722][ T7400] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 235.274246][ T7401] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 235.284996][ T7401] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 235.294492][ T7401] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.315234][ T8128] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 235.323155][ T6088] usb 4-1: USB disconnect, device number 4 [ 235.449484][ T7400] usb 2-1: Using ep0 maxpacket: 8 [ 235.480500][ T7400] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 235.488716][ T7400] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 235.498746][ T8144] loop0: detected capacity change from 0 to 256 [ 235.512793][ T8144] exfat: Deprecated parameter 'utf8' [ 235.531047][ T8144] exfat: Deprecated parameter 'utf8' [ 235.536507][ T8144] exfat: Deprecated parameter 'utf8' [ 235.560158][ T7400] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 235.569021][ T8144] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 235.622296][ T7401] usb 5-1: USB disconnect, device number 12 [ 235.629543][ T7400] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 235.648776][ T7400] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 235.692449][ T7400] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.719055][ T7400] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 235.734723][ T7400] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.784213][ T8146] loop0: detected capacity change from 0 to 512 [ 235.793283][ T8146] EXT4-fs: Ignoring removed nobh option [ 235.799087][ T8146] EXT4-fs: Ignoring removed bh option [ 235.811825][ T8146] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 235.831589][ T8146] EXT4-fs (loop0): 1 truncate cleaned up [ 235.847947][ T8146] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 235.975030][ T7400] usb 2-1: GET_CAPABILITIES returned 0 [ 235.984364][ T7400] usbtmc 2-1:16.0: can't read capabilities [ 236.157676][ T4274] EXT4-fs (loop0): unmounting filesystem. [ 236.188746][ T7400] usb 2-1: USB disconnect, device number 13 [ 236.570391][ T8168] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1528'. [ 236.972946][ T8181] loop3: detected capacity change from 0 to 256 [ 237.079750][ T8181] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3967cd3a, utbl_chksum : 0xe619d30d) [ 237.215967][ T26] audit: type=1800 audit(1774073215.585:2391): pid=8181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1534" name="file1" dev="loop3" ino=1048638 res=0 errno=0 [ 237.299354][ T26] audit: type=1800 audit(1774073215.605:2392): pid=8181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1534" name="file1" dev="loop3" ino=1048638 res=0 errno=0 [ 238.955981][ T8239] loop1: detected capacity change from 0 to 512 [ 238.990288][ T8239] EXT4-fs: Ignoring removed nobh option [ 239.009731][ T8239] EXT4-fs: Ignoring removed bh option [ 239.030402][ T8239] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 239.115874][ T8239] EXT4-fs (loop1): 1 truncate cleaned up [ 239.125254][ T8239] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 239.339418][ T7401] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 239.549370][ T7401] usb 1-1: Using ep0 maxpacket: 32 [ 239.560933][ T7401] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 239.608123][ T7401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.646106][ T7401] usb 1-1: config 0 descriptor?? [ 239.665467][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 239.674615][ T7401] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 239.867995][ T8258] loop1: detected capacity change from 0 to 256 [ 239.942940][ T8258] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d) [ 240.368194][ T8270] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1573'. [ 240.496791][ T7401] gspca_vc032x: reg_w err -71 [ 240.501684][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.507178][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.539993][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.545360][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.564988][ T8247] loop4: detected capacity change from 0 to 40427 [ 240.565582][ T7897] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 240.571585][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.606688][ T8247] F2FS-fs (loop4): invalid crc value [ 240.615542][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.625657][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.635778][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.646518][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.654429][ T8247] F2FS-fs (loop4): Found nat_bits in checkpoint [ 240.709563][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.715043][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.729701][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.735043][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.769357][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.774721][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.789448][ T7897] usb 4-1: Using ep0 maxpacket: 16 [ 240.793513][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.797884][ T7897] usb 4-1: config 0 has no interfaces? [ 240.814603][ T8247] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 240.822289][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.827695][ T7401] gspca_vc032x: I2c Bus Busy Wait 00 [ 240.833262][ T7897] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 240.866994][ T7401] gspca_vc032x: Unknown sensor... [ 240.876252][ T7897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.884535][ T26] audit: type=1800 audit(1774073219.245:2393): pid=8247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1561" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 240.884595][ T7401] vc032x: probe of 1-1:0.0 failed with error -22 [ 240.923008][ T7897] usb 4-1: Product: syz [ 240.941005][ T8247] F2FS-fs (loop4): sanity_check_inode: corrupted inode i_blocks i_ino=b iblocks=0, run fsck to fix. [ 240.941503][ T7897] usb 4-1: Manufacturer: syz [ 240.975486][ T7897] usb 4-1: SerialNumber: syz [ 240.989539][ T8284] tipc: Started in network mode [ 241.017625][ T7897] usb 4-1: config 0 descriptor?? [ 241.021677][ T8284] tipc: Node identity ac14140f, cluster identity 4711 [ 241.030058][ T7401] usb 1-1: USB disconnect, device number 16 [ 241.068540][ T8284] tipc: New replicast peer: 255.255.255.255 [ 241.094057][ T8284] tipc: Enabled bearer , priority 10 [ 241.116720][ T4270] syz-executor: attempt to access beyond end of device [ 241.116720][ T4270] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 241.311435][ T8290] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1580'. [ 241.445577][ T8267] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1571'. [ 241.499588][ T7897] usb 4-1: USB disconnect, device number 5 [ 242.210405][ T6080] tipc: Node number set to 2886997007 [ 242.368483][ T8311] loop3: detected capacity change from 0 to 4096 [ 242.385248][ T8315] loop1: detected capacity change from 0 to 256 [ 242.422553][ T8315] exfat: Deprecated parameter 'utf8' [ 242.429002][ T8315] exfat: Deprecated parameter 'utf8' [ 242.488684][ T8315] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 242.504634][ T8318] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 242.854073][ T8326] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1595'. [ 242.883762][ T8326] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1595'. [ 243.181936][ T8334] loop1: detected capacity change from 0 to 1024 [ 243.646546][ T8294] loop0: detected capacity change from 0 to 32768 [ 243.948276][ T8358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1610'. [ 243.993187][ T8358] n: the hash_elasticity option has been deprecated and is always 16 [ 244.017062][ T8358] n: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 244.056171][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1610'. [ 244.087035][ T8360] n: the hash_elasticity option has been deprecated and is always 16 [ 244.128462][ T8360] n: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 244.292036][ T8366] netlink: 'syz.3.1614': attribute type 4 has an invalid length. [ 244.347904][ T8366] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.1614'. [ 244.900619][ T26] audit: type=1326 audit(1774073223.275:2394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8383 comm="syz.0.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 244.923166][ C0] vkms_vblank_simulate: vblank timer overrun [ 244.974413][ T26] audit: type=1326 audit(1774073223.275:2395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8383 comm="syz.0.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 245.045771][ T26] audit: type=1326 audit(1774073223.275:2396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8383 comm="syz.0.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 245.068289][ C0] vkms_vblank_simulate: vblank timer overrun [ 245.135105][ T26] audit: type=1326 audit(1774073223.275:2397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8383 comm="syz.0.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 245.195328][ T26] audit: type=1326 audit(1774073223.275:2398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8383 comm="syz.0.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 245.217851][ C0] vkms_vblank_simulate: vblank timer overrun [ 246.123109][ T8389] loop4: detected capacity change from 0 to 32768 [ 246.362322][ T8417] Bluetooth: MGMT ver 1.22 [ 246.643329][ T8376] syz.3.1618 (8376): drop_caches: 2 [ 246.686963][ T8389] XFS (loop4): Mounting V5 Filesystem [ 246.808834][ T8389] XFS (loop4): Ending clean mount [ 246.823066][ T8389] XFS (loop4): Quotacheck needed: Please wait. [ 246.887125][ T8389] XFS (loop4): Quotacheck: Done. [ 247.384245][ T4270] XFS (loop4): Unmounting Filesystem [ 247.790851][ T8443] loop0: detected capacity change from 0 to 1024 [ 249.179348][ T7897] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 249.213453][ T8483] loop4: detected capacity change from 0 to 1024 [ 249.246323][ T8485] program syz.0.1665 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 249.369522][ T7897] usb 4-1: Using ep0 maxpacket: 16 [ 249.376775][ T7897] usb 4-1: config index 0 descriptor too short (expected 51443, got 18) [ 249.415248][ T7897] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 249.444267][ T7897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.460827][ T7897] usb 4-1: Product: syz [ 249.471228][ T7897] usb 4-1: Manufacturer: syz [ 249.479661][ T7897] usb 4-1: SerialNumber: syz [ 249.518219][ T7897] r8152-cfgselector 4-1: config 0 descriptor?? [ 249.757083][ T7897] r8152-cfgselector 4-1: Unknown version 0x0000 [ 249.772910][ T7897] r8152-cfgselector 4-1: Unknown version 0x0000 [ 249.789660][ T7897] r8152-cfgselector 4-1: bad CDC descriptors [ 249.815485][ T7897] usbip-host 4-1: 4-1 is not in match_busid table... skip! [ 249.830918][ T35] usb 4-1: config 0 descriptor?? [ 249.882672][ T8499] device bond0 entered promiscuous mode [ 249.892675][ T6088] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 249.898681][ T8499] device bond_slave_0 entered promiscuous mode [ 249.907335][ T8499] device bond_slave_1 entered promiscuous mode [ 249.926437][ T8499] device dummy0 entered promiscuous mode [ 249.945342][ T8499] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 249.962764][ T8499] Cannot create hsr debugfs directory [ 249.978677][ T8499] device hsr1 entered promiscuous mode [ 250.007290][ T7660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 250.023882][ T35] usb 4-1: can't set config #0, error -71 [ 250.039510][ T7897] usb 4-1: USB disconnect, device number 6 [ 250.090017][ T6088] usb 5-1: Using ep0 maxpacket: 32 [ 250.119657][ T6088] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 250.144575][ T6088] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.173318][ T6088] usb 5-1: config 0 descriptor?? [ 250.397587][ T6088] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 250.414070][ T8497] loop0: detected capacity change from 0 to 40427 [ 250.421357][ T6088] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 250.440190][ T6088] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 250.458476][ T8497] F2FS-fs (loop0): invalid crc value [ 250.465873][ T6088] usb 5-1: media controller created [ 250.482193][ T8497] F2FS-fs (loop0): Found nat_bits in checkpoint [ 250.543395][ T6088] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 250.619360][ T6088] az6027: usb out operation failed. (-71) [ 250.625505][ T6088] az6027: usb out operation failed. (-71) [ 250.635070][ T8497] F2FS-fs (loop0): Start checkpoint disabled! [ 250.643805][ T6088] stb0899_attach: Driver disabled by Kconfig [ 250.660135][ T6088] az6027: no front-end attached [ 250.660135][ T6088] [ 250.677089][ T8497] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 250.692238][ T6088] az6027: usb out operation failed. (-71) [ 250.698037][ T6088] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 250.751136][ T6088] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input20 [ 250.797217][ T6088] dvb-usb: schedule remote query interval to 400 msecs. [ 250.816171][ T6088] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 250.838061][ T6088] usb 5-1: USB disconnect, device number 13 [ 250.949362][ T6088] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 251.118985][ T7660] kworker/u4:8: attempt to access beyond end of device [ 251.118985][ T7660] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 253.737549][ T7400] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 253.846908][ T8569] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1703'. [ 253.877855][ T8567] loop3: detected capacity change from 0 to 1024 [ 253.926915][ T8567] hfsplus: request for non-existent node 3 in B*Tree [ 253.964282][ T7400] usb 2-1: Using ep0 maxpacket: 16 [ 253.971578][ T7400] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.989338][ T8567] hfsplus: request for non-existent node 3 in B*Tree [ 254.016733][ T7400] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.046612][ T8567] hfsplus: request for non-existent node 4 in B*Tree [ 254.059524][ T7400] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 254.095605][ T8567] hfsplus: request for non-existent node 4 in B*Tree [ 254.103530][ T7400] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 254.138147][ T7400] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.182455][ T7400] usb 2-1: config 0 descriptor?? [ 254.597735][ T7400] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 254.639978][ T7400] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 254.661413][ T7400] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 254.687417][ T7400] microsoft 0003:045E:07DA.0008: No inputs registered, leaving [ 254.696746][ T8591] loop0: detected capacity change from 0 to 164 [ 254.706285][ T7400] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 254.743941][ T8591] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 254.759348][ T7400] microsoft 0003:045E:07DA.0008: no inputs found [ 254.769794][ T7400] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 254.807128][ T7400] usb 2-1: USB disconnect, device number 14 [ 255.084453][ T8595] fido_id[8595]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 255.646549][ T26] audit: type=1326 audit(1774073234.015:2399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8596 comm="syz.0.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 255.668996][ C0] vkms_vblank_simulate: vblank timer overrun [ 255.764529][ T26] audit: type=1326 audit(1774073234.015:2400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8596 comm="syz.0.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 255.787077][ C0] vkms_vblank_simulate: vblank timer overrun [ 255.812575][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.819448][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.898725][ T26] audit: type=1326 audit(1774073234.025:2401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8596 comm="syz.0.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 255.921135][ C0] vkms_vblank_simulate: vblank timer overrun [ 255.952500][ T26] audit: type=1326 audit(1774073234.025:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8596 comm="syz.0.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f53da19c799 code=0x7ffc0000 [ 255.969594][ T7400] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 256.075244][ T8613] netlink: 'syz.0.1719': attribute type 2 has an invalid length. [ 256.095524][ T8613] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1719'. [ 256.146878][ T8615] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1722'. [ 256.176903][ T8615] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1722'. [ 256.219363][ T7400] usb 2-1: Using ep0 maxpacket: 16 [ 256.240376][ T7400] usb 2-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 256.277844][ T7400] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.299380][ T7400] usb 2-1: Product: syz [ 256.303651][ T7400] usb 2-1: Manufacturer: syz [ 256.308286][ T7400] usb 2-1: SerialNumber: syz [ 256.588638][ T8630] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1728'. [ 256.607968][ T8630] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1728'. [ 257.347997][ T7400] usb 2-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 257.359953][ T7400] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 257.370535][ T7400] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 257.382123][ T7400] usb 2-1: media controller created [ 257.511466][ T8624] loop3: detected capacity change from 0 to 131072 [ 257.532244][ T7400] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 257.551767][ T7400] zl10353_read_register: readreg error (reg=127, ret==-71) [ 257.576182][ T8624] XFS (loop3): Mounting V5 Filesystem [ 257.586946][ T7400] dvb_usb_gl861: probe of 2-1:157.0 failed with error -5 [ 257.596539][ T7400] usb 2-1: USB disconnect, device number 15 [ 257.649140][ T8656] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1737'. [ 257.764869][ T8624] XFS (loop3): Starting recovery (logdev: internal) [ 257.799337][ T8624] XFS (loop3): Ending recovery (logdev: internal) [ 258.069011][ T4277] XFS (loop3): Unmounting Filesystem [ 258.489568][ T4798] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 258.685912][ T4798] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 258.699810][ T4798] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.716515][ T4798] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 258.725968][ T4798] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.753511][ T4798] usb 5-1: config 0 descriptor?? [ 258.773969][ T4798] hub 5-1:0.0: USB hub found [ 258.955058][ T8692] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 258.977180][ T4798] hub 5-1:0.0: config failed, can't read hub descriptor (err -90) [ 259.188865][ T4798] usbhid 5-1:0.0: can't add hid device: -71 [ 259.212773][ T4798] usbhid: probe of 5-1:0.0 failed with error -71 [ 259.279893][ T4798] usb 5-1: USB disconnect, device number 14 [ 260.469551][ T7897] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 260.681266][ T7897] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 260.700183][ T7897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.725854][ T7897] usb 1-1: config 0 descriptor?? [ 260.755838][ T7897] pwc: Samsung MPC-C10 USB webcam detected. [ 260.779301][ T8738] serio: Serial port ttyS3 [ 260.951438][ T7897] pwc: send_video_command error -71 [ 260.958095][ T7897] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 260.994848][ T7897] Philips webcam: probe of 1-1:0.0 failed with error -71 [ 261.022724][ T7897] usb 1-1: USB disconnect, device number 17 [ 261.255326][ T8756] loop1: detected capacity change from 0 to 64 [ 261.576614][ T7897] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 261.767312][ T7897] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 261.798493][ T7897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.823525][ T7897] usb 1-1: config 0 descriptor?? [ 261.846471][ T8768] loop3: detected capacity change from 0 to 4096 [ 261.849877][ T7897] pwc: Samsung MPC-C10 USB webcam detected. [ 261.917141][ T8768] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 262.023623][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 262.255046][ T7897] pwc: recv_control_msg error -71 req 02 val 2b00 [ 262.271534][ T7897] pwc: recv_control_msg error -71 req 02 val 2700 [ 262.291973][ T7897] pwc: recv_control_msg error -71 req 04 val 1700 [ 262.320370][ T7897] pwc: recv_control_msg error -71 req 02 val 2c00 [ 262.330346][ T7897] pwc: recv_control_msg error -71 req 04 val 1000 [ 262.353019][ T7897] pwc: recv_control_msg error -71 req 04 val 1300 [ 262.386255][ T7897] pwc: recv_control_msg error -71 req 04 val 1400 [ 262.415139][ T7897] pwc: recv_control_msg error -71 req 02 val 2000 [ 262.438310][ T7897] pwc: recv_control_msg error -71 req 02 val 2100 [ 262.462757][ T7897] pwc: recv_control_msg error -71 req 02 val 2200 [ 262.477066][ T7897] pwc: recv_control_msg error -71 req 06 val 0600 [ 262.515048][ T7897] pwc: recv_control_msg error -71 req 04 val 1500 [ 262.537144][ T7897] pwc: recv_control_msg error -71 req 02 val 2500 [ 262.565167][ T7897] pwc: recv_control_msg error -71 req 02 val 2400 [ 262.583073][ T7897] pwc: recv_control_msg error -71 req 02 val 2600 [ 262.597740][ T7897] pwc: recv_control_msg error -71 req 02 val 2900 [ 262.604971][ T7897] pwc: recv_control_msg error -71 req 02 val 2800 [ 262.613331][ T7897] pwc: recv_control_msg error -71 req 04 val 1100 [ 262.620576][ T7897] pwc: recv_control_msg error -71 req 04 val 1200 [ 262.656680][ T7897] pwc: Registered as video103. [ 262.674871][ T7897] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input21 [ 262.718615][ T7897] usb 1-1: USB disconnect, device number 18 [ 263.054171][ T8805] loop1: detected capacity change from 0 to 512 [ 263.150552][ T8805] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 263.187637][ T8805] EXT4-fs (loop1): #blocks per group too big: 65535 [ 263.370341][ T8818] loop4: detected capacity change from 0 to 256 [ 263.380527][ T7400] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 263.583999][ T7400] usb 1-1: Using ep0 maxpacket: 32 [ 263.593769][ T7400] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.625876][ T7400] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 263.675872][ T7400] usb 1-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 263.725862][ T7400] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.770115][ T7400] usb 1-1: config 0 descriptor?? [ 263.994682][ T8836] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 264.018772][ T7660] Bluetooth: hci5: Frame reassembly failed (-84) [ 264.048128][ T8809] netlink: 'syz.0.1806': attribute type 1 has an invalid length. [ 264.066978][ T7400] usb 1-1: USB disconnect, device number 19 [ 264.141085][ T8844] fuse: Bad value for 'fd' [ 264.309449][ T7897] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 264.394099][ T8854] loop3: detected capacity change from 0 to 256 [ 264.499385][ T7897] usb 2-1: Using ep0 maxpacket: 32 [ 264.515488][ T7897] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 264.531946][ T7897] usb 2-1: config 0 has no interface number 0 [ 264.535345][ T8856] syz.3.1830 uses obsolete (PF_INET,SOCK_PACKET) [ 264.538205][ T7897] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 264.564880][ T7897] usb 2-1: config 0 interface 85 has no altsetting 0 [ 264.575341][ T7897] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 264.606372][ T7897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.615374][ T7897] usb 2-1: Product: syz [ 264.620271][ T7897] usb 2-1: Manufacturer: syz [ 264.624889][ T7897] usb 2-1: SerialNumber: syz [ 264.660825][ T7897] usb 2-1: config 0 descriptor?? [ 265.212020][ T8880] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1841'. [ 265.293394][ T7897] appletouch 2-1:0.85: Geyser mode initialized. [ 265.313374][ T7897] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input22 [ 265.527836][ T7400] usb 2-1: USB disconnect, device number 16 [ 265.562105][ T7400] appletouch 2-1:0.85: input: appletouch disconnected [ 265.859330][ T7401] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 266.049583][ T4279] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 266.063887][ T7401] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 266.103178][ T7401] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.158362][ T7401] usb 1-1: Product: syz [ 266.168522][ T7401] usb 1-1: Manufacturer: syz [ 266.209682][ T7401] usb 1-1: SerialNumber: syz [ 266.250564][ T7401] usb 1-1: config 0 descriptor?? [ 266.270845][ T7401] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 266.325474][ T8897] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1848'. [ 266.522251][ T8899] netlink: 'syz.2.1850': attribute type 2 has an invalid length. [ 266.849650][ T4275] Bluetooth: hci4: command 0x0411 tx timeout [ 266.976061][ T8889] loop3: detected capacity change from 0 to 32768 [ 267.010710][ T8889] (syz.3.1845,8889,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 267.080101][ T8889] (syz.3.1845,8889,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 267.085031][ T7401] usb 1-1: USB disconnect, device number 20 [ 267.211852][ T8889] JBD2: Ignoring recovery information on journal [ 267.386415][ T8889] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 268.085063][ T9] [ 268.087469][ T9] ====================================================== [ 268.094630][ T9] WARNING: possible circular locking dependency detected [ 268.101683][ T9] syzkaller #0 Not tainted [ 268.106208][ T9] ------------------------------------------------------ [ 268.113249][ T9] kworker/u4:0/9 is trying to acquire lock: [ 268.119167][ T9] ffff888076b14990 (jbd2_handle){++++}-{0:0}, at: wait_transaction_locked+0x1a6/0x270 [ 268.128867][ T9] [ 268.128867][ T9] but task is already holding lock: [ 268.136255][ T9] ffff88805675dce8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a4/0x6f0 [ 268.146678][ T9] [ 268.146678][ T9] which lock already depends on the new lock. [ 268.146678][ T9] [ 268.157108][ T9] [ 268.157108][ T9] the existing dependency chain (in reverse order) is: [ 268.166148][ T9] [ 268.166148][ T9] -> #5 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 268.174792][ T9] down_read+0x42/0x2d0 [ 268.179510][ T9] ocfs2_start_trans+0x3a4/0x6f0 [ 268.185008][ T9] ocfs2_mknod+0xf77/0x25b0 [ 268.190152][ T9] ocfs2_create+0x1b6/0x4b0 [ 268.195211][ T9] path_openat+0x1181/0x2ee0 [ 268.200354][ T9] do_filp_open+0x1f1/0x430 [ 268.205416][ T9] do_sys_openat2+0x150/0x4b0 [ 268.210647][ T9] __x64_sys_openat+0x135/0x160 [ 268.216061][ T9] do_syscall_64+0x4c/0xa0 [ 268.221209][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.227663][ T9] [ 268.227663][ T9] -> #4 (sb_internal#5){.+.+}-{0:0}: [ 268.235354][ T9] ocfs2_start_trans+0x2a5/0x6f0 [ 268.240847][ T9] ocfs2_acquire_dquot+0x681/0xb20 [ 268.246509][ T9] dqget+0x778/0xeb0 [ 268.250954][ T9] __dquot_initialize+0x3c3/0xcd0 [ 268.256535][ T9] ocfs2_get_init_inode+0x144/0x1b0 [ 268.262458][ T9] ocfs2_symlink+0xc55/0x2870 [ 268.267684][ T9] vfs_symlink+0x247/0x3d0 [ 268.272650][ T9] do_symlinkat+0x1b6/0x400 [ 268.277702][ T9] __x64_sys_symlink+0x7a/0x90 [ 268.283101][ T9] do_syscall_64+0x4c/0xa0 [ 268.288069][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.294512][ T9] [ 268.294512][ T9] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 268.303420][ T9] down_write+0x36/0x60 [ 268.308143][ T9] ocfs2_create_local_dquot+0x1a5/0x18e0 [ 268.314341][ T9] ocfs2_acquire_dquot+0x7c6/0xb20 [ 268.320103][ T9] dqget+0x778/0xeb0 [ 268.324656][ T9] __dquot_initialize+0x3c3/0xcd0 [ 268.330235][ T9] ocfs2_get_init_inode+0x144/0x1b0 [ 268.336072][ T9] ocfs2_symlink+0xc55/0x2870 [ 268.341307][ T9] vfs_symlink+0x247/0x3d0 [ 268.346287][ T9] do_symlinkat+0x1b6/0x400 [ 268.351351][ T9] __x64_sys_symlink+0x7a/0x90 [ 268.356682][ T9] do_syscall_64+0x4c/0xa0 [ 268.361675][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.368217][ T9] [ 268.368217][ T9] -> #2 (&dquot->dq_lock){+.+.}-{3:3}: [ 268.375990][ T9] __mutex_lock+0x12d/0xaf0 [ 268.381058][ T9] dquot_commit+0x5a/0x410 [ 268.386023][ T9] ext4_write_dquot+0x1f0/0x360 [ 268.391598][ T9] mark_all_dquot_dirty+0xf9/0x400 [ 268.397628][ T9] __dquot_alloc_space+0x5fc/0xe60 [ 268.403327][ T9] ext4_mb_new_blocks+0xf8d/0x4760 [ 268.408991][ T9] ext4_ext_map_blocks+0x195b/0x6810 [ 268.414825][ T9] ext4_map_blocks+0x9de/0x1b70 [ 268.420243][ T9] ext4_getblk+0x1cc/0x6f0 [ 268.425304][ T9] ext4_bread+0x26/0x170 [ 268.430098][ T9] ext4_append+0x2be/0x560 [ 268.435044][ T9] ext4_init_new_dir+0x2b8/0x570 [ 268.440544][ T9] ext4_mkdir+0x4fb/0xce0 [ 268.445431][ T9] vfs_mkdir+0x387/0x570 [ 268.450214][ T9] do_mkdirat+0x1d8/0x440 [ 268.455092][ T9] __x64_sys_mkdirat+0x85/0x90 [ 268.460408][ T9] do_syscall_64+0x4c/0xa0 [ 268.465387][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.471834][ T9] [ 268.471834][ T9] -> #1 (&ei->i_data_sem){++++}-{3:3}: [ 268.479520][ T9] down_write+0x36/0x60 [ 268.484232][ T9] ext4_truncate+0x999/0x1240 [ 268.489519][ T9] ext4_setattr+0x10cb/0x19f0 [ 268.494744][ T9] notify_change+0xc74/0xf40 [ 268.499894][ T9] do_truncate+0x1ac/0x240 [ 268.504866][ T9] do_sys_ftruncate+0x312/0x3c0 [ 268.510357][ T9] do_syscall_64+0x4c/0xa0 [ 268.515329][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.521774][ T9] [ 268.521774][ T9] -> #0 (jbd2_handle){++++}-{0:0}: [ 268.529195][ T9] __lock_acquire+0x2d07/0x7d10 [ 268.534598][ T9] lock_acquire+0x1bb/0x4a0 [ 268.539670][ T9] wait_transaction_locked+0x1bf/0x270 [ 268.545684][ T9] start_this_handle+0x7ec/0x2230 [ 268.551270][ T9] jbd2__journal_start+0x2b7/0x5a0 [ 268.557708][ T9] jbd2_journal_start+0x26/0x30 [ 268.563105][ T9] ocfs2_start_trans+0x3b0/0x6f0 [ 268.568691][ T9] ocfs2_release_dquot+0x47c/0xc70 [ 268.574436][ T9] quota_release_workfn+0x35e/0x610 [ 268.580187][ T9] process_one_work+0x8a2/0x1160 [ 268.585679][ T9] worker_thread+0xaa2/0x1270 [ 268.591083][ T9] kthread+0x29d/0x330 [ 268.595700][ T9] ret_from_fork+0x1f/0x30 [ 268.600678][ T9] [ 268.600678][ T9] other info that might help us debug this: [ 268.600678][ T9] [ 268.610926][ T9] Chain exists of: [ 268.610926][ T9] jbd2_handle --> sb_internal#5 --> &journal->j_trans_barrier [ 268.610926][ T9] [ 268.624615][ T9] Possible unsafe locking scenario: [ 268.624615][ T9] [ 268.632091][ T9] CPU0 CPU1 [ 268.637515][ T9] ---- ---- [ 268.642898][ T9] lock(&journal->j_trans_barrier); [ 268.648219][ T9] lock(sb_internal#5); [ 268.655026][ T9] lock(&journal->j_trans_barrier); [ 268.662945][ T9] lock(jbd2_handle); [ 268.667038][ T9] [ 268.667038][ T9] *** DEADLOCK *** [ 268.667038][ T9] [ 268.675198][ T9] 7 locks held by kworker/u4:0/9: [ 268.680249][ T9] #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 268.691440][ T9] #1: ffffc900000e7d00 ((quota_release_work).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 268.695988][ T8954] loop4: detected capacity change from 0 to 512 [ 268.702173][ T9] #2: ffff88807233e2a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_release_dquot+0x260/0xc70 [ 268.702234][ T9] #3: ffff88805420ed88 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1d7/0x290 [ 268.731477][ T9] #4: ffff88805420ea20 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1fe/0x290 [ 268.742809][ T9] #5: ffff888075182650 (sb_internal#5){.+.+}-{0:0}, at: ocfs2_release_dquot+0x47c/0xc70 [ 268.752666][ T9] #6: ffff88805675dce8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a4/0x6f0 [ 268.763378][ T9] [ 268.763378][ T9] stack backtrace: [ 268.769263][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted syzkaller #0 [ 268.776547][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 268.786615][ T9] Workqueue: events_unbound quota_release_workfn [ 268.792962][ T9] Call Trace: [ 268.796242][ T9] [ 268.799174][ T9] dump_stack_lvl+0x188/0x24e [ 268.803865][ T9] ? load_image+0x400/0x400 [ 268.808375][ T9] ? show_regs_print_info+0x12/0x12 [ 268.813584][ T9] ? print_circular_bug+0x12b/0x1a0 [ 268.818803][ T9] check_noncircular+0x296/0x330 [ 268.823750][ T9] ? add_chain_block+0x940/0x940 [ 268.828696][ T9] ? lockdep_lock+0xf1/0x1f0 [ 268.833382][ T9] ? _find_first_zero_bit+0xcf/0x100 [ 268.838671][ T9] __lock_acquire+0x2d07/0x7d10 [ 268.843542][ T9] ? verify_lock_unused+0x140/0x140 [ 268.848758][ T9] ? mark_lock+0x94/0x320 [ 268.853106][ T9] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 268.859095][ T9] lock_acquire+0x1bb/0x4a0 [ 268.863619][ T9] ? wait_transaction_locked+0x1a6/0x270 [ 268.869264][ T9] ? __lock_acquire+0x7d10/0x7d10 [ 268.874293][ T9] ? ret_from_fork+0x1f/0x30 [ 268.878896][ T9] ? read_lock_is_recursive+0x10/0x10 [ 268.884280][ T9] ? prepare_to_wait_exclusive+0x7e/0x220 [ 268.890013][ T9] ? wait_transaction_locked+0x1a6/0x270 [ 268.895657][ T9] wait_transaction_locked+0x1bf/0x270 [ 268.901117][ T9] ? wait_transaction_locked+0x1a6/0x270 [ 268.906849][ T9] ? jbd2_journal_begin_ordered_truncate+0x150/0x150 [ 268.913523][ T9] ? stack_trace_save+0xa6/0xf0 [ 268.918377][ T9] ? wake_bit_function+0x200/0x200 [ 268.923501][ T9] ? __lock_acquire+0x28c4/0x7d10 [ 268.928618][ T9] start_this_handle+0x7ec/0x2230 [ 268.933736][ T9] ? slab_post_alloc_hook+0x4b/0x480 [ 268.939021][ T9] ? kmem_cache_alloc+0x123/0x2f0 [ 268.944050][ T9] ? jbd2__journal_start+0x13c/0x5a0 [ 268.949346][ T9] ? jbd2__journal_start+0x5a0/0x5a0 [ 268.954662][ T9] ? __kasan_slab_alloc+0x6b/0x80 [ 268.959694][ T9] ? slab_post_alloc_hook+0x67/0x480 [ 268.964978][ T9] ? slab_pre_alloc_hook+0x59/0x310 [ 268.970177][ T9] ? rcu_is_watching+0x11/0xa0 [ 268.974947][ T9] ? kmem_cache_alloc+0x151/0x2f0 [ 268.980143][ T9] ? jbd2__journal_start+0x13c/0x5a0 [ 268.985429][ T9] jbd2__journal_start+0x2b7/0x5a0 [ 268.990545][ T9] jbd2_journal_start+0x26/0x30 [ 268.995417][ T9] ocfs2_start_trans+0x3b0/0x6f0 [ 269.000381][ T9] ? down_write+0x42/0x60 [ 269.004721][ T9] ? ocfs2_recovery_exit+0x50/0x50 [ 269.009838][ T9] ocfs2_release_dquot+0x47c/0xc70 [ 269.014965][ T9] ? ocfs2_acquire_dquot+0xb20/0xb20 [ 269.020283][ T9] ? __lock_acquire+0x7d10/0x7d10 [ 269.025403][ T9] ? do_raw_spin_lock+0x128/0x2f0 [ 269.030432][ T9] ? __rwlock_init+0x140/0x140 [ 269.035197][ T9] ? do_raw_spin_unlock+0x11d/0x230 [ 269.040405][ T9] quota_release_workfn+0x35e/0x610 [ 269.045613][ T9] ? dquot_quota_disable+0x380/0x380 [ 269.051009][ T9] ? _raw_spin_unlock_irq+0x1f/0x40 [ 269.056297][ T9] ? process_one_work+0x7b0/0x1160 [ 269.061415][ T9] process_one_work+0x8a2/0x1160 [ 269.066362][ T9] ? worker_detach_from_pool+0x240/0x240 [ 269.072003][ T9] ? _raw_spin_lock_irq+0xb7/0xf0 [ 269.077028][ T9] ? _raw_spin_lock_irqsave+0x100/0x100 [ 269.082587][ T9] ? kthread_data+0x4b/0xc0 [ 269.087126][ T9] worker_thread+0xaa2/0x1270 [ 269.091819][ T9] kthread+0x29d/0x330 [ 269.095976][ T9] ? worker_clr_flags+0x1a0/0x1a0 [ 269.101096][ T9] ? kthread_blkcg+0xd0/0xd0 [ 269.105689][ T9] ret_from_fork+0x1f/0x30 [ 269.110203][ T9] [ 269.123105][ T8955] loop1: detected capacity change from 0 to 64 [ 269.146430][ T4277] ocfs2: Unmounting device (7,3) on (node local) [ 269.167339][ T8954] EXT4-fs (loop4): 1 truncate cleaned up [ 269.180943][ T8954] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 269.245392][ T8954] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1875: bg 0: block 465: padding at end of block bitmap is not set [ 269.283920][ T4270] EXT4-fs (loop4): unmounting filesystem.