last executing test programs: 4.794242731s ago: executing program 1 (id=2318): r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_G_PRIORITY(r0, 0x80045643, 0x4dd395b241fb0335) 4.562447055s ago: executing program 1 (id=2322): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc4}}, 0x804) 4.2738904s ago: executing program 1 (id=2325): r0 = syz_open_dev$dri(&(0x7f00000001c0), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(r0, 0xc01c64ae, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x10, 0xf}) 4.022818674s ago: executing program 3 (id=2329): syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x1200000, 0x0, 0x0, 0x0, 0x0) mount$9p_tcp(&(0x7f0000000280), &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x800002, &(0x7f00000005c0)={'trans=tcp,', {'port', 0x3d, 0x4e23}}) 3.949641965s ago: executing program 1 (id=2330): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f00000008c0)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030303031302c6e6c733d69736f383835392d332c747970653d78fa42012c666f7263652c6769643d", @ANYRESHEX=0x0, @ANYBLOB="00000000f5", @ANYRESHEX=0x0, @ANYBLOB=',\x00'], 0x3, 0x6ae, &(0x7f0000000e40)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBqNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmEyAYoSJw4oR44FKFw6AkhhFQOCFHOSEhcOOUeiRuHHABXM7O7Xtsbx25ir9t+PtJ43ts3773f/DJ/dsexNsBn1rnXsr+XIueOn79Z1u/d7XTv3e1cG5STTCVpJM16laKdFB8mZ1Mv+Xz5Yn+44mHzvHL/g6L57vudutbsL9X2jc36bTB2y15yYFjZl2SmLv53y8NuGK9aqnEuro73cFObNRbDuMuEHRskDiZtZYPeamPjkd23ft4Ce9bt+r65wXRyMPXdtbrF9a8Oj74yTN6m16be7sUBAAAAO2XsZ/lRTz3Ig9zMod0JBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4divo7A4v+0hiUZ1IMvv+/NfKd+q0Jh/uY3rlcrb771KQDAQAAAAAAAIDH8sKDPMjNHBrUV4rqd/4vVpXD1c/P5a3cyEKWciI3M5/lLGcpc0mmRwZq3ZxfXl6a29jzlyl7rqys3O73PDW256m1cfXWBzrufxps2AgAAAAAAAAAPrN+lHOrv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC9oEj21atqOTwoT6fRTHIgSauYGW7emmiwT8BfJh0AAAAA7Lx2f32o+H9dWCmqz/xHqs/9B/JWrmc5i1lONwu5VD0LqD/1N/7R63Tv3e1cK5eNA3/j39uKoxox9bOH8TPPVls8N+xxLt/O93I8M7mQpSzm+5nPchYyk29VpfkUme4/vZi+d7edQawb4z27pnZhfWwvjJTL+I5WkbRzOYtVbCdysTUIvdHf7ujIbH9sJetmvFNmp3i1b4s5utRfl3v0i/56b5iu9nz/MCOz/dyX2Xh6NO8bc7/N42T9THNpDJ9BHV6dpayun+lj5fxgf13m+qc7m/NtPkpbm4nez8va4Og7snnOky//868XrjSuX71y+cbxvXMYfUzrj4nOSCae31ImumUmeo+RiQOPE/+T0+pno76Kbu9q+WLV91AW8528kUtZyOnMZi5nMpuv5VQ6OTWS1+c2z2t1rjW2d64d+1K/UN6TfjZyb9o1Uw9rKPP69EheR69001Xb6CurWXpmC1kqWhmfpX+NDaX5hX6hnOPHI3ecyVufibmRTDy7eSZ+/b+VJDe6168uXZl/c5M5bv354EuD8qBQnrbvrL02/+ZJ7tc29He3PF6eKf+xUt82Ro+Osu3ZQVudr6KZ1X6Hh21r73OtVqrzuW571JlajnTkzriR6rbnx87SqdqOjrSteZeTN9IdvgsBYA87+PLBVvt+++/t99o/aV9pnz/wzakzU19sZf/fmn/a97vGbxtfL17Oe/lhDk06UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS48fatq/Pd7sLSHiyk8YQHvDO2aZCK+pXW3tj3T2pharMj6vdJNunemkTM7SR7InVp7sJcUxnTdH74SjtpDONJcnWPfMEdsBNOLl978+SNt299ZfHa/OsLry9cP3Xm9KunO1+du33y8mJ3Ybb+OekogZ2w+jZg0pEAAAAAAAAAAAAAW7Ubf94wZtqiN4F9BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6Zzr2W/b0UmZs9MVvW793tdMtlUF7dspmkkaT4QVJ8mJxNvWR6ZLjiYfO8cv+DX7307vud1bGag+0b6/r94T8rK9vci15/yUySff31o01tabyLI+P1thlYrRjuYZmwY4PEwaR9FAAA///howfX") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x10b091, 0x0) 3.893441726s ago: executing program 4 (id=2332): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x140, 0x258, 0x1e0, 0x300, 0x32, 0x1, 0x10, 0x1000000, {}, {}, {}, {0x0, 0x0, 0x8000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x200}) 3.714347749s ago: executing program 3 (id=2333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000072009fb300000000fedbdf2507000000", @ANYRES32, @ANYBLOB='\b'], 0x20}}, 0x0) 3.550033872s ago: executing program 4 (id=2334): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newtaction={0x68, 0x30, 0x1, 0x3, 0xfffffffd, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x8, 0x6, 0x10000000, 0xc, 0x82e}}]}, {0x4}, {0xc}, {0xc, 0x9}}}]}]}, 0x68}}, 0x0) 3.528753152s ago: executing program 1 (id=2335): r0 = syz_open_dev$video(&(0x7f0000000000), 0x800000003, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f00000000c0)={0x9, 0x101, 0x2, {0x400, 0x6, 0xff, 0xfffffffb}}) 3.369326435s ago: executing program 3 (id=2336): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000001180)={0x0, 0x5, 0x5}) 3.316251906s ago: executing program 4 (id=2337): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_cred(r0, 0x1, 0x2f, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0xc) 3.02343109s ago: executing program 1 (id=2340): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@local, @remote, @mcast2, 0x3, 0x40, 0x3, 0x100, 0x5}) 2.683775496s ago: executing program 32 (id=2340): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@local, @remote, @mcast2, 0x3, 0x40, 0x3, 0x100, 0x5}) 2.655469566s ago: executing program 3 (id=2344): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000800)=ANY=[@ANYBLOB="6c6f63616c616c6c6f633d30303030303030303030303030303030303030372c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c696e74722c6c6f63616c666c6f636b732c6e6f61636c2c00107a6454ac6d88e54de732b24ecc7667da3e4e28c0cb7897df7817a22ee4fead70c35039a6b93b04922939992f22f325fb9fc3292d654b85bb7ed77740990e96aa01427cad8bcac10a61a05660b7772639721cedf36f9cfc00a81fb0f9b5"], 0x1, 0x4437, &(0x7f00000088c0)="$eJzs3c9vVNUeAPBzb8uj8IDX8ljwkpe8SR6JRk3TslJLYimF0kLFoBDjZpi2A1SnHdJOjQsWdUfiysSFcUE0cdcV6cIt/gluXOKaRBduTEyINTNzp+29nUnH0mkFPp9Fb+/53fnee+65JMOJE5Xbs4u52cVcYT5Xnr65eDr3cbm0NFcM8R5p2v+Bveuf9nTiOtnva+9FduXchXevnw7h+5kfH6+tra2Fqu7Q1OCm33/79e705mNDnKlTbbd5a7vlgxDCiS3jquoKIbz/XQhRCOFskjaSHA+FEI6Get71u5/dyPXszmgePCqeyT+ZvLc6dGpi5f5q6789CuGr0n9euzX38/+7hn56ZXd6BwAAAAAAAAAAAAAAAADgWTd29cq1dwYGw8ModK9EW7+vO5Yccy3qr+2a/3X+jwUAAAAAAAAAAAAAAAAAAIC/qY3v/+ei402+/z+aHIdb1F97q41ODj39OOmM8bevjJ4fGEz2f4+25L+eJP1ytiv0Ndn3Pbv/+9lM/eb7v2/tZ6ca42v02xuiuD91Hsf9/SF8k2z8fjI6HJfKi5VXb5aX5md2bRjPrHT867v3p6KTbOjfbvxHMu13fv//f2+5mqrnN3bvEnuupePf1bLct59GbcX/XKbeXsSfnUvHv7uWlnpcD9cngGr8P+/ePv6jmfY7Ff9jIYRcVB1rLjUDVNcw1fRW6xXS0vE/UEtLTZ3JB9nq/v89E//zmfb3a/5fzj6IaCod/3/U0npSJTbu/754+/v/Qqb9/Yh/dfzLnv9tScf/YD2xO1Wk9km2O/+PZdpvGv/o6V8ArsXJOI9FqStgJaqnt/r/6khLx79nS/7G+1/c1vrvYqb+Xr3/NfptvP81pv+Xo/r7H82l49/6H2ravf/HM/U6Pf8P19Z/O9b6hecF0Wz+T6+de2s/243/RKb9TsW/tirpacR/Yz7542A9/Wvrv7ak4//PemK8ucRy7Wdt/Rdtv/6/lGl/P9Z/1fEvx53t9XmRjv+RluWq8f+hjef/5Uy9zsc/hAFr/R1Lx/9oy3K1+79n+/hPZup1Ov4vdbJxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGfASHLsDVHcnzqP4/7+EM4l5yfD4WiqMJOfKpWnP1oMYTRJz4Xj0a1SeapQys/Ol2eK+UKpVJ4O4XySfyL0RIulciU/V7hzYb2tQ9HtYmGhMlUsVEIIY0n6f8PRRltTs5W5wp0QwsX1vH/F5YU7twvz+ZnZhTcHBgYGwvj6GPqi4ieV4nyl3ns9N4SJ9bq90abB1bIvrY/lSPRheWlhvlCqpV/eVKdUni6UNtWZTPK+CH1RZWFpfrpQKeZL5VuN/vbTcHIcHb/63tXLg1vyb0T148jeDgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv+jh0BtfhhC662dxCGG48UvUrPyDR8Uz+SeT91aHTk2s3F993KocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7IDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXTpGaSCIwgD8ZizUzmNYLbud7YoiWrgieAI9hofRo3gJ75AiRdoUIZDMQtjswjZJ9X3Ng/mZeQ/mAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzz9N59vNVNRIqrzWXE39f/4jB/KfXnfvz+xRlm5HSeX7uHx7op/56O8rtytGzzLl2vvj9jpPZ+B3sy3Ke9vs/15FxT+zY1X9/3JlKuIqIt+W3KuarmvQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABs2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3jqJvAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBfAQAA//9VMh8j") open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB=' '], 0x0) 2.655385736s ago: executing program 4 (id=2345): r0 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000fcb000)=0x2, 0x4) 2.273620093s ago: executing program 4 (id=2347): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000600), 0x8182, 0x0) ioctl$SNDCTL_SEQ_RESETSAMPLES(r0, 0x40045109, 0x0) 1.955476098s ago: executing program 4 (id=2349): r0 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[@ANYBLOB="12011001000000202505a8a440000102030109021b000101ff20cd090400fd440701013d09050102"], 0x0) syz_usb_ep_read(r0, 0x1, 0x0, 0x0) 1.370902277s ago: executing program 2 (id=2352): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000500)=[@in={0x2, 0x4e22, @rand_addr=0x64010101}, @in6={0xa, 0x4e21, 0x9, @mcast1, 0x6}, @in6={0xa, 0x4e20, 0x1, @empty, 0x959}, @in={0x2, 0x4e20, @private=0xa010101}, @in={0x2, 0x4e21, @remote}], 0x12) 1.305211199s ago: executing program 2 (id=2353): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0xc990, 0x3, 0x0, 0x0, 0xc07}}, 0x11c) 1.143059041s ago: executing program 2 (id=2354): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0a00fe1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b4090a79507df79f298129da487130d5f24b46001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad379e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488a010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a18159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7962b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac2bba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f407000000000000006d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab669ab377e4c2422a47e9ffe2d4a2d32f7528751313694bf57704400b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6940b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d30902208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c8000000000000003a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f000000000facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f296115d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc05000000000000006c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a4619a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806b90cc39c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d3133319e069f9648a2ff93060ff073b3a113e47e447c030931651dd315003b7a6a47c912853826c4c65433a2bb560ae99ec4b227eda2e63a1cb1a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e5f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec90f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754c68b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8adbd2c2604eab3a62a28611da1dae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412cbbdebae06edb51a134301d2627d4927287daf9dcae6720334862d3a18094f1edd9e350337cbb804004d1755cfe7d7fa01872fb99815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2b63a6038ab5546ba1e5ad6a329f2c627100e0442f865fc6c179ad3edcb6b000000000000000b0000000000000000ac192d48d76e2a8cae83ae850f73fdfbaca81b6b7b1a0d7b517f41fbd46aa24b0f4b8e0202e3a580947f1925ba4de097e8dcb6bd7f686322b45d4a544ca1e83b592d4a6d46d0a0dc39634550bc77d4cabba01b283082e66778de7c61a1a36838d36c2f8e58cef603770ee3d6a9625be0bc21d2be2da69ac9e9c5e88278d39239501b465102ad16d651ea8bb8cee35527c1ad42ac6a565e449929ccb4469bdd6824b64e13579b7188566e735200000000000000000094e05bcda1e96e4c33ccf6d74046e45bafe9d512c43a3e485dedad9a38b34f7fcd00fafcc25dc36716f0e21e0632425b7a1c1a6bc15c3fc07d914c88103411d8d2b77b72a796fd3aaa7ea493c7bc43e63b2b0d05ad5682121682096b224933fa20255d58a680cc2ec200"/3002], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x39) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000540)="d2b7010000001f91cdfa02e0864c", 0x0, 0xd5b4, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.095310702s ago: executing program 0 (id=2355): mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x31, 0xffffffffffffffff, 0x0) capset(&(0x7f0000002ffa)={0x20080522, 0xffffffffffffffff}, 0x0) 833.165196ms ago: executing program 3 (id=2356): r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002380)="1b0000001a007f029e741683c28f7b331d00"/27, 0x1b}], 0x1}, 0x0) 826.354186ms ago: executing program 0 (id=2357): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00'}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 687.910909ms ago: executing program 0 (id=2358): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) setsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, 0x0) 494.606212ms ago: executing program 2 (id=2359): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x5, &(0x7f00000006c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="5becbc0e0d7cca6073a4f11d1b00", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 490.501882ms ago: executing program 0 (id=2360): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000400)={'wlan1\x00', @random="020000000100"}) 331.181195ms ago: executing program 2 (id=2361): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0) 218.806156ms ago: executing program 0 (id=2362): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000200)={0x1, 0x2, 0x1}) 166.861807ms ago: executing program 2 (id=2363): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x41480}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x0) 151.654468ms ago: executing program 3 (id=2364): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="2c000000140021010000e0ffffff000023000000", @ANYRES32=0x0, @ANYBLOB="140002"], 0x2c}}, 0x0) 0s ago: executing program 0 (id=2365): r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000040)=@get={0x1, 0x0, 0xf40}) kernel console output (not intermixed with test programs): op2): dbUpdatePMap: blocks are outside the map [ 105.413499][ T5084] [ 105.625865][ T107] blkno = 8ed2c, nblocks = 4 [ 105.630517][ T107] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 105.630517][ T107] [ 105.670133][ T4249] syz-executor: attempt to access beyond end of device [ 105.670133][ T4249] loop2: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 105.705858][ T5129] loop3: detected capacity change from 0 to 64 [ 105.715429][ T5125] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 105.735449][ T4249] metapage_write_end_io: I/O error [ 105.740949][ T4249] JFS: metapage_get_blocks failed [ 105.782663][ T4249] JFS: metapage_get_blocks failed [ 105.786861][ T4240] usb 1-1: USB disconnect, device number 4 [ 105.794600][ T4249] JFS: metapage_get_blocks failed [ 105.820417][ T4249] JFS: metapage_get_blocks failed [ 106.042034][ T5139] ERROR: device name not specified. [ 106.280722][ T5143] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 106.525807][ T5156] loop3: detected capacity change from 0 to 256 [ 106.574400][ T5156] FAT-fs (loop3): Directory bread(block 1285) failed [ 106.595305][ T5156] FAT-fs (loop3): Directory bread(block 1286) failed [ 106.615096][ T5156] FAT-fs (loop3): Directory bread(block 1287) failed [ 106.632216][ T5156] FAT-fs (loop3): Directory bread(block 1288) failed [ 106.662688][ T5156] FAT-fs (loop3): Directory bread(block 1289) failed [ 106.709850][ T5156] FAT-fs (loop3): Directory bread(block 1290) failed [ 106.740521][ T5156] FAT-fs (loop3): Directory bread(block 1291) failed [ 106.786851][ T5156] FAT-fs (loop3): Directory bread(block 1292) failed [ 106.799096][ T5156] FAT-fs (loop3): Directory bread(block 1293) failed [ 106.826272][ T5156] FAT-fs (loop3): Directory bread(block 1294) failed [ 106.891049][ T5166] loop1: detected capacity change from 0 to 1024 [ 106.945986][ T5166] EXT4-fs: Ignoring removed orlov option [ 106.979531][ T5166] EXT4-fs (loop1): Test dummy encryption mode enabled [ 107.058256][ T5168] loop4: detected capacity change from 0 to 2048 [ 107.078287][ T5166] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 107.164278][ T5168] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 107.391803][ T5178] loop2: detected capacity change from 0 to 64 [ 107.488741][ T4256] EXT4-fs (loop1): unmounting filesystem. [ 108.100231][ T5198] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 109.124819][ T5227] loop1: detected capacity change from 0 to 4096 [ 109.169778][ T5236] netlink: 'syz.0.380': attribute type 7 has an invalid length. [ 109.219588][ T5236] netlink: 'syz.0.380': attribute type 5 has an invalid length. [ 109.232805][ T5227] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 109.298269][ T5236] netlink: 17 bytes leftover after parsing attributes in process `syz.0.380'. [ 109.536495][ T4256] EXT4-fs (loop1): unmounting filesystem. [ 109.965701][ T5265] netlink: 24 bytes leftover after parsing attributes in process `syz.3.391'. [ 110.386103][ T5281] tc_dump_action: action bad kind [ 110.913740][ T5279] loop4: detected capacity change from 0 to 4096 [ 111.023400][ T5279] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 111.905354][ T5334] tmpfs: Bad value for 'mpol' [ 112.519068][ T5360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.426'. [ 112.642856][ T5365] netlink: 'syz.0.430': attribute type 12 has an invalid length. [ 112.912224][ T5367] loop3: detected capacity change from 0 to 4096 [ 113.168046][ T5367] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 113.325403][ T5367] ntfs3: loop3: failed to convert "c46c" to macturkish [ 113.745182][ T5402] loop1: detected capacity change from 0 to 2048 [ 113.764338][ T5402] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 113.844524][ T5409] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 113.919691][ T5411] netlink: 16 bytes leftover after parsing attributes in process `syz.2.443'. [ 114.155802][ T5419] netlink: 'syz.4.447': attribute type 21 has an invalid length. [ 114.644570][ T5439] netlink: 'syz.2.458': attribute type 10 has an invalid length. [ 114.683096][ T5439] netlink: 40 bytes leftover after parsing attributes in process `syz.2.458'. [ 114.717562][ T5439] netlink: 'syz.2.458': attribute type 10 has an invalid length. [ 114.755600][ T5439] netlink: 40 bytes leftover after parsing attributes in process `syz.2.458'. [ 114.915923][ T5447] loop4: detected capacity change from 0 to 256 [ 114.947983][ T5447] exfat: Deprecated parameter 'utf8' [ 114.953368][ T5447] exfat: Deprecated parameter 'namecase' [ 114.995100][ T5447] exfat: Deprecated parameter 'namecase' [ 115.001167][ T5447] exfat: Deprecated parameter 'utf8' [ 115.038240][ T5451] netlink: 'syz.2.463': attribute type 1 has an invalid length. [ 115.058050][ T5447] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 115.352085][ T5459] netlink: 'syz.2.468': attribute type 13 has an invalid length. [ 115.567848][ T5433] loop0: detected capacity change from 0 to 32768 [ 115.788788][ T5433] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 115.916545][ T4250] (syz-executor,4250,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 115.966269][ T4250] ocfs2: Unmounting device (7,0) on (node local) [ 115.993269][ T5483] netlink: 'syz.3.479': attribute type 8 has an invalid length. [ 116.190973][ T5487] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 116.593814][ T5503] loop3: detected capacity change from 0 to 1024 [ 116.640604][ T5503] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 116.690808][ T5503] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 116.871886][ T5501] loop4: detected capacity change from 0 to 4096 [ 116.969123][ T5501] ntfs: volume version 3.1. [ 116.988581][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 117.514656][ T27] audit: type=1326 audit(2000000031.797:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 117.578645][ T27] audit: type=1326 audit(2000000031.827:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 117.642982][ T27] audit: type=1326 audit(2000000031.827:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 117.675900][ T27] audit: type=1326 audit(2000000031.827:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 117.781333][ T5535] loop2: detected capacity change from 0 to 4096 [ 117.831095][ T5545] netlink: 'syz.4.508': attribute type 8 has an invalid length. [ 117.860786][ T5535] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 117.966013][ T5535] ntfs: (device loop2): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 118.016792][ T5535] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 118.044842][ T5535] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 118.115330][ T5535] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 118.190244][ T5535] ntfs: volume version 3.1. [ 118.279032][ T5535] overlayfs: upper fs is r/o, try multi-lower layers mount [ 118.816920][ T5575] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 5575 comm: syz.2.524) [ 119.270840][ T5596] loop4: detected capacity change from 0 to 256 [ 119.321989][ T5596] exfat: Deprecated parameter 'utf8' [ 119.330467][ T5596] exfat: Deprecated parameter 'namecase' [ 119.330497][ T5596] exfat: Deprecated parameter 'utf8' [ 119.339194][ T5596] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 119.603840][ T5605] usb usb8: usbfs: process 5605 (syz.1.539) did not claim interface 0 before use [ 119.753344][ T5611] loop3: detected capacity change from 0 to 2048 [ 119.814262][ T5611] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 119.823378][ T27] audit: type=1326 audit(2000000034.107:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5612 comm="syz.0.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 119.845554][ C1] vkms_vblank_simulate: vblank timer overrun [ 120.342402][ T5633] loop0: detected capacity change from 0 to 512 [ 120.395699][ T5633] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 120.514147][ T5633] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 120.523488][ T5633] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.732171][ T4250] EXT4-fs (loop0): unmounting filesystem. [ 121.371867][ T5627] loop3: detected capacity change from 0 to 32768 [ 121.431063][ T5665] ip6t_REJECT: ECHOREPLY is not supported [ 121.479989][ T5627] XFS (loop3): Mounting V5 Filesystem [ 121.520346][ T5636] loop4: detected capacity change from 0 to 32768 [ 121.535481][ T5636] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.554 (5636) [ 121.594866][ T5675] netlink: 'syz.1.569': attribute type 5 has an invalid length. [ 121.597327][ T5636] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 121.602699][ T5675] netlink: 176 bytes leftover after parsing attributes in process `syz.1.569'. [ 121.655171][ T5636] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 121.686953][ T5636] BTRFS info (device loop4): turning on sync discard [ 121.695444][ T5636] BTRFS info (device loop4): using free space tree [ 121.715348][ T5627] XFS (loop3): Ending clean mount [ 121.882218][ T4251] XFS (loop3): Unmounting Filesystem [ 121.945286][ T5636] BTRFS info (device loop4): enabling ssd optimizations [ 122.300763][ T4258] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 122.442747][ T5709] netlink: 'syz.0.578': attribute type 5 has an invalid length. [ 122.857027][ T5730] loop1: detected capacity change from 0 to 512 [ 122.864093][ T5730] EXT4-fs: Ignoring removed orlov option [ 122.946292][ T5730] EXT4-fs (loop1): orphan cleanup on readonly fs [ 122.957451][ T5730] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 123.005901][ T5730] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 123.065014][ T5730] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.581: Corrupt directory, running e2fsck is recommended [ 123.129317][ T5738] netlink: 76 bytes leftover after parsing attributes in process `syz.2.585'. [ 123.164987][ T5730] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 123.175358][ T5738] netlink: 76 bytes leftover after parsing attributes in process `syz.2.585'. [ 123.196007][ T5730] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2186: inode #15: comm syz.1.581: corrupted in-inode xattr [ 123.257464][ T5730] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.581: couldn't read orphan inode 15 (err -117) [ 123.278486][ T5740] loop0: detected capacity change from 0 to 4096 [ 123.289850][ T5730] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 123.307685][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 123.325174][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 123.343680][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 123.355182][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 123.363086][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc1c00 [ 123.419766][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc2c00 [ 123.438260][ T5730] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 123.448165][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc4c00 [ 123.485337][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffc8c00 [ 123.493734][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffd0c00 [ 123.502590][ T5730] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 123.530027][ T4296] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 123.535446][ T5740] ntfs3: loop0: try to read out of volume at offset 0x3fffffe0c00 [ 123.619179][ T4256] EXT4-fs (loop1): unmounting filesystem. [ 123.719594][ T4296] usb 4-1: config 0 has an invalid descriptor of length 100, skipping remainder of the config [ 123.777015][ T4296] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 97, changing to 10 [ 123.803684][ T4296] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 24677, setting to 1024 [ 123.831812][ T4296] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 123.857197][ T4296] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 123.883361][ T4296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.900366][ T4296] usb 4-1: config 0 descriptor?? [ 124.085709][ T5762] loop2: detected capacity change from 0 to 8192 [ 124.135891][ T5762] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 124.166717][ T4296] ath6kl: Failed to submit usb control message: -71 [ 124.188839][ T4296] ath6kl: unable to send the bmi data to the device: -71 [ 124.196447][ T4296] ath6kl: Unable to send get target info: -71 [ 124.204255][ T4296] ath6kl: Failed to init ath6kl core: -71 [ 124.212074][ T5762] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 124.240346][ T4296] ath6kl_usb: probe of 4-1:0.0 failed with error -71 [ 124.253783][ T4296] usb 4-1: USB disconnect, device number 3 [ 124.280577][ T5762] REISERFS (device loop2): using ordered data mode [ 124.287427][ T5762] reiserfs: using flush barriers [ 124.295672][ T5762] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 124.312851][ T5762] REISERFS (device loop2): checking transaction log (loop2) [ 124.329158][ T5762] REISERFS (device loop2): Using r5 hash to sort names [ 124.379175][ T5762] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "01777777777777777777777<LqQ·χ [ 124.379175][ T5762] OQ6b" [ 124.520831][ T5768] loop0: detected capacity change from 0 to 8192 [ 124.549019][ T5768] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 124.568714][ T5768] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 124.579121][ T5768] REISERFS (device loop0): using journaled data mode [ 124.586150][ T5768] reiserfs: using flush barriers [ 124.611614][ T5768] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 124.635650][ T5768] REISERFS (device loop0): checking transaction log (loop0) [ 124.654465][ T5778] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 124.658391][ T5768] REISERFS (device loop0): Using r5 hash to sort names [ 124.726859][ T5768] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 124.775535][ T5768] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 124.943404][ T5786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.606'. [ 124.988928][ T5786] device netdevsim0 entered promiscuous mode [ 125.044107][ T5788] loop3: detected capacity change from 0 to 2048 [ 125.160631][ T5788] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 125.242190][ T5788] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 125.304400][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 125.919664][ T5824] loop3: detected capacity change from 0 to 512 [ 125.945781][ T5824] EXT4-fs: Ignoring removed orlov option [ 125.987710][ T5824] EXT4-fs (loop3): orphan cleanup on readonly fs [ 126.044793][ T5831] loop0: detected capacity change from 0 to 256 [ 126.052281][ T5824] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 126.064455][ T5824] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 126.074684][ T5824] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.623: Corrupt directory, running e2fsck is recommended [ 126.090630][ T5831] exfat: Deprecated parameter 'utf8' [ 126.106361][ T5831] exfat: Deprecated parameter 'namecase' [ 126.112546][ T5831] exfat: Deprecated parameter 'utf8' [ 126.133185][ T5824] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 126.141752][ T5824] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2186: inode #15: comm syz.3.623: corrupted in-inode xattr [ 126.164219][ T5824] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.623: couldn't read orphan inode 15 (err -117) [ 126.180149][ T5831] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 126.183985][ T5833] netlink: 300 bytes leftover after parsing attributes in process `syz.4.627'. [ 126.201942][ T5824] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 126.328526][ T5837] loop1: detected capacity change from 0 to 2048 [ 126.365478][ T5824] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 126.393528][ T5824] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 126.437188][ T5837] loop1: p1 < > p3 p4 < > [ 126.445723][ T5837] loop1: p3 start 4284289 is beyond EOD, truncated [ 126.558593][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 126.800371][ T4241] udevd[4241]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 126.889782][ T5855] loop4: detected capacity change from 0 to 256 [ 127.016149][ T5855] FAT-fs (loop4): Directory bread(block 64) failed [ 127.039078][ T5855] FAT-fs (loop4): Directory bread(block 65) failed [ 127.069900][ T5860] loop2: detected capacity change from 0 to 1024 [ 127.077226][ T5855] FAT-fs (loop4): Directory bread(block 66) failed [ 127.095475][ T5855] FAT-fs (loop4): Directory bread(block 67) failed [ 127.102140][ T5855] FAT-fs (loop4): Directory bread(block 68) failed [ 127.143735][ T5855] FAT-fs (loop4): Directory bread(block 69) failed [ 127.172746][ T5855] FAT-fs (loop4): Directory bread(block 70) failed [ 127.225161][ T5855] FAT-fs (loop4): Directory bread(block 71) failed [ 127.249836][ T5860] syz.2.640: attempt to access beyond end of device [ 127.249836][ T5860] loop2: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 127.267933][ T5855] FAT-fs (loop4): Directory bread(block 72) failed [ 127.274508][ T5855] FAT-fs (loop4): Directory bread(block 73) failed [ 128.152834][ T5895] loop3: detected capacity change from 0 to 1024 [ 128.217037][ T5895] syz.3.657: attempt to access beyond end of device [ 128.217037][ T5895] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 128.416769][ T5903] Error parsing options; rc = [-22] [ 128.857873][ T5884] loop4: detected capacity change from 0 to 32768 [ 129.098243][ T5915] loop3: detected capacity change from 0 to 4096 [ 129.116181][ T5897] loop0: detected capacity change from 0 to 32768 [ 129.207518][ T5897] JBD2: Ignoring recovery information on journal [ 129.416442][ T5897] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 129.592600][ T5897] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #1792 has bad signature [ 129.642003][ T5897] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 129.680397][ T5897] OCFS2: File system is now read-only. [ 129.702448][ T5897] (syz.0.658,5897,1):ocfs2_search_chain:1785 ERROR: status = -30 [ 129.704587][ T5934] loop2: detected capacity change from 0 to 512 [ 129.734412][ T5897] (syz.0.658,5897,1):ocfs2_search_chain:1871 ERROR: status = -30 [ 129.785178][ T5937] loop3: detected capacity change from 0 to 8 [ 129.799191][ T5897] (syz.0.658,5897,0):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30 [ 129.838781][ T5897] (syz.0.658,5897,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30 [ 129.851298][ T5934] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 129.855244][ T5897] (syz.0.658,5897,1):ocfs2_claim_new_inode:2216 ERROR: status = -30 [ 129.862993][ T5934] ext4 filesystem being mounted at /140/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.885194][ T5897] (syz.0.658,5897,0):ocfs2_claim_new_inode:2231 ERROR: status = -30 [ 129.893402][ T5897] (syz.0.658,5897,0):ocfs2_mknod_locked:639 ERROR: status = -30 [ 129.901926][ T5897] (syz.0.658,5897,0):ocfs2_mknod:385 ERROR: status = -30 [ 129.910311][ T5897] (syz.0.658,5897,0):ocfs2_mknod:502 ERROR: status = -30 [ 129.917899][ T5897] (syz.0.658,5897,0):ocfs2_create:676 ERROR: status = -30 [ 129.976055][ T5934] EXT4-fs warning (device loop2): ext4_empty_dir:3156: inode #12: comm syz.2.676: directory missing '..' [ 129.989202][ T5937] SQUASHFS error: Failed to read block 0x738: -5 [ 130.002044][ T4250] ocfs2: Unmounting device (7,0) on (node local) [ 130.015213][ T5937] SQUASHFS error: Unable to read metadata cache entry [736] [ 130.143943][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 130.543807][ T5958] netlink: 60 bytes leftover after parsing attributes in process `syz.0.680'. [ 131.061676][ T5982] loop3: detected capacity change from 0 to 64 [ 131.093525][ T5983] netlink: 40 bytes leftover after parsing attributes in process `syz.2.698'. [ 131.215883][ T5985] loop0: detected capacity change from 0 to 256 [ 131.246577][ T5985] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 131.433861][ T5991] Cannot find add_set index 0 as target [ 131.713224][ T6003] netlink: 24 bytes leftover after parsing attributes in process `syz.1.709'. [ 131.791185][ T6008] xt_connbytes: Forcing CT accounting to be enabled [ 131.858792][ T6008] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 131.956160][ T6008] xt_bpf: check failed: parse error [ 132.033137][ T6013] team0: Port device team_slave_0 removed [ 132.086457][ T6013] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 132.238295][ T6023] netlink: 12 bytes leftover after parsing attributes in process `syz.0.718'. [ 132.494580][ T6033] tmpfs: Bad value for 'nr_inodes' [ 132.731122][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.737557][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.925061][ T14] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 133.122975][ T14] usb 2-1: config 0 has an invalid interface number: 69 but max is 0 [ 133.142570][ T14] usb 2-1: config 0 has no interface number 0 [ 133.165113][ T14] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 133.214985][ T14] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 133.231954][ T6063] syz.3.748 (6063): drop_caches: 0 [ 133.273258][ T14] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 133.292673][ T14] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.310933][ T6065] loop0: detected capacity change from 0 to 8 [ 133.317937][ T14] usb 2-1: Product: syz [ 133.337617][ T14] usb 2-1: Manufacturer: syz [ 133.342269][ T14] usb 2-1: SerialNumber: syz [ 133.379016][ T14] usb 2-1: config 0 descriptor?? [ 133.396109][ T6039] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 133.429013][ T6065] SQUASHFS error: Failed to read block 0x738: -5 [ 133.445293][ T14] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 133.455180][ T6065] SQUASHFS error: Unable to read metadata cache entry [736] [ 133.478884][ T14] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 133.875421][ T5728] usb 2-1: USB disconnect, device number 2 [ 133.902500][ T5728] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 133.967984][ T5728] cyberjack 2-1:0.69: device disconnected [ 134.043665][ T6087] loop0: detected capacity change from 0 to 128 [ 134.283142][ T6091] loop3: detected capacity change from 0 to 8 [ 134.429079][ T6096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'. [ 134.784270][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 134.784287][ T27] audit: type=1326 audit(2000000049.067:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6106 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 134.949763][ T27] audit: type=1326 audit(2000000049.077:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6106 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 135.039399][ T27] audit: type=1326 audit(2000000049.077:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6106 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 135.101060][ T27] audit: type=1326 audit(2000000049.077:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6106 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 135.631877][ T6102] loop1: detected capacity change from 0 to 32768 [ 135.737097][ T6097] loop4: detected capacity change from 0 to 40427 [ 135.804347][ T6097] F2FS-fs (loop4): invalid crc value [ 135.856334][ T6097] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10240907051000858085) [ 136.141418][ T6097] F2FS-fs (loop4): sanity_check_inode: inode (ino=3, mode=16877) should not have inline_data, run fsck to fix [ 136.213349][ T6097] F2FS-fs (loop4): Failed to read root inode [ 136.386290][ T6119] loop2: detected capacity change from 0 to 32768 [ 136.420727][ T6119] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.767 (6119) [ 136.475079][ T6119] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 136.513818][ T6119] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 136.559463][ T6119] BTRFS info (device loop2): force clearing of disk cache [ 136.598135][ T6119] BTRFS info (device loop2): force zlib compression, level 3 [ 136.640154][ T6119] BTRFS info (device loop2): enabling auto defrag [ 136.665243][ T6119] BTRFS info (device loop2): max_inline at 0 [ 136.698175][ T6119] BTRFS info (device loop2): using free space tree [ 136.908337][ T6168] netlink: 8 bytes leftover after parsing attributes in process `syz.0.785'. [ 137.070447][ T6119] BTRFS info (device loop2): enabling ssd optimizations [ 137.093176][ T6179] loop0: detected capacity change from 0 to 64 [ 137.134140][ T6119] BTRFS info (device loop2): rebuilding free space tree [ 137.178100][ T6179] syz.0.787: attempt to access beyond end of device [ 137.178100][ T6179] loop0: rw=0, sector=65534, nr_sectors = 2 limit=64 [ 137.244670][ T6179] Buffer I/O error on dev loop0, logical block 32767, async page read [ 137.888539][ T4249] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 137.939454][ T6153] loop3: detected capacity change from 0 to 40427 [ 138.064659][ T6153] F2FS-fs (loop3): Found nat_bits in checkpoint [ 138.293811][ T6153] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2 [ 138.323507][ T6204] netlink: 96 bytes leftover after parsing attributes in process `syz.2.795'. [ 138.331296][ T6153] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 138.465333][ T6201] loop0: detected capacity change from 0 to 4096 [ 138.540821][ T6201] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 138.554600][ T6183] loop4: detected capacity change from 0 to 32768 [ 138.693572][ T6210] netlink: 156 bytes leftover after parsing attributes in process `syz.1.800'. [ 139.281744][ T6222] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 139.321410][ T6222] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 139.370705][ T6222] overlayfs: missing 'lowerdir' [ 139.676607][ T5724] kernel write not supported for file /input/event2 (pid: 5724 comm: kworker/1:14) [ 139.957700][ T6244] loop3: detected capacity change from 0 to 64 [ 140.241773][ T6252] loop1: detected capacity change from 0 to 1024 [ 140.300556][ T6252] hfsplus: failed to load root directory [ 140.763699][ T6270] loop1: detected capacity change from 0 to 256 [ 140.862608][ T6270] FAT-fs (loop1): Directory bread(block 64) failed [ 140.871467][ T6270] FAT-fs (loop1): Directory bread(block 65) failed [ 140.895199][ T6270] FAT-fs (loop1): Directory bread(block 66) failed [ 140.911769][ T6270] FAT-fs (loop1): Directory bread(block 67) failed [ 140.911787][ T6272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.831'. [ 140.930205][ T6270] FAT-fs (loop1): Directory bread(block 68) failed [ 140.942514][ T6270] FAT-fs (loop1): Directory bread(block 69) failed [ 140.952669][ T6270] FAT-fs (loop1): Directory bread(block 70) failed [ 140.980747][ T6270] FAT-fs (loop1): Directory bread(block 71) failed [ 140.987501][ T6270] FAT-fs (loop1): Directory bread(block 72) failed [ 141.018264][ T6270] FAT-fs (loop1): Directory bread(block 73) failed [ 141.216089][ T6256] loop3: detected capacity change from 0 to 32768 [ 141.243057][ T6256] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.823 (6256) [ 141.310770][ T6256] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 141.351172][ T6256] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 141.385066][ T6256] BTRFS info (device loop3): using free space tree [ 141.677513][ T6256] BTRFS info (device loop3): enabling ssd optimizations [ 141.881749][ T4251] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 142.110588][ T6320] loop1: detected capacity change from 0 to 64 [ 142.474579][ T6328] loop0: detected capacity change from 0 to 512 [ 142.539543][ T6328] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.852: attempt to clear invalid blocks 1 len 1 [ 142.611514][ T6328] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.852: bg 0: block 343: padding at end of block bitmap is not set [ 142.633896][ T6328] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 142.653634][ T6328] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.852: invalid indirect mapped block 1819239214 (level 0) [ 142.681767][ T6328] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.852: invalid indirect mapped block 1819239214 (level 1) [ 142.706966][ T6328] EXT4-fs (loop0): 1 truncate cleaned up [ 142.712685][ T6328] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 142.855827][ T4250] EXT4-fs (loop0): unmounting filesystem. [ 143.120663][ T6348] loop0: detected capacity change from 0 to 512 [ 143.241779][ T6348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 143.264019][ T6355] loop2: detected capacity change from 0 to 4096 [ 143.293984][ T6355] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 143.350090][ T6348] ext4 filesystem being mounted at /190/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.598372][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 143.612636][ T4250] EXT4-fs (loop0): unmounting filesystem. [ 145.119179][ T6415] netlink: 32 bytes leftover after parsing attributes in process `syz.3.890'. [ 145.714334][ T6443] mmap: syz.2.904 (6443): VmData 37457920 exceed data ulimit 33554432. Update limits or use boot option ignore_rlimit_data. [ 145.901536][ T6448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.905'. [ 146.368863][ T6466] netlink: 32 bytes leftover after parsing attributes in process `syz.1.916'. [ 146.406381][ T6466] netlink: 32 bytes leftover after parsing attributes in process `syz.1.916'. [ 146.489411][ T6470] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 146.597354][ T6476] loop4: detected capacity change from 0 to 512 [ 146.633531][ T6476] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 146.683591][ T6476] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 146.720202][ T6476] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 146.778787][ T6476] System zones: 0-1, 15-15, 18-18, 34-34 [ 146.844612][ T6476] EXT4-fs (loop4): orphan cleanup on readonly fs [ 146.890430][ T6476] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 146.930873][ T6476] EXT4-fs warning (device loop4): ext4_enable_quotas:7037: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 146.999944][ T6488] loop2: detected capacity change from 0 to 4096 [ 147.014960][ T6476] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 147.048421][ T6476] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.920: bg 0: block 40: padding at end of block bitmap is not set [ 147.160231][ T6476] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 147.173742][ T6488] ntfs3: loop2: try to read out of volume at offset 0x3fffffc7000 [ 147.194671][ T6476] EXT4-fs (loop4): 1 truncate cleaned up [ 147.215181][ T6476] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 147.297776][ T6476] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.920: bad symlink. [ 147.462388][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 148.046111][ T6522] netlink: 16 bytes leftover after parsing attributes in process `syz.0.941'. [ 148.126582][ T6524] loop3: detected capacity change from 0 to 1024 [ 148.133702][ T6526] netlink: 4 bytes leftover after parsing attributes in process `syz.4.943'. [ 148.220095][ T6524] hfsplus: bad catalog entry type [ 148.223871][ T6528] loop2: detected capacity change from 0 to 256 [ 148.286698][ T6528] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 148.386229][ T33] hfsplus: b-tree write err: -5, ino 4 [ 148.472186][ T6532] netlink: 'syz.4.946': attribute type 1 has an invalid length. [ 148.558310][ T6502] loop1: detected capacity change from 0 to 32768 [ 148.601828][ T6502] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.931 (6502) [ 148.640556][ T6536] loop2: detected capacity change from 0 to 8 [ 148.685758][ T6536] SQUASHFS error: lzo decompression failed, data probably corrupt [ 148.706111][ T6502] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 148.724245][ T6536] SQUASHFS error: Failed to read block 0x91: -5 [ 148.750456][ T6536] SQUASHFS error: Unable to read metadata cache entry [8f] [ 148.755866][ T6502] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 148.777496][ T6536] SQUASHFS error: Unable to read inode 0x11f [ 148.814773][ T6502] BTRFS info (device loop1): using free space tree [ 149.052909][ T6562] netlink: 28 bytes leftover after parsing attributes in process `syz.4.953'. [ 149.056302][ T6502] BTRFS info (device loop1): enabling ssd optimizations [ 149.273984][ T6571] netlink: 'syz.4.956': attribute type 10 has an invalid length. [ 149.294408][ T4256] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 149.341348][ T6571] device veth0_macvtap left promiscuous mode [ 149.481428][ T6571] batman_adv: batadv0: Adding interface: macvtap0 [ 149.495005][ T6571] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.571899][ T6571] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 150.188937][ T6604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.968'. [ 150.219179][ T6604] device bridge_slave_1 left promiscuous mode [ 150.241592][ T6604] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.266179][ T6607] loop0: detected capacity change from 0 to 8 [ 150.281849][ T6604] device bridge_slave_0 left promiscuous mode [ 150.292963][ T6604] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.351929][ T6607] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 150.428426][ T6607] cramfs: Error -3 while decompressing! [ 150.445416][ T6607] cramfs: ffffffff9754c568(26)->ffff88804c5e4000(4096) [ 150.452370][ T6607] cramfs: bad data blocksize 3288329103 [ 150.465079][ T6607] cramfs: Error -3 while decompressing! [ 150.473658][ T6607] cramfs: ffffffff9754c568(26)->ffff88804c5e4000(4096) [ 150.504544][ T27] audit: type=1800 audit(2000000064.787:24): pid=6607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.970" name="file2" dev="loop0" ino=348 res=0 errno=0 [ 150.863688][ T6591] loop1: detected capacity change from 0 to 32768 [ 150.906740][ T6591] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.958 (6591) [ 150.984634][ T6591] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 151.054801][ T6591] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 151.095940][ T6591] BTRFS info (device loop1): force zlib compression, level 3 [ 151.124755][ T6591] BTRFS info (device loop1): force clearing of disk cache [ 151.155258][ T6591] BTRFS info (device loop1): setting nodatasum [ 151.171774][ T6591] BTRFS info (device loop1): allowing degraded mounts [ 151.195003][ T6591] BTRFS info (device loop1): enabling disk space caching [ 151.225063][ T6591] BTRFS info (device loop1): disk space caching is enabled [ 151.434163][ T6646] capability: warning: `syz.2.985' uses deprecated v2 capabilities in a way that may be insecure [ 151.654165][ T6591] BTRFS info (device loop1): rebuilding free space tree [ 151.695776][ T6591] BTRFS info (device loop1): disabling free space tree [ 151.702910][ T6591] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 151.705664][ T6663] SET target dimension over the limit! [ 151.726251][ T6591] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 151.933992][ T4256] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 151.995199][ T6587] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 152.205507][ T6587] usb 3-1: Using ep0 maxpacket: 16 [ 152.212697][ T6587] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 152.234317][ T6587] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 152.254687][ T6587] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 152.294188][ T6587] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 152.313606][ T6587] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.330847][ T6587] usb 3-1: Product: syz [ 152.339913][ T6587] usb 3-1: Manufacturer: syz [ 152.350183][ T6587] usb 3-1: SerialNumber: syz [ 152.593657][ T6587] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 152.692606][ T6587] usb 3-1: USB disconnect, device number 4 [ 153.007149][ T4958] udevd[4958]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 153.081709][ T6703] loop1: detected capacity change from 0 to 1024 [ 153.206038][ T6703] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 153.436711][ T4256] EXT4-fs (loop1): unmounting filesystem. [ 153.599058][ T6724] loop4: detected capacity change from 0 to 256 [ 153.678718][ T6724] FAT-fs (loop4): Directory bread(block 64) failed [ 153.715065][ T6724] FAT-fs (loop4): Directory bread(block 65) failed [ 153.721794][ T6724] FAT-fs (loop4): Directory bread(block 66) failed [ 153.762384][ T6724] FAT-fs (loop4): Directory bread(block 67) failed [ 153.775235][ T6724] FAT-fs (loop4): Directory bread(block 68) failed [ 153.781935][ T6724] FAT-fs (loop4): Directory bread(block 69) failed [ 153.809019][ T6724] FAT-fs (loop4): Directory bread(block 70) failed [ 153.839033][ T6724] FAT-fs (loop4): Directory bread(block 71) failed [ 153.875105][ T6724] FAT-fs (loop4): Directory bread(block 72) failed [ 153.912961][ T6724] FAT-fs (loop4): Directory bread(block 73) failed [ 154.205831][ T6736] loop1: detected capacity change from 0 to 4096 [ 154.249703][ T6736] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512) [ 154.329600][ T6742] loop4: detected capacity change from 0 to 1024 [ 154.336516][ T6736] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 154.524696][ T46] hfsplus: b-tree write err: -5, ino 4 [ 154.627654][ T46] ntfs3: loop1: ntfs3_write_inode r=5 failed, -22. [ 154.656661][ T4256] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 154.681858][ T6750] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1029'. [ 154.717297][ T6750] device bridge_slave_1 left promiscuous mode [ 154.733042][ T6750] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.811773][ T6750] device bridge_slave_0 left promiscuous mode [ 154.819556][ T6728] loop0: detected capacity change from 0 to 32768 [ 154.835260][ T6750] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.326809][ T6766] loop3: detected capacity change from 0 to 1764 [ 155.456220][ T6766] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 155.742391][ T6784] netlink: 'syz.3.1047': attribute type 10 has an invalid length. [ 155.805583][ T6784] device veth0_macvtap left promiscuous mode [ 155.861018][ T6784] batman_adv: batadv0: Adding interface: macvtap0 [ 155.892088][ T6784] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.955553][ T6784] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 156.758012][ T6823] IPVS: length: 39 != 24 [ 156.809185][ T27] audit: type=1326 audit(2000000071.097:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6827 comm="syz.0.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 156.886637][ T27] audit: type=1326 audit(2000000071.097:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6827 comm="syz.0.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 156.908854][ C0] vkms_vblank_simulate: vblank timer overrun [ 157.022701][ T6832] loop1: detected capacity change from 0 to 1024 [ 157.025798][ T27] audit: type=1326 audit(2000000071.097:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6827 comm="syz.0.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 157.131881][ T6840] netlink: 'syz.2.1075': attribute type 4 has an invalid length. [ 157.193334][ T27] audit: type=1326 audit(2000000071.097:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6827 comm="syz.0.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fa98e169 code=0x7ffc0000 [ 157.194815][ T6834] loop4: detected capacity change from 0 to 4096 [ 157.233785][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1076'. [ 157.245437][ T6842] device bridge_slave_1 left promiscuous mode [ 157.251781][ T6842] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.274356][ T6842] device bridge_slave_0 left promiscuous mode [ 157.322286][ T6842] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.345555][ T6845] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 157.513505][ T6849] loop1: detected capacity change from 0 to 64 [ 157.522080][ T6834] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 157.562005][ T6834] Remounting filesystem read-only [ 157.838606][ T6859] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1082'. [ 157.866086][ T6859] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1082'. [ 158.063889][ T6867] syz.3.1088 uses obsolete (PF_INET,SOCK_PACKET) [ 158.148279][ T6871] xt_TCPMSS: Only works on TCP SYN packets [ 158.241979][ T6873] loop2: detected capacity change from 0 to 256 [ 158.310990][ T6873] MINIX-fs: mounting file system with errors, running fsck is recommended [ 158.432652][ T6873] Trying to free block not in datazone [ 158.463607][ T6873] Trying to free block not in datazone [ 158.478020][ T6873] Trying to free block not in datazone [ 158.517543][ T6873] Trying to free block not in datazone [ 158.530950][ T6873] Trying to free block not in datazone [ 158.538824][ T6873] Trying to free block not in datazone [ 158.544517][ T6873] Trying to free block not in datazone [ 158.624079][ T6883] loop1: detected capacity change from 0 to 4096 [ 158.714428][ T6883] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 158.754447][ T6883] ntfs3: loop1: Failed to load $Extend. [ 158.770224][ T6887] loop4: detected capacity change from 0 to 4096 [ 158.777492][ T6890] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1100'. [ 159.095051][ T6895] loop3: detected capacity change from 0 to 512 [ 159.214803][ T6895] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 159.250652][ T6895] ext4 filesystem being mounted at /231/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.274563][ T6902] loop4: detected capacity change from 0 to 4096 [ 159.380236][ T6881] loop0: detected capacity change from 0 to 32768 [ 159.505828][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 159.559092][ T6881] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 159.688103][ T6913] loop2: detected capacity change from 0 to 256 [ 159.701888][ T6913] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 159.786175][ T6916] loop3: detected capacity change from 0 to 64 [ 159.794153][ T4250] ocfs2: Unmounting device (7,0) on (node local) [ 159.829963][ T6918] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 159.859486][ T6918] device batadv_slave_0 entered promiscuous mode [ 160.104025][ T6920] gfs2: not a GFS2 filesystem [ 160.316471][ T6922] loop2: detected capacity change from 0 to 4096 [ 160.669790][ T6938] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1121'. [ 160.833844][ T6944] mmap: syz.2.1122 (6944) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 161.717956][ T6974] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1139'. [ 162.070047][ T6990] ipt_CLUSTERIP: bad num_local_nodes 32 [ 162.083233][ T6991] IPv6: Can't replace route, no match found [ 162.151933][ T6993] loop1: detected capacity change from 0 to 64 [ 162.351644][ T7001] loop0: detected capacity change from 0 to 1024 [ 162.904151][ T7020] loop3: detected capacity change from 0 to 256 [ 162.973879][ T7024] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1163'. [ 163.642044][ T7051] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 163.988738][ T7055] loop0: detected capacity change from 0 to 8192 [ 164.021425][ T7055] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 164.036215][ T7066] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 164.288603][ T7072] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1186'. [ 164.325147][ T7072] netlink: 332 bytes leftover after parsing attributes in process `syz.4.1186'. [ 164.399771][ T7074] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1187'. [ 165.003861][ T7064] loop1: detected capacity change from 0 to 40427 [ 165.032922][ T7064] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 165.061248][ T7064] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 165.115562][ T7064] F2FS-fs (loop1): invalid crc value [ 165.153785][ T7064] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 9809626597) [ 165.348605][ T7064] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 165.370678][ T7064] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 165.408379][ T7064] fscrypt (loop1, inode 3): Error -61 getting encryption context [ 165.441958][ T7110] No such timeout policy "syz1" [ 166.039810][ T7126] loop3: detected capacity change from 0 to 1024 [ 166.095150][ T7126] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 166.352185][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 166.879984][ T7153] netlink: 'syz.1.1223': attribute type 13 has an invalid length. [ 167.388034][ T7165] loop2: detected capacity change from 0 to 512 [ 167.481966][ T7149] loop0: detected capacity change from 0 to 32768 [ 167.499561][ T7165] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 167.535211][ T7165] ext4 filesystem being mounted at /260/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 167.562127][ T7149] ERROR: (device loop0): dtSearch: stack overrun! [ 167.562127][ T7149] [ 167.582750][ T7149] ERROR: (device loop0): remounting filesystem as read-only [ 167.595754][ T7149] btstack dump: [ 167.599271][ T7149] bn = 0, index = 4 [ 167.603241][ T7149] bn = 0, index = 4 [ 167.607478][ T7149] bn = 0, index = 4 [ 167.611399][ T7149] bn = 0, index = 4 [ 167.615673][ T7149] bn = 0, index = 4 [ 167.619616][ T7149] bn = 0, index = 4 [ 167.623450][ T7149] bn = 0, index = 4 [ 167.644994][ T7149] bn = 0, index = 0 [ 167.659159][ T7149] jfs_lookup: dtSearch returned -5 [ 167.751680][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 168.305215][ T7192] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 168.455180][ T7197] loop2: detected capacity change from 0 to 2048 [ 168.520376][ T7200] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 168.553307][ T7197] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 168.640618][ T7197] Remounting filesystem read-only [ 168.897143][ T7217] loop2: detected capacity change from 0 to 64 [ 169.068753][ T7218] loop0: detected capacity change from 0 to 4096 [ 169.110717][ T7218] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 169.228068][ T7218] ntfs3: loop0: no free space to extend mft [ 169.585212][ T7238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1262'. [ 169.762931][ T7244] loop3: detected capacity change from 0 to 512 [ 169.844605][ T7244] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 169.874463][ T7244] ext4 filesystem being mounted at /263/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 170.102393][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 170.736641][ T7278] loop3: detected capacity change from 0 to 64 [ 170.794644][ T7278] MINIX-fs: mounting file system with errors, running fsck is recommended [ 171.534067][ T7310] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 171.610728][ T7312] loop1: detected capacity change from 0 to 1024 [ 171.755330][ T7314] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1298'. [ 171.764342][ T7314] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1298'. [ 171.783942][ T7314] netlink: 'syz.0.1298': attribute type 6 has an invalid length. [ 172.069614][ T7300] loop2: detected capacity change from 0 to 32768 [ 172.123717][ T7326] loop0: detected capacity change from 0 to 128 [ 172.134583][ T7300] ERROR: (device loop2): diAllocBit: iag inconsistent [ 172.134583][ T7300] [ 172.208046][ T7300] ERROR: (device loop2): remounting filesystem as read-only [ 172.223212][ T7328] loop3: detected capacity change from 0 to 256 [ 172.236054][ T7300] ialloc: diAlloc returned -5! [ 172.258994][ T7328] exfat: Deprecated parameter 'namecase' [ 172.340970][ T7328] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 172.733514][ T7341] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1312'. [ 172.771037][ T7341] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1312'. [ 172.849709][ T7347] loop1: detected capacity change from 0 to 64 [ 172.900303][ T7347] MINIX-fs: mounting file system with errors, running fsck is recommended [ 173.014287][ T7351] loop2: detected capacity change from 0 to 2048 [ 173.107333][ T7351] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.196106][ T7351] Invalid option length (0) for dns_resolver key [ 173.265651][ T7357] loop3: detected capacity change from 0 to 1024 [ 173.283371][ T7359] netlink: 'syz.0.1319': attribute type 4 has an invalid length. [ 173.456450][ T11] hfsplus: b-tree write err: -5, ino 4 [ 173.814161][ T7376] netlink: 'syz.1.1329': attribute type 1 has an invalid length. [ 173.974644][ T7381] xt_CONNSECMARK: invalid mode: 0 [ 174.165406][ T7389] ipt_CLUSTERIP: Please specify destination IP [ 174.396619][ T7397] loop4: detected capacity change from 0 to 256 [ 174.425794][ T7397] exfat: Deprecated parameter 'namecase' [ 174.431525][ T7397] exfat: Deprecated parameter 'utf8' [ 174.482489][ T7397] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6d3f72e, utbl_chksum : 0xe619d30d) [ 174.521954][ T7403] netlink: 'syz.0.1341': attribute type 13 has an invalid length. [ 174.542064][ T7403] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1341'. [ 174.581289][ T7403] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (6) [ 174.582358][ T7397] afs: Unexpected value for 'dyn' [ 174.715055][ T6588] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 174.925071][ T6588] usb 4-1: Using ep0 maxpacket: 16 [ 174.932162][ T6588] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024 [ 174.934694][ T7415] loop1: detected capacity change from 0 to 1024 [ 174.984684][ T6588] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 175.002804][ T7415] EXT4-fs: Ignoring removed orlov option [ 175.029380][ T6588] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 175.034945][ T7415] EXT4-fs: Ignoring removed nomblk_io_submit option [ 175.071752][ T6588] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 175.096089][ T6588] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.130614][ T7415] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 175.145054][ T6588] usb 4-1: Product: syz [ 175.149277][ T6588] usb 4-1: Manufacturer: syz [ 175.153992][ T6588] usb 4-1: SerialNumber: syz [ 175.156355][ T7415] System zones: 0-1, 3-36 [ 175.161022][ T6588] usb 4-1: config 0 descriptor?? [ 175.165530][ T7415] [ 175.175240][ T7399] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 175.182533][ T7399] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 175.198394][ C0] port100 4-1:0.0: NFC: Urb failure (status -71) [ 175.203205][ T7415] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 175.205494][ C0] port100 4-1:0.0: NFC: Urb failure (status -71) [ 175.227874][ T6588] port100 4-1:0.0: NFC: Could not get supported command types [ 175.304062][ T7425] loop0: detected capacity change from 0 to 4096 [ 175.326947][ T7425] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 175.349104][ T7425] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 175.404749][ T7425] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 175.450539][ T7425] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 175.484230][ T7425] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 175.506521][ T14] usb 4-1: USB disconnect, device number 4 [ 175.520610][ T7425] ntfs: volume version 3.1. [ 175.529632][ T4256] EXT4-fs (loop1): unmounting filesystem. [ 175.530560][ T7425] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 175.577289][ T7425] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 175.665741][ T7425] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 175.691114][ T7425] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 175.720957][ T7425] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 176.078414][ T7447] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1363'. [ 176.373345][ T7459] loop1: detected capacity change from 0 to 128 [ 176.390730][ T7459] FAT-fs (loop1): Directory bread(block 3236) failed [ 176.419251][ T7459] FAT-fs (loop1): Directory bread(block 3237) failed [ 176.448734][ T7459] FAT-fs (loop1): Directory bread(block 3238) failed [ 176.456567][ T7459] FAT-fs (loop1): Directory bread(block 3239) failed [ 176.463452][ T7459] FAT-fs (loop1): Directory bread(block 3240) failed [ 176.470683][ T7459] FAT-fs (loop1): Directory bread(block 3241) failed [ 176.477861][ T7459] FAT-fs (loop1): Directory bread(block 3242) failed [ 176.484688][ T7459] FAT-fs (loop1): Directory bread(block 3243) failed [ 176.525493][ T7459] FAT-fs (loop1): Directory bread(block 3236) failed [ 176.532733][ T7459] FAT-fs (loop1): Directory bread(block 3237) failed [ 176.601290][ T7467] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 177.175629][ T7490] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1384'. [ 177.349951][ T7498] x_tables: unsorted underflow at hook 2 [ 177.398283][ T7500] loop2: detected capacity change from 0 to 64 [ 177.474225][ T7500] overlayfs: filesystem on './file0' not supported [ 177.716941][ T7510] loop2: detected capacity change from 0 to 512 [ 177.759474][ T7510] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 177.780719][ T7510] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 177.791632][ T7510] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1393: Corrupt directory, running e2fsck is recommended [ 177.831358][ T7510] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 177.851680][ T7510] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2186: inode #15: comm syz.2.1393: corrupted in-inode xattr [ 177.865771][ T7510] EXT4-fs (loop2): Remounting filesystem read-only [ 177.872384][ T7510] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1393: couldn't read orphan inode 15 (err -117) [ 177.918256][ T7510] EXT4-fs (loop2): Remounting filesystem read-only [ 177.925763][ T7510] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 177.955244][ T7510] EXT4-fs error (device loop2): __ext4_remount:6611: comm syz.2.1393: Abort forced by user [ 177.972039][ T7510] EXT4-fs (loop2): Remounting filesystem read-only [ 177.984957][ T7510] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 177.996401][ T7519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1397'. [ 178.098252][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 178.521365][ T7541] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 3, id = 0 [ 178.678436][ T7545] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1408'. [ 178.760842][ T7549] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (2) [ 179.604669][ T7579] loop2: detected capacity change from 0 to 256 [ 179.653916][ T7579] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 179.776212][ T7579] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 179.834066][ T7585] loop1: detected capacity change from 0 to 512 [ 179.910986][ T7585] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 179.935177][ T7585] ext4 filesystem being mounted at /299/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.098686][ T7598] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1431'. [ 180.173107][ T4256] EXT4-fs (loop1): unmounting filesystem. [ 180.579902][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1441'. [ 180.710806][ T7621] overlayfs: conflicting options: nfs_export=on,index=off [ 180.738557][ T6587] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 180.939989][ T6587] usb 4-1: Using ep0 maxpacket: 8 [ 180.950378][ T6587] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 180.973062][ T6587] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 180.999378][ T7629] libceph: resolve '40.' (ret=-3): failed [ 181.004081][ T6587] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 181.024994][ T6587] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 181.064492][ T6587] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 181.084782][ T6587] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 181.121091][ T6587] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.148086][ T6587] usb 4-1: config 0 descriptor?? [ 181.205498][ T4252] Bluetooth: hci5: urb ffff888027597a00 submission failed (90) [ 181.382967][ T5724] usb 4-1: USB disconnect, device number 5 [ 181.815526][ T7642] loop1: detected capacity change from 0 to 32768 [ 181.834834][ T7642] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1454 (7642) [ 181.881647][ T7642] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 181.936246][ T7642] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 181.975077][ T7642] BTRFS info (device loop1): force clearing of disk cache [ 182.004426][ T7642] BTRFS info (device loop1): force zlib compression, level 3 [ 182.045342][ T7642] BTRFS info (device loop1): enabling auto defrag [ 182.051874][ T7642] BTRFS info (device loop1): max_inline at 0 [ 182.105124][ T7642] BTRFS info (device loop1): using free space tree [ 182.381294][ T7642] BTRFS info (device loop1): enabling ssd optimizations [ 182.426255][ T7642] BTRFS info (device loop1): rebuilding free space tree [ 182.499692][ T7694] A link change request failed with some changes committed already. Interface ipvlan0 may have been left with an inconsistent configuration, please check. [ 182.736612][ T4256] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 183.219649][ T7716] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1483'. [ 183.662406][ T7731] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1488'. [ 183.937315][ T7741] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 183.983538][ T7740] loop4: detected capacity change from 0 to 512 [ 184.037879][ T7749] loop1: detected capacity change from 0 to 256 [ 184.080174][ T7740] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #13: comm syz.4.1493: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 184.098482][ C1] vkms_vblank_simulate: vblank timer overrun [ 184.209492][ T7740] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1493: couldn't read orphan inode 13 (err -117) [ 184.241658][ T7740] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 184.257365][ T7740] ext4 filesystem being mounted at /231/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.293777][ T7740] __quota_error: 4 callbacks suppressed [ 184.293797][ T7740] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 184.331696][ T7740] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 184.363291][ T7740] EXT4-fs error (device loop4): ext4_acquire_dquot:6802: comm syz.4.1493: Failed to acquire dquot type 1 [ 184.389428][ T7763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1501'. [ 184.492832][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 184.931710][ T7785] loop1: detected capacity change from 0 to 128 [ 185.001484][ T7778] loop3: detected capacity change from 0 to 4096 [ 185.059441][ T7778] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 185.150497][ T7778] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 185.384071][ T7794] loop0: detected capacity change from 0 to 512 [ 185.449495][ T7794] EXT4-fs: Ignoring removed i_version option [ 185.462772][ T7796] loop4: detected capacity change from 0 to 1024 [ 185.487257][ T7794] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 185.558324][ T7794] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 185.664666][ T7794] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 185.776084][ T7794] EXT4-fs (loop0): 1 truncate cleaned up [ 185.781825][ T7794] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 186.028285][ T4250] EXT4-fs (loop0): unmounting filesystem. [ 187.465376][ T7865] sctp: [Deprecated]: syz.1.1544 (pid 7865) Use of int in max_burst socket option. [ 187.465376][ T7865] Use struct sctp_assoc_value instead [ 188.087456][ T7887] loop4: detected capacity change from 0 to 16 [ 188.131505][ T7887] erofs: (device loop4): mounted with root inode @ nid 36. [ 188.252264][ T7887] erofs: (device loop4): init_inode_xattrs: xattr_isize 12 of nid 86 is not supported yet [ 188.617523][ T7905] loop2: detected capacity change from 0 to 512 [ 188.736758][ T7905] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 188.765417][ T7905] ext4 filesystem being mounted at /334/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.873571][ T7905] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz.2.1563: Directory hole found for htree leaf block 0 [ 189.094853][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 189.118529][ T7925] loop0: detected capacity change from 0 to 256 [ 189.179544][ T7925] exfat: Deprecated parameter 'namecase' [ 189.260117][ T7925] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 189.451394][ T7935] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 189.530446][ T7937] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1578'. [ 189.582199][ T7935] CIFS mount error: No usable UNC path provided in device string! [ 189.582199][ T7935] [ 189.623319][ T7935] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 189.828523][ T7947] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1583'. [ 190.182594][ T7955] loop2: detected capacity change from 0 to 4096 [ 190.362394][ T7962] loop0: detected capacity change from 0 to 4096 [ 190.403199][ T7962] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 190.497417][ T7962] ntfs: (device loop0): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 190.527239][ T7962] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 190.558434][ T7962] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 190.602053][ T7962] ntfs: (device loop0): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 190.656836][ T7962] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 190.690197][ T27] audit: type=1326 audit(2000000104.977:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7974 comm="syz.2.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 190.697183][ T7977] loop4: detected capacity change from 0 to 64 [ 190.740472][ T7962] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 190.757500][ T27] audit: type=1326 audit(2000000105.017:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7974 comm="syz.2.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 190.803947][ T7971] loop3: detected capacity change from 0 to 8192 [ 190.842943][ T27] audit: type=1326 audit(2000000105.017:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7974 comm="syz.2.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 190.865787][ T7962] ntfs: volume version 3.1. [ 190.892038][ T7971] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 190.927145][ T7971] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 190.958120][ T7971] REISERFS (device loop3): using ordered data mode [ 191.005645][ T7971] reiserfs: using flush barriers [ 191.015290][ T7971] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 191.058620][ T7971] REISERFS (device loop3): checking transaction log (loop3) [ 191.403731][ T7991] netlink: 'syz.4.1605': attribute type 2 has an invalid length. [ 191.420633][ T7971] REISERFS (device loop3): Using tea hash to sort names [ 191.433283][ T7971] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 191.483605][ T7971] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 191.497702][ T7994] device sit0 entered promiscuous mode [ 191.558217][ T7994] netlink: 'syz.0.1606': attribute type 1 has an invalid length. [ 191.600279][ T7994] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1606'. [ 192.028306][ T8009] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1614'. [ 192.179494][ T8016] (unnamed net_device) (uninitialized): peer notification delay (10) is not a multiple of miimon (100), value rounded to 0 ms [ 192.287103][ T8016] device bond1 entered promiscuous mode [ 192.293561][ T8016] 8021q: adding VLAN 0 to HW filter on device bond1 [ 192.302066][ T8018] netlink: 'syz.2.1618': attribute type 1 has an invalid length. [ 192.336353][ T8024] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.596885][ T8032] loop0: detected capacity change from 0 to 512 [ 192.654320][ T8032] EXT4-fs (loop0): orphan cleanup on readonly fs [ 192.670410][ T8036] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 192.683211][ T8032] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 192.755556][ T8032] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 192.824095][ T8032] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.1624: attempt to clear invalid blocks 2 len 1 [ 192.884984][ T8032] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1624: invalid indirect mapped block 1819239214 (level 0) [ 192.932967][ T8032] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1624: invalid indirect mapped block 1819239214 (level 1) [ 193.012102][ T8032] EXT4-fs (loop0): 1 truncate cleaned up [ 193.020932][ T8032] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 193.105812][ T8032] EXT4-fs error (device loop0): ext4_lookup:1855: inode #2: comm syz.0.1624: 'file1' linked to parent dir [ 193.309070][ T4250] EXT4-fs (loop0): unmounting filesystem. [ 193.626779][ T8068] loop2: detected capacity change from 0 to 256 [ 193.664547][ T8068] exfat: Deprecated parameter 'namecase' [ 193.721234][ T8068] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 193.894581][ T8070] loop1: detected capacity change from 0 to 4096 [ 193.974806][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00 [ 194.015051][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00 [ 194.041322][ T1042] block nbd4: Attempted send on invalid socket [ 194.048523][ T1042] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 194.055305][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00 [ 194.066532][ T8081] EXT4-fs (nbd4): unable to read superblock [ 194.087595][ T8082] loop0: detected capacity change from 0 to 512 [ 194.107332][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00 [ 194.115387][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc1c00 [ 194.123354][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc2c00 [ 194.131432][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc4c00 [ 194.139464][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffc8c00 [ 194.147907][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffd0c00 [ 194.163497][ T8070] ntfs3: loop1: try to read out of volume at offset 0x3fffffe0c00 [ 194.178263][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.184598][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.234784][ T8082] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 194.280574][ T8082] ext4 filesystem being mounted at /349/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 194.507889][ T4250] EXT4-fs (loop0): unmounting filesystem. [ 194.864121][ T8105] kcapi: manufacturer command 18446744073709551608 unknown. [ 195.387272][ T8122] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1664'. [ 195.401721][ T8124] loop3: detected capacity change from 0 to 8 [ 195.652875][ T8096] loop1: detected capacity change from 0 to 40427 [ 195.677669][ T8096] F2FS-fs (loop1): invalid crc value [ 195.700552][ T8096] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 195.723065][ T8096] F2FS-fs (loop1): Found nat_bits in checkpoint [ 195.833536][ T8096] F2FS-fs (loop1): recover fsync data on readonly fs [ 195.855496][ T8096] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0 [ 195.872512][ T8096] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 195.893394][ T8096] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 196.395999][ T8129] loop2: detected capacity change from 0 to 32768 [ 196.430275][ T8129] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1666 (8129) [ 196.474368][ T8151] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1674'. [ 196.491718][ T8129] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 196.547747][ T8129] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 196.575054][ T8129] BTRFS info (device loop2): force clearing of disk cache [ 196.582260][ T8129] BTRFS info (device loop2): force zlib compression, level 3 [ 196.659221][ T8129] BTRFS info (device loop2): enabling auto defrag [ 196.715369][ T8129] BTRFS info (device loop2): max_inline at 0 [ 196.721850][ T8129] BTRFS info (device loop2): using free space tree [ 196.840284][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1679'. [ 196.848806][ T8165] loop0: detected capacity change from 0 to 1024 [ 196.879521][ T8163] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1679'. [ 196.925045][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1679'. [ 196.971247][ T8163] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1679'. [ 196.980816][ T8163] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1679'. [ 197.133402][ T8129] BTRFS info (device loop2): enabling ssd optimizations [ 197.146135][ T8129] BTRFS info (device loop2): rebuilding free space tree [ 197.352407][ T4249] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 197.759301][ T8201] [U] [ 197.775899][ T8204] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1692'. [ 198.061747][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 198.121527][ T8212] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1695'. [ 199.410708][ T8253] loop3: detected capacity change from 0 to 512 [ 199.440468][ T8229] loop0: detected capacity change from 0 to 32768 [ 199.469054][ T8253] EXT4-fs: Ignoring removed i_version option [ 199.495032][ T8253] EXT4-fs (loop3): Test dummy encryption mode enabled [ 199.501859][ T8253] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 199.582165][ T8253] EXT4-fs (loop3): 1 truncate cleaned up [ 199.597519][ T8253] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 199.715225][ T5728] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 199.832167][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 199.901028][ T8236] loop1: detected capacity change from 0 to 40427 [ 199.916956][ T5728] usb 3-1: Using ep0 maxpacket: 8 [ 199.938596][ T5728] usb 3-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 199.957837][ T8236] F2FS-fs (loop1): Corrupted extension count (64 + 1 > 64) [ 199.986005][ T5728] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 199.994574][ T5728] usb 3-1: Product: syz [ 199.994989][ T8236] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 200.032665][ T5728] usb 3-1: Manufacturer: syz [ 200.038213][ T5728] usb 3-1: SerialNumber: syz [ 200.078001][ T8236] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288) [ 200.081552][ T5728] usb 3-1: config 0 descriptor?? [ 200.201926][ T8236] F2FS-fs (loop1): Found nat_bits in checkpoint [ 200.403103][ T8236] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 200.425873][ T8236] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 200.687245][ T5728] usb 3-1: USB disconnect, device number 5 [ 201.127889][ T4241] udevd[4241]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 201.300773][ T8306] __nla_validate_parse: 4 callbacks suppressed [ 201.300794][ T8306] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1740'. [ 201.789446][ T8326] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 201.796774][ T8326] IPv6: NLM_F_CREATE should be set when creating new route [ 201.804061][ T8326] IPv6: NLM_F_CREATE should be set when creating new route [ 201.823973][ T8324] loop4: detected capacity change from 0 to 512 [ 201.883896][ T8324] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1747: invalid indirect mapped block 256 (level 2) [ 201.928599][ T8324] EXT4-fs (loop4): Remounting filesystem read-only [ 201.941148][ T8324] EXT4-fs (loop4): 2 truncates cleaned up [ 201.947494][ T8324] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 201.966315][ T8324] EXT4-fs error (device loop4): empty_inline_dir:1877: inode #12: block 7: comm syz.4.1747: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0 [ 201.995787][ T8324] EXT4-fs (loop4): Remounting filesystem read-only [ 202.044648][ T8324] EXT4-fs warning (device loop4): empty_inline_dir:1884: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60 [ 202.178717][ T8337] loop2: detected capacity change from 0 to 2048 [ 202.185449][ T8258] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 202.224004][ T8258] EXT4-fs (loop4): Remounting filesystem read-only [ 202.260731][ T8337] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 202.272931][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 202.345211][ T4303] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 202.397343][ T8342] overlayfs: missing 'lowerdir' [ 202.535025][ T4303] usb 1-1: Using ep0 maxpacket: 16 [ 202.551478][ T4303] usb 1-1: unable to get BOS descriptor or descriptor too short [ 202.571493][ T4303] usb 1-1: no configurations [ 202.601852][ T4303] usb 1-1: can't read configurations, error -22 [ 202.856342][ T8357] loop3: detected capacity change from 0 to 512 [ 202.893854][ T8359] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 202.958139][ T8357] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 202.992201][ T8357] ext4 filesystem being mounted at /375/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 203.136920][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 203.329831][ T8376] loop0: detected capacity change from 0 to 64 [ 203.415753][ T8376] hfs: request for non-existent node 16777216 in B*Tree [ 203.423357][ T8376] hfs: request for non-existent node 16777216 in B*Tree [ 203.780409][ T8392] loop1: detected capacity change from 0 to 1024 [ 204.178477][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 204.178494][ T27] audit: type=1326 audit(2000000118.467:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.4.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 204.300174][ T27] audit: type=1326 audit(2000000118.467:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.4.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 204.456101][ T27] audit: type=1326 audit(2000000118.507:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.4.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 204.555561][ T27] audit: type=1326 audit(2000000118.827:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.4.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 204.629396][ T27] audit: type=1326 audit(2000000118.827:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.4.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 204.729884][ T8417] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1792'. [ 204.764422][ T8388] loop2: detected capacity change from 0 to 32768 [ 204.783456][ T8418] netlink: 'syz.3.1793': attribute type 2 has an invalid length. [ 204.845163][ T8388] JBD2: Ignoring recovery information on journal [ 204.941514][ T8388] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 204.997924][ T8388] (syz.2.1778,8388,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #17: directory entry too close to end - offset=32, inode=16945, rec_len=280, name_len=10 [ 205.065144][ T8388] (syz.2.1778,8388,1):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 205.076827][ T8388] (syz.2.1778,8388,1):ocfs2_mknod:298 ERROR: status = -2 [ 205.105010][ T8388] (syz.2.1778,8388,1):ocfs2_mknod:502 ERROR: status = -2 [ 205.132636][ T8388] (syz.2.1778,8388,1):ocfs2_create:676 ERROR: status = -2 [ 205.332927][ T4249] ocfs2: Unmounting device (7,2) on (node local) [ 205.400439][ T8430] loop4: detected capacity change from 0 to 4096 [ 205.451942][ T8430] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 205.928856][ T8447] loop3: detected capacity change from 0 to 512 [ 205.951177][ T8450] loop1: detected capacity change from 0 to 256 [ 205.988494][ T8447] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 206.063883][ T8447] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 206.151555][ T8447] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.1808: attempt to clear invalid blocks 2 len 1 [ 206.236580][ T8447] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 206.273394][ T8447] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1808: invalid indirect mapped block 1819239214 (level 0) [ 206.338895][ T8447] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1808: invalid indirect mapped block 1819239214 (level 1) [ 206.425314][ T8447] EXT4-fs (loop3): 1 truncate cleaned up [ 206.431072][ T8447] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 206.536921][ T8447] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 206.550640][ T8466] loop1: detected capacity change from 0 to 4096 [ 206.572000][ T8447] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 206.704322][ T4251] EXT4-fs (loop3): unmounting filesystem. [ 206.750681][ T8474] loop0: detected capacity change from 0 to 1024 [ 206.995479][ T11] hfsplus: b-tree write err: -5, ino 4 [ 207.164512][ T8490] netlink: 'syz.0.1825': attribute type 2 has an invalid length. [ 207.259954][ T8486] loop2: detected capacity change from 0 to 4096 [ 207.277399][ T8486] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 207.359165][ T8497] loop0: detected capacity change from 0 to 8 [ 207.368131][ T8486] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 207.405205][ T4322] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 207.426063][ T8497] SQUASHFS error: Failed to read block 0x1ec: -5 [ 207.443287][ T8497] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 207.495124][ T4303] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 207.605448][ T4322] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 207.621233][ T4322] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 207.651078][ T4322] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.685130][ T4303] usb 2-1: Using ep0 maxpacket: 16 [ 207.687238][ T4322] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 207.695218][ T4303] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 207.730673][ T4303] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.731059][ T8504] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 207.775718][ T4303] usb 2-1: Product: syz [ 207.779947][ T4303] usb 2-1: Manufacturer: syz [ 207.784570][ T4303] usb 2-1: SerialNumber: syz [ 207.811825][ T4303] r8152-cfgselector 2-1: config 0 descriptor?? [ 207.946206][ T8508] loop0: detected capacity change from 0 to 4096 [ 208.249196][ T4303] r8152-cfgselector 2-1: Unknown version 0x0000 [ 208.259404][ T4303] r8152-cfgselector 2-1: bad CDC descriptors [ 208.323551][ T4303] r8152-cfgselector 2-1: Unknown version 0x0000 [ 208.355375][ T4303] r8152-cfgselector 2-1: USB disconnect, device number 3 [ 208.523373][ T8524] netlink: del zone limit has 4 unknown bytes [ 208.704064][ T8531] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1846'. [ 208.734328][ T8531] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1846'. [ 208.805672][ T4322] stv0680 4-1:4.0: STV(e): camera ping failed!! [ 208.992644][ T8540] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1851'. [ 209.007899][ T4322] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 209.028412][ T4322] stv0680 4-1:4.0: last error: 0, command = 0x0 [ 209.056650][ T4322] usb 4-1: USB disconnect, device number 6 [ 209.242166][ T8546] netlink: 'syz.1.1854': attribute type 1 has an invalid length. [ 209.264340][ T8546] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1854'. [ 209.436007][ T8554] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1858'. [ 209.676482][ T125] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 209.737758][ T8566] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1863'. [ 209.881030][ T125] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 209.905036][ T125] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 209.935938][ T125] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 209.966750][ T125] usb 3-1: config 220 has no interface number 2 [ 209.992706][ T125] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 210.043849][ T125] usb 3-1: config 220 interface 0 has no altsetting 0 [ 210.070139][ T125] usb 3-1: config 220 interface 76 has no altsetting 0 [ 210.091027][ T125] usb 3-1: config 220 interface 1 has no altsetting 0 [ 210.137645][ T125] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 210.177348][ T125] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.197674][ T125] usb 3-1: Product: syz [ 210.201903][ T125] usb 3-1: Manufacturer: syz [ 210.224943][ T125] usb 3-1: SerialNumber: syz [ 210.304775][ T8582] loop4: detected capacity change from 0 to 4096 [ 210.457358][ T125] usb 3-1: selecting invalid altsetting 0 [ 210.491381][ T125] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 210.518633][ T125] usb 3-1: No valid video chain found. [ 210.582142][ T125] usb 3-1: selecting invalid altsetting 0 [ 210.602525][ T125] usbtest: probe of 3-1:220.1 failed with error -22 [ 210.635167][ T125] usb 3-1: USB disconnect, device number 6 [ 210.813971][ T8592] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.1877'. [ 210.833383][ T8597] loop1: detected capacity change from 0 to 256 [ 211.239318][ T8608] loop2: detected capacity change from 0 to 512 [ 211.253840][ T8610] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1886'. [ 211.285806][ T8608] EXT4-fs: Ignoring removed nomblk_io_submit option [ 211.296867][ T8608] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 211.346954][ T8608] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002] [ 211.365237][ T8608] System zones: 0-2, 18-18, 34-34 [ 211.385178][ T8608] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 211.424176][ T8614] loop3: detected capacity change from 0 to 8192 [ 211.443259][ T8614] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 211.473969][ T8614] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 211.510903][ T8608] EXT4-fs (loop2): 1 truncate cleaned up [ 211.545130][ T8608] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 211.555367][ T8614] REISERFS (device loop3): using ordered data mode [ 211.561949][ T8614] reiserfs: using flush barriers [ 211.587281][ T8623] binder: BC_ATTEMPT_ACQUIRE not supported [ 211.593502][ T8623] binder: 8620:8623 ioctl c0306201 200000000380 returned -22 [ 211.630608][ T8614] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 211.674481][ T8608] EXT4-fs error (device loop2): ext4_xattr_block_find:1828: inode #15: comm syz.2.1885: corrupted xattr block 19 [ 211.715645][ T8614] REISERFS (device loop3): checking transaction log (loop3) [ 211.769461][ T8608] EXT4-fs (loop2): Remounting filesystem read-only [ 211.857279][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 212.049321][ T8614] REISERFS (device loop3): Using tea hash to sort names [ 212.073691][ T8614] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 212.499811][ T8600] loop0: detected capacity change from 0 to 32768 [ 212.530849][ T8600] gfs2: fsid=([{{{+: Trying to join cluster "lock_nolock", "([{{{+" [ 212.569725][ T8600] gfs2: fsid=([{{{+: Now mounting FS (format 0)... [ 212.625263][ T8600] gfs2: fsid=([{{{+.0: journal 0 mapped with 22 extents in 0ms [ 212.661101][ T5723] gfs2: fsid=([{{{+.0: jid=0, already locked for use [ 212.668099][ T5723] gfs2: fsid=([{{{+.0: jid=0: Looking at journal... [ 212.826742][ T5723] gfs2: fsid=([{{{+.0: jid=0: Journal head lookup took 158ms [ 212.841929][ T5723] gfs2: fsid=([{{{+.0: jid=0: Done [ 212.855975][ T8652] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1906'. [ 212.863137][ T8650] loop2: detected capacity change from 0 to 1024 [ 212.865126][ T8600] gfs2: fsid=([{{{+.0: first mount done, others may mount [ 213.017923][ T4309] hfsplus: b-tree write err: -5, ino 4 [ 213.996795][ T4322] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 214.184988][ T4322] usb 1-1: Using ep0 maxpacket: 32 [ 214.192190][ T4322] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 214.211161][ T4322] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 214.229742][ T8702] loop4: detected capacity change from 0 to 2048 [ 214.248330][ T4322] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 214.275390][ T8702] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 214.285100][ T4322] usb 1-1: config 1 has no interface number 0 [ 214.301492][ T4322] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 214.337320][ T4322] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 214.362038][ T8704] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 214.378274][ T4322] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 214.393670][ T4322] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 214.435064][ T4322] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.460877][ T4322] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 214.675957][ T4322] snd_usb_pod 1-1:1.1: cannot start listening: -90 [ 214.683269][ T4322] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 214.724663][ T4322] snd_usb_pod: probe of 1-1:1.1 failed with error -90 [ 214.905505][ T4322] usb 1-1: USB disconnect, device number 7 [ 215.131966][ T8728] loop2: detected capacity change from 0 to 128 [ 215.215077][ T8728] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 215.244118][ T8735] loop4: detected capacity change from 0 to 256 [ 215.306219][ T8728] ext4 filesystem being mounted at /405/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 215.418332][ T8735] FAT-fs (loop4): Directory bread(block 64) failed [ 215.440867][ T8735] FAT-fs (loop4): Directory bread(block 65) failed [ 215.473281][ T8735] FAT-fs (loop4): Directory bread(block 66) failed [ 215.500146][ T8735] FAT-fs (loop4): Directory bread(block 67) failed [ 215.508562][ T8735] FAT-fs (loop4): Directory bread(block 68) failed [ 215.545094][ T8735] FAT-fs (loop4): Directory bread(block 69) failed [ 215.548808][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 215.551810][ T8735] FAT-fs (loop4): Directory bread(block 70) failed [ 215.585424][ T8735] FAT-fs (loop4): Directory bread(block 71) failed [ 215.603227][ T8735] FAT-fs (loop4): Directory bread(block 72) failed [ 215.616729][ T8735] FAT-fs (loop4): Directory bread(block 73) failed [ 215.791912][ T8747] device vti0 entered promiscuous mode [ 215.843868][ T8751] [U]  [ 215.847252][ T8751] [U] K{ [ 215.885146][ T8751] [U] t 1ŠFfˊ`GJgo/mC [ 215.911465][ T8751] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 215.955044][ T8753] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1953'. [ 215.955990][ T8751] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 216.019481][ T8751] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 216.065440][ T8755] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 216.074629][ T8751] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 216.110864][ T8751] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 216.130373][ T8751] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 216.172893][ T8751] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 216.359532][ T8764] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 216.549305][ T27] audit: type=1326 audit(2000000130.837:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.3.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 216.564496][ T8751] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 216.588963][ T27] audit: type=1326 audit(2000000130.837:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.3.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=139 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 216.636799][ T27] audit: type=1326 audit(2000000130.837:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.3.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 216.650734][ T8751] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 216.754993][ T27] audit: type=1326 audit(2000000130.837:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.3.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ec938e169 code=0x7ffc0000 [ 216.764974][ T8751] [U] 22Ʃx?0;3u [ 216.857223][ T8751] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 216.953938][ T8751] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 216.964824][ T8751] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 216.984978][ T8751] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 217.000181][ T8751] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 217.026320][ T8785] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1969'. [ 217.045008][ T8751] [U] ec [ 217.048207][ T8751] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 217.106277][ T8787] loop3: detected capacity change from 0 to 8 [ 217.125351][ T8751] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 217.150459][ T8789] netlink: 'syz.4.1971': attribute type 2 has an invalid length. [ 217.962500][ T8813] loop4: detected capacity change from 0 to 64 [ 217.987832][ T8816] loop1: detected capacity change from 0 to 512 [ 218.032719][ T8816] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 218.145363][ T8812] loop3: detected capacity change from 0 to 4096 [ 218.192509][ T8812] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 218.349649][ T8822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1987'. [ 220.166457][ T8888] netlink: 'syz.4.2018': attribute type 1 has an invalid length. [ 220.174984][ T8888] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2018'. [ 220.501542][ T8902] vivid-007: disconnect [ 220.519111][ T8897] vivid-007: reconnect [ 220.714138][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 220.731143][ T8912] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2030'. [ 220.751976][ T8912] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2030'. [ 220.752826][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 220.869735][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 220.908662][ T8909] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 220.954781][ T8909] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 221.101710][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 221.165854][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 221.203793][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 221.234508][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 221.269402][ T8909] xfrm0 speed is unknown, defaulting to 1000 [ 221.603169][ T8938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2043'. [ 221.889494][ T8949] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 221.918162][ T8944] loop1: detected capacity change from 0 to 4096 [ 221.926479][ T8949] exFAT-fs (nullb0): invalid boot record signature [ 221.933124][ T8949] exFAT-fs (nullb0): failed to read boot sector [ 221.955060][ T8949] exFAT-fs (nullb0): failed to recognize exfat type [ 221.974259][ T8944] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c118, mo2=0002] [ 221.993109][ T8944] System zones: 0-5 [ 222.010236][ T8944] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 222.145857][ T4256] EXT4-fs (loop1): unmounting filesystem. [ 222.234359][ T8961] loop2: detected capacity change from 0 to 256 [ 222.314492][ T8961] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 222.635105][ T6685] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 222.827094][ T6685] usb 3-1: config 1 has an invalid descriptor of length 212, skipping remainder of the config [ 222.845266][ T6685] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.863960][ T8957] loop3: detected capacity change from 0 to 32768 [ 222.867543][ T6685] usb 3-1: too many endpoints for config 1 interface 1 altsetting 78: 168, using maximum allowed: 30 [ 222.902555][ T6685] usb 3-1: config 1 interface 1 altsetting 78 has 0 endpoint descriptors, different from the interface descriptor's value: 168 [ 222.902873][ T8957] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.2051 (8957) [ 222.924155][ T6685] usb 3-1: config 1 interface 1 has no altsetting 0 [ 222.987044][ T6685] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 222.989070][ T8957] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 223.025008][ T6685] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.034108][ T8957] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 223.053260][ T8957] BTRFS info (device loop3): using free space tree [ 223.065434][ T6685] usb 3-1: Product: syz [ 223.069668][ T6685] usb 3-1: Manufacturer: syz [ 223.080125][ T8984] futex_wake_op: syz.0.2064 tries to shift op by -1; fix this program [ 223.094636][ T6685] usb 3-1: SerialNumber: syz [ 223.123678][ T6685] usb 3-1: selecting invalid altsetting 0 [ 223.166185][ T6685] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 223.268574][ T9001] netlink: 'syz.1.2067': attribute type 1 has an invalid length. [ 223.326616][ T6685] usb 3-1: selecting invalid altsetting 0 [ 223.332504][ T6685] usbtest: probe of 3-1:1.1 failed with error -22 [ 223.340463][ T8957] BTRFS info (device loop3): enabling ssd optimizations [ 223.357280][ T6685] usb 3-1: USB disconnect, device number 7 [ 223.537687][ T9011] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2070'. [ 223.551257][ T9011] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2070'. [ 223.565709][ T4251] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 223.714022][ T9014] loop0: detected capacity change from 0 to 2048 [ 223.759852][ T9014] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 224.048919][ T9019] afs: Bad value for 'source' [ 224.336012][ T9027] loop1: detected capacity change from 0 to 1024 [ 224.518896][ T11] hfsplus: b-tree write err: -5, ino 4 [ 224.645103][ T9031] loop0: detected capacity change from 0 to 8192 [ 224.723691][ T9031] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 224.755099][ T9031] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 224.787002][ T9031] REISERFS (device loop0): using ordered data mode [ 224.793571][ T9031] reiserfs: using flush barriers [ 224.806421][ T9031] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 224.823156][ T9031] REISERFS (device loop0): checking transaction log (loop0) [ 224.950652][ T9049] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2088'. [ 225.039960][ T9031] REISERFS (device loop0): Using tea hash to sort names [ 225.071061][ T9031] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 225.088343][ T9053] siw: device registration error -23 [ 225.160536][ T9054] loop2: detected capacity change from 0 to 1764 [ 226.755756][ T27] audit: type=1326 audit(2000000141.047:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9116 comm="syz.2.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 226.793693][ T9119] loop0: detected capacity change from 0 to 64 [ 226.865080][ T27] audit: type=1326 audit(2000000141.047:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9116 comm="syz.2.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 226.969166][ T27] audit: type=1326 audit(2000000141.127:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9116 comm="syz.2.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 227.077025][ T9125] netlink: 'syz.3.2125': attribute type 2 has an invalid length. [ 227.085769][ T27] audit: type=1326 audit(2000000141.127:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9116 comm="syz.2.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 227.101805][ T9125] netlink: 'syz.3.2125': attribute type 1 has an invalid length. [ 227.174740][ T27] audit: type=1326 audit(2000000141.127:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9116 comm="syz.2.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e018e169 code=0x7ffc0000 [ 227.197002][ C1] vkms_vblank_simulate: vblank timer overrun [ 227.762745][ T9145] loop3: detected capacity change from 0 to 4096 [ 227.852127][ T9156] loop4: detected capacity change from 0 to 128 [ 227.910683][ T9156] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 228.010734][ T27] audit: type=1800 audit(2000000142.297:47): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2139" name="file2" dev="loop4" ino=1048631 res=0 errno=0 [ 228.031536][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.040972][ T9156] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 228.101447][ T9156] FAT-fs (loop4): Filesystem has been set read-only [ 228.856274][ T9192] loop1: detected capacity change from 0 to 1024 [ 229.028268][ T11] hfsplus: b-tree write err: -5, ino 4 [ 229.743989][ T9226] loop4: detected capacity change from 0 to 256 [ 230.514723][ T9252] device bridge6 entered promiscuous mode [ 230.529413][ T9250] loop1: detected capacity change from 0 to 2048 [ 230.562070][ T9250] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 230.573090][ T9254] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 230.648939][ T9259] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 230.671544][ T9250] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 230.714439][ T9250] Remounting filesystem read-only [ 230.781316][ T9258] loop0: detected capacity change from 0 to 4096 [ 230.806186][ T9258] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 230.909282][ T4256] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 231.078612][ T9263] loop4: detected capacity change from 0 to 4096 [ 231.127474][ T9263] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 231.255278][ T9263] ntfs3: loop4: failed to convert "c46c" to iso8859-7 [ 231.287701][ T9273] loop0: detected capacity change from 0 to 1764 [ 231.388531][ T9279] loop2: detected capacity change from 0 to 256 [ 231.408705][ T9280] Non-string source [ 231.795102][ T9290] loop0: detected capacity change from 0 to 128 [ 231.931073][ T9294] loop3: detected capacity change from 0 to 2048 [ 231.938145][ T9296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2208'. [ 231.972014][ T9296] netlink: 4260 bytes leftover after parsing attributes in process `syz.1.2208'. [ 232.001561][ T9294] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 232.753569][ T9325] loop1: detected capacity change from 0 to 8 [ 232.820011][ T9325] SQUASHFS error: Failed to read block 0x2d7: -5 [ 232.860929][ T9325] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 233.023061][ T9334] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2226'. [ 233.062967][ T9334] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2226'. [ 233.328509][ T9346] loop1: detected capacity change from 0 to 128 [ 233.365329][ T9345] xt_hashlimit: max too large, truncated to 1048576 [ 233.415949][ T9346] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 233.460318][ T9349] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2233'. [ 233.472283][ T9346] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 233.718812][ T9355] loop2: detected capacity change from 0 to 1024 [ 233.800382][ T9355] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 233.845168][ T9355] ext4 filesystem being mounted at /465/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.026639][ T4249] EXT4-fs (loop2): unmounting filesystem. [ 234.070797][ T9373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2244'. [ 234.494974][ T4259] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 234.705078][ T4259] usb 3-1: Using ep0 maxpacket: 32 [ 234.717062][ T4259] usb 3-1: config 0 has an invalid interface number: 48 but max is 0 [ 234.754949][ T4259] usb 3-1: config 0 has no interface number 0 [ 234.780193][ T4259] usb 3-1: New USB device found, idVendor=046d, idProduct=0960, bcdDevice=4b.cc [ 234.830609][ T27] audit: type=1326 audit(2000000149.117:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9402 comm="syz.4.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 234.835125][ T4259] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.914947][ T4259] usb 3-1: Product: syz [ 234.923839][ T9405] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2262'. [ 234.948863][ T27] audit: type=1326 audit(2000000149.117:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9402 comm="syz.4.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 234.972450][ T4259] usb 3-1: Manufacturer: syz [ 234.981811][ T4259] usb 3-1: SerialNumber: syz [ 234.994684][ T4259] usb 3-1: config 0 descriptor?? [ 235.029702][ T4259] gspca_main: sunplus-2.14.0 probing 046d:0960 [ 235.055185][ T27] audit: type=1326 audit(2000000149.167:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9402 comm="syz.4.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 235.128995][ T27] audit: type=1326 audit(2000000149.167:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9402 comm="syz.4.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 235.178884][ T27] audit: type=1326 audit(2000000149.167:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9402 comm="syz.4.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3358e169 code=0x7ffc0000 [ 235.231898][ T4259] gspca_sunplus: reg_w_riv err -71 [ 235.245549][ T4259] sunplus: probe of 3-1:0.48 failed with error -71 [ 235.275194][ T4259] usb 3-1: USB disconnect, device number 8 [ 235.696109][ T9429] xfrm0 speed is unknown, defaulting to 1000 [ 235.701264][ T9433] loop3: detected capacity change from 0 to 64 [ 235.793159][ T9435] loop4: detected capacity change from 0 to 512 [ 235.851318][ T9435] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 235.866127][ T9435] ext4 filesystem being mounted at /388/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 235.993879][ T9443] loop1: detected capacity change from 0 to 64 [ 236.155716][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 236.317671][ T9452] kAFS: Can only specify source 'none' with -o dyn [ 236.642792][ T9467] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2290'. [ 236.796705][ T9472] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 236.814913][ T9472] overlayfs: missing 'lowerdir' [ 236.921881][ T9473] loop0: detected capacity change from 0 to 4096 [ 236.975238][ T9473] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 237.070606][ T9473] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 237.080441][ T9481] loop4: detected capacity change from 0 to 64 [ 237.424217][ T9489] loop3: detected capacity change from 0 to 256 [ 237.436017][ T9489] exfat: Deprecated parameter 'utf8' [ 237.505219][ T9489] exfat: Deprecated parameter 'utf8' [ 237.510666][ T9489] exfat: Deprecated parameter 'utf8' [ 237.522111][ T9492] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2303'. [ 237.541908][ T9494] loop1: detected capacity change from 0 to 1024 [ 237.554621][ T9492] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2303'. [ 237.580543][ T9489] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 237.586431][ T9495] loop0: detected capacity change from 0 to 2048 [ 237.665370][ T9495] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 237.779497][ T4307] hfsplus: b-tree write err: -5, ino 4 [ 237.831995][ T9499] netlink: 'syz.4.2306': attribute type 10 has an invalid length. [ 238.012425][ T9499] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 238.107422][ T9499] syz.4.2306 (9499) used greatest stack depth: 19576 bytes left [ 238.129305][ T9509] loop2: detected capacity change from 0 to 256 [ 238.239279][ T9509] FAT-fs (loop2): Directory bread(block 64) failed [ 238.280541][ T9509] FAT-fs (loop2): Directory bread(block 65) failed [ 238.311516][ T9509] FAT-fs (loop2): Directory bread(block 66) failed [ 238.350119][ T9509] FAT-fs (loop2): Directory bread(block 67) failed [ 238.372341][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 238.382201][ T9509] FAT-fs (loop2): Directory bread(block 68) failed [ 238.388528][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 238.408629][ T9509] FAT-fs (loop2): Directory bread(block 69) failed [ 238.436562][ T9519] netlink: 340 bytes leftover after parsing attributes in process `syz.1.2315'. [ 238.437412][ T9509] FAT-fs (loop2): Directory bread(block 70) failed [ 238.446784][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 238.462340][ T9515] loop3: detected capacity change from 0 to 4096 [ 238.469069][ T9519] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2315'. [ 238.474709][ T9509] FAT-fs (loop2): Directory bread(block 71) failed [ 238.490608][ T9509] FAT-fs (loop2): Directory bread(block 72) failed [ 238.500642][ T9515] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 238.512513][ T9517] bond0: (slave bond_slave_0): Releasing backup interface [ 238.519436][ T9509] FAT-fs (loop2): Directory bread(block 73) failed [ 238.565755][ T9517] bond0: (slave bond_slave_1): Releasing backup interface [ 238.583279][ T9515] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 238.731322][ T9517] team0: Port device team_slave_0 removed [ 238.806766][ T9523] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2317'. [ 238.823650][ T9517] team0: Port device team_slave_1 removed [ 238.839103][ T9517] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.866721][ T9517] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.874277][ T9517] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.989890][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.027971][ T9517] batman_adv: batadv0: Removing interface: macvtap0 [ 239.079810][ T9517] bond0: (slave wlan1): Releasing backup interface [ 239.679735][ T9546] 9pnet_fd: p9_fd_create_tcp (9546): problem connecting socket to 127.0.0.1 [ 239.754768][ T9550] loop1: detected capacity change from 0 to 1024 [ 239.802768][ T9531] loop0: detected capacity change from 0 to 32768 [ 239.865156][ T9531] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.2321 (9531) [ 239.876083][ T9549] loop2: detected capacity change from 0 to 4096 [ 239.927944][ T9549] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 239.941102][ T9531] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 239.996305][ T4256] hfsplus: bad catalog entry type [ 240.000732][ T9531] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 240.046287][ T9549] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 240.051904][ T9531] BTRFS info (device loop0): use zlib compression, level 3 [ 240.098339][ T9531] BTRFS info (device loop0): using free space tree [ 240.383896][ T33] hfsplus: b-tree write err: -5, ino 4 [ 240.395171][ T9571] xt_TPROXY: Can be used only with -p tcp or -p udp [ 240.573174][ T9531] BTRFS info (device loop0): enabling ssd optimizations [ 240.681835][ T4307] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.713093][ T4250] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 240.966021][ T9587] netlink: 'syz.2.2343': attribute type 1 has an invalid length. [ 241.151469][ T4307] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.376096][ T4307] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.509968][ T9595] loop0: detected capacity change from 0 to 4096 [ 241.548860][ T4307] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.586561][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 241.594568][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 241.640731][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 241.680671][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 241.724830][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc1c00 [ 241.762803][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc2c00 [ 241.799578][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc4c00 [ 241.836639][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffc8c00 [ 241.889438][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffd0c00 [ 241.935342][ T9595] ntfs3: loop0: try to read out of volume at offset 0x3fffffe0c00 [ 241.993817][ T48] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 242.005783][ T48] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 242.014485][ T48] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 242.027222][ T48] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 242.039438][ T48] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 242.046993][ T48] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 242.082446][ T4252] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 242.091790][ T4252] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 242.099831][ T4252] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 242.115914][ T4252] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 242.123679][ T4252] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 242.131665][ T4252] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 242.284245][ T5727] hid-generic C990:0003:0000.0001: unknown main item tag 0x0 [ 242.292559][ T5727] hid-generic C990:0003:0000.0001: unknown main item tag 0x0 [ 242.309466][ T5727] hid-generic C990:0003:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 242.318974][ T9605] xfrm0 speed is unknown, defaulting to 1000 [ 242.363413][ T9590] loop3: detected capacity change from 0 to 32768 [ 242.531463][ T9590] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 242.814635][ T4251] ocfs2: Unmounting device (7,3) on (node local) [ 243.462092][ T9605] chnl_net:caif_netlink_parms(): no params data found [ 243.593090][ T9650] netlink: 'syz.3.2364': attribute type 2 has an invalid length. [ 243.617768][ T5715] xfrm0 speed is unknown, defaulting to 1000 [ 243.629963][ T5715] ================================================================== [ 243.638088][ T5715] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430 [ 243.645323][ T5715] Read of size 4 at addr ffff88802fc5c0e0 by task kworker/1:9/5715 [ 243.653247][ T5715] [ 243.655604][ T5715] CPU: 1 PID: 5715 Comm: kworker/1:9 Not tainted 6.1.134-syzkaller #0 [ 243.663776][ T5715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 243.673855][ T5715] Workqueue: infiniband ib_cache_event_task [ 243.679791][ T5715] Call Trace: [ 243.683111][ T5715] [ 243.686059][ T5715] dump_stack_lvl+0x1e3/0x2cb [ 243.690761][ T5715] ? nf_tcp_handle_invalid+0x647/0x647 [ 243.696245][ T5715] ? panic+0x764/0x764 [ 243.700342][ T5715] ? _printk+0xd1/0x111 [ 243.704534][ T5715] ? __virt_addr_valid+0x17f/0x530 [ 243.709680][ T5715] ? __virt_addr_valid+0x17f/0x530 [ 243.714830][ T5715] print_report+0x15f/0x4f0 [ 243.719379][ T5715] ? __virt_addr_valid+0x17f/0x530 [ 243.724522][ T5715] ? __virt_addr_valid+0x17f/0x530 [ 243.729670][ T5715] ? __virt_addr_valid+0x45b/0x530 [ 243.734819][ T5715] ? __phys_addr+0xb6/0x170 [ 243.739352][ T5715] ? siw_query_port+0x342/0x430 [ 243.744233][ T5715] kasan_report+0x136/0x160 [ 243.748773][ T5715] ? siw_query_port+0x342/0x430 [ 243.753659][ T5715] siw_query_port+0x342/0x430 [ 243.758367][ T5715] ? ib_query_port+0x344/0x7c0 [ 243.763165][ T5715] ib_cache_update+0x1a8/0xaf0 [ 243.767976][ T5715] ? ib_cache_setup_one+0x5b0/0x5b0 [ 243.773215][ T5715] ? read_lock_is_recursive+0x10/0x10 [ 243.778640][ T5715] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 243.784691][ T5715] ? print_irqtrace_events+0x210/0x210 [ 243.790191][ T5715] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 243.796124][ T5715] ib_cache_event_task+0xef/0x1e0 [ 243.801207][ T5715] ? process_one_work+0x806/0x1260 [ 243.806353][ T5715] process_one_work+0x917/0x1260 [ 243.811325][ T5715] ? worker_detach_from_pool+0x260/0x260 [ 243.816989][ T5715] ? _raw_spin_lock_irqsave+0x120/0x120 [ 243.822567][ T5715] ? kthread_data+0x4e/0xc0 [ 243.827112][ T5715] ? wq_worker_running+0x97/0x190 [ 243.832187][ T5715] worker_thread+0xa47/0x1200 [ 243.836995][ T5715] kthread+0x28d/0x320 [ 243.841099][ T5715] ? worker_clr_flags+0x190/0x190 [ 243.846148][ T5715] ? kthread_blkcg+0xd0/0xd0 [ 243.850780][ T5715] ret_from_fork+0x1f/0x30 [ 243.855235][ T5715] [ 243.858264][ T5715] [ 243.860598][ T5715] Allocated by task 4256: [ 243.864938][ T5715] kasan_set_track+0x4b/0x70 [ 243.869554][ T5715] __kasan_kmalloc+0x97/0xb0 [ 243.874181][ T5715] __kmalloc_node+0xb3/0x230 [ 243.878794][ T5715] kvmalloc_node+0x6e/0x180 [ 243.883318][ T5715] alloc_netdev_mqs+0x85/0xef0 [ 243.888107][ T5715] rtnl_create_link+0x2e9/0xaa0 [ 243.892985][ T5715] rtnl_newlink+0x140d/0x2060 [ 243.897688][ T5715] rtnetlink_rcv_msg+0x822/0x1000 [ 243.902738][ T5715] netlink_rcv_skb+0x1cd/0x410 [ 243.907525][ T5715] netlink_unicast+0x7e2/0x970 [ 243.912315][ T5715] netlink_sendmsg+0xa26/0xd60 [ 243.917104][ T5715] __sys_sendto+0x480/0x600 [ 243.921668][ T5715] __x64_sys_sendto+0xda/0xf0 [ 243.926468][ T5715] do_syscall_64+0x3b/0x80 [ 243.930912][ T5715] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 243.936839][ T5715] [ 243.939183][ T5715] Freed by task 4307: [ 243.943179][ T5715] kasan_set_track+0x4b/0x70 [ 243.947804][ T5715] kasan_save_free_info+0x27/0x40 [ 243.952857][ T5715] ____kasan_slab_free+0xd6/0x120 [ 243.957916][ T5715] __kmem_cache_free+0x25c/0x3c0 [ 243.962880][ T5715] device_release+0x91/0x1c0 [ 243.967490][ T5715] kobject_put+0x224/0x460 [ 243.971935][ T5715] netdev_run_todo+0xe19/0xf20 [ 243.976728][ T5715] xfrmi_exit_batch_net+0x310/0x350 [ 243.981962][ T5715] cleanup_net+0x886/0xd20 [ 243.986404][ T5715] process_one_work+0x917/0x1260 [ 243.991367][ T5715] worker_thread+0xa47/0x1200 [ 243.996069][ T5715] kthread+0x28d/0x320 [ 244.000173][ T5715] ret_from_fork+0x1f/0x30 [ 244.004620][ T5715] [ 244.007044][ T5715] The buggy address belongs to the object at ffff88802fc5c000 [ 244.007044][ T5715] which belongs to the cache kmalloc-cg-4k of size 4096 [ 244.021382][ T5715] The buggy address is located 224 bytes inside of [ 244.021382][ T5715] 4096-byte region [ffff88802fc5c000, ffff88802fc5d000) [ 244.034778][ T5715] [ 244.037118][ T5715] The buggy address belongs to the physical page: [ 244.043556][ T5715] page:ffffea0000bf1600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fc58 [ 244.053745][ T5715] head:ffffea0000bf1600 order:3 compound_mapcount:0 compound_pincount:0 [ 244.062092][ T5715] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 244.070122][ T5715] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017c4c280 [ 244.078742][ T5715] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 244.087344][ T5715] page dumped because: kasan: bad access detected [ 244.093791][ T5715] page_owner tracks the page as allocated [ 244.099525][ T5715] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4249, tgid 4249 (syz-executor), ts 72767178723, free_ts 72645399052 [ 244.120920][ T5715] post_alloc_hook+0x18d/0x1b0 [ 244.125746][ T5715] get_page_from_freelist+0x3731/0x38d0 [ 244.131325][ T5715] __alloc_pages+0x28d/0x770 [ 244.135943][ T5715] alloc_slab_page+0x6a/0x150 [ 244.140648][ T5715] new_slab+0x84/0x2d0 [ 244.144756][ T5715] ___slab_alloc+0xc20/0x1270 [ 244.149461][ T5715] __kmem_cache_alloc_node+0x19f/0x260 [ 244.154946][ T5715] kmalloc_trace+0x26/0xe0 [ 244.159395][ T5715] ipv6_add_dev+0x5ac/0x1180 [ 244.164022][ T5715] addrconf_notify+0x7c5/0xf70 [ 244.168847][ T5715] raw_notifier_call_chain+0xd0/0x170 [ 244.174243][ T5715] register_netdevice+0x1630/0x1ab0 [ 244.179472][ T5715] veth_newlink+0x7fc/0xc70 [ 244.183995][ T5715] rtnl_newlink+0x14ed/0x2060 [ 244.188699][ T5715] rtnetlink_rcv_msg+0x822/0x1000 [ 244.193770][ T5715] netlink_rcv_skb+0x1cd/0x410 [ 244.198592][ T5715] page last free stack trace: [ 244.203278][ T5715] free_unref_page_prepare+0x12a6/0x15b0 [ 244.208950][ T5715] free_unref_page+0x33/0x3e0 [ 244.213663][ T5715] qlist_free_all+0x76/0xe0 [ 244.218193][ T5715] kasan_quarantine_reduce+0x156/0x170 [ 244.223683][ T5715] __kasan_slab_alloc+0x1f/0x70 [ 244.228566][ T5715] slab_post_alloc_hook+0x52/0x3a0 [ 244.233709][ T5715] kmem_cache_alloc_node+0x136/0x310 [ 244.239023][ T5715] __alloc_skb+0xd3/0x2c0 [ 244.243431][ T5715] netlink_ack+0x392/0x12a0 [ 244.247968][ T5715] netlink_rcv_skb+0x24a/0x410 [ 244.252768][ T5715] netlink_unicast+0x7e2/0x970 [ 244.257566][ T5715] netlink_sendmsg+0xa26/0xd60 [ 244.262377][ T5715] __sys_sendto+0x480/0x600 [ 244.266915][ T5715] __x64_sys_sendto+0xda/0xf0 [ 244.271633][ T5715] do_syscall_64+0x3b/0x80 [ 244.276126][ T5715] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 244.282083][ T5715] [ 244.284410][ T5715] Memory state around the buggy address: [ 244.290130][ T5715] ffff88802fc5bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 244.298423][ T5715] ffff88802fc5c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 244.306687][ T5715] >ffff88802fc5c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 244.314762][ T5715] ^ [ 244.322052][ T5715] ffff88802fc5c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 244.330136][ T5715] ffff88802fc5c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 244.338310][ T5715] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 244.356780][ T4252] Bluetooth: hci3: command 0x0409 tx timeout [ 244.366926][ T5715] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 244.374161][ T5715] CPU: 1 PID: 5715 Comm: kworker/1:9 Not tainted 6.1.134-syzkaller #0 [ 244.382341][ T5715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 244.392417][ T5715] Workqueue: infiniband ib_cache_event_task [ 244.398390][ T5715] Call Trace: [ 244.401691][ T5715] [ 244.404640][ T5715] dump_stack_lvl+0x1e3/0x2cb [ 244.409351][ T5715] ? nf_tcp_handle_invalid+0x647/0x647 [ 244.414843][ T5715] ? panic+0x764/0x764 [ 244.418946][ T5715] ? preempt_schedule_common+0xa6/0xd0 [ 244.424435][ T5715] ? vscnprintf+0x59/0x80 [ 244.428807][ T5715] panic+0x318/0x764 [ 244.432745][ T5715] ? check_panic_on_warn+0x1d/0xa0 [ 244.437895][ T5715] ? memcpy_page_flushcache+0xfc/0xfc [ 244.443299][ T5715] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 244.449311][ T5715] ? _raw_spin_unlock+0x40/0x40 [ 244.454186][ T5715] ? print_report+0x4a3/0x4f0 [ 244.458909][ T5715] check_panic_on_warn+0x7e/0xa0 [ 244.463875][ T5715] ? siw_query_port+0x342/0x430 [ 244.468754][ T5715] end_report+0x66/0x110 [ 244.473013][ T5715] kasan_report+0x143/0x160 [ 244.477529][ T5715] ? siw_query_port+0x342/0x430 [ 244.482393][ T5715] siw_query_port+0x342/0x430 [ 244.487079][ T5715] ? ib_query_port+0x344/0x7c0 [ 244.491859][ T5715] ib_cache_update+0x1a8/0xaf0 [ 244.496638][ T5715] ? ib_cache_setup_one+0x5b0/0x5b0 [ 244.501843][ T5715] ? read_lock_is_recursive+0x10/0x10 [ 244.507223][ T5715] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 244.513211][ T5715] ? print_irqtrace_events+0x210/0x210 [ 244.518676][ T5715] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 244.524578][ T5715] ib_cache_event_task+0xef/0x1e0 [ 244.530054][ T5715] ? process_one_work+0x806/0x1260 [ 244.535166][ T5715] process_one_work+0x917/0x1260 [ 244.540113][ T5715] ? worker_detach_from_pool+0x260/0x260 [ 244.545746][ T5715] ? _raw_spin_lock_irqsave+0x120/0x120 [ 244.551300][ T5715] ? kthread_data+0x4e/0xc0 [ 244.555815][ T5715] ? wq_worker_running+0x97/0x190 [ 244.560869][ T5715] worker_thread+0xa47/0x1200 [ 244.565558][ T5715] kthread+0x28d/0x320 [ 244.569635][ T5715] ? worker_clr_flags+0x190/0x190 [ 244.574656][ T5715] ? kthread_blkcg+0xd0/0xd0 [ 244.579255][ T5715] ret_from_fork+0x1f/0x30 [ 244.583685][ T5715] [ 244.587000][ T5715] Kernel Offset: disabled [ 244.591320][ T5715] Rebooting in 86400 seconds..