last executing test programs: 13m30.855912816s ago: executing program 2 (id=8764): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x9b) 13m30.639873348s ago: executing program 2 (id=8768): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x74, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x60, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x31, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6}, @TCA_SKBMOD_PARMS={0x24}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) 13m30.44763075s ago: executing program 2 (id=8772): r0 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_coalesce={0xf, 0x40, 0x0, 0x0, 0x0, 0xfa, 0x0, 0x0, 0x0, 0x69, 0x0, 0x1684, 0x0, 0x0, 0x4d, 0x9, 0x3, 0x0, 0x2}}) 13m30.255776461s ago: executing program 2 (id=8775): syz_mount_image$jfs(&(0x7f00000001c0), &(0x7f0000000180)='./file0\x00', 0x2, &(0x7f0000000500)={[{@noquota}, {@gid}, {@errors_continue}, {@errors_continue}, {@gid={'gid', 0x3d, 0xee00}}, {@iocharset={'iocharset', 0x3d, 'macceltic'}}, {@quota}, {@errors_continue}, {@discard_size}]}, 0x1, 0x61c0, &(0x7f0000006740)="$eJzs3c1vHGcdB/Df7JtfSlOrh6pECLlteCmleS0hUKDpAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFEiCMn/oAeuHLjDyBSAgL11EFjP48znq69dt3dWXs+H8mZ+e0z430m35198czsEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/PAHP75QRMT1X6UbViI+F/2IXsRSVa9GxNLqSl5+EBHPx1ZzPBcRw4WIav2tf56JeC0iPjwV8ejx/bXq5osH7Mf3//yPP/zkqR/9/U/Dc//7y93+63std+/eb//71wdH22YAAADomrIsyyJ9zD+dPt/32u4UADAT+fW/TPLt6rmrN+asP2q1Wq0+hnVdOd6DehERG/V1qvcMDscDwDGzER+13QVaJP9OG0TEU213AphrRdsdYCoePb6/VqR8i/rrwep2ez4XZFf+G8XO9R17TSdpnmMyq8fXZvTj2T36szSjPsyTnH+vmf/17fZRWm7a+c/KXvmPti996pycf7+Zf8PJyb83Nv+uyvkPDpV/X/4AAAAAADDH8t//V1o+/rtw9E05kP2O/67OqA8AAAAAAAAA8Fk76vh/O4z/BwAAAHOr+qxe+d2pJ7ft9V1s1e3XioinG8sDHZMullluux8AAAAAAAAAAAAA0CWD7XN4rxURw4h4enm5LMvqp65ZH9ZR1z/uur790GVtP8kDAMC2D081ruUvIhYj4lr6rr/h8vJyWS4uLZfL5dJCfj87Wlgsl2qfa/O0um1hdIA3xINRWf2yxdp6dZM+L09qb/6+6r5GZf8AHZuNFgMHgIjYfjV65BXphCnLZ6LtdzkcD/b/k8f+z0G0/TgFAAAApq8sy7JIX+d9Oh3z77XdKQBgJvLrf/O4gFqtVqvV6pNX15XjPagXEbFRX6d6z2A4fgA4Zjbio7a7QIvk32mDiHi+7U4Ac61ouwNMxaPH99eKlG9Rfz1I47vnc0F25b9RbK2X1x83naR5jsmsHl+b0Y9n9+jPczPqwzzJ+fea+V/fbh+l5aad/6zslX+1nSst9KdtOf9+M/+Gk5N/b2z+XZXzHxwq/778AQAAAABgjuW//6/M1fHf0afdnIn2O/67OrV7BQAAAAAAAIDpevT4/lq+7jUf///CmOVc/3ky5fwL+XdSzr/XyP+rjeX6tfmHbz7J/9+P76/98e6/Pp+nB81/Ic8U6ZFVpEdEke6pGKTpUbbukzaH/VF1T8Oi1x+kc37K4dtxM27FepzftWwv/X88ab+wq73q6XCrvexvt1/c1T7Yac/rX9rVPkxnOpVLuf1srMXP41a8tdVetS1M2P7FCe3lhPacfz/+s9Nn+3935PwHtZ8q/+XUXjSmlYcf9D6x39en4+7n6s0v/ub89Ddnos3o72xbXbV9L7bQn63/k6dG8cs767fP3rtx9+7tC5Emu269GGnyGcv5D9PPzvP/S9vt+Xm/vr8+/GB06PznxWYM9sz/pdp8tb0vz7hvbcj5j9JPzv+t1D5+/z+W+VcP7333/1dm3ycAAAAAAAAAAAAAAADYV1mWW5eIXo2Iy+n6n7auzQQAZutq+sqNMsm3z6ruz/j+1OpjXhdz1p+Z1h+X89Uftfo41nXleG/Ui4j4W32dyxHx63G/DACYZx9HxD/b7gStkX+H5e/7q6Zn2u4MMFN33nv/pzdu3Vq/faftngAAAAAAAAAAn1Ye/3O1Nv73mbIsHzSW2zX+65uxetTxPwd5ZmeA0T0Gqu4ffpv2s9kb9Xu14cZfiL3G/x7uzO03/vegeQeNL08YTujPaEL7woT2xQntYy/0qMn5v1Ab7/xMRJxuDL9+AsZ/3bLf+K/NMe+7IOf/Yu3xXOX/lcZy9fzL3x/n/Hu78j93991fnLvz3vuv3nz3xjvr76z/7NKFC+cvXb585cqVc2/fvLV+fvvfFns8XTn/PPa180C7JeefM5d/t+T8v5Rq+XdLzv/LqZZ/t+T88/s9+XdLzj9/9pF/t+T8X061/Lsl5/+1VMu/W3L+r6Ra/t2S8/96quXfLTn/V1Mt/27J+Z9Ntfy7Jed/LtUHzH9p2v1iNnL++QiX/b9bcv75zAb5d0vO/2Kq5d8tOf9LqZZ/t+T8X0u1/Lsl5/+NVMu/W3L+l1Mt/27J+X8z1fLvlpz/lVTLv1ty/t9Ktfy7Jef/7VQfKv+V6fWL2cj5v55q+3+35Py/k2r5d0vO/7upln+35Py/l2r5d0vO/41Uy79bnnz/vxkzZszkmbafmQAAAAAAAAAAAACAplmcTtz2NgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9u4tRq67vgP42avXzs1ASJ3UwNoxxjib7PoSX2hdTICQJlyaGyUtje16186Cb/HaJUkj2VGgRMKoUUXb8NAWUNTmpcKq8kCrgPKAWlWqRNoH+oKoUHmIqoASpEptFbLVnPn//zszOzuz6x2vZ875fKT45505M+fMmTNn97vOdwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGpt+PDUl/uyLKv8l/+xNsuurvx99eja/LIPXOktBAAAAJbrl/mfr1+XLti/iBvVLPNP7/7Bi7Ozs7PZZwb+dOhrs7PpitEsG1qVZfl10cWfPNRXu0zwdDbS11/zdX+b1Q+0uX6wzfVDba4fbnP9qjbXjzS5bHXN3+ftgCZL96U725T/dW11l2bXZ0P5dZua3OrpvlX9/fF3Obm+/DazQ0ey6exYNpVN1C1fXbYvX/6lDZV13ZXFdfXXrGt95Qh548nDcRv6wj7eVLeuufuMfvahbPQXbzx5+K/PvHZjs9l2N9TdX3U7t2ysbOcXwyXVbe3LVqV9Erezv2Y71zd5TgbqtrMvv13l743b+foit3NgbjNXVONzPpL1539/Jd9Pg7W/1kv7aX247H9uzrLs/NxmNy4zb11Zf7am7pL+uednpHpEVu6jcii9PRtc0nG6YRHHaWVObqo/ThtfE/H53xBuN7jANtQ+TT97arjmeX9z9lKO06jyqBd6rTQeg51+rXTLMRiPi1fyB/1M02NwU3j8T25e+Bhseuw0OQbT4645Bje2Owb7hwfybU5PQl9+m7ljcFvd8gP5mvry+erm1sfg+Jnjp8ZnHn/i1unjh45OHZ06sWPbtokdu3bt2bNn/Mj0samJ6p+XuLe735qsP70GNoZ9F18D72tYtvZQnf3m8Lzz76W+DkdavA7XNizb6dfhYOOD61uZF+T8Y7r62nigstNHLvRnC7zG8udn6/Jfh+lx17wOB2teh02/pzR5HQ4u4nVYWebU1sX9zDJY81+zbVj4e8HyjsG1Ncdg488jjcdgp38e6ZZjcCQcFz/auvD3gvVhe58ZW+rPIwPzjsH0cMO5p3JJ+nl/ZE8+mh2XN1WuuGo4Ozszdfq2xw6dOXN6WxbGinhHzbHSeLyuqXlM2bzjtX/Jx+v+6Xc/c1OTy9eGfTVya+WPkQWfq8oyO29r/Vzl392a78+6S7dnYXTYSu/PZt/NK/tzOMu+/v2n7vvuk1//8IL7s5I3vzi+/J/FUy6tOf8OLXD+jbn/rer60l09PTA0WH39DqS9M1R3Pq5/qgbzc1dfvu7Xxxd3Ph4K/630+fj6FufjdQ3Ldvp8PNT44OL5uK/dbzuWp/H5HAnHybGJ1ufjyjLrti/1mBxseT6+Ocy+sP/fH5JCykU1x85Cx21a1+DgUHhcg3EN9cfpjrrlh0I2q6zrhe2Xdpxuubl6XwPp0c1ZqeN0tGHZTh+n6XdfCx2nfe1++3ZpGp/PkXBcXL+j9XFaWeblncs/d6bfz9WcO4fbHYNDA8OVbR5KB2F+vs9mV8dj8LbscHYyO5ZN5tcO58dTX76usdsXdwwOh/9W+ly5rsUxuKVh2U4fg+n72ELHXt/g/AffAY3P50g4Lp67vfUxWFnmI7s7+7PrlnBJWqbmZ9fG368t9Duvmxp20+U6VgbDdn5/d+vfzVaWObZnqTmz9X66JVxyVZP91Pj6Xeg1NZmtzH5aF7bztT0L76fK9lSW+dreRR5P+7MsO/foHfnve8O/r/zd2R++WPfvLs3+Tefco3f8/Joj/7iU7Qeg971VHWuq3+tq/mVqMf/+DwAAAPSEmPv7w0zkfwAAACiMmPvj/xWeyP8AAABQGDH3D4aZlCT/r/vIa9NvnctSM382iNen3XB3dbnYcZ0IX4/OzqlcfsfzU//9D+cWt+7+LMvevPsPmy6/7u64XVWjYTsvfrT+8nlevHVR6z744Lm03tr++jfC/cfHs9jDoFkFdyLLspeu+2q+ntGHLuTz5bsP5vO+8888XVnm9b3Vr+PtX31Hdfm/COXf/UcO1d3+1bAffhrmxD3N90e83bcvvH/97k/PrS/erm/jtfnDfu7h6v3G98l59unq8nE/L7T93/3KC9+uLP/Ye5tv/7n+5tv/Qrjf58P833dVl699Dipfx9t9KWx/XF+83W3f+l7T7b/45eryp+6sLncwzLj+LeHrTXe+Nl27vx7rO1T3uLKPVZeL65/44R/n18f7i/ffuP0jBy7U7Y/G4+Plf6vez3jD8vHyuJ7o7xvWX7mf2uMzrv+FPzpYt5/brf/ifa++q3K/jeu/pWG5U49uzdc/d3/179j0l1/6atP1xe3Z/7en6h7P/nvD6zis/7mHw/EYrv+/i9X7a3x3hYP31p9/4vLfWHuu7vFEd/2iuv6LHzyaz1Ujq9dcdfU1155/T2XfZdkrq6r31279R//qZN32f/OG6v6I18eOfuP6FxLXf/oLYydOzpydnkx79cnr8vfO+Xh1e+L2XhfOrY1fHzh55pGp06MToxNZNlrct9C7ZN8K8+fVcb710rPzzqBbHwzP501//tKazf/6lXj5vz9QvfzCPdXvW+8Lyz0bLl8bnr+lrX++5zbckL+++14OWzg7//2Cl2P9pv/as6gFw+Nv/LkgHu+n3vlIvh8q1+XfN+Lrepnb/+PJ6v18J+zX2fDOzBtvmFtf7fLxvREu3F99vS97/4XTXHxe/yY835/4afX+43bFx/vj8HPM99bVn+/i8fGdc/2N95+/i8f5cD7Jzlevj0vF/X3h9Ruabl58H5Ls/I3513+S7ufGJT3Mhcw8PjN+bPrE2cfGz0zNnBmfefyJA8dPnj1x5kD+Xp4HPtfu9nPnpzX5+WlyatfOLD9bnayOy+xKb/+pBw9P7p7YPDl15NDZI2cePDV1+ujhmZnDU5Mzmw8dOTL1hXa3n57ct2373h27t48dnZ7ct2fv3h17x6ZPnKxsRnWj2tg18fmxE6cP5DeZ2bdz77bbb985MXb85OTUvt0TE2Nn290+/940Vrn1H4ydnjp26Mz08amxmeknpvZt27tr1/a27wZ4/NSRmdHx02dPjJ+dmTo9Xn0so2fyiyvf+9rdnmKa+Y/qz7ON+qpvxJd96pZd6f1ZK55/asG7qi7S8Aair4X3ovnnt53as5ivY+4fCjMpSf4HAACAMoi5fzjMRP4HAACAwoi5f1WYifwPAAAAhRFz/0iYSUnyf+H6/+vOLWr9+v/6/7X7S/+/ZP3/+7ut/189X+j/d8Zy+/f6/4H+v/6//r/+v/4/HdBt/f+Y+1dn2dLyf3+b6wEAAICuEXP/mjCTkvz7PwAAAJRBzP1XhZnI/wAAAFAYMfdfHWZSkvyv/6//r/+v/6//33z9+v+9Sf+/Nf3/NvT/x7Ny9f/Pd3L79f/1/5mv2/r/MfdfE2ZSkvwPAAAAZRBz/7VhJvI/AAAAFEbM/deFmcj/AAAA0JtWz78o5v61YSYlyf/6//r/+v/6//r/zdev/9+b9P9b0/9vQ//f5//r/+v/01Hd1v+Puf9tYSYlyf8AAABQBjH3vz3MRP4HAACA7jN4aTeLuf8dYSbz8v8lrgAAAAC44mLuvz5rKIKX5N//9f/1//X/9f/1/5uvf/H9/4FM/7976P+3pv/fhv6//r/+v/4/HdVt/f8892cj2TvDTEqS/wEAAKAMYu6/IcxE/gcAAIDuNrL4RWPu/5XGG8r/AAAAUBgx968LMylJ/tf/1//X/9f/1/9vvn6f/9+b9P9b0/9vo9v6/w1HkP5/d2+//r/+P/N1W/8/5v4bw0xKkv8BAACgDGLuvynMRP4HAACAwoi5/1fDTOR/AAAAKIyY+9eHmZQk/+v/d3n/P/b+9P/1//X/9f/1/xdF/781/f82uq3/30D/v7u3X/9f/5/5uq3/H3P/u8JMSpL/AQAAoAxi7n93mIn8DwAAAIURc/97wkzkfwAAACiMmPtHw0xKkv/1/7u8/+/z//X/9f/1//X/l0T/vzX9/zb0//X/9f/1/+mobuv/x9y/IcykJPkfAAAAyiDm/o1hJvI/AAAAFEbM/TeHmcj/AAAAUBgx928KMylJ/tf/1//X/9f/1/9vvn79/96k/9/aYvr/+TlN/1//X/9f/1//nw7otv5/zP3vDTMpSf4HAACAMoi5f3OYifwPAAAAhRFz//vCTOR/AAAAKIyY+7eEmZQk/+v/6/+Xtf+/qmad+v/6/83Wr//fm/T/W/P5/23o/+v/6//r/9NR3db/j7n//WEmJcn/AAAAUAYx928NM5H/AQAAoDBi7r8lzET+BwAAgMKIuX8szKQk+f/K9P/fyP/U/9f/9/n/+v/6//r/nVaG/v9nl3qnNfT/29D/1//X/9f/p6O6rf8fc/+tYSYlyf8AAABQBjH33xZmIv8DAABAYcTcPx5mIv8DAABAYcTcPxFmUpL87/P/9f/1//X/l9T/f8/c/er/V+n/d5cy9P+XQ/+/Df1//f8r3v8f0v+nULqt/x9z/7Ywk5LkfwAAACiDmPu3h5nI/wAAAFAYMffvCDOR/wEAAKAwYu7fGWZSkvyv/6//r/+v/+/z/5uvX/+/N+n/t9b5/n98iPr/+v/6/z7/X/+f+bqt/x9z/+1hJiXJ/wAAAFAGMffvCjOR/wEAAKAwYu7fHWYi/wMAAEBhxNy/J8ykJPlf/78D/f/B5hfr/+v/R/r/4XjQ/9f/XwH6/635/P829P/1//X/9f/pqG7r/8fcvzfMpCT5HwAAAMog5v4PhJnI/wAAAFAYMff/WpiJ/A8AAACFEXP/r4eZlCT/6//7/H/9f/1//f/m69f/7036/63p/7eh/6//r/+v/09HdVv/P+b+fWEmJcn/AAAAUAYx9/9GmIn8DwAAAIURc/8Hw0zkfwAAACiMmPv3h5mUJP/r/+v/6//r/+v/N1+//n9v0v9vTf+/Df1//X/9f/1/Oqrb+v8x938ozKQk+R8AAADKIOb+O8JM5H8AAAAojJj7PxxmIv8DAABAYcTc/5Ewk5Lkf/1//X/9f/1//f/m69f/7036/63p/7eh/6//r/+v/09HdVv/P+b+j4aZlCT/AwAAQBnE3H9nmIn8DwAAAIURc//HwkzkfwAAACiMmPvvCjMpSf7X/9f/1//X/9f/b75+/f/epP/fmv5/G/r/Bev/j16j/6//z+XSLAHNd2n9/6vfXHCFy+z/x9z/m2EmJcn/AAAAUAYx998dZiL/AwAAQGHE3H9PmIn8DwAAAIURc//Hw0xKkv/1//X/9f/1//X/m69f/7836f+31mP9/19eGy7X/6/S/+/u7e/K/v9PFur/z65qvL3+P5fDpfX/m+pI/z/m/k+EmZQk/wMAAEAZxNz/yTAT+R8AAAAKI+b+T4WZyP8AAABQGDH3/1aYSUnyv/5/ZTvm2sv6//r/+QX6//r/+v89S/+/tR7r//v8/wb6/929/V3Z//f5/1xh3db/j7n/3jCTkuR/AAAAKIOY++8LM5H/AQAAoDBi7r8/zET+BwAAgMKIuf+BMJOS5H/9f5//r/+v/6//33z9+v+9Sf+/Nf3/NvT/9f+7rf//n/r/9LZu6//H3P9gmElJ8j8AAACUQcz9nw4zkf8BAACgMGLu/+0wE/kfAAAACiPm/s+EmZQk/+v/90r/f3RF+v+Z/r/+v/6//n+P0/9vTf+/Df1//f9u6//7/H96XLf1/2PufyjMZPH5f2TRSwIAAABXRMz9vxNmUpJ//wcAAIAyiLn/d8NM5H8AAAAojJj7PxtmUpL8f3n6/83a8PPp//v8f/1//X/9f/3/Tlu5/n888+j/6//r/0f6/4vr/882fqML9P8pom7r/8fc/3thJiXJ/wAAAFAGMfc/HGYi/wMAAEBPWMz/hR5z/4EwE/kfAAAACiPm/oNhJiXJ/z7/X/9f/79L+/9/tvFffvSDTx7cdmX6//nU/9f/70WXtf8fTzbx8/8rL36f/6//r/+f6P/7/H/9fxp1W/8/5v5DYSYlyf8AAABQBjH3/36YifwPAAAAhRFz/+EwE/kfAAAACiPm/skwk5Lkf/1//X/9/y7t//fw5//H/aH/X69j/f940tX/b2rlPv+/+vWz+v+X2P8fbnqp/r/+fy9vv/6//j/zXZb+/+yqdOFS+/8x90+FmZQk/wMAAEAZhNzff6Q6566Q/wEAAKAwYu4/GmYi/wMAAEBhxNz/SJhJSfK//r/+v/6//n+n+/8+/785n/+/MvT/W+ue/n9z+v/6/1dq+4fC1P/X/6ezuu3z/2Punw4zKUn+BwAAgDKIuf9zYSbyPwAAABRGzP2fDzOR/wEAAKAwYu4/FmZSkvyv/6//r/+v/6//33z9+v+9Sf+/Nf3/NvT/S9v/78T26//r/zNft/X/Y+4/HmZSkvwPAAAAZRBz//+zdx/PltdlHsdP9zQ13cUfMIvZUDXL2c+Gxcx65g+YhRs3VlmWBSrmRGOOmHPAnDGAIiZUFAOYUMxizoIBM2q1Jf08T9++99zfud2ee+/vfJ/Xa/PMtNOeo0MBH7rf9b0kbrH/AQAAYBi5+y+NW+x/AAAAGEbu/gfELU32v/5f/z9s///f+v/dPl//r/8fmf5/2uH2/7tHnUn/r//f5O+v/9f/s9Pc+v/c/Q+MW5rsfwAAAOggd/+D4hb7HwAAAIaRu/+yuMX+BwAAgGHk7n9w3NJk/2/r/48sevb/mfHq//ez/z/q/X/9v/5f/7//Drb/v+Iff+bT/3v/X/8f9P/6f/0/282t/8/d/5C4pcn+BwAAgA5y9z80brH/AQAAYBi5+x8Wt9j/AAAAMIzc/Q+PW5rsf+//e/9/2Pf/9f+7fr7+X/8/Mu//T+vU/19224WX3HXdv19/Lp+v/+/Q/9+0b99f/6//Z6e59f+5+x8RtzTZ/wAAANBB7v5Hxi32PwAAAAwjd/+j4hb7HwAAAIaRu//RcUuT/a//1//r//X/+v/ln6//30z6/2md+v/z+Xz9f4f+f/++v/5f/89Oc+v/c/c/Jm5psv8BAACgg9z9j41b7H8AAAAYRu7+y+MW+x8AAACGkbv/ZNzSZP/r//e///+b/l//H1f/r//X/+8//f80/f8K+n/9v/5f/89aza3/z91/RdzSZP8DAABAB7n7Hxe32P8AAAAwjNz9j49b7H8AAAAYRu7+J8QtTfa//t/7//p//b/+f/nn6/83k/5/2sH3/8v+Crk7/f/G9/8X6P/1//p/tjrH/v/uiT9tr6X/z93/xLilyf4HAACADnL3Pylusf8BAABgGLn7nxy32P8AAAAwjNz9T4lbmux//b/+f0/9f/z/+HL9v/5/C/3/afr/edH/T5vN+/9Hji39Yf3/xvf/3v/X/+v/Ocvc3v/P3f/UuCWG36X/dV7/MQEAAIAZyd3/tLilya//AwAAQAe5+58et9j/AAAAMIzc/c+IW5rsf/2//t/7//p//f/yz5/q/6/f8v30//Oi/582m/5/F/p//f8mf3/9v/6fnebW/+fuf2bc0mT/AwAAQAe5+6+MW+x/AAAAGEbu/mfFLfY/AAAADCN3/7Pjlib7f3n/f+Zf1//vjf7/7O+v/1/+x8e6+v/8d9T/T/b//+P9/570/9P0/yvo//X/+v/d+v8Tq36+/p9l5tb/5+5/TtzSZP8DAABAB7n7nxu32P8AAAAwjNz9z4tb7H8AAAAYRu7+58ctTfa/9//1//r/zev/vf9/2mG+/7848P7/mP5/j/T/0/T/K+j/9f/6f+//s1Zz6/9z978gbmmy/wEAAKCD3P0vjFvsfwAAANgMW3/vwPbfUBpy978obrH/AQAAYBi5+18ctzTZ//p//b/+X//fu/8/viH9v/f/90r/P03/v8Lh9v9HBu3/jw3W/1+128+fQ/9/uf6fmTmr/7/hzI8fVv+fu/8lcUuT/Q8AAAAd5O5/adxi/wMAAMAwcve/LG6x/wEAAGAYuftfHrc02f/73v+f2P2z9f/6f/2//v/w+/9Nef9f/79X+v9p+v8VvP/v/X/v/+v/Wauz+v8tDqv/z93/irj1jwCa7H8AAADoIHf/K+MW+x8AAACGkbv/qrjF/gcAAIBh5O5/VdzSZP97/1//r//X/+v/l3++/n8z6f+n6f9X0P/r//X/+n/Wam79f+7+V8ctTfY/AAAAdJC7/zVxi/0PAAAAw8jd/9q4xf4HAACAYeTuf13c0mT/6//3t//PH9f/6/8X+n/9v/7/QLTt/48s+yvRTrv0/7fc9+T/nf0j+n/9v/5f/6//Zw1m0f+fOvN3l7n7Xx+3NNn/AAAA0EHu/jfELfY/AAAADCN3/xvjFvsfAAAAhpG7/01xyz37f3uFunmOr/jX9f/e/9f/6//1/8s/X/+/mdr2/3vk/f8V9P/6f/2//p+1mkX/v+V/z93/5rjFr/8DAADAMHL3vyVusf8BAABgGLn73xq32P8AAAAwjNz9b4tbmux//b/+X/+v/9f/L/98/f9m0v9P0/+voP/X/6+l/79//Ij+X//P3Pr/3P1Xxy1N9j8AAAB0kLv/7XGL/Q8AAADDyN3/jrjF/gcAAIBh5O5/Z9zSZP/r//X/+n/9v/5/+efr/zeT/n+a/n+xWFwz8QWW9f+n/lX/r//3/r/+n/M0t/4/d/+74pYm+x8AAAA6yN1/Tdxi/wMAAMAwcvdfG7fY/wAAADCM3P3vjlua7H/9v/5f/6//b9T/H9H/j0//P03/v4L3//X/+n/9P2s1t/4/d/974pYm+x8AAAA6yN1/Xdxi/wMAAMAwcve/N26x/wEAAGAYufuvj1t23f9HD+BbHRz9v/5f/6//b9T/D/j+//HVH9zM/vX/C/2//l//v4L+X/+v/2e7ufX/ufvfF7f49X8AAAAYRu7+98ct9j8AAAAMI3f/B+IW+x8AAACGkbv/g3FLk/2v/9f/6//1//r/5Z+/Gf3/6s/txvv/0/T/K+j/9f/6f/0/azW3/j93/4filib7HwAAADrI3X9D3GL/AwAAwDBy9384brH/AQAAYBi5+z8StzTZ/4fR/x/dcvX/c+v/Fwv9v/5f/3/aAfT/xxf6/7XT/0/T/6+g/x+z/z+6GKj/P7Hrz9f/M0dz6/9z9380bmmy/wEAAKCD3P03xi32PwAAAAwjd//H4hb7HwAAAIaRu//jcUuT/e/9f/3/xr7/f0H8BP2//n9z+//6b1X/vz76/2n6/xX0//vV/9+xli94eN9/Rv3/7vT/zNHc+v/c/TfFLU32PwAAAHSQu/8TcYv9DwAAAMPI3f/JuMX+BwAAgGHk7v9U3NJk/+v/9f8b2/97/1//r//X/y+h/5+m/19B/z/m+//6f/0/h2Zu/X/u/k/HLU32PwAAAHSQu//muMX+BwAAgGHk7r8lbrH/AQAAYBi5+z8TtzTZ//p//b/+fzP7/+P6f/2//n+pufT/F1/8v7fq//X/+n/9v/5f/9/d3Pr/3P2fjVua7H8AAADoIHf/5+IW+x8AAACGkbv/83GL/Q8AAADDyN3/hbilyf7f2f9fsDhdqJ62rP+PRk3/v4X+/+zvr/9f/seH9//1//r//TeX/t/7/+f3/fX/+v9N/v7n1P9ftPPn6/8Z0dz6/9z9t8YtTfY/AAAAdJC7/4txi/0PAAAAw8jd/6W4xf4HAACAYeTuvy1uabL/vf+v/9f/6//1/8s/X/+/mdbb/5/Q/+v/9f/6/37v//+L/p/1mVv/n7v/y3FLk/0PAAAAHeTu/0rcYv8DAADAMHL3fzVusf8BAABgGLn7vxa3NNn/+n/9v/5f/6//X/75+v/N5P3/afr/FWba/+ffoer/5/39h+n/vf/PGq21/9/+F6Xz6P9z9389bmmy/wEAAKCD3P3fiFvsfwAAABhG7v5vxi32PwAAAAwjd/+34pYm+3/9/f9F+v+g/59L/39v/f+2z9f/6/9Hpv/Pv6Ivp/9f4Z4/zR2bXf+f9P/z/v76f/0/O621/1/s+NvRc+7/c/ffHrc02f8AAADQQe7+b8ct9j8AAAAMI3f/d+IW+x8AAACGkbv/u3FLk/3v/f9e/f+RRcf+3/v/+n/9fyf6/2n6/xVm+v5/0v/P+/vr//X/7DS3/j93//filib7HwAAADbV///n/W7f6/9t7v7vxy32PwAAAAwjd/8P4hb7HwAAAIaRu/+HcUuT/a//79X/93z/X/+v/9f/d6L/n6b/X0H/r//X/+v/Wau59f+5+38Ut2wZfsfO+T8lAAAAMCe5+38ctzT59X8AAADoIHf/T+KWHfv/1B5/VzsAAAAwN7n7fxq37OHX//9j377VwdH/z7z/X4zf/9+50P/r/0/T/+v/10H/P+2f7P9PHdH/6/8n6P/1//p/tptb/5+7/2dxi9//DwAAAJvsrH+ikLv/53GL/Q8AAADDyN3/i7jF/gcAAIBh5O6/I25psv/1/zPv/8/r/f8T9T9tQv/v/f997P+vPL708/X/+v+R6f+nef9/Bf2//l//r/9nrebW/+fuvzNuabL/AQAAoIPc/b+MW+x/AAAAGEbu/l/FLfY/AAAADCN3/6/jlib7X/8/Yv+/We//6/+9/3/+/f+/XXjy5nvd59qr9f+csfb+P/7WYFn/n38s6P8PpP+/cdm/n/5f/z+n76//1/+z09z6/9z9v4lbmux/AAAA6CB3/11xi/0PAAAAw8jd/9u4xf4HAACAYeTu/13c0mT/6//1/3Pp//O/60Po/09uXv+fTXH3/t/7//r/nbz/P22D+3/v/+v/Z//99f/6f3aaW/+fu//3cUuT/Q8AAAAd5O7/Q9xi/wMAAMAwcvf/MW6x/wEAAGAYufv/FLc02f/6f/3/XPr/5P3/Mz/P+/+n6f/1/+dC/z9N/7+C/l//r//X/7NWc+v/c/f/OW5psv8BAACgg9z9d8ct9j8AAAAMI3f/X+IW+x8AAACGkbv/r3FLk/2v/9f/6//1//r/5Z+v/99M+v9p+v8V9P/6f/2//p+1mlv/n7v/7wEAAP//TYN26A==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 13m29.026364214s ago: executing program 2 (id=8798): setresuid(0x0, 0xee00, 0x0) clock_adjtime(0x0, &(0x7f0000000600)={0xfffffffffffffffb}) 13m27.301759075s ago: executing program 2 (id=8819): r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000d80)="5c0000007a006bcd9e3fe3dc6e08170007000054250ec000488bc3a00000e517d34460bc24fff3000005251e4e82949a3651f668c3664402682fb6e27bbfa83b5cae0300c9fcd1938037e786a600"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 13m26.650319663s ago: executing program 32 (id=8819): r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000d80)="5c0000007a006bcd9e3fe3dc6e08170007000054250ec000488bc3a00000e517d34460bc24fff3000005251e4e82949a3651f668c3664402682fb6e27bbfa83b5cae0300c9fcd1938037e786a600"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 31.835870593s ago: executing program 5 (id=21884): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) writev(r0, &(0x7f0000000500)=[{&(0x7f0000000340)='Rkbc', 0x4}], 0x1) 31.671215963s ago: executing program 5 (id=21887): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, 0xe) 31.511159292s ago: executing program 5 (id=21890): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) lseek(r0, 0x1000, 0x1) 31.371365621s ago: executing program 5 (id=21892): syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x204818, &(0x7f00000003c0)={[{@map_off}, {@check_strict}, {@overriderock}, {@map_off}, {@unhide}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@map_off}, {@mode={'mode', 0x3d, 0x483}}]}, 0x1, 0x544, &(0x7f0000001000)="$eJzs3V9v01YfwPGfS/sQ5ZGqRw8TQlWBQ9mkIpXgJBAUceU5J+mBxI5sB7VXqKIpqkhhokxae8O4YZu0vQh2uRexd4T2EjbZTvqHJjHQv6u+nwjOiX3s8zup5Z/cxscCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEcmu2XbSkabzOkhrNrQV+a/dtf+sDC+TWvmJMvyJW/E9yObmSLrry1e7qy/F/czKbvpuVXFzkZPu/l//34NLkxGD7MQF/lt+/cE+bW9vPV3q97qujCuQMunpx9LqG9kzom5bT0MqEvqpWKvadxXqo6qapw+Uw0i3lBtqJ/EDNu7dUsVotK11Y9jteo+Y09WDh/dsl266oh4W2doLQ9+48LITuomk2jddI2sSr4zb34wPxkYlUpJ2WUmvrvW45awBxo+KnNCplNSrZpVKxWCoVK/eq9+7b9uSBBfZH5ECLozto8e90hGdv4HAm+vlfmmLEk44siRr6cqUmgfjSGrG+b5D/v7mjx/a7N/8PsvyV3dUzkuT/a+m7a6Py/4hYTu61KVuyLc9lRXrSk668OvWITvbVEC2eGAnFFyMtcZIlqr9ESVUqUhFbnsii1CUUJXUx0hQtoSxLKJHo5IhyJRAtjkTiSyBK5sWVW6KkKFWpSlmUaCnIsvjSEU8aUhMn2cuarCefe1mUNSrGnUbFkcPID467rpTGjJb8j8M70vM3cBh/D/I/AAAAAAA4t6zkt+/x9f+UXE1qddPU9mmHBQAAAAAAjlDyl//ZuJiKa1fF4vofAAAAAIDzxkrusbNEJC/X09qaWMntUvwSAAAAAACAcyL5+/+1uEjmQLku1s50KVz/AwAAAABwTvycOcd+2L5o/fmXBMGU9ba99LW1kczN62xcSLe78PEeo/qMNd3fSVJU0mJy0tWzVi5ttDMJ5od+sZYVh7UbgLMTwI+fE8ClSflVbqRtbqym5epgTdpLvm6auuD6zQdFcZzpiUgvRd+/WP9BkuH/4rWmrZys97qFpy97q0ksb+O9vN3oT6B4YB7FMbG8TuZbSO65GDriqeRGjH6/eUvW1ntde+/4J9LNJ/b3+GZ6TJ/vZC5tNdef8Ta/f/y5uM9iYdTo+1EUDznyd3IzbXNz/mZaDImilBVFaW8Uwz+Lw0dRzoqifMgoAOC0rGVkIUsO5N0vOMt9WXaXz8zu72Q+bTM/k5xYJ2eGnNHtrDO6fcjs9seBZyCNyrFxv799lFXfxxu8H9lv2CxZ8Ud44fXGd3J5c2v79vrGyrPus+6LUqlcse/a9r2STCXD6BfkHgDAEHufsWMNzf+ZT+Gx7mZcVf9/5ysFBXkqL6Unq7KQ3G2QfONg6F7ze76GsJBx1ZpP0mT6hJeFMVd1/0nuchjstzS27f4YyifwkwAA4OTMZeThT8n/CxnX3ftz+fir4/yep7UBAIDjoYMPVj76yQoC035SrFaLTrSoVeC7j1Rgag2tjBfpwF10vIZW7cCPfNdvxpXHpqZDFXbabT+IVN0PVNsPzVIyfaDqP/o91C3Hi4wbtpvaCbVyfS9y3EjVTOiqdufbpgkXdZBsHLa1a+rGdSLjeyr0O4GrC0qFWu9paGrai0zdxFVPtQPTcoKceuw3Oy2tajp0A9OO/HSHg76MV/eDVrLbwml/2AAAnBGbW9vPV3q97qtjrAztOHfiQwUAAH0ZWRoAAAAAAAAAAAAAAAAAAAAAAJwBJ3H/H5VzXhlMBX1W4qFyBJXMU8ebYz85AThW/wQAAP//rVVPjw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) 31.164772383s ago: executing program 5 (id=21895): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00') pread64(r0, &(0x7f0000000140)=""/15, 0xf, 0x4) 30.621251145s ago: executing program 5 (id=21903): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001100)=@mangle={'mangle\x00', 0x10, 0x6, 0x520, 0x380, 0x380, 0x290, 0x0, 0x0, 0x450, 0x450, 0x450, 0x450, 0x450, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x380}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x380}}, {{@ipv6={@local, @loopback, [0x0, 0xff, 0xff000000, 0xffffff00], [0xffffffff, 0x0, 0xffffffff, 0xff], 'ip6gre0\x00', 'syzkaller1\x00', {0xff}, {}, 0x4, 0x6, 0x0, 0x30}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x1f}, @ipv6=@empty, 0xd, 0x25, 0x162b}}}, {{@ipv6={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00], [], 'veth1\x00', 'ip6gretap0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@broadcast}}}, {{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'wg1\x00', 'vxcan1\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580) 30.290224365s ago: executing program 33 (id=21903): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001100)=@mangle={'mangle\x00', 0x10, 0x6, 0x520, 0x380, 0x380, 0x290, 0x0, 0x0, 0x450, 0x450, 0x450, 0x450, 0x450, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x380}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x380}}, {{@ipv6={@local, @loopback, [0x0, 0xff, 0xff000000, 0xffffff00], [0xffffffff, 0x0, 0xffffffff, 0xff], 'ip6gre0\x00', 'syzkaller1\x00', {0xff}, {}, 0x4, 0x6, 0x0, 0x30}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x1f}, @ipv6=@empty, 0xd, 0x25, 0x162b}}}, {{@ipv6={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00], [], 'veth1\x00', 'ip6gretap0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@broadcast}}}, {{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'wg1\x00', 'vxcan1\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580) 3.902996229s ago: executing program 0 (id=22205): bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x10, 0x0, 0x1, 0xb}, 0x14) syz_usb_connect(0x0, 0x51, &(0x7f0000000000)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905880f020000000009050300000000000009050cfeffff01060209050f0000000000000905"], &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) 3.071633898s ago: executing program 6 (id=22220): r0 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r0, 0x0, 0x0) 2.819787313s ago: executing program 6 (id=22224): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4002}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r0}, 0xc) 2.650659043s ago: executing program 6 (id=22226): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee200090582"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 2.327736302s ago: executing program 4 (id=22231): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@x={0x94, 0x4, "74094e18339a"}) 2.170086982s ago: executing program 4 (id=22234): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0x7040, 0x2) 2.03057448s ago: executing program 4 (id=22237): mknod(&(0x7f0000000080)='./bus\x00', 0x8000, 0x7) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x400080, &(0x7f00000001c0)='discard') 1.966670534s ago: executing program 3 (id=22238): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) 1.873509569s ago: executing program 3 (id=22240): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8911, &(0x7f0000000100)={'syztnl0\x00', 0x0}) 1.783111004s ago: executing program 4 (id=22241): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}], {0x14, 0x10}}, 0xa0}}, 0x0) 1.722998108s ago: executing program 0 (id=22242): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_STEREODEVS(r0, 0x80044dfb, &(0x7f0000000100)) 1.676841601s ago: executing program 3 (id=22243): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xf0}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x46}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x84000) 1.560718068s ago: executing program 4 (id=22244): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x17, 0xe2, 0xdd, 0x8, 0x763, 0x2080, 0xd940, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xe4, 0x60}}]}}]}}, 0x0) 1.464848193s ago: executing program 0 (id=22245): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback={0x0, 0x7ffffffff000}, 0x800, 0x0, 0x2, 0xb, 0x0, 0x8}, 0x20) 1.410003126s ago: executing program 3 (id=22247): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xb, &(0x7f0000000040)={&(0x7f00000026c0)=@flushpolicy={0x38, 0x12, 0x105, 0x0, 0x0, "", [@address_filter={0x28, 0x1a, {@in=@private=0xa010102, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0xa, 0x6, 0x9}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4000804) 1.313459632s ago: executing program 3 (id=22248): r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000600)={0x0, 0x6, 0x3, 0x1, 0x40}) 1.267688505s ago: executing program 0 (id=22250): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r0, 0xc008aec1, &(0x7f00000001c0)={0xa00}) 1.17637376s ago: executing program 3 (id=22251): ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000088945b406d04b6088eca0000000109021200017f00c0000904"], 0x0) 1.118361334s ago: executing program 0 (id=22252): syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000780), 0xfe, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=") mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, &(0x7f0000000000)) 1.103425225s ago: executing program 1 (id=22253): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="3800000002020103000000000000000002000003240002800c000280040001002100000014000180080001"], 0x38}, 0x1, 0x0, 0x0, 0x40840}, 0x10) 928.993245ms ago: executing program 1 (id=22254): r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)='-1', 0x2}, {&(0x7f0000000100)="c0f8b46d2428d17fb256776cd7b9a77c8fc20c97c8e8d78f107bf08c15a0489a962fac7358e163c10784a0c0cda451554f23c4be6cdc2009a5bac8aa2ca7cd7820e732d8de22bb18e0c2b7ca3ea9f37a12d19b1836948190069a079222c4634f8278fe0debe33b0c32826606e0b8c4aed7b13565eda451759cc2e4ea6e8610b48899b4dbeae4a68490fa561485e8ec194f4488e9103869211446933b712b6e3473fdf1119d632e78a5116826c0f332c241069b511233352355b69dfbf76b4c64a58c6d5982da541f1e6813bce387c7829bf1657ada621c7fd8b3ea6109779d", 0xdf}], 0x2, 0x4, 0xa) 671.854581ms ago: executing program 1 (id=22255): r0 = syz_open_procfs(0x0, &(0x7f0000003c00)='net/ptype\x00') preadv(r0, &(0x7f0000000480)=[{&(0x7f0000003f00)=""/54, 0x36}, {&(0x7f0000000000)=""/39, 0x27}, {&(0x7f0000000040)=""/45, 0x2d}], 0x3, 0x1, 0x9) 487.536031ms ago: executing program 1 (id=22256): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="240000001e000505000000000000000003"], 0x24}], 0x1}, 0x0) 467.524843ms ago: executing program 6 (id=22257): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getpeername(r0, 0x0, 0x0) 462.505693ms ago: executing program 0 (id=22258): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x92ff, 0x0, 0x0, 0x4}) 219.997177ms ago: executing program 1 (id=22259): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0}, 0xc) 197.842288ms ago: executing program 6 (id=22260): r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000001000)=""/4096, &(0x7f0000000080)=0xffffffffffffffe6) 72.280725ms ago: executing program 6 (id=22261): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x58, 0x0, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_POLICY={0x10, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x3}}, @NFCTH_TUPLE={0x4, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x2, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8, 0x2, @dev}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x58}}, 0x0) 45.620348ms ago: executing program 1 (id=22262): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000380)={'ipvlan1\x00', @random="3aff7efe235b"}) 0s ago: executing program 4 (id=22263): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x0) ioctl$FE_GET_PROPERTY(r0, 0x80106f53, &(0x7f00000000c0)={0x2, &(0x7f0000000180)=[{0x3c, '\x00', @data=0xce, 0x3}, {0x45, '\x00', @data=0x80000000, 0x1c}]}) kernel console output (not intermixed with test programs): [T17304] [ 1465.340320][T17304] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.340320][T17304] [ 1465.366752][T17377] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1465.411824][T17367] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 1465.432694][T17304] [ 1465.432694][T17304] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.432694][T17304] [ 1465.499570][T17367] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=12) [ 1465.518494][ T106] [ 1465.518494][ T106] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.518494][ T106] [ 1465.600965][T17367] Remounting filesystem read-only [ 1465.620073][ T6397] [ 1465.620073][ T6397] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.620073][ T6397] [ 1465.634235][T17367] NILFS (loop5): error -5 truncating bmap (ino=12) [ 1465.670431][ T6397] [ 1465.670431][ T6397] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.670431][ T6397] [ 1465.745382][ T4268] [ 1465.745382][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.745382][ T4268] [ 1465.771049][ T106] [ 1465.771049][ T106] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.771049][ T106] [ 1465.798194][T24267] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 1465.807289][ T4268] [ 1465.807289][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1465.807289][ T4268] [ 1466.304932][T17417] ufs: Invalid option: "Ûàßä0…(áeêªLüêd9(@ ûŸÀ8ìL´)uH\dKzLVÚÁR<%ï5rÆŒËze ~I2~ [ 1466.304932][T17417] r0Rpyëhå:ã‰ÝèÖY³‡ [ 1466.304932][T17417] òO©÷‰\›z«Y" or missing value [ 1466.387518][T17417] ufs: wrong mount options [ 1467.098702][T17465] loop0: detected capacity change from 0 to 512 [ 1467.202119][T17465] EXT4-fs error (device loop0): ext4_iget_extra_inode:4756: inode #15: comm syz.0.20367: corrupted in-inode xattr [ 1467.241640][T17465] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.20367: couldn't read orphan inode 15 (err -117) [ 1467.261668][T17465] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1467.434592][T17487] netlink: 'syz.4.20372': attribute type 13 has an invalid length. [ 1467.501321][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 1468.170934][T17536] netlink: 'syz.5.20390': attribute type 1 has an invalid length. [ 1468.240391][T17536] netlink: 'syz.5.20390': attribute type 2 has an invalid length. [ 1468.315777][T17536] netlink: 4 bytes leftover after parsing attributes in process `syz.5.20390'. [ 1468.701365][T17563] loop5: detected capacity change from 0 to 512 [ 1468.808142][T17563] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1468.834287][T17563] ext4 filesystem being mounted at /2170/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1468.922623][T17563] Quota error (device loop5): do_check_range: Getting dqdh_next_free 2741 out of range 0-6 [ 1468.952753][T17563] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 1469.018059][T17563] EXT4-fs error (device loop5): ext4_acquire_dquot:6835: comm syz.5.20398: Failed to acquire dquot type 0 [ 1469.118666][T17540] loop3: detected capacity change from 0 to 32768 [ 1469.147722][T17540] [ 1469.147722][T17540] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.147722][T17540] [ 1469.168644][T24267] EXT4-fs (loop5): unmounting filesystem. [ 1469.248232][T17540] [ 1469.248232][T17540] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.248232][T17540] [ 1469.260310][T17540] [ 1469.260310][T17540] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.260310][T17540] [ 1469.282476][T17540] [ 1469.282476][T17540] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.282476][T17540] [ 1469.335965][T17540] [ 1469.335965][T17540] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.335965][T17540] [ 1469.355659][T17540] [ 1469.355659][T17540] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.355659][T17540] [ 1469.365802][T17545] loop0: detected capacity change from 0 to 32768 [ 1469.424028][ T106] [ 1469.424028][ T106] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.424028][ T106] [ 1469.462191][T17545] (syz.0.20392,17545,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1469.530453][ T4354] [ 1469.530453][ T4354] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.530453][ T4354] [ 1469.561910][T17545] (syz.0.20392,17545,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1469.581485][ T4354] [ 1469.581485][ T4354] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.581485][ T4354] [ 1469.636604][ T106] [ 1469.636604][ T106] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.636604][ T106] [ 1469.651512][ T4984] [ 1469.651512][ T4984] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.651512][ T4984] [ 1469.678478][T17545] JBD2: Ignoring recovery information on journal [ 1469.684265][ T4984] [ 1469.684265][ T4984] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1469.684265][ T4984] [ 1469.742418][T17607] netlink: 16 bytes leftover after parsing attributes in process `syz.1.20409'. [ 1469.847022][T17545] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1469.946824][T17614] netlink: 12 bytes leftover after parsing attributes in process `syz.4.20410'. [ 1470.173517][ T4268] ocfs2: Unmounting device (7,0) on (node local) [ 1470.300120][T17633] netlink: 28 bytes leftover after parsing attributes in process `syz.4.20417'. [ 1470.808329][T17661] loop0: detected capacity change from 0 to 256 [ 1470.818888][T17662] loop3: detected capacity change from 0 to 256 [ 1471.301325][T17688] netlink: 76 bytes leftover after parsing attributes in process `syz.0.20432'. [ 1471.993226][T17739] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1472.046490][T17739] overlayfs: missing 'lowerdir' [ 1472.211383][ T26] audit: type=1326 audit(2000000091.201:3354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17751 comm="syz.1.20452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1472.295300][ T26] audit: type=1326 audit(2000000091.201:3355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17751 comm="syz.1.20452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1472.361122][T17761] netlink: 348 bytes leftover after parsing attributes in process `syz.5.20454'. [ 1472.373513][ T26] audit: type=1326 audit(2000000091.201:3356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17751 comm="syz.1.20452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1472.392953][T17761] netlink: 4 bytes leftover after parsing attributes in process `syz.5.20454'. [ 1472.443788][T17771] netlink: 48 bytes leftover after parsing attributes in process `syz.4.20457'. [ 1472.470319][ T26] audit: type=1326 audit(2000000091.201:3357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17751 comm="syz.1.20452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1472.492854][ C0] vkms_vblank_simulate: vblank timer overrun [ 1472.493424][T17771] tc_dump_action: action bad kind [ 1472.890011][T17798] netlink: 140 bytes leftover after parsing attributes in process `syz.1.20465'. [ 1473.147372][T17815] netlink: 'syz.1.20472': attribute type 1 has an invalid length. [ 1473.185895][T17815] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.20472'. [ 1473.741531][T17850] IPv6: Can't replace route, no match found [ 1473.999182][T17864] xt_recent: hitcount (134217728) is larger than allowed maximum (255) [ 1474.306205][T17878] loop1: detected capacity change from 0 to 512 [ 1474.325586][T17878] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1474.337537][T17887] netlink: 308 bytes leftover after parsing attributes in process `syz.0.20496'. [ 1474.393997][T17878] EXT4-fs (loop1): 1 truncate cleaned up [ 1474.399703][T17878] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1474.463493][T17878] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #2: block 13: comm syz.1.20493: bad entry in directory: '.' directory cannot be the last in data block - offset=0, inode=2, rec_len=1024, size=1024 fake=1 [ 1474.545653][T17898] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20497'. [ 1474.568376][T17898] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20497'. [ 1474.591625][T17903] loop3: detected capacity change from 0 to 256 [ 1474.678107][T17903] FAT-fs (loop3): Directory bread(block 64) failed [ 1474.705211][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 1474.715661][T17903] FAT-fs (loop3): Directory bread(block 65) failed [ 1474.722350][T17903] FAT-fs (loop3): Directory bread(block 66) failed [ 1474.772831][T17903] FAT-fs (loop3): Directory bread(block 67) failed [ 1474.791510][T17903] FAT-fs (loop3): Directory bread(block 68) failed [ 1474.798103][T17903] FAT-fs (loop3): Directory bread(block 69) failed [ 1474.869515][T17903] FAT-fs (loop3): Directory bread(block 70) failed [ 1474.907730][T17903] FAT-fs (loop3): Directory bread(block 71) failed [ 1474.914463][T17903] FAT-fs (loop3): Directory bread(block 72) failed [ 1474.963858][T17903] FAT-fs (loop3): Directory bread(block 73) failed [ 1475.150433][T17903] syz.3.20499: attempt to access beyond end of device [ 1475.150433][T17903] loop3: rw=2051, sector=1160, nr_sectors = 32 limit=256 [ 1475.762519][ T4255] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1475.967086][ T4255] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1475.993394][ T4255] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1476.027872][ T4255] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1476.060669][ T4255] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1476.086747][ T4255] usb 4-1: SerialNumber: syz [ 1476.165405][T18006] ./file0: Can't open blockdev [ 1476.326186][ T4255] usb 4-1: 0:2 : does not exist [ 1476.342816][ T4255] usb 4-1: unit 5: unexpected type 0x03 [ 1476.424206][ T4255] usb 4-1: USB disconnect, device number 20 [ 1476.704410][T18043] afs: Unexpected value for 'dyn' [ 1476.725354][ T4259] udevd[4259]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1477.016366][T18056] __nla_validate_parse: 1 callbacks suppressed [ 1477.016386][T18056] netlink: 12 bytes leftover after parsing attributes in process `syz.0.20538'. [ 1477.050673][T18061] QAT: Stopping all acceleration devices. [ 1477.236798][T18070] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20544'. [ 1477.847897][T18108] program syz.1.20554 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1478.408690][T18134] loop0: detected capacity change from 0 to 8192 [ 1478.412532][ T26] audit: type=1326 audit(2000000097.001:3358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1478.457128][T18134] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1478.496345][ T26] audit: type=1326 audit(2000000097.038:3359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1478.519454][ C1] vkms_vblank_simulate: vblank timer overrun [ 1478.528308][T10085] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1478.541700][T18134] FAT-fs (loop0): error, clusters badly computed (1 != 0) [ 1478.549827][T18134] FAT-fs (loop0): Filesystem has been set read-only [ 1478.557452][T18134] FAT-fs (loop0): error, clusters badly computed (2 != 1) [ 1478.566193][ T26] audit: type=1326 audit(2000000097.038:3360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1478.598719][T18134] FAT-fs (loop0): error, clusters badly computed (3 != 2) [ 1478.613823][T18134] FAT-fs (loop0): error, clusters badly computed (4 != 3) [ 1478.651177][ T26] audit: type=1326 audit(2000000097.038:3361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1478.745458][T10085] usb 4-1: Using ep0 maxpacket: 16 [ 1478.751224][T10100] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1478.761076][T10085] usb 4-1: config 0 has an invalid interface number: 237 but max is 0 [ 1478.787708][ T26] audit: type=1326 audit(2000000097.038:3362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1478.821979][T10085] usb 4-1: config 0 has no interface number 0 [ 1478.829265][T10085] usb 4-1: config 0 interface 237 has no altsetting 0 [ 1478.863516][ T26] audit: type=1326 audit(2000000097.038:3363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1478.889010][T10085] usb 4-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad [ 1478.909504][T10085] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1478.927170][T10085] usb 4-1: Product: syz [ 1478.931414][T10085] usb 4-1: Manufacturer: syz [ 1478.936032][T10085] usb 4-1: SerialNumber: syz [ 1478.948196][ T26] audit: type=1326 audit(2000000097.038:3364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1478.988203][T10085] usb 4-1: config 0 descriptor?? [ 1479.003500][T10085] snd_usb_podhd 4-1:0.237: Line 6 POD HD300 found [ 1479.018273][T10100] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1479.033737][ T26] audit: type=1326 audit(2000000097.038:3365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18147 comm="syz.5.20568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1479.056261][ C1] vkms_vblank_simulate: vblank timer overrun [ 1479.073491][T10100] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1479.084202][T10100] usb 5-1: Product: syz [ 1479.097401][T10100] usb 5-1: Manufacturer: syz [ 1479.108406][T10100] usb 5-1: SerialNumber: syz [ 1479.129962][ T26] audit: type=1326 audit(2000000097.066:3366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18150 comm="syz.1.20569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1479.157938][T10100] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1479.194172][ T26] audit: type=1326 audit(2000000097.075:3367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18150 comm="syz.1.20569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1479.216781][ C1] vkms_vblank_simulate: vblank timer overrun [ 1479.236317][T10085] snd_usb_podhd 4-1:0.237: cannot get proper max packet size [ 1479.248263][T10085] snd_usb_podhd 4-1:0.237: Line 6 POD HD300 now disconnected [ 1479.260191][T10100] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1479.281405][T10085] snd_usb_podhd: probe of 4-1:0.237 failed with error -22 [ 1479.474016][T10085] usb 4-1: USB disconnect, device number 21 [ 1479.731474][T18218] loop5: detected capacity change from 0 to 1024 [ 1479.761715][ T9800] usb 5-1: USB disconnect, device number 23 [ 1479.888642][ T4373] hfsplus: b-tree write err: -5, ino 4 [ 1480.005501][T18188] loop0: detected capacity change from 0 to 32768 [ 1480.043272][T18235] netlink: 24 bytes leftover after parsing attributes in process `syz.1.20588'. [ 1480.051599][T18188] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.20578 (18188) [ 1480.092570][T18235] netlink: 24 bytes leftover after parsing attributes in process `syz.1.20588'. [ 1480.153495][T18188] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1480.175991][T18188] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1480.219926][T18188] BTRFS info (device loop0): using free space tree [ 1480.359523][T10100] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1480.377484][T10100] ath9k_htc: Failed to initialize the device [ 1480.434776][ T9800] usb 5-1: ath9k_htc: USB layer deinitialized [ 1480.621720][T18188] BTRFS info (device loop0): enabling ssd optimizations [ 1480.723077][ T4268] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1480.749160][T18298] device bond6 entered promiscuous mode [ 1480.815827][T18334] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.20601'. [ 1480.854593][T18298] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1480.968737][ T9800] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1481.165425][T18348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20605'. [ 1481.193082][ T9800] usb 5-1: Using ep0 maxpacket: 32 [ 1481.216216][ T9800] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 1481.243466][ T9800] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1481.268137][ T9800] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1481.295639][ T9800] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1481.326661][ T9800] usb 5-1: config 1 has no interface number 0 [ 1481.333536][ T9800] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1481.353476][ T9800] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1481.386202][ T9800] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 1481.563704][T18291] loop3: detected capacity change from 0 to 40427 [ 1481.612404][T18291] F2FS-fs (loop3): build fault injection attr: rate: 684, type: 0x3ffff [ 1481.626765][ T9800] snd_usb_pod 5-1:1.1: set_interface failed [ 1481.637690][ T9800] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 1481.640102][T18291] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7 [ 1481.653616][ T9800] snd_usb_pod: probe of 5-1:1.1 failed with error -71 [ 1481.672592][ T9800] usb 5-1: USB disconnect, device number 24 [ 1481.761603][T18291] F2FS-fs (loop3): invalid crc value [ 1481.804198][T18291] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1481.918331][T18291] F2FS-fs (loop3): Start checkpoint disabled! [ 1481.957257][T18291] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 1482.101937][T18291] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=72656c6c, run fsck to fix. [ 1482.658808][T18422] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1482.704533][T18424] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20624'. [ 1483.387343][T18457] netlink: 20 bytes leftover after parsing attributes in process `syz.1.20634'. [ 1483.494451][T18461] ip6t_rpfilter: unknown options [ 1483.653529][T18463] device veth5 entered promiscuous mode [ 1483.862633][T18498] device netdevsim0 left promiscuous mode [ 1484.133777][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 1484.133791][ T26] audit: type=1326 audit(2000000102.360:3370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18512 comm="syz.3.20650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1484.246895][ T26] audit: type=1326 audit(2000000102.360:3371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18512 comm="syz.3.20650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1484.366950][ T26] audit: type=1326 audit(2000000102.379:3372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18512 comm="syz.3.20650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1484.454928][ T26] audit: type=1326 audit(2000000102.388:3373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18512 comm="syz.3.20650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1484.538189][ T26] audit: type=1326 audit(2000000102.388:3374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18512 comm="syz.3.20650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1484.650987][ T26] audit: type=1326 audit(2000000102.772:3375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18532 comm="syz.0.20655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1484.750309][ T26] audit: type=1326 audit(2000000102.791:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18532 comm="syz.0.20655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1484.831838][T18550] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1484.881402][ T26] audit: type=1326 audit(2000000102.791:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18532 comm="syz.0.20655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1484.967548][ T26] audit: type=1326 audit(2000000102.791:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18532 comm="syz.0.20655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1485.128059][T18566] netlink: 'syz.3.20664': attribute type 1 has an invalid length. [ 1485.437615][T18582] loop1: detected capacity change from 0 to 1024 [ 1485.540872][T18582] hfsplus: invalid file type 0174377 for inode 21 [ 1485.784881][T18601] netlink: 68 bytes leftover after parsing attributes in process `syz.0.20675'. [ 1485.839164][T18601] netlink: 36 bytes leftover after parsing attributes in process `syz.0.20675'. [ 1486.367485][ T9800] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1486.398034][T18639] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 1486.413095][T18631] loop3: detected capacity change from 0 to 4096 [ 1486.474160][T18631] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 1486.522816][T18631] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1486.581304][ T9800] usb 2-1: Using ep0 maxpacket: 8 [ 1486.588509][ T9800] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1486.626403][ T9800] usb 2-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1486.677577][ T9800] usb 2-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0 [ 1486.709520][ T9800] usb 2-1: config 8 interface 0 has no altsetting 0 [ 1486.723260][T18653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20690'. [ 1486.743434][ T9800] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 1486.756329][T18653] netlink: 24 bytes leftover after parsing attributes in process `syz.0.20690'. [ 1486.770402][ T9800] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1486.772648][ T4354] ntfs3: loop3: ntfs3_write_inode r=5 failed, -22. [ 1486.784465][ T9800] usb 2-1: Product: syz [ 1486.795566][ T9800] usb 2-1: Manufacturer: syz [ 1486.804879][ T9800] usb 2-1: SerialNumber: syz [ 1486.862315][ T4984] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 1487.045660][ T9800] usb 2-1: selecting invalid altsetting 0 [ 1487.081891][T18672] netlink: 144 bytes leftover after parsing attributes in process `syz.5.20696'. [ 1487.217511][ T9800] snd-usb-audio: probe of 2-1:8.0 failed with error -12 [ 1487.244638][ T9800] usb 2-1: USB disconnect, device number 4 [ 1487.341419][T18709] loop3: detected capacity change from 0 to 256 [ 1487.522914][ T4456] udevd[4456]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1487.562917][T18722] netlink: 'syz.4.20702': attribute type 2 has an invalid length. [ 1487.615659][T18722] netlink: 'syz.4.20702': attribute type 1 has an invalid length. [ 1487.703927][ T4255] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 1487.879944][T18744] netlink: 'syz.3.20710': attribute type 2 has an invalid length. [ 1487.911101][ T4255] usb 1-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55 [ 1487.917780][T18744] netlink: 44 bytes leftover after parsing attributes in process `syz.3.20710'. [ 1487.931855][ T4255] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1487.954115][ T4255] usb 1-1: Product: syz [ 1487.967797][ T4255] usb 1-1: Manufacturer: syz [ 1487.992325][ T4255] usb 1-1: SerialNumber: syz [ 1488.014384][ T4255] usb 1-1: config 0 descriptor?? [ 1488.052220][ T4255] gspca_main: sonixb-2.14.0 probing 0c45:608f [ 1488.238834][T18763] netlink: 'syz.4.20715': attribute type 5 has an invalid length. [ 1488.485436][ T4255] usb 1-1: USB disconnect, device number 26 [ 1488.696938][T18749] loop1: detected capacity change from 0 to 32768 [ 1488.739605][T18749] (syz.1.20711,18749,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1488.767765][T18790] loop5: detected capacity change from 0 to 1764 [ 1488.805755][T18749] (syz.1.20711,18749,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1488.823449][T18798] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1488.915782][T18749] JBD2: Ignoring recovery information on journal [ 1488.990504][T18805] netlink: 'syz.4.20726': attribute type 12 has an invalid length. [ 1489.102599][T18749] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1489.307872][T18819] netlink: 32 bytes leftover after parsing attributes in process `syz.0.20729'. [ 1489.347658][T18819] netlink: 32 bytes leftover after parsing attributes in process `syz.0.20729'. [ 1489.428700][ T4272] ocfs2: Unmounting device (7,1) on (node local) [ 1489.815847][T18848] netlink: 'syz.4.20739': attribute type 9 has an invalid length. [ 1490.333674][T18883] netlink: 45 bytes leftover after parsing attributes in process `syz.0.20751'. [ 1490.371484][T18886] netlink: 188 bytes leftover after parsing attributes in process `syz.3.20750'. [ 1490.401988][T18888] ADFS-fs (nullb0): unrecognised mount option "arrier" or missing value [ 1491.148534][T18940] netlink: 188 bytes leftover after parsing attributes in process `syz.5.20769'. [ 1491.504123][T18950] loop3: detected capacity change from 0 to 4096 [ 1491.629381][T18973] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1491.647749][T18950] syz.3.20772: attempt to access beyond end of device [ 1491.647749][T18950] loop3: rw=0, sector=26388279066816, nr_sectors = 8 limit=4096 [ 1491.723869][T18950] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=1) [ 1491.734424][ T4255] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1491.948015][ T4255] usb 5-1: Using ep0 maxpacket: 8 [ 1491.956389][ T4255] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1492.012342][ T4255] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1492.040655][T18992] ubi5: attaching mtd0 [ 1492.064837][ T4255] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1492.080839][T18992] ubi5: scanning is finished [ 1492.119422][ T4255] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1492.131348][T18992] ubi5: empty MTD device detected [ 1492.149993][ T4255] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1492.196470][ T4255] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1492.226269][ T4255] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1492.262770][ T4255] usb 5-1: config 0 descriptor?? [ 1492.269617][T18958] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1492.347491][T18992] ubi5: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1492.376043][T18992] ubi5: PEB size: 4096 bytes (4 KiB), LEB size: 1689 bytes [ 1492.437319][T18992] ubi5: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1492.482681][T18992] ubi5: VID header offset: 2343 (aligned 2343), data offset: 2407 [ 1492.515200][T18992] ubi5: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1492.551812][ C1] Bluetooth: hci5: Unexpected continuation: 1 bytes [ 1492.558796][T18992] ubi5: user volume: 0, internal volumes: 1, max. volumes count: 9 [ 1492.617633][T18992] ubi5: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1872984804 [ 1492.655325][T18992] ubi5: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1492.730905][T19020] ubi5: background thread "ubi_bgt5d" started, PID 19020 [ 1492.782173][T19037] tmpfs: Bad value for 'mpol' [ 1492.808227][ T4277] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 1492.824788][ T9800] usb 5-1: USB disconnect, device number 25 [ 1492.863225][ C1] vkms_vblank_simulate: vblank timer overrun [ 1493.070079][T19062] netlink: 12 bytes leftover after parsing attributes in process `syz.0.20796'. [ 1493.269540][ T26] audit: type=1326 audit(2000000110.901:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1493.333297][ T26] audit: type=1326 audit(2000000110.929:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1493.390767][T19082] netlink: 'syz.5.20802': attribute type 16 has an invalid length. [ 1493.399120][ T26] audit: type=1326 audit(2000000110.929:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1493.459132][T19082] netlink: 64138 bytes leftover after parsing attributes in process `syz.5.20802'. [ 1493.504390][ T26] audit: type=1326 audit(2000000110.929:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1493.557431][ T26] audit: type=1326 audit(2000000110.985:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f62b095c84e code=0x7ffc0000 [ 1493.597465][ T26] audit: type=1326 audit(2000000110.985:3384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f62b095c84e code=0x7ffc0000 [ 1493.636137][ T26] audit: type=1326 audit(2000000110.985:3385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f62b095c84e code=0x7ffc0000 [ 1493.766621][ T26] audit: type=1326 audit(2000000110.985:3386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f62b095c84e code=0x7ffc0000 [ 1493.789237][ C1] vkms_vblank_simulate: vblank timer overrun [ 1493.890227][ T26] audit: type=1326 audit(2000000110.985:3387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f62b095c84e code=0x7ffc0000 [ 1493.912803][ C1] vkms_vblank_simulate: vblank timer overrun [ 1493.989240][ T26] audit: type=1326 audit(2000000110.994:3388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.1.20798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f62b095c84e code=0x7ffc0000 [ 1494.303267][T19124] program syz.4.20817 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1494.335983][T19131] ptrace attach of "./syz-executor exec"[4268] was attempted by ""[19131] [ 1494.576754][T19141] netlink: 'syz.5.20821': attribute type 7 has an invalid length. [ 1494.606025][T19141] netlink: 'syz.5.20821': attribute type 8 has an invalid length. [ 1495.154249][T19180] program syz.0.20833 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1495.341672][T19132] loop1: detected capacity change from 0 to 32768 [ 1495.393079][T19188] loop5: detected capacity change from 0 to 128 [ 1495.424655][T19188] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 1495.432769][T19188] System zones: 1-3, 19-19, 35-36 [ 1495.444738][T19132] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 1495.487617][T19188] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1495.499196][T19132] JBD2: Ignoring recovery information on journal [ 1495.503938][T19188] ext4 filesystem being mounted at /2270/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1495.528592][T19132] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1495.552972][T19200] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1495.608978][T19188] EXT4-fs warning (device loop5): ext4_group_extend:1870: can't shrink FS - resize aborted [ 1495.703509][ T4272] ocfs2: Unmounting device (7,1) on (node local) [ 1495.873641][T24267] EXT4-fs (loop5): unmounting filesystem. [ 1495.939471][T19220] loop0: detected capacity change from 0 to 64 [ 1496.043073][T19226] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 1496.651949][T19260] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1496.659433][T19260] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1497.917478][T19349] netlink: 16 bytes leftover after parsing attributes in process `syz.5.20880'. [ 1499.029980][T19449] loop5: detected capacity change from 0 to 4096 [ 1499.078822][T19449] ntfs3: loop5: ntfs_set_state r=3 failed, -22. [ 1499.110771][ T8869] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1499.274223][ T4373] ntfs3: loop5: ntfs3_write_inode r=3 failed, -22. [ 1499.292002][T24267] ntfs3: loop5: ntfs_set_state r=3 failed, -22. [ 1499.315564][ T8869] usb 2-1: config 2 interface 0 has no altsetting 0 [ 1499.322332][T24267] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 1499.331505][ T8869] usb 2-1: New USB device found, idVendor=2040, idProduct=d853, bcdDevice=f8.f6 [ 1499.356754][T24267] ntfs3: loop5: ntfs_set_state r=3 failed, -22. [ 1499.362420][ T8869] usb 2-1: New USB device strings: Mfr=65, Product=2, SerialNumber=3 [ 1499.384820][ T6397] ntfs3: loop5: ntfs3_write_inode r=3 failed, -22. [ 1499.394835][ T8869] usb 2-1: Product: syz [ 1499.396054][T24267] ntfs3: loop5: ntfs_evict_inode r=3 failed, -22. [ 1499.399035][ T8869] usb 2-1: Manufacturer: syz [ 1499.475544][ T8869] usb 2-1: SerialNumber: syz [ 1499.522152][ T8869] usb 2-1: dvb_usb_v2: found a 'Hauppauge Mercury' in warm state [ 1499.601663][ T8869] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1499.613697][ T8869] dvbdev: DVB: registering new adapter (Hauppauge Mercury) [ 1499.620976][ T8869] usb 2-1: media controller created [ 1499.642051][ T8869] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1499.752847][ T8869] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1499.790724][T19451] loop3: detected capacity change from 0 to 32768 [ 1499.798369][ T8869] error writing reg: 0xff, val: 0x00 [ 1499.826150][T19498] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20910'. [ 1499.893354][ T8869] dvb_usb_mxl111sf: probe of 2-1:2.0 failed with error -22 [ 1500.143399][T24657] usb 2-1: USB disconnect, device number 5 [ 1500.421070][T19532] IPv6: Can't replace route, no match found [ 1500.993561][T19516] loop5: detected capacity change from 0 to 32768 [ 1501.118792][T19516] XFS (loop5): Mounting V5 Filesystem [ 1501.153450][T19567] xt_CONNSECMARK: invalid mode: 0 [ 1501.270445][T19516] XFS (loop5): Ending clean mount [ 1501.533247][T19585] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (2) [ 1501.585676][T24267] XFS (loop5): Unmounting Filesystem [ 1502.197766][T19617] loop1: detected capacity change from 0 to 64 [ 1502.987204][T19665] loop5: detected capacity change from 0 to 64 [ 1503.130291][T19671] netlink: 256 bytes leftover after parsing attributes in process `syz.1.20958'. [ 1503.284717][T19628] loop0: detected capacity change from 0 to 32768 [ 1503.303589][T19628] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.20946 (19628) [ 1503.397824][T19628] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1503.429236][T19628] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1503.462037][T19628] BTRFS info (device loop0): using free space tree [ 1503.523522][T19699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20965'. [ 1503.696178][T19719] netlink: 'syz.1.20969': attribute type 32 has an invalid length. [ 1503.874125][T19729] netlink: 16 bytes leftover after parsing attributes in process `syz.5.20970'. [ 1503.897083][T19628] BTRFS info (device loop0): enabling ssd optimizations [ 1504.090241][ T4268] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1504.349040][T10085] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1504.554423][T10085] usb 5-1: config 2 interface 0 has no altsetting 0 [ 1504.564895][T10085] usb 5-1: New USB device found, idVendor=2040, idProduct=d853, bcdDevice=f8.f6 [ 1504.605534][T10085] usb 5-1: New USB device strings: Mfr=65, Product=2, SerialNumber=3 [ 1504.638039][T10085] usb 5-1: Product: syz [ 1504.644407][T10085] usb 5-1: Manufacturer: syz [ 1504.670820][T10085] usb 5-1: SerialNumber: syz [ 1504.707391][T10085] usb 5-1: dvb_usb_v2: found a 'Hauppauge Mercury' in warm state [ 1504.728391][T10085] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1504.753902][T10085] dvbdev: DVB: registering new adapter (Hauppauge Mercury) [ 1504.781184][T10085] usb 5-1: media controller created [ 1504.862441][T10085] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1505.000136][T10085] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1505.010665][T10085] error writing reg: 0xff, val: 0x00 [ 1505.097637][T10085] dvb_usb_mxl111sf: probe of 5-1:2.0 failed with error -22 [ 1505.283013][ T4346] usb 5-1: USB disconnect, device number 26 [ 1505.497361][T19774] loop5: detected capacity change from 0 to 32768 [ 1505.611939][T19774] XFS (loop5): Mounting V5 Filesystem [ 1505.643563][T19841] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 1505.773455][T19774] XFS (loop5): Ending clean mount [ 1506.081302][T24267] XFS (loop5): Unmounting Filesystem [ 1506.259010][T19866] loop1: detected capacity change from 0 to 4096 [ 1506.266412][T19874] loop3: detected capacity change from 0 to 256 [ 1506.300992][T19874] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1506.418868][T19866] ntfs3: loop1: ntfs_set_state r=3 failed, -22. [ 1506.669202][ T6397] ntfs3: loop1: ntfs3_write_inode r=3 failed, -22. [ 1506.675971][ T4272] ntfs3: loop1: ntfs_set_state r=3 failed, -22. [ 1506.702283][ T4272] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1506.709299][ T4272] ntfs3: loop1: ntfs_set_state r=3 failed, -22. [ 1506.776288][ T1120] ntfs3: loop1: ntfs3_write_inode r=3 failed, -22. [ 1506.797778][ T4272] ntfs3: loop1: ntfs_evict_inode r=3 failed, -22. [ 1506.805093][T19896] netlink: 60 bytes leftover after parsing attributes in process `syz.4.21014'. [ 1506.947510][T19904] netlink: 'syz.1.21011': attribute type 21 has an invalid length. [ 1506.970031][T19904] netlink: 128 bytes leftover after parsing attributes in process `syz.1.21011'. [ 1507.021924][T19904] netlink: 'syz.1.21011': attribute type 4 has an invalid length. [ 1507.022954][T19907] netlink: 32 bytes leftover after parsing attributes in process `syz.3.21015'. [ 1507.064582][T19904] netlink: 'syz.1.21011': attribute type 5 has an invalid length. [ 1507.074033][T19904] netlink: 3 bytes leftover after parsing attributes in process `syz.1.21011'. [ 1507.249908][T19922] [U] [ 1507.252761][T19922] [U] [ 1507.255473][T19922] [U] [ 1507.258197][T19922] [U] [ 1507.289485][T19922] [U] [ 1507.292287][T19922] [U] [ 1507.295004][T19922] [U] [ 1507.297797][T19922] [U] [ 1507.367563][T19922] [U] [ 1507.370342][T19922] [U] [ 1507.373167][T19922] [U] [ 1507.408244][T19918] [U] [ 1507.804688][T19963] loop1: detected capacity change from 0 to 16 [ 1507.845940][T19963] erofs: (device loop1): mounted with root inode @ nid 36. [ 1507.862474][T10085] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1507.869528][T19963] erofs: (device loop1): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 1507.881175][T19963] erofs: (device loop1): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 1507.891447][T19963] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117] [ 1507.960647][ T4255] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 1508.102217][T10085] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1508.135427][T10085] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1508.172176][T10085] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1508.197742][ T4255] usb 1-1: Using ep0 maxpacket: 32 [ 1508.204743][ T4255] usb 1-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1508.218936][T10085] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1508.234433][ T4255] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1508.245303][T19941] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1508.258332][T19985] xt_recent: Unsupported userspace flags (000000de) [ 1508.274015][ T4255] usb 1-1: config 0 descriptor?? [ 1508.302943][ T4255] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1508.613986][ T4346] usb 4-1: USB disconnect, device number 22 [ 1508.727363][T20038] netlink: 20 bytes leftover after parsing attributes in process `syz.1.21044'. [ 1508.738012][ T4255] gspca_sq930x: ucbus_write failed -71 [ 1508.746616][ T4255] sq930x: probe of 1-1:0.0 failed with error -71 [ 1508.775140][ T4255] usb 1-1: USB disconnect, device number 27 [ 1508.781219][T20038] netlink: 'syz.1.21044': attribute type 2 has an invalid length. [ 1508.943744][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 1508.943759][ T26] audit: type=1326 audit(2000000125.558:3405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.074287][ T26] audit: type=1326 audit(2000000125.577:3406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.125257][ T26] audit: type=1326 audit(2000000125.596:3407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.246005][ T26] audit: type=1326 audit(2000000125.596:3408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.342109][ T26] audit: type=1326 audit(2000000125.596:3409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=204 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.425990][ T26] audit: type=1326 audit(2000000125.596:3410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.469531][ T26] audit: type=1326 audit(2000000125.596:3411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.598816][ T26] audit: type=1326 audit(2000000125.596:3412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1509.769704][ T26] audit: type=1326 audit(2000000125.596:3413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20056 comm="syz.1.21048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f62b099bf79 code=0x7ffc0000 [ 1510.517634][ T4346] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 1510.720896][ T4346] usb 1-1: Using ep0 maxpacket: 32 [ 1510.728012][ T4346] usb 1-1: config 0 has an invalid interface number: 151 but max is 0 [ 1510.745094][ T4346] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1510.763392][ T4346] usb 1-1: config 0 has no interface number 0 [ 1510.804900][ T4346] usb 1-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1510.858857][ T4346] usb 1-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 1510.904158][ T4346] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1510.912334][ T4346] usb 1-1: Product: syz [ 1510.943958][ T4346] usb 1-1: Manufacturer: syz [ 1510.966234][ T4346] usb 1-1: SerialNumber: syz [ 1511.011864][ T4346] usb 1-1: config 0 descriptor?? [ 1511.321625][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1511.530861][ T4346] usb 1-1: USB disconnect, device number 28 [ 1511.731162][T20215] netlink: 'syz.5.21092': attribute type 32 has an invalid length. [ 1511.757981][T20215] netlink: 12 bytes leftover after parsing attributes in process `syz.5.21092'. [ 1511.780816][ T4259] udevd[4259]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1512.099968][T20237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.21101'. [ 1512.244682][T20245] fuse: blksize only supported for fuseblk [ 1512.536495][T20265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.21108'. [ 1512.541406][T20267] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1513.556580][T20332] netlink: 'syz.5.21133': attribute type 46 has an invalid length. [ 1513.625168][T20332] netlink: 16 bytes leftover after parsing attributes in process `syz.5.21133'. [ 1513.895790][T10085] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 1514.035482][T20360] rdma_rxe: rxe creation allowed on top of a real device only [ 1514.141799][T10085] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1514.175676][T10085] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1514.189892][T10085] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1514.208374][T10085] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1514.238012][T10085] usb 2-1: SerialNumber: syz [ 1514.261722][T10085] usb 2-1: 0:2 : does not exist [ 1514.277568][T10085] usb 2-1: unit 64 not found! [ 1514.416096][ T4255] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1514.451018][T20392] netlink: 'syz.5.21146': attribute type 3 has an invalid length. [ 1514.479045][ T9800] usb 2-1: USB disconnect, device number 6 [ 1514.637267][ T4255] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1514.655661][ T4255] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.676229][T10085] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1514.691254][ T4255] usb 4-1: Product: syz [ 1514.695479][ T4255] usb 4-1: Manufacturer: syz [ 1514.701515][ T4255] usb 4-1: SerialNumber: syz [ 1514.716271][ T4255] usb 4-1: config 0 descriptor?? [ 1514.889953][T10085] usb 5-1: Using ep0 maxpacket: 16 [ 1514.901898][T10085] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 1514.912259][T10085] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.920402][T10085] usb 5-1: Product: syz [ 1514.925403][T10085] usb 5-1: Manufacturer: syz [ 1514.930075][T10085] usb 5-1: SerialNumber: syz [ 1514.957285][ T4255] hso 4-1:0.0: Can't find BULK IN endpoint [ 1514.963800][ T4255] usb-storage 4-1:0.0: USB Mass Storage device detected [ 1514.971860][T10085] usb 5-1: config 0 descriptor?? [ 1515.169332][ T4347] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 1515.189494][ T4255] usb 4-1: USB disconnect, device number 23 [ 1515.202911][T10085] speedtch 5-1:0.0: speedtch_bind: data interface not found! [ 1515.210361][T10085] speedtch 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1515.232237][T20448] ieee802154 phy1 wpan1: encryption failed: -22 [ 1515.381877][ T4347] usb 1-1: Using ep0 maxpacket: 16 [ 1515.391225][ T4347] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1515.412187][ T4347] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1515.445948][ T4347] usb 1-1: Product: syz [ 1515.450243][ T4347] usb 1-1: Manufacturer: syz [ 1515.454862][ T4347] usb 1-1: SerialNumber: syz [ 1515.485504][ T4346] usb 5-1: USB disconnect, device number 27 [ 1515.492166][ T4347] r8152-cfgselector 1-1: config 0 descriptor?? [ 1515.612024][T20483] xt_recent: hitcount (4294967292) is larger than allowed maximum (255) [ 1515.676335][T20486] loop5: detected capacity change from 0 to 512 [ 1515.712736][T20486] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1515.743784][T20486] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 1515.864610][T20486] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3852: comm syz.5.21165: Allocating blocks 41-42 which overlap fs metadata [ 1515.890725][T20486] Quota error (device loop5): write_blk: dquota write failed [ 1515.902981][T20486] Quota error (device loop5): find_free_dqentry: Can't write quota data block 5 [ 1515.913066][T20486] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3852: comm syz.5.21165: Allocating blocks 41-42 which overlap fs metadata [ 1515.919736][T20502] loop1: detected capacity change from 0 to 512 [ 1515.938894][T20486] Quota error (device loop5): write_blk: dquota write failed [ 1515.945352][ T4347] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1515.946368][T20486] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 1515.963650][T20486] EXT4-fs error (device loop5): ext4_acquire_dquot:6835: comm syz.5.21165: Failed to acquire dquot type 1 [ 1515.976133][ T4347] r8152-cfgselector 1-1: USB disconnect, device number 29 [ 1516.007133][T20486] EXT4-fs error (device loop5): mb_free_blocks:1826: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 1516.046676][T20502] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1516.054093][T20502] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 1516.067806][T20486] EXT4-fs error (device loop5): ext4_do_update_inode:5272: inode #12: comm syz.5.21165: corrupted inode contents [ 1516.095686][T20486] EXT4-fs error (device loop5): ext4_dirty_inode:6137: inode #12: comm syz.5.21165: mark_inode_dirty error [ 1516.111686][T20515] netlink: 16 bytes leftover after parsing attributes in process `syz.3.21170'. [ 1516.130358][T20502] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1516.152904][T20486] EXT4-fs error (device loop5): ext4_do_update_inode:5272: inode #12: comm syz.5.21165: corrupted inode contents [ 1516.179938][T20502] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.21169: attempt to clear invalid blocks 2 len 1 [ 1516.238520][T20486] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #12: comm syz.5.21165: mark_inode_dirty error [ 1516.257148][T20502] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.21169: invalid indirect mapped block 1819239214 (level 0) [ 1516.293831][T20486] EXT4-fs error (device loop5): ext4_do_update_inode:5272: inode #12: comm syz.5.21165: corrupted inode contents [ 1516.319892][T20502] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.21169: invalid indirect mapped block 1819239214 (level 1) [ 1516.354840][T20486] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 1516.370819][T20502] EXT4-fs (loop1): 1 truncate cleaned up [ 1516.377003][T20502] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1516.391856][T20502] EXT4-fs error (device loop1): __ext4_remount:6644: comm syz.1.21169: Abort forced by user [ 1516.419075][T20486] EXT4-fs error (device loop5): ext4_do_update_inode:5272: inode #12: comm syz.5.21165: corrupted inode contents [ 1516.440150][T20502] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 1516.462412][T20486] EXT4-fs error (device loop5): ext4_truncate:4318: inode #12: comm syz.5.21165: mark_inode_dirty error [ 1516.532389][T20486] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 1516.569273][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 1516.577449][T20486] EXT4-fs (loop5): 1 truncate cleaned up [ 1516.614562][T20529] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 1516.628229][T20486] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1516.759382][T20486] Quota error (device loop5): write_blk: dquota write failed [ 1516.857814][T20486] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 1516.889391][T20486] EXT4-fs error (device loop5): ext4_acquire_dquot:6835: comm syz.5.21165: Failed to acquire dquot type 1 [ 1517.137162][T24267] EXT4-fs (loop5): unmounting filesystem. [ 1517.166139][T20557] netlink: 'syz.4.21183': attribute type 24 has an invalid length. [ 1517.819550][T20605] loop5: detected capacity change from 0 to 2048 [ 1517.834942][T20605] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1517.872631][ T4346] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 1517.971999][T20618] loop3: detected capacity change from 0 to 64 [ 1518.073220][T20618] Trying to free block not in datazone [ 1518.098851][ T4346] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1518.098892][ T4346] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1518.098920][ T4346] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1518.098942][ T4346] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1518.098978][ T4346] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 1518.099001][ T4346] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1518.099725][T20618] minix_free_block (loop3:21): bit already cleared [ 1518.099795][T20618] Trying to free block not in datazone [ 1518.100689][ T4346] usb 2-1: config 0 descriptor?? [ 1518.104029][ T4346] gspca_main: spca561-2.14.0 probing abcd:cdee [ 1518.193397][T10085] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1518.323490][ T4346] spca561: probe of 2-1:0.0 failed with error -22 [ 1518.324305][ T4346] usb 2-1: MIDIStreaming interface descriptor not found [ 1518.378737][ T4346] usb 2-1: USB disconnect, device number 7 [ 1518.400878][T10085] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 1518.400909][T10085] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.400928][T10085] usb 5-1: Product: syz [ 1518.400942][T10085] usb 5-1: Manufacturer: syz [ 1518.400956][T10085] usb 5-1: SerialNumber: syz [ 1518.402895][T10085] usb 5-1: config 0 descriptor?? [ 1518.405939][T10085] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 1518.413177][T20629] loop5: detected capacity change from 0 to 8192 [ 1518.415399][ T4452] udevd[4452]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1518.428126][T20629] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1518.826926][T20675] loop5: detected capacity change from 0 to 256 [ 1518.856375][T10085] usb 5-1: USB disconnect, device number 28 [ 1518.869604][T20674] loop3: detected capacity change from 0 to 2048 [ 1518.874835][T20675] FAT-fs (loop5): Directory bread(block 64) failed [ 1518.874869][T20675] FAT-fs (loop5): Directory bread(block 65) failed [ 1518.874935][T20675] FAT-fs (loop5): Directory bread(block 66) failed [ 1518.874963][T20675] FAT-fs (loop5): Directory bread(block 67) failed [ 1518.875027][T20675] FAT-fs (loop5): Directory bread(block 68) failed [ 1518.875051][T20675] FAT-fs (loop5): Directory bread(block 69) failed [ 1518.875114][T20675] FAT-fs (loop5): Directory bread(block 70) failed [ 1518.875139][T20675] FAT-fs (loop5): Directory bread(block 71) failed [ 1518.875202][T20675] FAT-fs (loop5): Directory bread(block 72) failed [ 1518.875227][T20675] FAT-fs (loop5): Directory bread(block 73) failed [ 1518.949060][T20686] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1518.984843][T20674] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1519.006667][T20674] Remounting filesystem read-only [ 1519.046174][T20674] NILFS (loop3): error -2 truncating bmap (ino=16) [ 1519.132138][ T4984] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 1519.422031][T20696] loop3: detected capacity change from 0 to 4096 [ 1519.457200][T20696] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 1519.996759][T20740] openvswitch: netlink: Message has 1 unknown bytes. [ 1519.996884][T20736] loop3: detected capacity change from 0 to 64 [ 1520.679466][T20780] openvswitch: netlink: Key type 316 is out of range max 32 [ 1520.887824][T20791] loop0: detected capacity change from 0 to 1024 [ 1520.988309][T20797] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 1521.040910][T20797] EXT4-fs error (device loop5): ext4_get_journal_inode:5756: inode #32: comm syz.5.21241: iget: special inode unallocated [ 1521.091456][T20797] EXT4-fs (loop5): no journal found [ 1521.096732][T20797] EXT4-fs (loop5): can't get journal size [ 1521.156367][T20797] EXT4-fs (loop5): filesystem is read-only [ 1521.193535][T20797] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1521.284209][T20797] EXT4-fs error (device loop5): ext4_lookup:1850: inode #2: comm syz.5.21241: bad inode number: 15 [ 1521.452141][T24267] EXT4-fs (loop5): unmounting filesystem. [ 1521.536838][T20828] rdma_rxe: rxe_register_device failed with error -23 [ 1521.578596][T20828] rdma_rxe: failed to add lo [ 1521.899567][T20844] set_capacity_and_notify: 1 callbacks suppressed [ 1521.899586][T20844] loop0: detected capacity change from 0 to 4096 [ 1521.933434][T20844] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 1522.758713][T20902] IPv6: NLM_F_CREATE should be specified when creating new route [ 1523.034313][T20926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21276'. [ 1523.814045][T20979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21296'. [ 1523.827442][T20979] netlink: 'syz.1.21296': attribute type 1 has an invalid length. [ 1523.835307][T20979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21296'. [ 1524.229572][T21007] netlink: 'syz.4.21305': attribute type 3 has an invalid length. [ 1524.450004][ T26] audit: type=1326 audit(2000000140.076:3414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21017 comm="syz.4.21309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1524.598610][ T26] audit: type=1326 audit(2000000140.076:3415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21017 comm="syz.4.21309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1524.688870][ T26] audit: type=1326 audit(2000000140.076:3416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21017 comm="syz.4.21309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1524.821058][ T26] audit: type=1326 audit(2000000140.076:3417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21017 comm="syz.4.21309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1525.049388][T21056] Mount JFS Failure: -22 [ 1525.053695][T21056] jfs_mount failed w/return code = -22 [ 1525.212770][T21070] VFS: could not find a valid V7 on nullb0. [ 1526.210995][T21138] loop3: detected capacity change from 0 to 64 [ 1526.222888][T21135] bond0: (slave veth0_to_hsr): Error: Device can not be enslaved while up [ 1526.923985][T21183] device wlan0 entered promiscuous mode [ 1526.949867][T21183] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1527.410353][ T4346] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 1527.422895][T21223] autofs4:pid:21223:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e) [ 1527.611740][ T4346] usb 5-1: Using ep0 maxpacket: 16 [ 1527.618502][ T4346] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 1527.636324][T21239] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1527.666746][ T4346] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1527.687124][ T4346] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.712566][ T4346] usb 5-1: Product: syz [ 1527.729610][ T4346] usb 5-1: Manufacturer: syz [ 1527.734887][ T4346] usb 5-1: SerialNumber: syz [ 1527.762930][ T4346] usb 5-1: config 0 descriptor?? [ 1527.911317][ T4378] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1528.007913][ T4346] usb 5-1: USB disconnect, device number 29 [ 1528.114371][ T4378] usb 6-1: Using ep0 maxpacket: 16 [ 1528.117910][ T4378] usb 6-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 1528.117942][ T4378] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1528.117962][ T4378] usb 6-1: Product: syz [ 1528.117977][ T4378] usb 6-1: Manufacturer: syz [ 1528.117992][ T4378] usb 6-1: SerialNumber: syz [ 1528.119900][ T4378] usb 6-1: config 0 descriptor?? [ 1528.123710][ T4378] ssu100 6-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1528.378157][T21293] loop0: detected capacity change from 0 to 47 [ 1528.449286][T21290] loop1: detected capacity change from 0 to 4096 [ 1528.546374][T21290] ntfs: volume version 3.1. [ 1528.562156][ T4378] ssu100: probe of 6-1:0.0 failed with error -71 [ 1528.627554][ T4378] usb 6-1: USB disconnect, device number 56 [ 1529.017484][T21330] ipt_CLUSTERIP: bad num_local_nodes 32 [ 1529.267430][T21347] loop1: detected capacity change from 0 to 512 [ 1529.332446][T21347] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1529.370790][T21347] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 1529.454096][T21347] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3852: comm syz.1.21403: Allocating blocks 41-42 which overlap fs metadata [ 1529.538162][T21347] Quota error (device loop1): write_blk: dquota write failed [ 1529.569686][T21347] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 1529.589894][T21347] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 1529.635363][T21347] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.21403: Failed to acquire dquot type 1 [ 1529.662199][T21347] EXT4-fs error (device loop1): mb_free_blocks:1826: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 1529.686600][T21347] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.21403: corrupted inode contents [ 1529.719345][T21347] EXT4-fs error (device loop1): ext4_dirty_inode:6137: inode #12: comm syz.1.21403: mark_inode_dirty error [ 1529.740885][T21347] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.21403: corrupted inode contents [ 1529.792606][T21347] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #12: comm syz.1.21403: mark_inode_dirty error [ 1529.815570][T21347] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.21403: corrupted inode contents [ 1529.858216][T21347] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 1529.884101][T21347] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.21403: corrupted inode contents [ 1529.908333][T21347] EXT4-fs error (device loop1): ext4_truncate:4318: inode #12: comm syz.1.21403: mark_inode_dirty error [ 1529.925367][T21347] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 1529.982539][T21387] loop0: detected capacity change from 0 to 2048 [ 1529.989792][T21347] EXT4-fs (loop1): 1 truncate cleaned up [ 1529.995974][T21347] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1530.092168][T21396] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1530.135374][T21387] NILFS error (device loop0): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=203 [ 1530.203102][T21387] Remounting filesystem read-only [ 1530.211804][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 1531.600327][T21492] netlink: 'syz.3.21448': attribute type 15 has an invalid length. [ 1532.057207][T21522] netlink: 8 bytes leftover after parsing attributes in process `syz.5.21457'. [ 1532.112753][T21522] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 1532.166138][T21522] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 1534.349196][T21681] netlink: 36 bytes leftover after parsing attributes in process `syz.5.21508'. [ 1534.709669][T21705] tmpfs: Bad value for 'nr_inodes' [ 1534.845078][T21720] dns_resolver: Unsupported content type (240) [ 1534.901786][T21723] netlink: 36 bytes leftover after parsing attributes in process `syz.5.21521'. [ 1534.978742][T21728] netlink: 76 bytes leftover after parsing attributes in process `syz.1.21522'. [ 1534.987854][T21728] netlink: 76 bytes leftover after parsing attributes in process `syz.1.21522'. [ 1535.020536][ T4347] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1535.235867][T21744] netdevsim netdevsim4: Firmware load for './file0/../file0' refused, path contains '..' component [ 1535.235870][ T4347] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1535.306161][ T4347] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 1535.331648][ T4347] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 1535.340752][ T4347] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1535.393495][ T4347] usb 1-1: config 0 descriptor?? [ 1535.412923][T21751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21530'. [ 1535.602846][T21763] i2c i2c-0: Invalid block read size 255 [ 1535.835889][ T4347] Bluetooth: Can't get state to change to load configuration err [ 1535.854262][ T4347] Bluetooth: Loading sysconfig file failed [ 1535.871051][ T4347] ath3k: probe of 1-1:0.0 failed with error -16 [ 1535.883443][ T4347] usb 1-1: USB disconnect, device number 30 [ 1536.154581][T21808] netlink: 12296 bytes leftover after parsing attributes in process `syz.1.21545'. [ 1536.223758][T21808] netlink: 164 bytes leftover after parsing attributes in process `syz.1.21545'. [ 1536.273214][T21816] autofs4:pid:21816:autofs_fill_super: called with bogus options [ 1536.655332][T21838] netlink: 24 bytes leftover after parsing attributes in process `syz.5.21556'. [ 1536.988730][T21861] netlink: 48 bytes leftover after parsing attributes in process `syz.4.21563'. [ 1537.423118][T21885] netlink: 'syz.5.21571': attribute type 2 has an invalid length. [ 1537.515704][T21891] netlink: 132 bytes leftover after parsing attributes in process `syz.1.21572'. [ 1537.777855][T21900] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1537.993949][T21871] loop0: detected capacity change from 0 to 32768 [ 1538.016469][T21912] netlink: 'syz.1.21579': attribute type 1 has an invalid length. [ 1538.053029][T21912] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21579'. [ 1538.412408][T21929] netlink: 16 bytes leftover after parsing attributes in process `syz.0.21584'. [ 1539.256083][T21984] loop3: detected capacity change from 0 to 512 [ 1539.388944][T21984] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1539.447354][T21984] ext4 filesystem being mounted at /1273/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 1539.696939][ T4984] EXT4-fs (loop3): unmounting filesystem. [ 1540.149264][T22035] netlink: 20 bytes leftover after parsing attributes in process `syz.3.21617'. [ 1540.169318][T22035] netlink: 20 bytes leftover after parsing attributes in process `syz.3.21617'. [ 1540.216568][T22035] netlink: 20 bytes leftover after parsing attributes in process `syz.3.21617'. [ 1540.246613][T22037] netlink: 'syz.0.21618': attribute type 5 has an invalid length. [ 1540.460894][T22048] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1540.507852][T22048] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1540.538981][T22048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1540.600117][T22048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1540.613621][T22048] device bridge_slave_0 left promiscuous mode [ 1540.641039][T22048] bridge0: port 1(bridge_slave_0) entered disabled state [ 1540.647438][T22061] netlink: 'syz.1.21625': attribute type 32 has an invalid length. [ 1540.695624][T22048] device bridge_slave_1 left promiscuous mode [ 1540.729497][T22048] bridge0: port 2(bridge_slave_1) entered disabled state [ 1540.742331][T22010] loop5: detected capacity change from 0 to 40427 [ 1540.764769][T22010] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 1540.772844][ T4347] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1540.808129][T22048] bond0: (slave bond_slave_0): Releasing backup interface [ 1540.837011][T22010] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 1540.893297][T22010] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1540.900362][T22048] bond0: (slave bond_slave_1): Releasing backup interface [ 1541.000447][ T4347] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1541.014532][ T4347] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1541.025038][T22010] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 1541.043510][T22010] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1541.057143][T22048] team0: Port device team_slave_0 removed [ 1541.070973][ T4347] usb 1-1: Product: syz [ 1541.090442][T22048] team0: Port device team_slave_1 removed [ 1541.092657][ T4347] usb 1-1: Manufacturer: syz [ 1541.112288][ T4347] usb 1-1: SerialNumber: syz [ 1541.123150][ T4347] r8152-cfgselector 1-1: config 0 descriptor?? [ 1541.141329][T22048] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1541.152783][T22048] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1541.172449][T22048] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1541.186798][T22048] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1541.242752][ T9003] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1541.575865][ T9003] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 1541.579050][ T4347] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1541.608260][ T4347] r8152-cfgselector 1-1: USB disconnect, device number 31 [ 1542.010856][T22127] No source specified [ 1543.194216][T22177] netlink: 4 bytes leftover after parsing attributes in process `syz.5.21657'. [ 1543.422482][T22206] nfs: Deprecated parameter 'nointr' [ 1543.529745][T22213] netlink: 72 bytes leftover after parsing attributes in process `syz.4.21670'. [ 1543.560682][T22213] netlink: 72 bytes leftover after parsing attributes in process `syz.4.21670'. [ 1543.873421][T22226] loop0: detected capacity change from 0 to 4096 [ 1543.989179][T22226] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1544.012487][T22226] ntfs3: loop0: Failed to load $Extend. [ 1544.696034][T22285] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1544.704819][T22285] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 1544.770392][T22289] tmpfs: Bad value for 'mpol' [ 1544.775304][T22285] overlayfs: missing 'lowerdir' [ 1544.832921][T22286] loop3: detected capacity change from 0 to 4096 [ 1544.978600][ T26] audit: type=1800 audit(2000000159.270:3418): pid=22286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.21691" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 1545.595554][T22340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.21710'. [ 1546.466232][T22388] loop3: detected capacity change from 0 to 4096 [ 1546.568645][T22388] ntfs: volume version 3.1. [ 1546.772738][T22409] sctp: [Deprecated]: syz.4.21733 (pid 22409) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1546.772738][T22409] Use struct sctp_sack_info instead [ 1546.951236][T22418] netlink: 48 bytes leftover after parsing attributes in process `syz.3.21734'. [ 1547.183721][T22427] libceph: resolve 'c0' (ret=-3): failed [ 1547.197416][T22430] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1547.251977][T22430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1547.261477][T22430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1547.317198][T22430] bridge0: port 1(bridge_slave_0) entered disabled state [ 1547.331295][T22430] device bridge_slave_1 left promiscuous mode [ 1547.382384][T22430] bridge0: port 2(bridge_slave_1) entered disabled state [ 1547.434580][T22430] bond0: (slave bond_slave_0): Releasing backup interface [ 1547.453095][T22430] device bond_slave_0 left promiscuous mode [ 1547.516778][T22430] bond0: (slave bond_slave_1): Releasing backup interface [ 1547.536465][T22430] device bond_slave_1 left promiscuous mode [ 1547.557258][T22430] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1547.590648][T22430] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1547.599971][T22430] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1547.631619][T22452] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21747'. [ 1547.673346][T22452] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21747'. [ 1548.274784][T22486] device wlan0 entered promiscuous mode [ 1549.281138][T22571] loop1: detected capacity change from 0 to 4096 [ 1549.334870][T22571] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 1549.449797][T22571] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1549.678924][T22602] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma? [ 1549.762981][T22616] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21786'. [ 1549.955233][ T4255] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1549.975064][ T26] audit: type=1326 audit(2000000163.938:3419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.030154][ T4346] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1550.034734][ T26] audit: type=1326 audit(2000000163.975:3420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.119375][T22635] IPv6: sit2: Disabled Multicast RS [ 1550.144684][ T26] audit: type=1326 audit(2000000163.975:3421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.214135][ T26] audit: type=1326 audit(2000000163.985:3422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.223964][ T4255] usb 5-1: config 0 has an invalid interface number: 69 but max is 0 [ 1550.278594][ T4346] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 1550.291063][ T4255] usb 5-1: config 0 has no interface number 0 [ 1550.296028][ T4346] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1550.318902][ T26] audit: type=1326 audit(2000000163.985:3423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.323022][ T4255] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 1550.350774][ T4346] usb 4-1: config 0 has no interface number 0 [ 1550.369000][ T4346] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1550.397903][ T26] audit: type=1326 audit(2000000163.985:3424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.411271][ T4255] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1550.426034][ T4346] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1550.462847][ T26] audit: type=1326 audit(2000000163.985:3425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.490996][ T4255] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 1550.500105][ T4255] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1550.505668][ T4346] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1550.520383][ T26] audit: type=1326 audit(2000000163.985:3426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22628 comm="syz.0.21791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f397b99bf79 code=0x7ffc0000 [ 1550.551878][ T4346] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1550.560458][ T4255] usb 5-1: Product: syz [ 1550.583818][ T4346] usb 4-1: Product: syz [ 1550.585921][ T4255] usb 5-1: Manufacturer: syz [ 1550.607325][ T4346] usb 4-1: Manufacturer: syz [ 1550.609748][ T4255] usb 5-1: SerialNumber: syz [ 1550.617525][ T26] audit: type=1326 audit(2000000164.546:3427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22657 comm="syz.5.21801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1550.625537][ T4346] usb 4-1: SerialNumber: syz [ 1550.652740][ T4255] usb 5-1: config 0 descriptor?? [ 1550.662148][T22604] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1550.673997][ T4255] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 1550.685963][ T26] audit: type=1326 audit(2000000164.546:3428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22657 comm="syz.5.21801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1550.716298][ T4255] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 1550.722093][ T4346] usb 4-1: config 0 descriptor?? [ 1550.760319][ T26] audit: type=1326 audit(2000000164.583:3429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22657 comm="syz.5.21801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1550.840106][ T26] audit: type=1326 audit(2000000164.583:3430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22657 comm="syz.5.21801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1550.906769][ T26] audit: type=1326 audit(2000000164.583:3431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22657 comm="syz.5.21801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a1f9bf79 code=0x7ffc0000 [ 1551.156385][T22691] delete_channel: no stack [ 1551.320498][ T9003] usb 5-1: USB disconnect, device number 30 [ 1551.334694][ T4255] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1551.346219][ T9003] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 1551.368834][ T9003] cyberjack 5-1:0.69: device disconnected [ 1551.399100][T10085] usb 4-1: USB disconnect, device number 24 [ 1551.534360][T22720] loop1: detected capacity change from 0 to 4096 [ 1551.567643][T22720] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 1551.569488][ T4255] usb 6-1: Using ep0 maxpacket: 32 [ 1551.592867][ T4255] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 1551.616266][ T4255] usb 6-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 1551.633507][ T4255] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1551.672281][ T4255] usb 6-1: Product: syz [ 1551.686770][ T4255] usb 6-1: Manufacturer: syz [ 1551.697790][ T4255] usb 6-1: SerialNumber: syz [ 1551.710239][ T4255] usb 6-1: config 0 descriptor?? [ 1551.720053][T22683] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 1551.759348][T22720] ntfs3: loop1: ino=1b, "file0" attr_set_size [ 1551.780788][T22720] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1552.072782][ T4255] usb 6-1: USB disconnect, device number 57 [ 1552.114900][T22751] netlink: 'syz.1.21812': attribute type 30 has an invalid length. [ 1552.682668][T22788] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1552.756700][T22788] infiniband syz1: set active [ 1552.815221][T22788] bridge0: port 1(bridge_slave_0) entered disabled state [ 1552.880030][T22788] bond0: (slave bond_slave_0): Releasing backup interface [ 1552.928590][T22788] infiniband syû: set down [ 1552.966673][T22788] bond0: (slave bond_slave_1): Releasing backup interface [ 1553.012361][T22788] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1553.025331][T22788] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1553.035227][T22788] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1553.042785][T22788] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1553.063741][T22788] bond0: (slave netdevsim0): Releasing backup interface [ 1553.093384][ T4255] vcan0 speed is unknown, defaulting to 1000 [ 1553.131924][T22802] device syz_tun entered promiscuous mode [ 1553.161119][T22802] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 1554.208466][T22867] loop1: detected capacity change from 0 to 128 [ 1554.275867][T22867] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 1554.319135][T22867] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1554.493992][T22835] loop5: detected capacity change from 0 to 32768 [ 1554.659862][T22835] XFS (loop5): Mounting V5 Filesystem [ 1554.840885][T22907] xt_hashlimit: max too large, truncated to 1048576 [ 1554.893011][T22835] XFS (loop5): Ending clean mount [ 1555.120715][T24267] XFS (loop5): Unmounting Filesystem [ 1555.342758][T22932] netlink: 'syz.0.21865': attribute type 4 has an invalid length. [ 1555.459918][T22936] netlink: 'syz.4.21866': attribute type 10 has an invalid length. [ 1555.493131][T22936] netlink: 2 bytes leftover after parsing attributes in process `syz.4.21866'. [ 1555.502442][T22936] device bond0 entered promiscuous mode [ 1555.536085][T22936] bridge0: port 1(bond0) entered blocking state [ 1555.557787][T22936] bridge0: port 1(bond0) entered disabled state [ 1555.771749][T22956] netlink: 'syz.4.21872': attribute type 3 has an invalid length. [ 1555.803001][T22956] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.21872'. [ 1555.835513][T22962] affs: No valid root block on device nbd0 [ 1555.856428][ T4255] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 1555.875017][T22965] loop1: detected capacity change from 0 to 16 [ 1555.909870][T22965] erofs: (device loop1): mounted with root inode @ nid 36. [ 1555.973100][T22965] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-95] [ 1556.082490][ T4255] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1556.104334][ T4255] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1556.148470][ T4255] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1556.192547][ T4255] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x3 has invalid maxpacket 29797, setting to 64 [ 1556.255636][ T4255] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1556.283225][ T4255] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1556.295616][ T4255] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1556.314178][ T4255] usb 4-1: SerialNumber: syz [ 1556.333630][T22944] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1556.347457][ T4255] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 1556.441146][T22996] loop0: detected capacity change from 0 to 128 [ 1556.480907][T22996] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 1556.508556][T22996] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1556.567810][ T4347] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1556.622478][ T9003] usb 4-1: USB disconnect, device number 25 [ 1556.766646][ T4347] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1556.807474][ T4347] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1556.808778][T23015] netlink: 'syz.0.21885': attribute type 21 has an invalid length. [ 1556.828804][T23017] netlink: 'syz.1.21886': attribute type 8 has an invalid length. [ 1556.837680][T23015] netlink: 132 bytes leftover after parsing attributes in process `syz.0.21885'. [ 1556.861037][ T4347] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1556.902811][ T4347] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1556.912684][ T4347] usb 5-1: Product: syz [ 1556.932674][ T4347] usb 5-1: Manufacturer: syz [ 1556.943936][ T4347] usb 5-1: SerialNumber: syz [ 1556.966334][ T4347] cdc_ncm 5-1:1.0: skipping garbage [ 1556.986687][ T4347] cdc_ncm 5-1:1.0: NCM or ECM functional descriptors missing [ 1557.019802][ T4347] cdc_ncm 5-1:1.0: bind() failure [ 1557.051682][ T4347] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1557.077816][ T4347] cdc_ncm 5-1:1.1: bind() failure [ 1557.212083][ T4347] usb 5-1: USB disconnect, device number 31 [ 1557.215986][T23044] loop5: detected capacity change from 0 to 164 [ 1557.331851][ T9003] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 1557.369003][T24267] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1557.402817][T24267] ISOFS: unable to read i-node block [ 1557.418465][T24267] ISOFS: unable to read i-node block [ 1557.534902][ T9003] usb 1-1: Using ep0 maxpacket: 16 [ 1557.541975][ T9003] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1557.591236][ T9003] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d [ 1557.620325][ T9003] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1557.647697][ T9003] usb 1-1: Product: syz [ 1557.652073][ T9003] usb 1-1: Manufacturer: syz [ 1557.675694][ T9003] usb 1-1: SerialNumber: syz [ 1557.685312][ T9003] usb 1-1: config 0 descriptor?? [ 1557.729622][ T9003] gspca_main: STV06xx-2.14.0 probing 046d:08f0 [ 1557.735926][ T9003] gspca_stv06xx: st6422 sensor detected [ 1558.004684][ T4373] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1558.037626][ T4373] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 34288 - 0 [ 1558.061857][ T4373] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 36691 - 0 [ 1558.094781][ T4373] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 3] type 2 family 0 port 20000 - 0 [ 1558.133998][T10085] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1558.267036][ T9003] STV06xx: probe of 1-1:0.0 failed with error -71 [ 1558.297322][ T9003] usb 1-1: USB disconnect, device number 32 [ 1558.306287][ T4373] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1558.335691][ T4373] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 34288 - 0 [ 1558.346537][ T4373] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 36691 - 0 [ 1558.347466][T10085] usb 2-1: Using ep0 maxpacket: 8 [ 1558.357643][ T4373] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 3] type 2 family 0 port 20000 - 0 [ 1558.402856][T10085] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1558.434511][T10085] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1558.478945][T10085] usb 2-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1558.510774][T10085] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1558.529298][T10085] usb 2-1: Product: syz [ 1558.542623][T10085] usb 2-1: Manufacturer: syz [ 1558.549105][ T4373] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1558.558251][T10085] usb 2-1: SerialNumber: syz [ 1558.580419][ T4373] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 34288 - 0 [ 1558.590393][T10085] usb 2-1: config 0 descriptor?? [ 1558.630338][ T4373] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 36691 - 0 [ 1558.674107][ T4373] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 3] type 2 family 0 port 20000 - 0 [ 1558.861639][ T4373] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1558.913474][ T4373] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 34288 - 0 [ 1558.969107][ T4373] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 36691 - 0 [ 1559.009087][ T4373] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 3] type 2 family 0 port 20000 - 0 [ 1559.023828][T23138] ieee802154 phy1 wpan1: encryption failed: -22 [ 1559.090817][T10085] usb 2-1: USB disconnect, device number 8 [ 1559.103388][T24270] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1559.138533][T24270] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1559.148868][T24270] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1559.159589][T24270] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1559.177644][T24270] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1559.185744][T24270] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1559.386489][T23140] vcan0 speed is unknown, defaulting to 1000 [ 1559.904043][T23196] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1560.046775][T23140] wg1 speed is unknown, defaulting to 1000 [ 1560.230439][T23215] loop0: detected capacity change from 0 to 2048 [ 1560.293391][ T4347] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1560.314081][T23220] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1560.485606][ T4347] usb 4-1: Using ep0 maxpacket: 32 [ 1560.492619][ T4347] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 1560.532797][T23228] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.21933'. [ 1560.554242][ T4347] usb 4-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 1560.575745][ T4347] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1560.592392][ T4347] usb 4-1: Product: syz [ 1560.617144][ T4347] usb 4-1: Manufacturer: syz [ 1560.621900][ T4347] usb 4-1: SerialNumber: syz [ 1560.671084][ T4347] usb 4-1: config 0 descriptor?? [ 1560.698889][T23203] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1560.707783][T23220] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 1560.763457][T23220] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 1560.832758][T23220] Remounting filesystem read-only [ 1560.843566][ T4268] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 1560.969942][ T4347] usb 4-1: USB disconnect, device number 26 [ 1561.234276][T23140] lo speed is unknown, defaulting to 1000 [ 1561.343475][T23299] netlink: 12 bytes leftover after parsing attributes in process `syz.1.21941'. [ 1561.458755][ T4277] Bluetooth: hci1: command 0x0409 tx timeout [ 1561.982509][ T4346] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1562.097601][T23373] netlink: 124 bytes leftover after parsing attributes in process `syz.1.21952'. [ 1562.117652][T23373] netlink: 56 bytes leftover after parsing attributes in process `syz.1.21952'. [ 1562.185542][ T4346] usb 1-1: Using ep0 maxpacket: 32 [ 1562.193294][ T4346] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1562.226330][T23376] netlink: 28 bytes leftover after parsing attributes in process `syz.4.21953'. [ 1562.254141][T23376] netlink: 108 bytes leftover after parsing attributes in process `syz.4.21953'. [ 1562.262106][ T4346] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1562.291383][T23376] netlink: 28 bytes leftover after parsing attributes in process `syz.4.21953'. [ 1562.310938][ T4346] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1562.322993][ T4346] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1562.324564][T23376] netlink: 108 bytes leftover after parsing attributes in process `syz.4.21953'. [ 1562.340888][ T4346] usb 1-1: Product: syz [ 1562.345103][ T4346] usb 1-1: Manufacturer: syz [ 1562.365226][T23376] netlink: 84 bytes leftover after parsing attributes in process `syz.4.21953'. [ 1562.373150][ T4346] usb 1-1: SerialNumber: syz [ 1562.633166][T23140] chnl_net:caif_netlink_parms(): no params data found [ 1562.672908][ T4346] usb 1-1: Limiting number of CPorts to U8_MAX [ 1562.688237][ T4346] usb 1-1: Not enough endpoints found in device, aborting! [ 1562.907259][ T9003] usb 1-1: USB disconnect, device number 33 [ 1563.046873][T23140] bridge0: port 1(bridge_slave_0) entered blocking state [ 1563.158360][T23140] bridge0: port 1(bridge_slave_0) entered disabled state [ 1563.183953][T23140] device bridge_slave_0 entered promiscuous mode [ 1563.242791][T23140] bridge0: port 2(bridge_slave_1) entered blocking state [ 1563.254744][T23140] bridge0: port 2(bridge_slave_1) entered disabled state [ 1563.267725][T23491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21964'. [ 1563.296401][T23140] device bridge_slave_1 entered promiscuous mode [ 1563.404168][T23140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1563.423911][T23395] loop3: detected capacity change from 0 to 32768 [ 1563.442042][T23140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1563.552676][T23524] netlink: 'syz.1.21966': attribute type 49 has an invalid length. [ 1563.625329][T23140] team0: Port device team_slave_0 added [ 1563.671431][ T4277] Bluetooth: hci1: command 0x041b tx timeout [ 1563.699170][T23524] netlink: 'syz.1.21966': attribute type 49 has an invalid length. [ 1563.757630][T23140] team0: Port device team_slave_1 added [ 1563.869880][T23140] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1563.957112][T23140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1564.057681][T23579] netlink: 'syz.1.21972': attribute type 1 has an invalid length. [ 1564.098863][T23579] netlink: 134744 bytes leftover after parsing attributes in process `syz.1.21972'. [ 1564.103356][T23140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1564.357653][T23140] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1564.364654][T23140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1564.455040][T23140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1564.657327][T23608] ipt_CLUSTERIP: Please specify an interface name [ 1564.880852][T23140] device hsr_slave_0 entered promiscuous mode [ 1564.907092][T23140] device hsr_slave_1 entered promiscuous mode [ 1564.933050][T23140] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1564.949517][T23140] Cannot create hsr debugfs directory [ 1565.890965][ T4277] Bluetooth: hci1: command 0x040f tx timeout [ 1566.003813][T23763] loop1: detected capacity change from 0 to 2048 [ 1566.129506][T23770] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1566.372419][T23140] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1566.389656][T23770] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 1566.450725][T23770] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 1566.460592][T23770] Remounting filesystem read-only [ 1566.466633][ T4272] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 1566.484578][T23140] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1566.577928][T23140] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1566.672952][ T4373] device hsr_slave_0 left promiscuous mode [ 1566.718232][ T4373] device hsr_slave_1 left promiscuous mode [ 1566.829996][ T4373] device veth1_macvtap left promiscuous mode [ 1566.863177][ T4373] device veth0_macvtap left promiscuous mode [ 1566.883495][ T4373] device veth1_vlan left promiscuous mode [ 1566.899576][ T4373] device veth0_vlan left promiscuous mode [ 1567.257778][T23826] xt_hashlimit: max too large, truncated to 1048576 [ 1567.407963][T23829] loop3: detected capacity change from 0 to 8192 [ 1567.425007][T23829] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1567.438188][T23829] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 1567.447592][T23829] REISERFS (device loop3): using ordered data mode [ 1567.450668][ T4373] bond3 (unregistering): Released all slaves [ 1567.454092][T23829] reiserfs: using flush barriers [ 1567.465903][T23829] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1567.484962][T23829] REISERFS (device loop3): checking transaction log (loop3) [ 1567.494020][T23829] REISERFS (device loop3): Using r5 hash to sort names [ 1567.501551][T23829] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 1567.649874][T23834] TCP: TCP_TX_DELAY enabled [ 1567.883557][ T4373] bond2 (unregistering): Released all slaves [ 1568.123830][ T4277] Bluetooth: hci1: command 0x0419 tx timeout [ 1568.200914][ T4373] bond1 (unregistering): Released all slaves [ 1569.739605][ T4373] bond0 (unregistering): Released all slaves [ 1569.875449][T23140] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1570.383877][T23140] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1570.468209][ T1120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1570.503595][ T1120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1570.568581][T23140] 8021q: adding VLAN 0 to HW filter on device team0 [ 1570.601321][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1570.631231][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1570.660975][ T3014] bridge0: port 1(bridge_slave_0) entered blocking state [ 1570.668164][ T3014] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1570.734689][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1570.747362][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1570.799158][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1570.808576][ T3014] bridge0: port 2(bridge_slave_1) entered blocking state [ 1570.815788][ T3014] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1570.874058][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1570.908889][ T9003] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1570.927843][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1570.955229][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1571.001278][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1571.020731][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1571.080690][T23904] __nla_validate_parse: 2 callbacks suppressed [ 1571.080710][T23904] netlink: 96 bytes leftover after parsing attributes in process `syz.1.22025'. [ 1571.114938][T23862] loop0: detected capacity change from 0 to 32768 [ 1571.137420][ T9003] usb 5-1: config 160 has an invalid interface number: 200 but max is 0 [ 1571.146163][ T9003] usb 5-1: config 160 has no interface number 0 [ 1571.152578][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1571.166835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1571.177202][ T9003] usb 5-1: config 160 interface 200 has no altsetting 0 [ 1571.208280][ T9003] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 1571.216293][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1571.218497][ T9003] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1571.235342][ T9003] usb 5-1: Product: syz [ 1571.239572][ T9003] usb 5-1: Manufacturer: syz [ 1571.245021][ T9003] usb 5-1: SerialNumber: syz [ 1571.254916][T23862] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1571.274811][T23862] (syz.0.22014,23862,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=16, inode=65, rec_len=16, name_len=64 [ 1571.291754][T23862] (syz.0.22014,23862,1):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 1571.299595][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1571.301837][T23862] (syz.0.22014,23862,1):ocfs2_mknod:298 ERROR: status = -2 [ 1571.315802][T23862] (syz.0.22014,23862,1):ocfs2_mknod:502 ERROR: status = -2 [ 1571.323080][T23862] (syz.0.22014,23862,1):ocfs2_mkdir:659 ERROR: status = -2 [ 1571.399201][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1571.420885][ T4268] ocfs2: Unmounting device (7,0) on (node local) [ 1571.423480][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1571.480999][ T9003] usb 5-1: MIDIStreaming interface descriptor not found [ 1571.513608][T23140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1571.541790][ T9003] usb 5-1: USB disconnect, device number 32 [ 1571.830296][ T4258] udevd[4258]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1572.522461][T23988] netlink: 28 bytes leftover after parsing attributes in process `syz.1.22039'. [ 1572.598436][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1572.605970][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1572.685144][T23140] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1572.948970][ T26] audit: type=1326 audit(2000000185.433:3432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24014 comm="syz.3.22046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1573.043395][ T26] audit: type=1326 audit(2000000185.480:3433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24014 comm="syz.3.22046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1573.114291][T24021] netlink: 'syz.0.22047': attribute type 1 has an invalid length. [ 1573.147960][ T26] audit: type=1326 audit(2000000185.480:3434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24014 comm="syz.3.22046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1573.253535][ T26] audit: type=1326 audit(2000000185.480:3435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24014 comm="syz.3.22046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3099bf79 code=0x7ffc0000 [ 1573.411899][T24038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1574.016980][ T1120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1574.039622][ T1120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1574.130627][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1574.163521][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1574.213743][T23140] device veth0_vlan entered promiscuous mode [ 1574.234144][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1574.255240][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1574.281099][T23140] device veth1_vlan entered promiscuous mode [ 1574.291824][T24082] netlink: 'syz.0.22064': attribute type 5 has an invalid length. [ 1574.392398][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1574.434354][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1574.444685][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1574.493134][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1574.531498][T23140] device veth0_macvtap entered promiscuous mode [ 1574.549971][T23140] device veth1_macvtap entered promiscuous mode [ 1574.602424][T24104] binder: 24102:24104 ioctl 400c620e 0 returned -14 [ 1574.616538][T23140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1574.648904][T23140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1574.712137][T23140] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1574.790388][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1574.798693][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1574.822673][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1574.863049][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1574.905031][T23140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1574.917349][T23140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1574.981882][T23140] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1574.992868][T23140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.019554][T23140] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1575.031327][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1575.067998][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1575.068030][T24125] netlink: 20 bytes leftover after parsing attributes in process `syz.3.22076'. [ 1575.117946][T23140] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1575.168694][T23140] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1575.206497][T23140] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1575.215252][T23140] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1575.480753][ T4373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1575.495055][T24658] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1575.515791][ T4373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1575.566610][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1575.680647][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1575.701035][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1575.722976][T24658] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1575.737009][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1575.757100][T24658] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1575.802114][T24658] usb 1-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1575.855589][T24658] usb 1-1: config 1 interface 0 has no altsetting 1 [ 1575.886483][T24658] usb 1-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 1575.942487][T24658] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1575.970522][T24658] usb 1-1: Product: syz [ 1575.974775][T24658] usb 1-1: Manufacturer: syz [ 1576.015772][T24658] usb 1-1: SerialNumber: syz [ 1576.045183][T24658] smsusb:smsusb_probe: board id=8, interface number 0 [ 1576.262515][T24658] smsusb:smsusb_probe: Device initialized with return code -19 [ 1576.537216][T24658] usb 1-1: USB disconnect, device number 34 [ 1576.556822][T24245] xt_TCPMSS: Only works on TCP SYN packets [ 1576.644334][T24253] loop1: detected capacity change from 0 to 1024 [ 1576.720192][T24260] netlink: 'syz.3.22098': attribute type 21 has an invalid length. [ 1576.746533][ T8869] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1576.765161][T24260] netlink: 100 bytes leftover after parsing attributes in process `syz.3.22098'. [ 1576.949077][ T8869] usb 5-1: Using ep0 maxpacket: 16 [ 1576.956368][ T8869] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 1576.958461][T24274] netlink: 92 bytes leftover after parsing attributes in process `syz.3.22101'. [ 1576.996754][T24274] netlink: 'syz.3.22101': attribute type 1 has an invalid length. [ 1577.005780][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1577.045226][ T8869] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 1577.054960][ T8869] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 1577.088497][T24280] netlink: 8 bytes leftover after parsing attributes in process `syz.1.22103'. [ 1577.120826][ T8869] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1577.141433][ T8869] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 1577.158735][ T8869] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1577.198678][ T8869] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 1577.283967][ T8869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1577.313295][ T8869] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 1577.589611][ T8869] ums-sddr09: probe of 5-1:1.0 failed with error -22 [ 1577.632048][ T8869] usb 5-1: USB disconnect, device number 33 [ 1577.894991][T24326] loop6: detected capacity change from 0 to 512 [ 1577.956162][T24326] EXT4-fs: Ignoring removed bh option [ 1578.003139][T24285] loop0: detected capacity change from 0 to 32768 [ 1578.006039][T24326] EXT4-fs (loop6): orphan cleanup on readonly fs [ 1578.023717][T24285] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.22104 (24285) [ 1578.045551][T24326] EXT4-fs error (device loop6): ext4_map_blocks:635: inode #11: block 1: comm syz.6.22111: lblock 0 mapped to illegal pblock 1 (length 1) [ 1578.059769][T24340] netlink: 72 bytes leftover after parsing attributes in process `syz.1.22114'. [ 1578.200847][T24326] EXT4-fs (loop6): Remounting filesystem read-only [ 1578.206657][T24285] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1578.221413][ T4255] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1578.247448][T24326] EXT4-fs error (device loop6): ext4_xattr_inode_update_ref:984: inode #11: comm syz.6.22111: EA inode 11 ref wraparound: ref_count=0 ref_change=-1 [ 1578.287720][T24285] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1578.307882][T24285] BTRFS info (device loop0): using free space tree [ 1578.336040][T24326] EXT4-fs (loop6): Remounting filesystem read-only [ 1578.359906][T24326] EXT4-fs warning (device loop6): ext4_xattr_inode_dec_ref_all:1178: inode #11: comm syz.6.22111: ea_inode dec ref err=-117 [ 1578.396886][T24326] EXT4-fs (loop6): 1 orphan inode deleted [ 1578.402729][T24326] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 1578.424511][ T4255] usb 4-1: Using ep0 maxpacket: 16 [ 1578.467234][ T4255] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1578.558516][ T4255] usb 4-1: config 13 has an invalid interface number: 50 but max is 0 [ 1578.618092][T24285] BTRFS info (device loop0): enabling ssd optimizations [ 1578.679472][ T4255] usb 4-1: config 13 has no interface number 0 [ 1578.722501][ T4255] usb 4-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16 [ 1578.773312][ T4255] usb 4-1: config 13 interface 50 has no altsetting 0 [ 1578.807405][ T4255] usb 4-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 1578.835708][T24285] BTRFS error (device loop0): target device is invalid! [ 1578.872130][T23140] EXT4-fs (loop6): unmounting filesystem. [ 1578.873457][ T4255] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1578.943267][ T4255] usb 4-1: Product: syz [ 1578.973658][ T4255] usb 4-1: Manufacturer: syz [ 1578.980004][ T4255] usb 4-1: SerialNumber: syz [ 1578.993239][T24329] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1579.042755][ T4268] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1579.241921][ T4255] usb 4-1: MIDIStreaming interface descriptor not found [ 1579.259862][ T4259] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop0 scanned by udevd (4259) [ 1579.429313][ T4255] usb 4-1: USB disconnect, device number 27 [ 1581.004508][T24520] loop1: detected capacity change from 0 to 2048 [ 1581.535082][ T26] audit: type=1326 audit(2000000193.459:3436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24555 comm="syz.4.22157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1581.629632][T24561] netlink: 12 bytes leftover after parsing attributes in process `syz.6.22159'. [ 1581.645075][ T26] audit: type=1326 audit(2000000193.506:3437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24555 comm="syz.4.22157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1581.738716][ T26] audit: type=1326 audit(2000000193.506:3438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24555 comm="syz.4.22157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1581.877437][ T26] audit: type=1326 audit(2000000193.506:3439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24555 comm="syz.4.22157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1582.489642][T24613] loop3: detected capacity change from 0 to 512 [ 1582.555822][T24613] /dev/loop3: Can't open blockdev [ 1582.572404][T24658] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1582.689916][T24624] tc_dump_action: action bad kind [ 1582.787997][T24658] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1582.826790][T24658] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 1582.859618][T24634] loop6: detected capacity change from 0 to 256 [ 1582.882677][T24658] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 1582.931346][T24658] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1583.000884][T24658] usb 2-1: config 0 descriptor?? [ 1583.020792][T24634] FAT-fs (loop6): Directory bread(block 64) failed [ 1583.055145][T24634] FAT-fs (loop6): Directory bread(block 65) failed [ 1583.095322][T24634] FAT-fs (loop6): Directory bread(block 66) failed [ 1583.117438][T24634] FAT-fs (loop6): Directory bread(block 67) failed [ 1583.124304][T24634] FAT-fs (loop6): Directory bread(block 68) failed [ 1583.146996][T24634] FAT-fs (loop6): Directory bread(block 69) failed [ 1583.155781][T24634] FAT-fs (loop6): Directory bread(block 70) failed [ 1583.227729][T24651] loop3: detected capacity change from 0 to 64 [ 1583.241303][T24634] FAT-fs (loop6): Directory bread(block 71) failed [ 1583.279570][T24634] FAT-fs (loop6): Directory bread(block 72) failed [ 1583.286209][T24634] FAT-fs (loop6): Directory bread(block 73) failed [ 1583.492117][T24658] Bluetooth: Can't get version to change to load ram patch err [ 1583.500053][T24658] Bluetooth: Loading patch file failed [ 1583.550256][T24658] ath3k: probe of 2-1:0.0 failed with error -71 [ 1583.585324][T24658] usb 2-1: USB disconnect, device number 9 [ 1583.652827][T24678] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 1583.825485][T24686] netlink: 32 bytes leftover after parsing attributes in process `syz.6.22188'. [ 1584.652526][ T26] audit: type=1326 audit(2000000196.377:3440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24735 comm="syz.4.22203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1584.726583][ T26] audit: type=1326 audit(2000000196.377:3441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24735 comm="syz.4.22203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1584.848140][ T26] audit: type=1326 audit(2000000196.377:3442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24735 comm="syz.4.22203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1584.866450][T24754] tmpfs: Bad value for 'mpol' [ 1584.942419][ T26] audit: type=1326 audit(2000000196.377:3443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24735 comm="syz.4.22203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa99bf79 code=0x7ffc0000 [ 1585.120066][T24769] netlink: 12 bytes leftover after parsing attributes in process `syz.4.22212'. [ 1585.138074][ T9003] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1585.156492][T24769] tc_dump_action: action bad kind [ 1585.303016][T24780] Non-string source [ 1585.362553][ T9003] usb 1-1: Using ep0 maxpacket: 8 [ 1585.372199][ T9003] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1585.383008][T24788] loop1: detected capacity change from 0 to 64 [ 1585.396004][ T9003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 1585.436719][ T9003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1585.500909][ T9003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 1585.522790][ T9003] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 1585.589743][ T9003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1585.610605][ T9003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1585.629803][ T9003] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 1585.684737][ T9003] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 1585.715194][ T9003] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1585.749788][ T9003] usb 1-1: Product: syz [ 1585.754035][ T9003] usb 1-1: Manufacturer: syz [ 1585.768765][T24807] netlink: 'syz.3.22223': attribute type 10 has an invalid length. [ 1585.781592][T24808] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 1585.791007][ T9003] usb 1-1: SerialNumber: syz [ 1585.804916][ T9003] usb 1-1: config 0 descriptor?? [ 1585.810818][T24748] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1585.922958][ T9003] snd-usb-audio: probe of 1-1:0.0 failed with error -12 [ 1586.019844][ T4258] udevd[4258]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1586.147957][T24844] xt_hashlimit: overflow, rate too high: 0 [ 1586.150904][T24658] usb 1-1: USB disconnect, device number 35 [ 1586.236238][T24856] netlink: 48 bytes leftover after parsing attributes in process `syz.3.22230'. [ 1586.459986][ T9003] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 1586.596240][T24878] JFS: discard option not supported on device [ 1586.631698][T24878] Mount JFS Failure: -22 [ 1586.636408][T24878] jfs_mount failed w/return code = -22 [ 1586.688077][ T9003] usb 7-1: Using ep0 maxpacket: 32 [ 1586.695042][ T9003] usb 7-1: config index 0 descriptor too short (expected 35577, got 27) [ 1586.720171][ T9003] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1586.776753][ T9003] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1586.818748][ T9003] usb 7-1: config 1 has no interface number 0 [ 1586.824896][ T9003] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1586.899137][ T9003] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1586.943309][ T9003] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1586.953251][ T9003] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1586.989750][ T9003] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found [ 1587.205412][ T9003] snd_usb_pod 7-1:1.1: invalid control EP [ 1587.219771][ T9003] snd_usb_pod 7-1:1.1: cannot start listening: -22 [ 1587.244083][ T9003] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected [ 1587.262647][ T9003] snd_usb_pod: probe of 7-1:1.1 failed with error -22 [ 1587.309647][T10085] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 1587.447793][ T4347] usb 7-1: USB disconnect, device number 2 [ 1587.488684][T24945] netlink: 8 bytes leftover after parsing attributes in process `syz.1.22253'. [ 1587.505166][T24945] netlink: 8 bytes leftover after parsing attributes in process `syz.1.22253'. [ 1587.518584][T10085] usb 5-1: Using ep0 maxpacket: 8 [ 1587.540066][T10085] usb 5-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d9.40 [ 1587.553607][T24937] loop0: detected capacity change from 0 to 8192 [ 1587.555218][T10085] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1587.583454][T10085] usb 5-1: Product: syz [ 1587.594655][T10085] usb 5-1: Manufacturer: syz [ 1587.595172][T24937] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1587.607643][T10085] usb 5-1: SerialNumber: syz [ 1587.619267][T10085] usb 5-1: config 0 descriptor?? [ 1587.652134][T24937] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 1587.663578][T24937] REISERFS (device loop0): using ordered data mode [ 1587.670155][T24937] reiserfs: using flush barriers [ 1587.677259][T24937] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1587.694589][T24937] REISERFS (device loop0): checking transaction log (loop0) [ 1587.703265][T24937] REISERFS (device loop0): Using r5 hash to sort names [ 1587.710330][ T4378] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1587.711238][T24937] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 1587.892888][T24937] REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "reiserfs" [ 1587.938372][ T4378] usb 4-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice=ca.8e [ 1587.981371][T10085] usb 5-1: USB disconnect, device number 34 [ 1587.992631][ T4378] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1588.047624][ T4378] pwc: Logitech/Cisco VT Camera webcam detected. [ 1588.134660][ T4260] udevd[4260]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1588.183698][T24985] netlink: 16 bytes leftover after parsing attributes in process `syz.1.22256'. [ 1588.264239][ T4378] pwc: Failed to set LED on/off time (-71) [ 1588.289854][ T4378] pwc: send_video_command error -71 [ 1588.312109][ T4378] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 1588.340095][ T4378] Philips webcam: probe of 4-1:127.0 failed with error -71 [ 1588.369663][ T4378] usb 4-1: USB disconnect, device number 28 [ 1588.492411][T25007] [ 1588.494780][T25007] ============================================ [ 1588.500938][T25007] WARNING: possible recursive locking detected [ 1588.507111][T25007] syzkaller #0 Not tainted [ 1588.511552][T25007] -------------------------------------------- [ 1588.517705][T25007] syz.0.22258/25007 is trying to acquire lock: [ 1588.523866][T25007] ffff88802f0f80f8 (&dev->mutex#3){+.+.}-{3:3}, at: comedi_do_insn+0x38/0x3b0 [ 1588.532806][T25007] [ 1588.532806][T25007] but task is already holding lock: [ 1588.540189][T25007] ffff88814c8a70f8 (&dev->mutex#3){+.+.}-{3:3}, at: comedi_unlocked_ioctl+0x17a/0x1210 [ 1588.549891][T25007] [ 1588.549891][T25007] other info that might help us debug this: [ 1588.557964][T25007] Possible unsafe locking scenario: [ 1588.557964][T25007] [ 1588.565436][T25007] CPU0 [ 1588.568727][T25007] ---- [ 1588.572015][T25007] lock(&dev->mutex#3); [ 1588.576380][T25007] lock(&dev->mutex#3); [ 1588.580650][T25007] [ 1588.580650][T25007] *** DEADLOCK *** [ 1588.580650][T25007] [ 1588.588896][T25007] May be due to missing lock nesting notation [ 1588.588896][T25007] [ 1588.597221][T25007] 1 lock held by syz.0.22258/25007: [ 1588.602431][T25007] #0: ffff88814c8a70f8 (&dev->mutex#3){+.+.}-{3:3}, at: comedi_unlocked_ioctl+0x17a/0x1210 [ 1588.612569][T25007] [ 1588.612569][T25007] stack backtrace: [ 1588.618471][T25007] CPU: 0 PID: 25007 Comm: syz.0.22258 Not tainted syzkaller #0 [ 1588.626037][T25007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1588.636115][T25007] Call Trace: [ 1588.639495][T25007] [ 1588.642441][T25007] dump_stack_lvl+0x188/0x24e [ 1588.647151][T25007] ? show_regs_print_info+0x12/0x12 [ 1588.652365][T25007] ? load_image+0x400/0x400 [ 1588.656874][T25007] __lock_acquire+0x123e/0x7d10 [ 1588.661749][T25007] ? lockdep_lock+0x1f0/0x1f0 [ 1588.666426][T25007] ? verify_lock_unused+0x140/0x140 [ 1588.671618][T25007] ? __lock_acquire+0x28c4/0x7d10 [ 1588.676647][T25007] lock_acquire+0x1bb/0x4a0 [ 1588.681147][T25007] ? comedi_do_insn+0x38/0x3b0 [ 1588.685944][T25007] ? __might_sleep+0xd0/0xd0 [ 1588.690534][T25007] ? read_lock_is_recursive+0x10/0x10 [ 1588.695923][T25007] __mutex_lock+0x12d/0xaf0 [ 1588.700428][T25007] ? comedi_do_insn+0x38/0x3b0 [ 1588.705320][T25007] ? comedi_do_insn+0x38/0x3b0 [ 1588.710084][T25007] ? mutex_lock_nested+0x10/0x10 [ 1588.715024][T25007] ? __up_read+0x2b2/0x6b0 [ 1588.719531][T25007] ? up_read+0x20/0x20 [ 1588.723696][T25007] comedi_do_insn+0x38/0x3b0 [ 1588.728288][T25007] comedi_dio_bitfield2+0x2ea/0x3c0 [ 1588.733521][T25007] ? comedi_dio_config+0x130/0x130 [ 1588.738780][T25007] bonding_dio_insn_bits+0x2c9/0x5e0 [ 1588.744094][T25007] ? bonding_detach+0x2e0/0x2e0 [ 1588.749048][T25007] insn_rw_emulate_bits+0x332/0x5e0 [ 1588.754256][T25007] ? get_zero_valid_routes+0x10/0x10 [ 1588.759544][T25007] ? comedi_check_chanlist+0x28f/0x320 [ 1588.765004][T25007] parse_insn+0x9f8/0x18a0 [ 1588.769423][T25007] ? __comedi_get_user_cmd+0x680/0x680 [ 1588.774882][T25007] ? do_insn_ioctl+0xfe/0x530 [ 1588.779572][T25007] ? do_insn_ioctl+0xfe/0x530 [ 1588.784533][T25007] do_insn_ioctl+0x170/0x530 [ 1588.789140][T25007] comedi_unlocked_ioctl+0xa36/0x1210 [ 1588.794629][T25007] ? tomoyo_path_number_perm+0x4fb/0x650 [ 1588.800379][T25007] ? comedi_poll+0x8d0/0x8d0 [ 1588.804975][T25007] ? tomoyo_path_number_perm+0x205/0x650 [ 1588.810605][T25007] ? tomoyo_path_number_perm+0x5a4/0x650 [ 1588.816250][T25007] ? tomoyo_path_number_perm+0x205/0x650 [ 1588.822411][T25007] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1588.827879][T25007] ? __fget_files+0x28/0x4b0 [ 1588.832658][T25007] ? __fget_files+0x28/0x4b0 [ 1588.837306][T25007] ? bpf_lsm_file_ioctl+0x5/0x10 [ 1588.842354][T25007] ? security_file_ioctl+0x7c/0xa0 [ 1588.847463][T25007] ? comedi_poll+0x8d0/0x8d0 [ 1588.852053][T25007] __se_sys_ioctl+0xfa/0x170 [ 1588.856740][T25007] do_syscall_64+0x4c/0xa0 [ 1588.861157][T25007] ? clear_bhb_loop+0x60/0xb0 [ 1588.865834][T25007] ? clear_bhb_loop+0x60/0xb0 [ 1588.870508][T25007] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1588.876397][T25007] RIP: 0033:0x7f397b99bf79 [ 1588.880805][T25007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1588.900571][T25007] RSP: 002b:00007f397c867028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1588.909005][T25007] RAX: ffffffffffffffda RBX: 00007f397bc15fa0 RCX: 00007f397b99bf79 [ 1588.917075][T25007] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003 [ 1588.925134][T25007] RBP: 00007f397ba327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1588.933102][T25007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1588.941072][T25007] R13: 00007f397bc16038 R14: 00007f397bc15fa0 R15: 00007fff136183b8 [ 1588.949162][T25007] [ 1588.973088][T25017] netlink: 'syz.6.22261': attribute type 1 has an invalid length. [ 1588.981239][T25017] netlink: 'syz.6.22261': attribute type 2 has an invalid length.