last executing test programs: 1m43.065297916s ago: executing program 0 (id=74): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000080)={r2, 0x100, 0xbe0}, 0x8) 1m42.040074651s ago: executing program 0 (id=85): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0xc2}}}}}}, 0x0) 1m41.913508193s ago: executing program 0 (id=86): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d80ff0008000200", @ANYRES16=r0, @ANYRES32=r2], 0x44}}, 0x0) 1m41.832622794s ago: executing program 0 (id=87): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 1m41.636225627s ago: executing program 0 (id=91): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) set_robust_list(&(0x7f0000000400)={0x0, 0x6}, 0x18) 1m41.194068464s ago: executing program 0 (id=92): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r2}, 0x10, &(0x7f0000000080)={&(0x7f00000005c0)=@canfd={{}, 0x3, 0x2, 0x0, 0x0, "0e7692fddc9d8ba5a0ac79669b2947a81f2e3c8973fc2af2a7fa10b9926ea28baed9b57d82ab23db557c307ae88da9c6c68d8ceae8e69b06707297b87f8c925a"}, 0x48}, 0x2, 0x0, 0x0, 0x4105}, 0x0) 1m40.74748829s ago: executing program 32 (id=92): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r2}, 0x10, &(0x7f0000000080)={&(0x7f00000005c0)=@canfd={{}, 0x3, 0x2, 0x0, 0x0, "0e7692fddc9d8ba5a0ac79669b2947a81f2e3c8973fc2af2a7fa10b9926ea28baed9b57d82ab23db557c307ae88da9c6c68d8ceae8e69b06707297b87f8c925a"}, 0x48}, 0x2, 0x0, 0x0, 0x4105}, 0x0) 1m19.844967345s ago: executing program 1 (id=199): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') read$FUSE(r0, &(0x7f00000000c0)={0x2020}, 0x2020) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) 1m19.53742819s ago: executing program 1 (id=201): r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x0, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x81, 0x8, 0x1, {0x2}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) 1m19.154739125s ago: executing program 1 (id=206): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}, 0x1e) connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x4, @multicast, 'bond0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'hsr0\x00'}}) 1m18.988521648s ago: executing program 1 (id=208): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x9) 1m18.797565851s ago: executing program 1 (id=210): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000200)={0x0, {{0x2, 0x4e21, @local}}}, 0x88) 1m18.490032165s ago: executing program 1 (id=216): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m18.15576859s ago: executing program 33 (id=216): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m3.591670482s ago: executing program 3 (id=294): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff0200000000000000000000000000010000000000000000000000000000000000003c0000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b8002944", @ANYBLOB="60144f6f"], 0xfdef) 1m3.385697855s ago: executing program 3 (id=296): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0xfe, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 1m2.961383112s ago: executing program 3 (id=298): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1590}]]}, 0x30}}, 0x0) 1m2.669306516s ago: executing program 3 (id=301): syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000340)=ANY=[], 0xa, 0x63a, &(0x7f0000000ac0)="$eJzs3ctrXNcdB/DvHcl62OAoje24JRARQ1oqauuB0qqbuqUUFUIJ6aJrYctYeOykklKUUBr1Rbdd5A9IF9p1VeimUDCk63aXrZaBQjdZqasp984dPWx5OhOPNLLz+YQ755x77j33d35zH5oJZgJ8aS3PZPRhiizPvLlVtnd3Fpq7Owv3O/Uk40kayWi7SPEgKT5Jbqa95Kvlynq44knH+Wht6e1PP9/9rN0arZdq+0a3/XqzXS+ZTjJSl4Ma79Zx4433M1yxP8MyYdc6iYNhO5ekdcTPrxz0dHf+qa9b4Cwo2s/Nfa36yp6qLvNMdB552+3VjSGEOFDbww4AAAAATsELe9nLVi4OOw4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4ltS//1/96v/E/qoU0yk6v/8/1ulPcmGIoXY31ttmDxsnHQgAAAAAAAAAnLxX97KXrVzstFtFGkleqxqXqtcLeS8bWc16rmcrK9nMZtYzl2Tq0EBjWyubm+tzPew5f+ye8z0GPPn0cwYAAAAAAACA59Bvsnzw//8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAsKJKRdlEtlzr1qTRGk0wkGSu3207+1ak/yx4OOwAAAAA4BS/sZS9budhpt4rqM/+V6nP/RN7Lg2xmLZtpZjW3q+8C2p/6G7s7C83dnYX75fL4uN//T19hVCOm/d3D8Ue+Wm0xmTtZq9Zcz628k2Zup1HtWbraief4uH5dxlR8r9ZjZLfrspz5H+vy5I30sM1UlZFz+xmZrWMrs/Fi90wcfXe2+z3SXBr73/xcOoGcn6/LIrnw41PLeS/qTLyaOhPzh86+K90zkXz9r3/+2d3mg3t372zMnJ0p9WG81Wp16o+eEwuHMvHyc5+Jw2arTFzeby/nR/lpZjKdt7KetfwiK9nMaqbzw6q2Up/P5etU90zdPNJ6q3qdfHIkY/X70r579BfTa9W+F7OWn+Sd3M5q3qj+m89cvp3FLGbp0Dt8uYervtHfVX/tG3WlnOAfuk/0lJV5fbHO64fJkXvuVNV3eM1BllJk0PfG0a/VlfIYv63Ls+HRTMwdysRL3c+XP1W3lY3mg3vrd1fe7fF4r9dleR39/kw9Jcrz5Svlm1W1jp4dZd9Lx/bNVX2X9vsaj/Vd3u/7f1fqWP033OMjzVd9Lx/bt1D1XT3Ud9zfWwCceee/eX5s8t+T/5z8ePJ3k3cn35z4wfh3xl8Zy7l/nPvu6OzI641Xir/k4/zq4PM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxW28/8G9lWZzdf2RSqvV+vAJXV+0MpJ+9vr73wZ59M7vEdVriiQDm9dAKhP9bNw6GzH3U/lvq9UayIDbXU7agVVatTORuiFVhnxjAk7cjc37797YeP+Db611HpGLi0uzS4tvLNy4s9ZcnW2/DjlI4EQcPPSHHQkAAAAAAAAAAADQq9P45wTDniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFueyejDFJmbvT5btnd3Fprl0qkfbDmapJGk+GVSfJLcTHvJ1KHhiicd56O1pbc//Xz3s4OxRjvbN7rt15vtesl0kpG6HNR4t556vGJ/hmXCrnUSB8P2vwAAAP//1qEOFQ==") mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x200809, &(0x7f0000000100)={[{@delalloc}, {@journal_async_commit}, {@noquota}, {@nobarrier}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@nouid32}]}, 0x81, 0x4bc, &(0x7f0000000a00)="$eJzs3c1vG2UaAPDHdvPZ7PZjV6u2K20rdaXuhxrnQ6smu3vhBBwqISpxAamExA0lThzFTmmiHlK49cABgUBCHLjzF3ChJyokxBnuiAMqghIkQEIYeWyn+XKwaGJLmd9Pmuadead+3jfW82b8zowngNQ6V/snEzEUEZ9GxLH66tYdztV/rD+4NV1bMlGtXvkmk+xXW2/u2vx/RyNiLSL6I+LpxyNeyOyMW15ZnZsqFgtLjfV8ZX4xX15ZvXh9fmq2MFtYGJ24NDk5MTI+Nrlvfb3z2kt3Ln/wZO/7P7x6/97rH31Ya9ZQo25zP/ZTves9cWLTtiMR8f+DCNYFuUZ/BrrdEH6X2vv3p4g4n+T/scgl7yaQBtVqtfpzta9V9VoVOLSyyTFwJjscEfVyNjs8XD+G/3MMZoulcuXf10rLCzP1Y+Xj0ZO9dr1YGGl8VjgePZna+mhSfrg+tm19PCI5Bn4jN5CsD0+XijOdHeqAbY5uy//vc/X8B1LCR35Irz3zP9u5dgCd5+8/pJf8h/SS/5BeO/P/l660A+i8dv7+5zrQDqDzHP9Desl/SC/5D+kl/yGVnrp8ubZUm/e/z9xYWZ4r3bg4UyjPDc8vTw9Pl5YWh2dLpdnknp3533q9Yqm0OPqfWL6ZrxTKlXx5ZfXqfGl5oXI1ua//aqGnI70C2nHi7N3PMxGx9t+BZKnpbdTJVTjcqtVMdPseZKA7nNaH9DL1B+nlMz6wy1f0btHfqmJx/9sCdIZv94D0unD6Uc7/VQ+4dcBBMv8P6WX+H9LL/D9g/h/Sx/w/pNdQi+d//WHTs7tGIuKPEfFZrqev+awv4DDIfpVpHP9fOPb3oe21vZkfk1MEvRHx8jtX3ro5Vaksjda2f7uxvfJ2Y/tYN9oPtKuZp808BgDSa/3Brenm0sm4Xz9WvwhhZ/wjjbnJ/uQc5eB6Zsu1Cpl9unZh7XZEnNotfqbxvPP6mY/B9dyO+CcbPzP1l0jaeyR5bnpn4p/eFP9vm+KfeeTfCqTD3dr4M7Jb/mWTnI6N/Ns6/gzt07UTrce/7Mb4l2sx/p1tM8aL777yZcv4tyPO7Bq/Ga8/ibU9fq1tF9qMf/+5Z/7Sqq76Xv11dovfVCvlK/OL+fLK6sXke+RmCwujE5cmJydGxscm88kcdb45U73T/059cm+v/g+2iL9X/2vb/tlm/3/668fPntsj/j/O7/7+n9wj/kBE/KvN+N+NffF8q7pa/JkW/c/uEb+2bbzN+OU3n+hrc1cAoAPKK6tzU8ViYUlBQUFho9DtkQk4aA+TvtstAQAAAAAAAAAAANrV+jLgvn27nLjbfQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAx+DQAA//+iodfy") mount$bind(&(0x7f0000000040)='./file1\x00', &(0x7f00000000c0)='./file1\x00', 0x0, 0x3002, 0x0) syz_mount_image$fuse(&(0x7f0000002180), &(0x7f0000002080)='./file1\x00', 0x80b0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0) 1m2.447447839s ago: executing program 3 (id=302): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0xfe, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xfe}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 1m2.001548005s ago: executing program 3 (id=304): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') r1 = memfd_create(&(0x7f0000000140)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\xe3l\x87\\\x15Hd~\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bI\xd8\x1c\xe8\x9bYS%\x1d\x10\x86\xa0\v\xea\xd9\x89\xda\xa7Wd\xa4Eu\x8csm\xa1.\xd1\xb2I\x1a\xb2\xfdA\x98\x16\xca\x83y\xf9\x1a\xe7\x06h\av\xa8\xd8\xceY\xc0\xe6v\xb5\xf5\x9d\xbe\xa58\xb42\xd8V$\xe6\xc8\x1c\xaf\x8e\xa1\xefa\xb1/\xee1=\xbfM\xeaw\f\xa2\x87\x1c(\x1a-\xeb\xfbV\xeb4\xd4C]\xc7{t\xf9\xd5`IZ\x03H\xd9\x86\xe12N\x1f\xd8{\xf5z@\xe0\x00\x00\x00\x00', 0x0) mmap(&(0x7f00001d1000/0x3000)=nil, 0x3000, 0x1800006, 0x11, r1, 0xbc4cd000) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) 1m1.390416955s ago: executing program 34 (id=304): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') r1 = memfd_create(&(0x7f0000000140)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\xe3l\x87\\\x15Hd~\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bI\xd8\x1c\xe8\x9bYS%\x1d\x10\x86\xa0\v\xea\xd9\x89\xda\xa7Wd\xa4Eu\x8csm\xa1.\xd1\xb2I\x1a\xb2\xfdA\x98\x16\xca\x83y\xf9\x1a\xe7\x06h\av\xa8\xd8\xceY\xc0\xe6v\xb5\xf5\x9d\xbe\xa58\xb42\xd8V$\xe6\xc8\x1c\xaf\x8e\xa1\xefa\xb1/\xee1=\xbfM\xeaw\f\xa2\x87\x1c(\x1a-\xeb\xfbV\xeb4\xd4C]\xc7{t\xf9\xd5`IZ\x03H\xd9\x86\xe12N\x1f\xd8{\xf5z@\xe0\x00\x00\x00\x00', 0x0) mmap(&(0x7f00001d1000/0x3000)=nil, 0x3000, 0x1800006, 0x11, r1, 0xbc4cd000) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) 39.533225833s ago: executing program 4 (id=422): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) r1 = dup(r0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000000)=0x5, 0x4) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000dc0)="bbff4469c3d866d9f358089df06b3ff0c6c73c1bec0b599e05799175bd5e41cbc3a5b417b9447eea302c947e834a837b42ec667442b31f67354053c4ec117741e54568662b7630410bc352a803326c8eda50a51d19a1e4d9b1b421f275ea3df1594194dcdb4a891592e275aec38d7c0f609d1c11c2e0b19ffb4493a323e0162e0ba8aa10aa9dc42f18730d4dac43b7d5736c8fcbf2414200e9c536b2b9a4dd398831b402c9fdffe1cc82e3f8e7f115dc6ba14d48030909c5c53f505de8b60d004a9c89f3be9901c5e5c278bf865453cdbd3825ab861fd1334ec8dbd9706802ad821d941abe4d9aa82c212a58d2819400b40e313b7e2bfd9b6dda86d85a71c28c3132a02dc4ebf4254ad86c2ab308bf36dc47c20d67402893793dcccedd28c8101eb28cf3d75a93b72c07697d9c09a28fa6337e08f8da4beb0751d62e896dc7c58d1e311f84da738c3392d121bfa120e8c2e2a9e83691ceef933dad4f0faab936b6cb5f6ed17817bbe7e330e2b40ca0f949572d37806ee701fd90d8c21dec1ed1083d5fb8986e095e549325c212b7a86fa86bf8a3feeb064b6c908a347f92b2d578e0117cb0b5bff3df9c59cdedc8a31b128c5067a09a3cf2b054def4355a028f5a82c07d3e35a9d9baead43cf6f08b8fd4120ce364d2f5ad3621423b984cceed0fe8e7f1cfba27407a861aa69b933cdd3b1e79f00de767c5415b6cd3a980ddeda470b37bf4785f5e20bf884247ac7e9e7c23b063e18d171bf9c743e92153fbcb00738100000032b34a4423c1e4b74399bedea88ca1d28ba061f6617c2ce5b4f98320a9787a05b74b2899050bc7f8f7a159162c617e944890d76e9d0fce4ac4dce7064c6cc19d6ac1489cda9ebb4f9b80fef2e64c7a2b171d347858ee41f5d7649ffe6fe77bff58182e910e5c0da0686007e3b1a16cb7d63f9ea85712d48af88eb410d2241a2e2c110fbe388e67eb218d261efd2a1d948e70a7008fceb72ab9fd5dc0692cb12ab0ced52502a182b16a622d7694835df0d5a41e4d8df71c0d1e97387f22b78129020d21436fee7f4f22415a9fb4da3212ba1005b038d34a79cdc40ef02143ee0cc83348245453c5bf5c488ff2b9b784fe3d249e711d70f854acc93a05176ffde353fcde7286c93e7520b904251e9758aab9817c261e9429e665c6b653f867d93c7ab8c28c4f34fec0e66808b45b27a477a12426ae71607d898528d3fa43f04c72ba9268439950178d81a023aa14b4ade930e3fe146ab8c78460b9338ae6bda60de34388318131f7e4857d971e0768c1c7ea606a04c098c9d566f57f3803367be0440ad170ca17b3f572ba715df908b5e81ec04fbc0e48392121d759868dcfa2354f7553d8e344db572403548adde99a992bad5eade7208ea0cce79f8c2f2df1674f2a3744109faec47cc602302321a287756e9dac78ee8132259a216b1b658ff20599ad5f7d269cee94df515f58c2de2aff7888261989aec74eb7ca506ff8ec2ed7f70f73ad146184e481dc47e87c41f2918a1e20ad1e160c6330a2eb16ed517fea330796cdba2766c3a1e53044054e4002bc142f60f9b4dcae8ad8bc2f50a003d6c1e4aef0b90cfc28014c845e247e638db45aab6dbba41259811434e3ec39df9d7a2822d64e700a1d1f97db16888f32ae453a871b22d9abde089d4197816d791212fa70108790c076c00cab9a81cac4711b786e7f986178d25ac1bdc9baa51faa665d2a5bc998d4a120ca3fd208fab95384eeacc6253ab2bcc302c47159e8f3b2593f6d0af5c1f601d3ca512e9be4c7a6eed28f56e529a75330d7d4543e50cf98842dd63be0d9a2c04bb91f9539fa1e62ad9a3d2e355155ebf186bb8b0aec8ef9d49d8ac89b3b18297c2d5fd3cde8c2d3f6459c6aca22801b1c01fffe69a644ffb3cd8d0f2d6d384ebdcf57c549ff0b90f0e3406a1733f52bd2910673321217744be0688325b811243e7d9273b44edd287533021fe90eb8c6630764f35b08d15f6c26e0756b30c5cc5da732cb3b96f36019a047b70035d5d1d3729043f0c40aeb71d289bb1ae3c014e7bcf9683bf90f9e39c16cd08d1115e94aba4f9ce6f3", 0x5c5}], 0x1, &(0x7f0000000080)=[@ip_retopts={{0x14, 0x0, 0x7, {[@noop]}}}], 0x18}, 0x0) 39.463963594s ago: executing program 4 (id=424): r0 = syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0x17ce, 0x400, 0x0, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x9, 0x0, @fd_index=0xa, 0x5, 0x0, 0xae, 0x4, 0x1, {0x0, r3}}) io_uring_enter(r0, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 38.992848491s ago: executing program 4 (id=428): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000b40)={0x52, 0x1, 0x1, {0x0, 0x1}, {0x61, 0x2}, @period={0x59, 0x0, 0x0, 0x3, 0x80, {0x1, 0x8001, 0xf, 0x1}, 0x0, 0x0}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 38.801268594s ago: executing program 4 (id=430): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) 38.492570598s ago: executing program 4 (id=434): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0xfbc0, 0x8, 0x2}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0xe3bbedd24f4353f0, 0x1}) io_uring_enter(r1, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) 37.175149788s ago: executing program 4 (id=442): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 36.901446322s ago: executing program 35 (id=442): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 2.681519841s ago: executing program 5 (id=681): r0 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) close_range(r0, 0xffffffffffffffff, 0x0) 2.578728523s ago: executing program 5 (id=683): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000000, &(0x7f0000000000), 0x1, 0x530, &(0x7f00000003c0)="$eJzs3e9rJGcdAPDvTLLX3F1qtipyFmyLrdwVvd3LxbZRpK0g+qqgnu/PNNkL4TbZI7s5L6HYFP8AQUQF/wARBMG3gvRPELGg70VFEb3qS+3IzM56l8tusnfZZM/N5wNP9nnmx/N9niE7Oz8eZgI4tZ6LiNcjYioiXoyIuXJ6WqbY7aZ8uffvvrWcpySy7Nrfk0jKab268vJ0RJwvV5uJiK9/JeLNZH/c9vbOzaVms7FZluud9Vv19vbO5bX1pdXGamNjYWH+5cVXFl9avJKVjtTPakS8+qU//+C7P/nyq7/6zLf+cP2vl76dN+sLH+u2OyKWjxRggG7dlWJb9OTbaPM4go1J3p/K1LhbAQDAMPJj/A9HxCeL4/+5mCqO5gAAAIBJkr02G/9OIjIAAABgYqURMRtJWivHAsxGmtZq3TG8H41zabPV7nz6RmtrYyWfF1GNSnpjrdm4Uo4VrkYlycvz5RjbXvnqA+WFiHgqIr4/d7Yo15ZbzZVxX/wAAACAU+L8s3vP//81lxb5e347trYBAAAAI1QdWCjc/sVP3zzJ5gAAAADHYP8pPwAAADBpnP8DAADARPvqG2/kKeu9x3vl9vbWzdbtyyuN9s3a+tZybbm1eau22mqtFs/sWz+svmardeuzsbF1p95ptDv19vbO9fXW1kbn+tqeV2ADAAAAJ+ipZ9/9fRIRu58/W6QonwMIsMefxt0AYJSmehlX5+HUmR53A4CxqRy6hD0ETLrkkPl7Tg+yLHu7l//1sTUJAAAYsYsf33///0w57/BrA8D/M2N9AOD0cXcPTq/KvRGAD+fCqFsCjMuHuh9PDJo/cHjwEPf/u9cYsuyRGgYAAIzMbJGStFYep89GmtZqEU8WrwWoJDfWmo0r5fnB7+YqT+Tl+WLN5NAxwwAAAAAAAAAAAAAAAAAAAAAAAABAV5YlkQEAAAATLSL9S1I8zT/i4twLs3uvDjzw1q8fX/vhnaVOZ3M+4kzyj7l80pmI6PzoWhL59KuZVwIAAADAY6A4f79afs6PuzUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATJr377613EsnGfdvX4yIar/40zFTfM5EJSLO/TOJ6fvWSyJiagTxd9+JiAv94ifxQZZl1bIV/eKfPeb41WLT9I+fRsT5EcSH0+zdfP/zer/vXxrPFZ/9v3/TZTqqwfu/9H/7v6kB+58nHygP8vR7P68PjP9OxNPT/fc/vfhJN/6eEHnh+SH7+M1v7Oz0nXFflf3i3x+r3lm/VW9v71xeW19abaw2NhYW5l9efGXxpcUr9RtrzUb5t2+Y733ilx8c1P9zA+JX9/Z/3/Z/YajeZ/Gf9+7c/Ui3UOkX/9Lz/X9/LwyIn5a/fZ8q8/n8i738bjd/v2d+9ptnDur/yoD+zxzS/0tD9T8+9+LXvvPHvnP2bQ0A4CS0t3duLjWbjc0DMjNDLHPCmdcej2aMMBOPRzMeNlMZUT3Z293/x6PVc8TV92Wyo6w+HSNoxpl939OpeNQKk4jdvK4h/yEBAIAJc++g/6A7SAAAAAAAAAAAAAAAAAAAAMBxesTHks1ExNALPxhzdzxdBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA40H8DAAD//6DU1oA=") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x9a) fallocate(r0, 0x0, 0x0, 0x1000f4) pwritev2(r0, &(0x7f0000002b00)=[{&(0x7f0000002b80)='U', 0x1}], 0x1, 0x2576, 0x4, 0x0) 2.380735676s ago: executing program 6 (id=687): r0 = socket$inet6(0xa, 0x3, 0x5) r1 = socket$l2tp6(0xa, 0x2, 0x73) dup2(r1, r0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) sendmmsg(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)=@nl=@unspec, 0x80, 0x0}, 0x5b4}], 0x1, 0x850) 2.285520427s ago: executing program 6 (id=689): sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000201010100000000000000000200000004"], 0x44}}, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002200"], 0x1c}], 0x1}, 0x0) 2.260803098s ago: executing program 6 (id=690): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000180)={[{@errors_remount}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}]}, 0x1, 0x573, &(0x7f0000000ec0)="$eJzs3T1sG+UbAPDnzvG/X/mTIoEEqEMFSEWq6iT9gMLUrohKlTogsUDkuFEVJ47iBJooQ7pXiA4IUJeywcAIYmBALIysLCBmpIpGIDUdwMhfaZo4wSl1XHK/n3T2vfee/bzvnZ/XvtOdHEBmHa0/pBHPRsTFJGJoXd1AtCqPNtdbXVkq3ltZKiZRq136LYkkIu6uLBXb6yet50MRsRwRz0TEd/mI4+nmuNWFxcmxcrk02yoPz03NDFcXFk9cmRqbKE2Upk+98uqZs6fPjJ4cXf+ye7X1pfzO+nr95xvvX//h9Vs3Pv/iyHLxw7EkzsVgq259Px6l5jbJx7kNy0/3IlgfJf1uAA8l18rzeio9HUORa2V9J7WhXW0a0GO1fRE1IKMS+Q8Z1f4dUD/+bU+7+fvj9vnmAUg97mpratYMNM9NxP7GscnB35MHjkzqx5uHd7Oh7EnL1yJiZGBg8+c/aX3+Ht7Io2ggPfXt+eaO2rz/07XxJzqMP4Ptc6f/Unv8W900/t2Pn9ti/LvYZYw/3/rlky3jX4t4rmP8ZC1+0iF+GhHvdBn/5ptfn92qrvZpxLHoHL8t2f788PDlK+XSSPOxY4xvjh15bbv+H9wifvOc7f7G10yn7T/TZf+/+v7L55e3if/SC9vv/07b/0BEfNBl/CfvfvbGVnW3ryV36r8Cdrr/68tudRn/5XNHf+pyVQAAAAAAAAAAYAfSxrVsSVpYm0/TQqF5D+9TcTAtV6pzxy9X5qfHm9e8HY582r7SaqhZTurl0db1uO3yyQ3lU7lWwNyBRrlQrJTH+9x3AAAAAAAAAAAAAAAAAAAAeFwc2nD//x+5xv3/G/+uGtirtv7Lb2Cvk/+QXQ/mf9K3dgC7z/c/ZFZN/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv8AAAAAAAAAAAAAAAAAAAAAAAAAANATFy9cqE+1eytLxXp5fGBhfrLy7onxUnWyMDVfLBQrszOFiUplolwqFCtT//R+SaUyMxLT81eH50rVueHqwuLbU5X56fZ/ipbyPe8RAAAAAAAAAAAAAAAAAAAA/PcMNqYkLURE2phP00Ih4v8RcTjyyeUr5dJIRDwRET/m8vvq5dF+NxoAAAAAAAAAAAAAAAAAAAD2mOrC4uRYuVyazcjMwE5WjojlR9uM+jvu+FX51r56XLahmSzM9HlgAgAAAAAAAAAAAAAAAACADLp/02+3r/irtw0CAAAAAAAAAAAAAAAAAACATEp/TSKiPh0benFwY+3/ktVc4zki3rt56aOrY3Nzs6P15XfWls993Fp+sh/tB7rVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3VRcWJ8fK5dJsD2f63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/F3AAAA///pCdd8") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0xffff, 0x100000001, 0x80000001}) 2.198280618s ago: executing program 5 (id=691): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)={0x58, r1, 0x2140dcfffd4d4d7f, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "2635eb6f2d8ab086368aa4cec5d828e0"}, @NL80211_ATTR_SSID={0x4}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0xca}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x64}, @NL80211_ATTR_PMK={0x14, 0xfe, "409401b494cf74d4335940b2da621910"}]}, 0x58}}, 0x50) 2.10154931s ago: executing program 7 (id=692): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000001a00010a0000000000000000020000000800000065"], 0x1c}}, 0x0) 2.009472811s ago: executing program 7 (id=693): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4) r0 = socket$inet6_udp(0xa, 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000080)=0xa, 0x4) getsockopt$inet6_int(r0, 0x29, 0x48, 0x0, &(0x7f00007d0000)) 2.001010401s ago: executing program 6 (id=694): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) 1.980839102s ago: executing program 7 (id=695): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0) bind$can_raw(r0, &(0x7f0000000080), 0x10) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.881432103s ago: executing program 7 (id=696): bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYBLOB="128aca047a4fe26123a8b416f2"], 0x48) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='vegas\x00', 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) 1.880890923s ago: executing program 5 (id=697): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) 1.786692454s ago: executing program 5 (id=698): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000800)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x153) 1.673669876s ago: executing program 5 (id=699): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000000001058041650"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1.521537388s ago: executing program 6 (id=700): mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socket(0x8, 0x2, 0x4) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x5) syz_usb_connect(0x5, 0x56, &(0x7f0000000880)=ANY=[@ANYBLOB="12010003cc0a6708b8222564f9ca010203010902640001040420080904bd0e00020a00040524060001052400040002001006241a0200121524120300a317a88b045e4f01"], &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0}) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x13) 889.480107ms ago: executing program 7 (id=709): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r0, &(0x7f0000000080)={{0x3, @default, 0x1}, [@null, @null, @default, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r1, &(0x7f0000000100)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close(r1) 785.405489ms ago: executing program 7 (id=702): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x60b, 0x500a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x4, 0x4d, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x87, 0x0, 0x26, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0xff, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x10001, 0x3, 0xff2e, 0x80}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x9, 0x0, 0xb}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0xb, 0xa3, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff030902"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 573.400852ms ago: executing program 2 (id=705): r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r0, 0x0, r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)) 573.114112ms ago: executing program 2 (id=706): r0 = socket$vsock_stream(0x28, 0x1, 0x0) io_setup(0x402, &(0x7f0000000200)=0x0) close(0x3) socket$tipc(0x1e, 0x5, 0x0) io_submit(r1, 0x1, &(0x7f0000000240)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x80, r0, 0x0}]) 471.561874ms ago: executing program 2 (id=707): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r0, 0x81ff) 237.297907ms ago: executing program 2 (id=708): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)) timer_settime(0x0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000000340)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000c00)=@mangle={'mangle\x00', 0x64, 0x6, 0x538, 0x418, 0x118, 0x228, 0x228, 0x228, 0x4e8, 0x4e8, 0x4e8, 0x4e8, 0x4e8, 0x6, 0x0, {[{{@ipv6={@empty, @loopback, [], [], 'gre0\x00', 'team0\x00', {}, {0xff}}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@multicast1, @ipv4=@private}}}, {{@ipv6={@mcast2, @loopback, [0xffffff00, 0x0, 0xffffffff], [0x0, 0xff, 0xffffffff, 0xff000000], 'bond0\x00', 'batadv_slave_0\x00', {}, {}, 0x32, 0x1}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0xfffffffe, 0x9, @ipv4=@empty}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x418}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@remote, @ipv4=@local}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598) 85.254539ms ago: executing program 6 (id=710): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x108c8, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00598f2f223a0a12f76404ad3bd59a04fbd75d1008c039c51a2a013e63af1c9ed7416faa1e2ea98d0f1c7337a5c81920988a4299a77054cdb12285fd7a0e5b43382d962372b73042593a5bd6b7db4a1b3721c62f11018727c29f3a1bd1e554474ea0d1da2a20b205df342a04a34b65e16a23e8e7811a984963073ebcbead85f9e4332bdef4c1ce54a1c6f7a47b75aa95b9e8cb616be40a0000b1309ee426d1803ef09abb9509846c34b9ac0bf109cedbd12c850effda9ae677566159f9c83da7ff6e247e3ac43c0a663c8c83650692e474bac2c047b238601bd5187d6bed82fe2034512ef11b74a98252198c4402bcf3165561157678e9d50831c27d1094a04d8c7607d7164033cda7a81704824d3107f232de8c31f57de3f78727828e8206403db4", @ANYRES32], 0x1, 0x4460, &(0x7f0000004480)="$eJzs3cFvVNUaAPBzpwVaHvBaHiS85CVvkkfyXp6maVmpJbGUQmmhYqoQ42aYtgNUpx3STo0LFnVH4srEhXFBMNFVV4SFW/wT3LhwgSsXRF2YGBMTYs3M3Gl7b2fsQDptir/fgjv3nHvO+Zjv3jvnNrn3ZmLlm7OL2dnFbH4+W5q+vngq+16puDRXCJkd0nD8fTs3Pq1px36y2/veX9nls+ffuHoqhK9mvnm8urq6Gio6Q0MDGz7/+vPt6Y3LukyqTaXfxr1tl7dDCMc2xVXREUJ468sQohDCmbhsOF52hxAOh1rd1dsfXstuUzT3HxVO555M3HkweHJ85e6D5v/3KIRPi/988cbcj//pGPzu/9s0PAAAAAAAAAAAAAAAAAAAe9zo5OUrr/cPhIdR6FyJNt+vOxovm90fu7pt/t00xh/SNxUDAAAAAAAAAAAAAAAAAADAc2b9/v9sdLTB/f8j8XKoSfvVV9sfI+0z9trlkXP9A/H736NN9S/FRT+d6Qi9Dd77nn7/+5lU+8bvf988zrOqx1cftydEmb7EeibT1xfCZ/GL309EBzPF0mL5heulpfmZbQtjz0rmv/agjUR24mdvtJr/4VT/7X///z827U2V9Wvbt4s915L572i63ecfRC3l/2yq3U7k/2l5nMy6ZP47q2XdGzcYqn1blfx/1Ll1/kdS/bcr/0dCCNmoEms2cQaozGEq5c3mKyQl87+vWpY4dcZfZLPj/7dU/s+l+t+t8/9y+oeIhpL5318t60pssX789/4SP6rrT47/86n+dyP/lfiXq4WTX7R37L0vmf8DtcLOxCbVb7LV8/9ooun+tuX/SiaO80iU2ANWolp5s+fVkZTMf9em+vXrv0xL878LqfY7df1XH7cnhOr1X/30/7+odv1HY8n8d6ervz0eX0i1evyPpTpo9/l/qDr/41kl83+wWpacO/dU/201/+Op/tP5//5v2xN3dVbSVc//+vnk9wO18nvmfy1J5j9OTmbj3wGWq/9W53/R1vP/i6n+d2P+V9k5llMX+fvbG8Selcz/oXT18cH4QyX/X7fw+38p1UH78x9Cv7/1PbNk/g833a56/Hdtnf+JVLt25/+/W9Snf48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnjfD8bInRJm+xHom09cXwtl4/UQ4GE3lZ3JTxdL0u4shjMTl2XA0ulEsTeWLudn50kwhly8WS9MhnIvrj4WuaLFYKufm8rfOr/XVHd0s5BfKU4V8OYQwGpf/Kxyu9zU1W57L3wohXFir+3umtHDrZn4+NzO78Ep/f39/GFuLoTcqvF8uzJdro9dqQxhfa9sTbQiuWn1xLZZD0TulpYX5fLFafmlDm2JpOl/c0GYirvs49EblhaX56Xy5kCuWbtTH201D8XJkbPLNyUsDm+qvRbXl8M6GBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBTejj48ichhM7aWiaEMFT/EDXa/v6jwunck4k7DwZPjq/cvfe42XYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwB/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYZeOUSIGojAAvxmb2HkMq5B0thFFtDAieAI9hofRiwhewjtYWNhaCXFG0J3ANrvV9zWB/DO8B/MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2Lm7nu5thjEjR5Yh4fXh7X4KXn/yqnHs6bd8/2NOe7Mbl9Xx2Pozl3dNGflJ+fUx5Sb8+H++j8a2e//Xkt09/1DmHq3u1+tY1ylb3q3OPIuU+IqaSH6ec+351DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADf7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHjgUAAAAAhPlbZ9G1AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwKAAD//0XdKLY=") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffa) sendfile(r0, r0, 0x0, 0x800000009) truncate(&(0x7f0000000000)='./file1\x00', 0xa00) 84.596349ms ago: executing program 2 (id=711): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x80000003, 0x5) write$tun(r2, &(0x7f0000000bc0)={@val={0x0, 0x9}, @val={0x1, 0x4, 0xfff, 0x1, 0x8000, 0x6}, @mpls={[], @ipv6=@tipc_packet={0x5, 0x6, "bb935d", 0x20, 0x6, 0xff, @local, @local, {[], @payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x1bb, 0x0, 0x2, 0x4, 0x3, 0x3, 0x6, 0x0, 0x0, 0x4e22, 0x4e23}, 0x2, 0x2}}}}}}}, 0x56) 0s ago: executing program 2 (id=712): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={0x1c, r2, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) kernel console output (not intermixed with test programs): 43f0-8345-635ad0fd87c6 [ 118.587946][ T43] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 118.598457][ T5788] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 118.874288][ T6999] syz.4.276 (6999) used greatest stack depth: 19760 bytes left [ 119.414288][ T27] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 119.464382][ T5878] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 119.624559][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 119.636176][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.654311][ T5878] usb 6-1: Using ep0 maxpacket: 32 [ 119.662840][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.703829][ T5878] usb 6-1: config 0 interface 0 has no altsetting 0 [ 119.710793][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 119.722222][ T27] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 119.731940][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.743427][ T5878] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 119.752825][ T5878] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.767999][ T5878] usb 6-1: Product: syz [ 119.775230][ T27] usb 3-1: config 0 descriptor?? [ 119.780423][ T5878] usb 6-1: Manufacturer: syz [ 119.789380][ T5878] usb 6-1: SerialNumber: syz [ 119.798545][ T5878] usb 6-1: config 0 descriptor?? [ 119.999044][ T7013] loop2: detected capacity change from 0 to 256 [ 120.225605][ T5878] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 120.331605][ T27] hid (null): unknown global tag 0xc [ 120.354365][ T27] hid (null): report_id 1196726220 is invalid [ 120.355046][ T7038] loop3: detected capacity change from 0 to 32768 [ 120.368424][ T27] hid (null): unknown global tag 0xe [ 120.385613][ T27] hid (null): global environment stack underflow [ 120.398801][ T7038] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.279 (7038) [ 120.416122][ T7036] loop4: detected capacity change from 0 to 40427 [ 120.429157][ T7038] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 120.442198][ T7036] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff [ 120.452938][ T7038] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 120.466767][ T7036] F2FS-fs (loop4): Image doesn't support compression [ 120.476323][ T7036] F2FS-fs (loop4): Image doesn't support compression [ 120.489881][ T7038] BTRFS info (device loop3): using free space tree [ 120.500344][ T7036] F2FS-fs (loop4): invalid crc value [ 120.519969][ T5842] usb 3-1: USB disconnect, device number 4 [ 120.536285][ T7036] F2FS-fs (loop4): Found nat_bits in checkpoint [ 120.601207][ T7038] BTRFS info (device loop3): enabling ssd optimizations [ 120.617605][ T7038] BTRFS info (device loop3): auto enabling async discard [ 120.638409][ T5878] gs_usb 6-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 120.651131][ T7036] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 120.659636][ T5878] gs_usb: probe of 6-1:0.0 failed with error -22 [ 120.691846][ T28] audit: type=1800 audit(1752560398.439:108): pid=7036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.278" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 120.761031][ T6182] syz-executor: attempt to access beyond end of device [ 120.761031][ T6182] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 120.776408][ T6182] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 120.847948][ T27] usb 6-1: USB disconnect, device number 2 [ 120.969426][ T5788] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 121.675660][ T7105] loop3: detected capacity change from 0 to 512 [ 121.696001][ T7106] loop5: detected capacity change from 0 to 256 [ 121.716067][ T7105] EXT4-fs: Ignoring removed mblk_io_submit option [ 121.722815][ T7103] loop4: detected capacity change from 0 to 4096 [ 121.738941][ T7105] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 121.775811][ T7105] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 121.820364][ T7106] FAT-fs (loop5): Directory bread(block 64) failed [ 121.827834][ T7105] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 121.837230][ T7106] FAT-fs (loop5): Directory bread(block 65) failed [ 121.846177][ T7105] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102] [ 121.854451][ T7105] System zones: 0-2, 18-18, 34-34 [ 121.856674][ T7106] FAT-fs (loop5): Directory bread(block 66) failed [ 121.873252][ T7106] FAT-fs (loop5): Directory bread(block 67) failed [ 121.881972][ T7106] FAT-fs (loop5): Directory bread(block 68) failed [ 121.888694][ T7106] FAT-fs (loop5): Directory bread(block 69) failed [ 121.893959][ T7105] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.287: iget: bad i_size value: 360287970189639680 [ 121.895403][ T7106] FAT-fs (loop5): Directory bread(block 70) failed [ 121.926891][ T7106] FAT-fs (loop5): Directory bread(block 71) failed [ 121.935983][ T7106] FAT-fs (loop5): Directory bread(block 72) failed [ 121.936665][ T7105] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.287: couldn't read orphan inode 15 (err -117) [ 121.954228][ T7106] FAT-fs (loop5): Directory bread(block 73) failed [ 122.018542][ T7105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.134297][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.203809][ T7093] overlayfs: statfs failed on './file0' [ 122.408671][ T7130] loop2: detected capacity change from 0 to 256 [ 122.521906][ T7130] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 123.101063][ T7126] loop4: detected capacity change from 0 to 32768 [ 123.148562][ T7126] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 scanned by syz.4.290 (7126) [ 123.199123][ T7126] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 123.230225][ T7126] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 123.249712][ T7135] loop5: detected capacity change from 0 to 32768 [ 123.264675][ T7126] BTRFS info (device loop4): using free space tree [ 123.274364][ T7135] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.295 (7135) [ 123.303105][ T7135] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 123.320807][ T7135] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 123.329988][ T7135] BTRFS info (device loop5): force clearing of disk cache [ 123.344318][ T7135] BTRFS info (device loop5): enabling auto defrag [ 123.363186][ T7135] BTRFS info (device loop5): max_inline at 0 [ 123.389906][ T7175] loop3: detected capacity change from 0 to 1024 [ 123.391017][ T7135] BTRFS info (device loop5): enabling disk space caching [ 123.403626][ T7126] BTRFS info (device loop4): enabling ssd optimizations [ 123.411044][ T7126] BTRFS info (device loop4): auto enabling async discard [ 123.413600][ T7135] BTRFS info (device loop5): disk space caching is enabled [ 123.468901][ T7175] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 123.529956][ T7135] BTRFS info (device loop5): enabling ssd optimizations [ 123.570481][ T7135] BTRFS info (device loop5): rebuilding free space tree [ 123.584233][ T27] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 123.622167][ T7135] BTRFS info (device loop5): disabling free space tree [ 123.656784][ T7135] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 123.694289][ T7135] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.774239][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 123.787022][ T27] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 123.816239][ T27] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.839106][ T6182] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 123.863250][ T27] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 123.879808][ T28] audit: type=1800 audit(1752560401.619:109): pid=7135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.295" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 123.908886][ T27] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 123.945030][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.968866][ T43] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 123.995501][ T27] usb 3-1: Product: syz [ 123.999719][ T27] usb 3-1: Manufacturer: syz [ 124.022346][ T27] usb 3-1: SerialNumber: syz [ 124.195669][ T6691] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 124.214619][ T1128] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.495102][ T27] usb 3-1: 0:2 : does not exist [ 124.547318][ T1128] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.795285][ T1128] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.957906][ T1128] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.062477][ T8] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 125.186959][ T27] usb 3-1: USB disconnect, device number 5 [ 125.205057][ T5795] Bluetooth: hci2: command 0x206a tx timeout [ 125.205609][ T5802] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 125.276349][ T8] usb 5-1: unable to get BOS descriptor or descriptor too short [ 125.296884][ T8] usb 5-1: not running at top speed; connect to a high speed hub [ 125.316286][ T8] usb 5-1: config 187 interface 0 altsetting 8 endpoint 0x6 has an invalid bInterval 0, changing to 10 [ 125.327825][ T8] usb 5-1: config 187 interface 0 altsetting 8 endpoint 0x6 has invalid maxpacket 576, setting to 64 [ 125.328923][ T5795] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 125.338835][ T8] usb 5-1: config 187 interface 0 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 125.338862][ T8] usb 5-1: config 187 interface 0 altsetting 8 endpoint 0x5 has invalid wMaxPacketSize 0 [ 125.338884][ T8] usb 5-1: config 187 interface 0 altsetting 8 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 125.338908][ T8] usb 5-1: config 187 interface 0 altsetting 8 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 125.338932][ T8] usb 5-1: config 187 interface 0 has no altsetting 0 [ 125.344256][ T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0012, bcdDevice=e2.be [ 125.391586][ T5795] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 125.393616][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.408327][ T5795] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 125.408745][ T8] usb 5-1: Product: syz [ 125.427987][ T5795] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 125.430706][ T8] usb 5-1: Manufacturer: syz [ 125.440931][ T5795] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 125.454479][ T8] usb 5-1: SerialNumber: syz [ 125.462410][ T5795] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 125.463980][ T7215] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 125.488251][ T7215] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 125.755387][ T8] usb 5-1: Quirk or no altest; falling back to MIDI 1.0 [ 125.855317][ T8] usb 5-1: USB disconnect, device number 4 [ 126.094801][ T27] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 126.131468][ T7224] chnl_net:caif_netlink_parms(): no params data found [ 126.145457][ T7238] loop2: detected capacity change from 0 to 32768 [ 126.158820][ T7238] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.312 (7238) [ 126.187869][ T7238] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 126.198256][ T7238] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 126.215206][ T7238] BTRFS info (device loop2): using free space tree [ 126.250594][ T7238] BTRFS info (device loop2): enabling ssd optimizations [ 126.260669][ T7238] BTRFS info (device loop2): auto enabling async discard [ 126.304922][ T27] usb 6-1: Using ep0 maxpacket: 32 [ 126.334077][ T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.375474][ T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.408096][ T27] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 126.443002][ T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.500523][ T7224] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.505887][ T27] usb 6-1: config 0 descriptor?? [ 126.515036][ T7224] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.525516][ T7224] bridge_slave_0: entered allmulticast mode [ 126.532685][ T7224] bridge_slave_0: entered promiscuous mode [ 126.547497][ T7224] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.563002][ T7224] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.570487][ T7224] bridge_slave_1: entered allmulticast mode [ 126.579764][ T7224] bridge_slave_1: entered promiscuous mode [ 126.606976][ T5789] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 126.691481][ T7271] loop4: detected capacity change from 0 to 1024 [ 126.782923][ T1128] hsr_slave_0: left promiscuous mode [ 126.795866][ T7271] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.832154][ T1128] hsr_slave_1: left promiscuous mode [ 126.844725][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.882785][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.904563][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.912048][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.921137][ T7271] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.938550][ T1128] bridge_slave_1: left allmulticast mode [ 126.944837][ T1128] bridge_slave_1: left promiscuous mode [ 126.952271][ T1128] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.001297][ T27] savu 0003:1E7D:2D5A.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 127.016946][ T1128] bridge_slave_0: left allmulticast mode [ 127.036329][ T1128] bridge_slave_0: left promiscuous mode [ 127.057862][ T1128] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.091118][ T7281] netlink: 32 bytes leftover after parsing attributes in process `syz.4.321'. [ 127.110166][ T1128] veth1_macvtap: left promiscuous mode [ 127.117714][ T1128] veth0_macvtap: left promiscuous mode [ 127.123511][ T1128] veth1_vlan: left promiscuous mode [ 127.129888][ T1128] veth0_vlan: left promiscuous mode [ 127.270544][ T5842] usb 6-1: USB disconnect, device number 3 [ 127.393328][ T7285] loop2: detected capacity change from 0 to 2048 [ 127.410915][ T7285] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 127.495282][ T5789] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 127.505307][ T5789] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 127.540490][ T5795] Bluetooth: hci1: command tx timeout [ 127.904310][ T1128] team0 (unregistering): Port device team_slave_1 removed [ 127.963285][ T1128] team0 (unregistering): Port device team_slave_0 removed [ 128.016468][ T1128] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.065210][ T1128] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.580943][ T1128] bond0 (unregistering): Released all slaves [ 128.660480][ T7224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.674082][ T7224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.780786][ T7224] team0: Port device team_slave_0 added [ 128.795893][ T7224] team0: Port device team_slave_1 added [ 128.842483][ T7224] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.849499][ T7224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.878089][ T7224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.893638][ T7224] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.900822][ T7224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.926887][ T7224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.970336][ T7224] hsr_slave_0: entered promiscuous mode [ 128.977225][ T7224] hsr_slave_1: entered promiscuous mode [ 128.983316][ T7224] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.999180][ T7224] Cannot create hsr debugfs directory [ 129.260998][ T7224] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 129.272929][ T7224] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 129.308950][ T1128] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.331907][ T7224] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 129.341147][ T7224] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 129.396432][ T1128] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.465645][ T1128] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.507735][ T7224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.550056][ T7224] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.582348][ T1128] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.612527][ T5795] Bluetooth: hci1: command tx timeout [ 129.634329][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.641493][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.676643][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.683836][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.050692][ T7224] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.305012][ T7224] veth0_vlan: entered promiscuous mode [ 130.318683][ T7224] veth1_vlan: entered promiscuous mode [ 130.420079][ T7224] veth0_macvtap: entered promiscuous mode [ 130.437511][ T7224] veth1_macvtap: entered promiscuous mode [ 130.462015][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.475914][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.494222][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.509450][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.519524][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.536245][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.550405][ T7224] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 130.592659][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.607162][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.618990][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.629571][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.639581][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.650968][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.662601][ T7224] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.713162][ T7224] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.723912][ T7224] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.736307][ T7224] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.745387][ T7224] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.898588][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.907034][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.941944][ T1128] hsr_slave_0: left promiscuous mode [ 130.949172][ T1128] hsr_slave_1: left promiscuous mode [ 130.957742][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.966784][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.974724][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.982132][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.990110][ T1128] bridge_slave_1: left allmulticast mode [ 130.995849][ T1128] bridge_slave_1: left promiscuous mode [ 131.001530][ T1128] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.010119][ T1128] bridge_slave_0: left allmulticast mode [ 131.015951][ T1128] bridge_slave_0: left promiscuous mode [ 131.021893][ T1128] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.048923][ T1128] veth1_macvtap: left promiscuous mode [ 131.056519][ T1128] veth0_macvtap: left promiscuous mode [ 131.062102][ T1128] veth1_vlan: left promiscuous mode [ 131.067858][ T1128] veth0_vlan: left promiscuous mode [ 131.569531][ T1128] team0 (unregistering): Port device team_slave_1 removed [ 131.619117][ T1128] team0 (unregistering): Port device team_slave_0 removed [ 131.669970][ T1128] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.690498][ T5795] Bluetooth: hci1: command tx timeout [ 131.725363][ T1128] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 132.225404][ T1128] bond0 (unregistering): Released all slaves [ 132.317531][ T131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.328429][ T131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.471513][ T7342] loop6: detected capacity change from 0 to 256 [ 132.491464][ T7342] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 132.512928][ T7345] capability: warning: `syz.4.333' uses deprecated v2 capabilities in a way that may be insecure [ 132.530368][ T7342] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.879188][ T7354] program syz.5.328 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 133.010985][ T7357] netlink: 4 bytes leftover after parsing attributes in process `syz.5.329'. [ 133.026727][ T7357] ipvlan2: entered promiscuous mode [ 133.038968][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 133.053706][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.053760][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.104405][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 133.116687][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 133.134533][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 133.144497][ T5802] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 133.151947][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 133.413227][ T7350] loop6: detected capacity change from 0 to 32768 [ 133.435346][ T7350] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 scanned by syz.6.326 (7350) [ 133.442031][ T7356] chnl_net:caif_netlink_parms(): no params data found [ 133.489858][ T7350] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 133.514230][ T7350] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm [ 133.523705][ T7350] BTRFS info (device loop6): using free space tree [ 133.644182][ T7350] BTRFS info (device loop6): enabling ssd optimizations [ 133.651214][ T7350] BTRFS info (device loop6): auto enabling async discard [ 133.676339][ T7356] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.704618][ T7356] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.718467][ T7356] bridge_slave_0: entered allmulticast mode [ 133.729899][ T7356] bridge_slave_0: entered promiscuous mode [ 133.742925][ T7356] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.751303][ T7356] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.763406][ T7356] bridge_slave_1: entered allmulticast mode [ 133.766226][ T5795] Bluetooth: hci1: command tx timeout [ 133.775554][ T7356] bridge_slave_1: entered promiscuous mode [ 133.826671][ T7356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 133.839352][ T7356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 133.860427][ T7224] BTRFS info (device loop6): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 133.890667][ T7399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.349'. [ 133.910413][ T7356] team0: Port device team_slave_0 added [ 133.937309][ T7356] team0: Port device team_slave_1 added [ 134.058343][ T7356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.075196][ T7356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.091095][ T7401] netlink: 'syz.4.343': attribute type 1 has an invalid length. [ 134.101165][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.120680][ T7401] netlink: 224 bytes leftover after parsing attributes in process `syz.4.343'. [ 134.130547][ T7401] netlink: 'syz.4.343': attribute type 2 has an invalid length. [ 134.138834][ T7356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.142665][ T7356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.203149][ T7356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.234289][ T7356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.351317][ T7356] hsr_slave_0: entered promiscuous mode [ 134.363257][ T7356] hsr_slave_1: entered promiscuous mode [ 134.371244][ T7356] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 134.377706][ T7407] loop4: detected capacity change from 0 to 16 [ 134.382213][ T7356] Cannot create hsr debugfs directory [ 134.403137][ T7407] erofs: (device loop4): mounted with root inode @ nid 36. [ 134.533157][ T7410] netlink: 428 bytes leftover after parsing attributes in process `syz.4.346'. [ 134.543451][ T7410] netlink: 20 bytes leftover after parsing attributes in process `syz.4.346'. [ 134.999491][ T7416] loop5: detected capacity change from 0 to 32768 [ 135.009540][ T7416] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop5 scanned by syz.5.351 (7416) [ 135.028321][ T7416] BTRFS info (device loop5): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 135.047731][ T7416] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 135.058920][ T7416] BTRFS info (device loop5): using free space tree [ 135.109779][ T1128] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.145994][ T7416] BTRFS info (device loop5): enabling ssd optimizations [ 135.153003][ T7416] BTRFS info (device loop5): auto enabling async discard [ 135.177258][ T7356] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 135.210352][ T5795] Bluetooth: hci2: command tx timeout [ 135.268509][ T1128] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.294293][ T7356] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 135.318506][ T7356] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 135.388304][ T1128] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.426024][ T7356] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 135.452550][ T7434] IPv6: sit1: Disabled Multicast RS [ 135.463702][ T7434] sit1: entered allmulticast mode [ 135.481742][ T6691] BTRFS info (device loop5): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 135.682517][ T1128] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.897961][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 135.907596][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 135.925754][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 135.951245][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 135.960899][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 135.969509][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 136.339156][ T7356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.347476][ T7460] netlink: 16 bytes leftover after parsing attributes in process `syz.5.358'. [ 136.541426][ T7356] 8021q: adding VLAN 0 to HW filter on device team0 [ 136.627147][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.634388][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.717785][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.724993][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.007350][ T7444] chnl_net:caif_netlink_parms(): no params data found [ 137.284851][ T5795] Bluetooth: hci2: command tx timeout [ 137.375986][ T7444] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.399381][ T7444] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.413904][ T7444] bridge_slave_0: entered allmulticast mode [ 137.433177][ T7444] bridge_slave_0: entered promiscuous mode [ 137.451486][ T7323] psmouse serio2: Failed to reset mouse on : -5 [ 137.482934][ T7444] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.490611][ T7444] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.498419][ T7444] bridge_slave_1: entered allmulticast mode [ 137.505863][ T7444] bridge_slave_1: entered promiscuous mode [ 137.550039][ T1128] hsr_slave_0: left promiscuous mode [ 137.557588][ T1128] hsr_slave_1: left promiscuous mode [ 137.563394][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.570978][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.579528][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.587254][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.595104][ T1128] bridge_slave_1: left allmulticast mode [ 137.600747][ T1128] bridge_slave_1: left promiscuous mode [ 137.607553][ T1128] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.617521][ T1128] bridge_slave_0: left allmulticast mode [ 137.624292][ T1128] bridge_slave_0: left promiscuous mode [ 137.629991][ T1128] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.662466][ T1128] veth1_macvtap: left promiscuous mode [ 137.668348][ T1128] veth0_macvtap: left promiscuous mode [ 137.674014][ T1128] veth1_vlan: left promiscuous mode [ 137.682381][ T1128] veth0_vlan: left promiscuous mode [ 138.010141][ T5795] Bluetooth: hci0: command tx timeout [ 138.523915][ T1128] team0 (unregistering): Port device team_slave_1 removed [ 138.603223][ T1128] team0 (unregistering): Port device team_slave_0 removed [ 138.661210][ T1128] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 138.710147][ T1128] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 139.213451][ T1128] bond0 (unregistering): Released all slaves [ 139.301246][ T7444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.315782][ T7444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.343550][ T7505] netlink: 'syz.5.364': attribute type 1 has an invalid length. [ 139.355997][ T7505] netlink: 'syz.5.364': attribute type 2 has an invalid length. [ 139.364687][ T5795] Bluetooth: hci2: command tx timeout [ 139.368614][ T7506] netlink: 'syz.5.364': attribute type 1 has an invalid length. [ 139.378077][ T7506] netlink: 'syz.5.364': attribute type 2 has an invalid length. [ 139.450586][ T7444] team0: Port device team_slave_0 added [ 139.488285][ T7444] team0: Port device team_slave_1 added [ 139.583652][ T7444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.595196][ T7510] mmap: syz.5.365 (7510) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 139.624254][ T7444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.664233][ T7444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.692359][ T7444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.702636][ T7444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.735502][ T7444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.800548][ T7356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.821943][ T7444] hsr_slave_0: entered promiscuous mode [ 139.831402][ T7444] hsr_slave_1: entered promiscuous mode [ 139.947623][ T7356] veth0_vlan: entered promiscuous mode [ 139.980566][ T7356] veth1_vlan: entered promiscuous mode [ 140.064829][ T7356] veth0_macvtap: entered promiscuous mode [ 140.084612][ T5795] Bluetooth: hci0: command tx timeout [ 140.102306][ T7356] veth1_macvtap: entered promiscuous mode [ 140.152691][ T7356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 140.167851][ T7356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.179881][ T7356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 140.194956][ T7356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.212537][ T7356] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 140.263348][ T7356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.278498][ T7356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.292709][ T7356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.308002][ T7356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.321937][ T7356] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 140.371891][ T7356] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.386215][ T7356] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.397425][ T7356] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.414579][ T7356] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.631888][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.644840][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.709621][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.729090][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.778241][ T7444] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 140.818754][ T7444] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 140.843704][ T7444] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 140.872745][ T7444] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 141.165177][ T7444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.224254][ T7323] misc userio: Buffer overflowed, userio client isn't keeping up [ 141.318018][ T7444] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.356351][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.363542][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.423587][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.430821][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.445156][ T5795] Bluetooth: hci2: command tx timeout [ 141.738917][ T7550] loop5: detected capacity change from 0 to 32768 [ 141.782519][ T7550] JBD2: Ignoring recovery information on journal [ 141.818091][ T7550] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 141.861079][ T28] audit: type=1800 audit(1752560419.599:110): pid=7550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.376" name="file0" dev="loop5" ino=17058 res=0 errno=0 [ 141.886261][ T7550] OCFS2: ERROR (device loop5): int ocfs2_reserve_suballoc_bits(struct ocfs2_super *, struct ocfs2_alloc_context *, int, u32, u64 *, int): Invalid chain allocator 71 [ 141.903499][ T7550] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 141.913382][ T7550] OCFS2: File system is now read-only. [ 141.918930][ T7550] (syz.5.376,7550,0):ocfs2_reserve_suballoc_bits:850 ERROR: status = -30 [ 141.927483][ T7550] (syz.5.376,7550,0):ocfs2_reserve_cluster_bitmap_bits:1133 ERROR: status = -30 [ 141.936597][ T7550] (syz.5.376,7550,0):ocfs2_local_alloc_reserve_for_window:1123 ERROR: status = -30 [ 141.946068][ T7550] (syz.5.376,7550,0):ocfs2_local_alloc_reserve_for_window:1139 ERROR: status = -30 [ 141.955992][ T7550] (syz.5.376,7550,0):ocfs2_local_alloc_slide_window:1254 ERROR: status = -30 [ 141.964829][ T7550] (syz.5.376,7550,0):ocfs2_local_alloc_slide_window:1321 ERROR: status = -30 [ 141.973720][ T7550] (syz.5.376,7550,0):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -30 [ 141.983378][ T7550] (syz.5.376,7550,0):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -30 [ 141.992891][ T7550] (syz.5.376,7550,0):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -30 [ 142.003523][ T7550] (syz.5.376,7550,0):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -30 [ 142.014174][ T7550] (syz.5.376,7550,0):ocfs2_lock_allocators:2672 ERROR: status = -30 [ 142.022207][ T7550] (syz.5.376,7550,0):ocfs2_write_begin_nolock:1744 ERROR: status = -30 [ 142.030566][ T7550] (syz.5.376,7550,0):ocfs2_dio_wr_get_block:2243 ERROR: status = -30 [ 142.039281][ T7550] (syz.5.376,7550,0):ocfs2_dio_end_io:2428 ERROR: Direct IO failed, bytes = -5 [ 142.113031][ T7444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.139352][ T6691] ocfs2: Unmounting device (7,5) on (node local) [ 142.164898][ T5795] Bluetooth: hci0: command tx timeout [ 142.191678][ T7548] loop2: detected capacity change from 0 to 32768 [ 142.253079][ T7548] XFS (loop2): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 142.307336][ T7323] input: PS/2 Generic Mouse as /devices/serio2/input/input11 [ 142.392470][ T7548] XFS (loop2): Starting recovery (logdev: internal) [ 142.430476][ T7548] XFS (loop2): Ending recovery (logdev: internal) [ 142.503713][ T28] audit: type=1800 audit(1752560420.249:111): pid=7548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.377" name="file2" dev="loop2" ino=7431 res=0 errno=0 [ 142.526710][ T7444] veth0_vlan: entered promiscuous mode [ 142.542763][ T7444] veth1_vlan: entered promiscuous mode [ 142.568345][ T7323] psmouse serio2: Failed to enable mouse on [ 142.618926][ T7356] XFS (loop2): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 142.680245][ T7444] veth0_macvtap: entered promiscuous mode [ 142.750312][ T7444] veth1_macvtap: entered promiscuous mode [ 142.811472][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.834717][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.854349][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.884611][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.898210][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.924166][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.963411][ T7444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.008537][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.034415][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.054214][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.059126][ T7572] loop5: detected capacity change from 0 to 32768 [ 143.073186][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.094633][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.111820][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.142607][ T7572] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 143.143949][ T7444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.212985][ T7444] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.268085][ T7572] XFS (loop5): Ending clean mount [ 143.273770][ T7444] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.324851][ T7444] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.355383][ T7444] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.571136][ T131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.596992][ T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.622448][ T6691] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 143.633915][ T1128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.644950][ T1128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.663738][ T7576] loop2: detected capacity change from 0 to 32768 [ 143.726252][ T7576] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 143.735844][ T7576] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 143.985227][ T7576] XFS (loop2): Ending clean mount [ 144.011450][ T7600] loop4: detected capacity change from 0 to 8192 [ 144.040275][ T7576] XFS (loop2): Quotacheck needed: Please wait. [ 144.067885][ T7600] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 144.124927][ T7600] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 144.152226][ T7600] REISERFS (device loop4): using ordered data mode [ 144.166370][ T7576] XFS (loop2): Quotacheck: Done. [ 144.170782][ T7600] reiserfs: using flush barriers [ 144.185004][ T7614] loop5: detected capacity change from 0 to 128 [ 144.195499][ T7600] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 144.214887][ T28] audit: type=1800 audit(1752560421.969:112): pid=7576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.379" name="file1" dev="loop2" ino=9286 res=0 errno=0 [ 144.223658][ T7600] REISERFS (device loop4): checking transaction log (loop4) [ 144.255624][ T7614] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 144.270462][ T5795] Bluetooth: hci0: command tx timeout [ 144.282837][ T7600] REISERFS (device loop4): Using r5 hash to sort names [ 144.290208][ T7617] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 144.293552][ T7600] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 144.313979][ T7614] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 144.358237][ T28] audit: type=1800 audit(1752560422.099:113): pid=7600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.352" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4 res=0 errno=0 [ 144.448449][ T6691] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 144.508126][ T7356] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.870319][ T28] audit: type=1326 audit(1752560422.609:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7628 comm="syz.5.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6325f8e929 code=0x7ffc0000 [ 144.908173][ T28] audit: type=1326 audit(1752560422.609:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7628 comm="syz.5.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6325f8e929 code=0x7ffc0000 [ 144.933833][ T7323] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 145.022686][ T7637] loop2: detected capacity change from 0 to 2048 [ 145.039995][ T7637] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 145.135034][ T7323] usb 7-1: Using ep0 maxpacket: 8 [ 145.145203][ T7323] usb 7-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.168278][ T7323] usb 7-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.194158][ T7323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 145.200840][ T7323] usb 7-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 145.203438][ T7643] loop2: detected capacity change from 0 to 1024 [ 145.234286][ T7323] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.251794][ T7323] usb 7-1: config 0 descriptor?? [ 145.366920][ T7635] loop5: detected capacity change from 0 to 32768 [ 145.375290][ T1128] hfsplus: b-tree write err: -5, ino 3 [ 145.376136][ T7635] BTRFS error: device /dev/loop5 already registered with a higher generation, found 8 expect 12 [ 145.669146][ T7323] steelseries 0003:1038:1410.0008: unknown main item tag 0x1 [ 145.681070][ T7323] steelseries 0003:1038:1410.0008: item fetching failed at offset 3/5 [ 145.693177][ T7323] steelseries 0003:1038:1410.0008: parse failed [ 145.701765][ T7323] steelseries: probe of 0003:1038:1410.0008 failed with error -22 [ 145.873660][ T787] usb 7-1: USB disconnect, device number 2 [ 146.100326][ T7666] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 146.193197][ T7672] ipvlan2: entered promiscuous mode [ 146.202433][ T7672] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 146.874201][ T7321] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 146.904386][ T7323] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 147.065691][ T7321] usb 7-1: Using ep0 maxpacket: 8 [ 147.075526][ T7321] usb 7-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 147.088280][ T7321] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.099713][ T7323] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 147.111146][ T7321] usb 7-1: Product: syz [ 147.120855][ T7321] usb 7-1: Manufacturer: syz [ 147.126910][ T7323] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 147.139307][ T7321] usb 7-1: SerialNumber: syz [ 147.154228][ T7323] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 147.170856][ T7321] usb 7-1: config 0 descriptor?? [ 147.178385][ T7323] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 147.193216][ T7704] program syz.2.429 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 147.196708][ T7321] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 147.229853][ T7323] usb 6-1: New USB device found, idVendor=0738, idProduct=a2c5, bcdDevice=1e.ce [ 147.239861][ T7323] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.254565][ T7323] usb 6-1: Product: syz [ 147.264171][ T7323] usb 6-1: Manufacturer: syz [ 147.268897][ T7323] usb 6-1: SerialNumber: syz [ 147.276457][ T7706] loop4: detected capacity change from 0 to 512 [ 147.287779][ T7323] usb 6-1: config 0 descriptor?? [ 147.300265][ T7323] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 147.313742][ T7706] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 147.328126][ T7323] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input12 [ 147.344808][ T7706] EXT4-fs (loop4): 1 truncate cleaned up [ 147.351271][ T7706] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.504782][ T7323] usb 6-1: USB disconnect, device number 4 [ 147.512880][ T7444] getblk(): invalid block size 1024 requested [ 147.521980][ T7323] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 147.539324][ T7444] logical block size: 4096 [ 147.543858][ T7444] CPU: 1 PID: 7444 Comm: syz-executor Not tainted 6.6.98-syzkaller #0 [ 147.552035][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.562125][ T7444] Call Trace: [ 147.565485][ T7444] [ 147.568452][ T7444] dump_stack_lvl+0x16c/0x230 [ 147.573172][ T7444] ? write_boundary_block+0xb0/0xb0 [ 147.578407][ T7444] ? show_regs_print_info+0x20/0x20 [ 147.583638][ T7444] ? load_image+0x3b0/0x3b0 [ 147.588178][ T7444] ? ext4_issue_zeroout+0x250/0x250 [ 147.593405][ T7444] __getblk_gfp+0x5f4/0x660 [ 147.597928][ T7444] ? __lock_acquire+0x7c80/0x7c80 [ 147.602987][ T7444] ext4_getblk+0x262/0x6d0 [ 147.607440][ T7444] ? ext4_get_block_unwritten+0x100/0x100 [ 147.613201][ T7444] ext4_bread+0x2a/0x170 [ 147.617471][ T7444] __ext4_read_dirblock+0xcb/0x890 [ 147.622614][ T7444] htree_dirblock_to_tree+0x266/0xe70 [ 147.628011][ T7444] ? arch_stack_walk+0x160/0x190 [ 147.632984][ T7444] ? ext4_htree_fill_tree+0x10f0/0x10f0 [ 147.638557][ T7444] ? kasan_set_track+0x5f/0x70 [ 147.643346][ T7444] ext4_htree_fill_tree+0x5db/0x10f0 [ 147.648690][ T7444] ? ext4_handle_dirty_dirblock+0x620/0x620 [ 147.654639][ T7444] ? inode_query_iversion+0x11f/0x180 [ 147.660132][ T7444] ext4_readdir+0x2b1d/0x39d0 [ 147.664856][ T7444] ? ext4_dir_llseek+0x4b0/0x4b0 [ 147.669821][ T7444] ? __might_sleep+0xe0/0xe0 [ 147.674433][ T7444] ? read_lock_is_recursive+0x20/0x20 [ 147.679835][ T7444] ? __fdget_pos+0x2a3/0x330 [ 147.684447][ T7444] ? mutex_lock_nested+0x20/0x20 [ 147.689408][ T7444] ? end_current_label_crit_section+0x149/0x170 [ 147.695675][ T7444] ? down_read_killable+0x1d0/0x340 [ 147.700890][ T7444] ? fsnotify_perm+0x271/0x5e0 [ 147.705670][ T7444] iterate_dir+0x1c2/0x580 [ 147.710114][ T7444] __se_sys_getdents64+0xe9/0x260 [ 147.715171][ T7444] ? __x64_sys_getdents64+0x80/0x80 [ 147.720395][ T7444] ? filldir+0x680/0x680 [ 147.724657][ T7444] ? lock_chain_count+0x20/0x20 [ 147.729529][ T7444] ? lockdep_hardirqs_on+0x98/0x150 [ 147.734747][ T7444] do_syscall_64+0x55/0xb0 [ 147.739179][ T7444] ? clear_bhb_loop+0x40/0x90 [ 147.743870][ T7444] ? clear_bhb_loop+0x40/0x90 [ 147.748562][ T7444] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 147.754471][ T7444] RIP: 0033:0x7fdc027c1293 [ 147.758917][ T7444] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 72 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 147.779066][ T7444] RSP: 002b:00007fff5010fcb8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 147.787505][ T7444] RAX: ffffffffffffffda RBX: 000055556fb94600 RCX: 00007fdc027c1293 [ 147.795494][ T7444] RDX: 0000000000008000 RSI: 000055556fb94600 RDI: 0000000000000005 [ 147.803479][ T7444] RBP: 000055556fb945d4 R08: 0000000000000000 R09: 0000000000000000 [ 147.811465][ T7444] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 147.819458][ T7444] R13: 0000000000000010 R14: 000055556fb945d0 R15: 00007fff50111f70 [ 147.827476][ T7444] [ 147.830556][ C1] vkms_vblank_simulate: vblank timer overrun [ 147.861303][ T7444] EXT4-fs warning (device loop4): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -12 reading directory block [ 147.884387][ T7444] getblk(): invalid block size 1024 requested [ 147.893617][ T7444] logical block size: 4096 [ 147.904388][ T7444] CPU: 0 PID: 7444 Comm: syz-executor Not tainted 6.6.98-syzkaller #0 [ 147.912588][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.922663][ T7444] Call Trace: [ 147.925954][ T7444] [ 147.928897][ T7444] dump_stack_lvl+0x16c/0x230 [ 147.933596][ T7444] ? write_boundary_block+0xb0/0xb0 [ 147.938822][ T7444] ? show_regs_print_info+0x20/0x20 [ 147.944049][ T7444] ? load_image+0x3b0/0x3b0 [ 147.948622][ T7444] ? __lock_acquire+0x7c80/0x7c80 [ 147.953674][ T7444] ? __lock_acquire+0x1334/0x7c80 [ 147.958724][ T7444] __getblk_gfp+0x5f4/0x660 [ 147.963269][ T7444] ? ext4_get_group_desc+0x42e/0x4d0 [ 147.968584][ T7444] ? ext4_get_group_desc+0x10e/0x4d0 [ 147.973899][ T7444] __ext4_get_inode_loc+0x478/0xdf0 [ 147.979135][ T7444] ? ext4_get_inode_loc+0xf0/0xf0 [ 147.984184][ T7444] ? seqcount_lockdep_reader_access+0x176/0x1c0 [ 147.990443][ T7444] ? __might_sleep+0xe0/0xe0 [ 147.995568][ T7444] ext4_reserve_inode_write+0x10e/0x2a0 [ 148.001119][ T7444] __ext4_mark_inode_dirty+0x14c/0x6e0 [ 148.006614][ T7444] ext4_dirty_inode+0xcb/0x110 [ 148.011386][ T7444] ? __ext4_expand_extra_isize+0x400/0x400 [ 148.017209][ T7444] __mark_inode_dirty+0x2b4/0xc80 [ 148.022267][ T7444] ? iterate_dir+0x2a2/0x580 [ 148.026860][ T7444] touch_atime+0x356/0x580 [ 148.031285][ T7444] iterate_dir+0x2a2/0x580 [ 148.035711][ T7444] __se_sys_getdents64+0xe9/0x260 [ 148.040747][ T7444] ? __x64_sys_getdents64+0x80/0x80 [ 148.045945][ T7444] ? filldir+0x680/0x680 [ 148.050220][ T7444] ? lock_chain_count+0x20/0x20 [ 148.055079][ T7444] ? lockdep_hardirqs_on+0x98/0x150 [ 148.060368][ T7444] do_syscall_64+0x55/0xb0 [ 148.064800][ T7444] ? clear_bhb_loop+0x40/0x90 [ 148.069495][ T7444] ? clear_bhb_loop+0x40/0x90 [ 148.074176][ T7444] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 148.080088][ T7444] RIP: 0033:0x7fdc027c1293 [ 148.084508][ T7444] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 72 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 148.104118][ T7444] RSP: 002b:00007fff5010fcb8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 148.112540][ T7444] RAX: ffffffffffffffda RBX: 000055556fb94600 RCX: 00007fdc027c1293 [ 148.120518][ T7444] RDX: 0000000000008000 RSI: 000055556fb94600 RDI: 0000000000000005 [ 148.128502][ T7444] RBP: 000055556fb945d4 R08: 0000000000000000 R09: 0000000000000000 [ 148.136494][ T7444] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 148.144484][ T7444] R13: 0000000000000010 R14: 000055556fb945d0 R15: 00007fff50111f70 [ 148.152467][ T7444] [ 148.170088][ T7444] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5902: Out of memory [ 148.184011][ T7444] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #2: comm syz-executor: mark_inode_dirty error [ 148.216441][ T1128] getblk(): invalid block size 1024 requested [ 148.223737][ T1128] logical block size: 4096 [ 148.228374][ T1128] CPU: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.6.98-syzkaller #0 [ 148.236563][ T1128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.246638][ T1128] Workqueue: writeback wb_workfn (flush-7:4) [ 148.252663][ T1128] Call Trace: [ 148.255963][ T1128] [ 148.258917][ T1128] dump_stack_lvl+0x16c/0x230 [ 148.263617][ T1128] ? write_boundary_block+0xb0/0xb0 [ 148.268839][ T1128] ? show_regs_print_info+0x20/0x20 [ 148.274065][ T1128] ? load_image+0x3b0/0x3b0 [ 148.278589][ T1128] ? __lock_acquire+0x7c80/0x7c80 [ 148.283646][ T1128] __getblk_gfp+0x5f4/0x660 [ 148.288177][ T1128] ? ext4_get_group_desc+0x42e/0x4d0 [ 148.293489][ T1128] ? ext4_get_group_desc+0x10e/0x4d0 [ 148.298804][ T1128] __ext4_get_inode_loc+0x478/0xdf0 [ 148.304057][ T1128] ? ext4_get_inode_loc+0xf0/0xf0 [ 148.309108][ T1128] ? __writeback_single_inode+0x48d/0xee0 [ 148.314846][ T1128] ? __lock_acquire+0x7c80/0x7c80 [ 148.319893][ T1128] ext4_write_inode+0x27c/0x550 [ 148.324774][ T1128] __writeback_single_inode+0x705/0xee0 [ 148.330352][ T1128] writeback_sb_inodes+0x77c/0xef0 [ 148.335486][ T1128] ? move_expired_inodes+0x319/0x720 [ 148.340796][ T1128] ? queue_io+0x560/0x560 [ 148.345188][ T1128] ? rcu_is_watching+0x15/0xb0 [ 148.349953][ T1128] wb_writeback+0x450/0xba0 [ 148.354470][ T1128] ? queue_io+0x2f1/0x560 [ 148.358799][ T1128] ? percpu_ref_tryget+0x250/0x250 [ 148.363913][ T1128] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 148.369908][ T1128] ? _raw_spin_unlock_irq+0x23/0x50 [ 148.375107][ T1128] wb_workfn+0x3ff/0xe20 [ 148.379354][ T1128] ? inode_wait_for_writeback+0x200/0x200 [ 148.385105][ T1128] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 148.391105][ T1128] ? read_lock_is_recursive+0x20/0x20 [ 148.396481][ T1128] ? _raw_spin_unlock_irq+0x23/0x50 [ 148.401673][ T1128] ? process_scheduled_works+0x957/0x15b0 [ 148.407396][ T1128] ? process_scheduled_works+0x957/0x15b0 [ 148.413120][ T1128] process_scheduled_works+0xa45/0x15b0 [ 148.418699][ T1128] ? assign_work+0x400/0x400 [ 148.423310][ T1128] ? assign_work+0x39e/0x400 [ 148.427912][ T1128] worker_thread+0xa55/0xfc0 [ 148.432506][ T1128] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 148.438410][ T1128] ? _raw_spin_unlock+0x40/0x40 [ 148.443280][ T1128] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 148.449215][ T1128] kthread+0x2fa/0x390 [ 148.453310][ T1128] ? pr_cont_work+0x560/0x560 [ 148.458053][ T1128] ? kthread_blkcg+0xd0/0xd0 [ 148.462666][ T1128] ret_from_fork+0x48/0x80 [ 148.467099][ T1128] ? kthread_blkcg+0xd0/0xd0 [ 148.468423][ T7321] gspca_sonixj: reg_w1 err -71 [ 148.471687][ T1128] ret_from_fork_asm+0x11/0x20 [ 148.481211][ T1128] [ 148.493954][ T7444] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.524454][ T7321] sonixj: probe of 7-1:0.0 failed with error -71 [ 148.539132][ T7321] usb 7-1: USB disconnect, device number 3 [ 148.584979][ T7323] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 148.786239][ T7323] usb 3-1: Using ep0 maxpacket: 32 [ 148.799239][ T7323] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.813922][ T7323] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.834319][ T7323] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 148.843906][ T7323] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.904787][ T7323] usb 3-1: config 0 descriptor?? [ 148.918391][ T1128] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.021180][ T1128] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.187822][ T1128] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.308738][ T1128] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.361417][ T7323] savu 0003:1E7D:2D5A.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 149.631244][ T5842] usb 3-1: USB disconnect, device number 6 [ 149.712175][ T5803] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 149.734609][ T5803] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 149.745638][ T5803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 149.777920][ T7743] loop5: detected capacity change from 0 to 40427 [ 149.789669][ T5803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 149.794906][ T7743] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x7ffff [ 149.804161][ T5803] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 149.812588][ T5803] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 149.813832][ T7743] F2FS-fs (loop5): invalid crc value [ 149.829409][ T7743] F2FS-fs (loop5): Found nat_bits in checkpoint [ 149.903805][ T7743] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 149.980319][ T6691] syz-executor: attempt to access beyond end of device [ 149.980319][ T6691] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 149.994452][ T6691] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 150.252768][ T7748] chnl_net:caif_netlink_parms(): no params data found [ 150.557449][ T7748] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.565417][ T7748] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.572798][ T7748] bridge_slave_0: entered allmulticast mode [ 150.582310][ T7748] bridge_slave_0: entered promiscuous mode [ 150.634032][ T7748] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.642706][ T7748] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.661158][ T7748] bridge_slave_1: entered allmulticast mode [ 150.668717][ T7748] bridge_slave_1: entered promiscuous mode [ 150.774735][ T7748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.810766][ T7748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 150.905488][ T1128] hsr_slave_0: left promiscuous mode [ 150.921815][ T1128] hsr_slave_1: left promiscuous mode [ 150.936843][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.954712][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.962753][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.977260][ T7759] loop5: detected capacity change from 0 to 32768 [ 150.985845][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.996704][ T7759] XFS: attr2 mount option is deprecated. [ 151.003654][ T1128] bridge_slave_1: left allmulticast mode [ 151.009999][ T1128] bridge_slave_1: left promiscuous mode [ 151.016476][ T1128] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.026738][ T1128] bridge_slave_0: left allmulticast mode [ 151.032851][ T1128] bridge_slave_0: left promiscuous mode [ 151.039082][ T1128] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.055540][ T7759] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 151.096590][ T1128] veth1_macvtap: left promiscuous mode [ 151.102328][ T1128] veth0_macvtap: left promiscuous mode [ 151.114337][ T1128] veth1_vlan: left promiscuous mode [ 151.119732][ T1128] veth0_vlan: left promiscuous mode [ 151.130596][ T7759] XFS (loop5): Ending clean mount [ 151.138960][ T7759] XFS (loop5): Quotacheck needed: Please wait. [ 151.224441][ T7759] XFS (loop5): Quotacheck: Done. [ 151.355584][ T6691] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 151.606562][ T5802] Bluetooth: hci0: command 0x1003 tx timeout [ 151.606591][ T5795] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 151.648647][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 151.662165][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 151.671438][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 151.724221][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 151.761733][ T5795] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 151.770133][ T5795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 151.846509][ T5795] Bluetooth: hci4: command tx timeout [ 151.966719][ T7779] loop6: detected capacity change from 0 to 2048 [ 152.062239][ T7780] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 152.175319][ T1128] team0 (unregistering): Port device team_slave_1 removed [ 152.180299][ T28] audit: type=1800 audit(1752560429.929:116): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.454" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 152.249576][ T1128] team0 (unregistering): Port device team_slave_0 removed [ 152.333219][ T1128] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 152.399794][ T1128] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.071260][ T1128] bond0 (unregistering): Released all slaves [ 153.163476][ T7748] team0: Port device team_slave_0 added [ 153.187886][ T7748] team0: Port device team_slave_1 added [ 153.271859][ T7748] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.284180][ T7748] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.313887][ T7748] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.346117][ T7748] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.353103][ T7748] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.367742][ T7792] loop6: detected capacity change from 0 to 4096 [ 153.379756][ T7748] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.532389][ T7792] ntfs3: loop6: failed to convert "0080" to maccyrillic [ 153.532663][ T7748] hsr_slave_0: entered promiscuous mode [ 153.549056][ T7748] hsr_slave_1: entered promiscuous mode [ 153.550381][ T7792] ntfs3: loop6: failed to convert name for inode 1e. [ 153.844487][ T5795] Bluetooth: hci2: command tx timeout [ 153.924394][ T5795] Bluetooth: hci4: command tx timeout [ 154.041944][ T1128] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.071801][ T7772] chnl_net:caif_netlink_parms(): no params data found [ 154.221750][ T1128] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.320973][ T5829] kernel write not supported for file /76/oom_score_adj (pid: 5829 comm: kworker/0:4) [ 154.405357][ T1128] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.425817][ T7821] loop6: detected capacity change from 0 to 256 [ 154.432651][ T7772] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.443043][ T7772] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.461484][ T7772] bridge_slave_0: entered allmulticast mode [ 154.479118][ T7772] bridge_slave_0: entered promiscuous mode [ 154.548788][ T1128] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.578475][ T7772] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.590516][ T7772] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.598830][ T7772] bridge_slave_1: entered allmulticast mode [ 154.606560][ T7772] bridge_slave_1: entered promiscuous mode [ 154.691133][ T7772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.697430][ T7829] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 154.706061][ T7748] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 154.763921][ T7772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.774323][ T7748] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 154.785720][ T7748] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 154.803423][ T7748] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 154.862788][ T7772] team0: Port device team_slave_0 added [ 154.911594][ T7772] team0: Port device team_slave_1 added [ 155.008395][ T7772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.016016][ T7772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.042213][ T7772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.072900][ T7772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.080098][ T7772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.109747][ T7772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.178457][ T7772] hsr_slave_0: entered promiscuous mode [ 155.187810][ T7772] hsr_slave_1: entered promiscuous mode [ 155.193851][ T7772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 155.202244][ T7772] Cannot create hsr debugfs directory [ 155.259438][ T5829] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 155.444878][ T5829] usb 7-1: Using ep0 maxpacket: 8 [ 155.462528][ T5829] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 155.481667][ T5829] usb 7-1: config 179 has no interface number 0 [ 155.494300][ T5829] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 155.515571][ T5829] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 155.531016][ T5829] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 155.549377][ T5829] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 155.580485][ T5829] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 155.595985][ T5829] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 155.622629][ T5829] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.635232][ T7839] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 155.681606][ T7846] loop5: detected capacity change from 0 to 32768 [ 155.701348][ T7846] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop5 scanned by syz.5.476 (7846) [ 155.728907][ T7846] BTRFS info (device loop5): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 155.739660][ T7846] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 155.749366][ T7846] BTRFS info (device loop5): using free space tree [ 155.807223][ T7748] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.884759][ T7846] BTRFS info (device loop5): enabling ssd optimizations [ 155.894313][ T7846] BTRFS info (device loop5): auto enabling async discard [ 155.925785][ T5795] Bluetooth: hci2: command tx timeout [ 155.970749][ T5842] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input13 [ 156.005080][ T5795] Bluetooth: hci4: command tx timeout [ 156.033414][ T7748] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.106401][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.113717][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.136794][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.143993][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.246629][ T5842] usb 7-1: USB disconnect, device number 4 [ 156.246708][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 156.246757][ C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 156.272497][ T5842] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 156.330307][ T6691] BTRFS info (device loop5): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 156.531542][ T1128] hsr_slave_0: left promiscuous mode [ 156.555924][ T1128] hsr_slave_1: left promiscuous mode [ 156.604695][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.612166][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.656075][ T1128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.663526][ T1128] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 156.699180][ T1128] bridge_slave_1: left allmulticast mode [ 156.706277][ T1128] bridge_slave_1: left promiscuous mode [ 156.712092][ T1128] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.727954][ T1128] bridge_slave_0: left allmulticast mode [ 156.733924][ T1128] bridge_slave_0: left promiscuous mode [ 156.740592][ T1128] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.775422][ T1128] veth1_macvtap: left promiscuous mode [ 156.781101][ T1128] veth0_macvtap: left promiscuous mode [ 156.789230][ T1128] veth1_vlan: left promiscuous mode [ 156.795675][ T1128] veth0_vlan: left promiscuous mode [ 157.154577][ T787] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 157.177839][ T7879] netlink: 4 bytes leftover after parsing attributes in process `syz.5.482'. [ 157.348822][ T787] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 157.363178][ T787] usb 7-1: config 1 has no interface number 0 [ 157.370064][ T787] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.381533][ T787] usb 7-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 157.391025][ T787] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 20300, setting to 1024 [ 157.402337][ T787] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 157.415074][ T787] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.424301][ T787] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.432328][ T787] usb 7-1: Product: syz [ 157.437472][ T787] usb 7-1: Manufacturer: syz [ 157.443171][ T787] usb 7-1: SerialNumber: syz [ 157.638577][ T1128] team0 (unregistering): Port device team_slave_1 removed [ 157.680736][ T7870] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 157.722493][ T1128] team0 (unregistering): Port device team_slave_0 removed [ 157.785433][ T1128] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 157.843693][ T1128] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 158.006283][ T5795] Bluetooth: hci2: command tx timeout [ 158.099217][ T5795] Bluetooth: hci4: command tx timeout [ 158.309029][ T7870] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 158.339210][ T787] cdc_ncm 7-1:1.1: bind() failure [ 158.511097][ T1128] bond0 (unregistering): Released all slaves [ 158.539924][ T7323] usb 7-1: USB disconnect, device number 5 [ 158.812180][ T7772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 158.846540][ T7748] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.879718][ T7772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 158.892084][ T7772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 158.931921][ T7772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 159.096788][ T7772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.163599][ T7772] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.198248][ T131] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.205423][ T131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.245576][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.252773][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.427537][ T7748] veth0_vlan: entered promiscuous mode [ 159.446013][ T7321] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 159.449185][ T7748] veth1_vlan: entered promiscuous mode [ 159.512063][ T7748] veth0_macvtap: entered promiscuous mode [ 159.538500][ T7748] veth1_macvtap: entered promiscuous mode [ 159.572957][ T7748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.585224][ T7748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.600093][ T7748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.612309][ T7748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.632251][ T7748] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.647802][ T7321] usb 6-1: Using ep0 maxpacket: 8 [ 159.658238][ T7748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.670396][ T7321] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 159.671852][ T7748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.678968][ T7321] usb 6-1: config 179 has no interface number 0 [ 159.679015][ T7321] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 159.679041][ T7321] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 159.700049][ T7748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.708501][ T7900] loop6: detected capacity change from 0 to 32768 [ 159.723241][ T7748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.748477][ T7321] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 159.754780][ T7748] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.761006][ T7900] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop6 scanned by syz.6.485 (7900) [ 159.779680][ T7321] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 159.801074][ T7748] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.806078][ T7900] BTRFS info (device loop6): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 159.812278][ T7748] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.825264][ T7321] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 159.831219][ T7748] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.844039][ T7900] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 159.859268][ T7748] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.861974][ T7321] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 159.880195][ T7900] BTRFS info (device loop6): using free space tree [ 159.900612][ T7321] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.924960][ T7898] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 160.009213][ T7900] BTRFS info (device loop6): enabling ssd optimizations [ 160.016847][ T7900] BTRFS info (device loop6): auto enabling async discard [ 160.026601][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.040289][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.054028][ T7772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.082059][ T1128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.090849][ T5795] Bluetooth: hci2: command tx timeout [ 160.109478][ T1128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.218707][ T7772] veth0_vlan: entered promiscuous mode [ 160.257413][ T7772] veth1_vlan: entered promiscuous mode [ 160.272253][ T5857] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input14 [ 160.315375][ T7224] BTRFS info (device loop6): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 160.341061][ T7772] veth0_macvtap: entered promiscuous mode [ 160.372695][ T7772] veth1_macvtap: entered promiscuous mode [ 160.437813][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.459757][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.470099][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.480967][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.491340][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.502177][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.535794][ T7772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 160.589651][ T5877] usb 6-1: USB disconnect, device number 5 [ 160.589660][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 160.589698][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 160.612543][ T5877] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 160.627883][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.649109][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.666802][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.679591][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.699906][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.719403][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.756711][ T7772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 160.822207][ T7772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.837538][ T7772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.848845][ T7772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.863905][ T7772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.058150][ T131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.081031][ T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.164752][ T131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.184004][ T131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.327318][ T7923] loop7: detected capacity change from 0 to 32768 [ 161.337317][ T7928] program syz.5.488 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 161.415869][ T7923] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 161.544862][ T7923] syz.7.443 (7923) used greatest stack depth: 19152 bytes left [ 161.561005][ T7931] loop2: detected capacity change from 0 to 4096 [ 161.583754][ T7748] ocfs2: Unmounting device (7,7) on (node local) [ 162.031636][ T7946] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 162.194410][ T7321] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 162.387647][ T7321] usb 6-1: config 0 has no interfaces? [ 162.400822][ T7321] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 162.410940][ T7321] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.424932][ T7321] usb 6-1: Product: syz [ 162.429143][ T7321] usb 6-1: Manufacturer: syz [ 162.436310][ T7321] usb 6-1: SerialNumber: syz [ 162.443169][ T7321] usb 6-1: config 0 descriptor?? [ 162.504341][ T7323] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 162.658980][ T7321] usb 6-1: USB disconnect, device number 6 [ 162.705846][ T7323] usb 8-1: Using ep0 maxpacket: 8 [ 162.715050][ T7323] usb 8-1: config 179 has an invalid interface number: 65 but max is 0 [ 162.723339][ T7323] usb 8-1: config 179 has no interface number 0 [ 162.744288][ T7323] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 162.755406][ T7323] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 162.774226][ T7323] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 162.785690][ T7323] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 162.798317][ T7323] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 162.813543][ T7323] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 162.832762][ T7323] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.845572][ T7952] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22 [ 163.154872][ T7323] input: Generic X-Box pad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input15 [ 163.463946][ T5856] usb 8-1: USB disconnect, device number 2 [ 163.463951][ C1] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 163.463991][ C1] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 163.486371][ T5856] xpad 8-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 164.182629][ T7985] loop5: detected capacity change from 0 to 4096 [ 164.377747][ T7983] loop7: detected capacity change from 0 to 32768 [ 165.164368][ T7321] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 165.365671][ T7321] usb 3-1: Using ep0 maxpacket: 8 [ 165.392706][ T7321] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 165.401264][ T7321] usb 3-1: config 179 has no interface number 0 [ 165.402450][ T8021] loop5: detected capacity change from 0 to 8192 [ 165.419826][ T7321] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 165.444564][ T7321] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 165.466066][ T7321] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 165.493093][ T7321] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 165.516159][ T7321] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 165.545075][ T7321] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 165.564193][ T7321] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.583149][ T8003] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 165.972052][ T7321] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input16 [ 166.249643][ T5842] usb 3-1: USB disconnect, device number 7 [ 166.249693][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 166.264434][ C1] dummy_hcd dummy_hcd.2: timer fired with no URBs pending? [ 166.264500][ T5842] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 166.530005][ T8057] loop7: detected capacity change from 0 to 1024 [ 166.543014][ T8057] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.773971][ T8055] loop6: detected capacity change from 0 to 40427 [ 166.787865][ T8055] F2FS-fs (loop6): invalid crc value [ 166.815487][ T8055] F2FS-fs (loop6): Found nat_bits in checkpoint [ 166.861051][ T8061] loop7: detected capacity change from 0 to 8192 [ 166.930599][ T8055] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4 [ 167.048386][ T7224] syz-executor: attempt to access beyond end of device [ 167.048386][ T7224] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 167.066635][ T8071] loop7: detected capacity change from 0 to 128 [ 167.084473][ T7224] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 167.100644][ T8071] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 167.133138][ T8071] ext4 filesystem being mounted at /15/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 167.317533][ T7748] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 167.475072][ T5857] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 167.529406][ T8073] loop5: detected capacity change from 0 to 32768 [ 167.574541][ T28] audit: type=1800 audit(1752560445.319:117): pid=8073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.545" name="file1" dev="loop5" ino=4 res=0 errno=0 [ 167.675261][ T5857] usb 3-1: Using ep0 maxpacket: 16 [ 167.691638][ T5857] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.707798][ T5857] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 167.720770][ T5857] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.739520][ T5857] usb 3-1: config 0 descriptor?? [ 167.792459][ T8083] loop6: detected capacity change from 0 to 8192 [ 167.810326][ T8083] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 167.823819][ T8083] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal [ 167.833414][ T8083] REISERFS (device loop6): using ordered data mode [ 167.840048][ T8083] reiserfs: using flush barriers [ 167.846952][ T8083] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 167.863641][ T8083] REISERFS (device loop6): checking transaction log (loop6) [ 167.975420][ T8083] REISERFS (device loop6): Using tea hash to sort names [ 167.983948][ T8083] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 168.202934][ T5857] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0 [ 168.224589][ T5857] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0 [ 168.247456][ T5857] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0 [ 168.268770][ T5857] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0 [ 168.276361][ T5857] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0 [ 168.285194][ T5857] mcp2221 0003:04D8:00DD.000A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 168.421967][ T5842] usb 3-1: USB disconnect, device number 8 [ 168.814328][ T5829] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 168.962508][ T8114] loop5: detected capacity change from 0 to 4096 [ 168.974193][ T8114] ntfs3: loop5: Different NTFS sector size (1024) and media sector size (512). [ 168.998738][ T5829] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 169.016443][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.025761][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.037307][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.046861][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.056374][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.075533][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.085932][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.095151][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.114180][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.144783][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.157472][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.173739][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.185871][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.207348][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.229724][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.245857][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.262897][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.291114][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.308699][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.332029][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.346665][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.355213][ T5829] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.375605][ T5829] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.391707][ T5829] usb 7-1: config 0 interface 0 has no altsetting 0 [ 169.401805][ T5829] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 169.416501][ T5829] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 169.439549][ T5829] usb 7-1: Product: syz [ 169.443762][ T5829] usb 7-1: Manufacturer: syz [ 169.459034][ T5829] usb 7-1: SerialNumber: syz [ 169.476173][ T5829] usb 7-1: config 0 descriptor?? [ 169.486849][ T5829] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 169.559989][ T8122] loop5: detected capacity change from 0 to 8192 [ 169.568331][ T8116] loop2: detected capacity change from 0 to 32768 [ 169.569029][ T8122] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 169.588035][ T8122] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 169.596303][ T28] audit: type=1800 audit(1752560447.349:118): pid=8116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.559" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 169.597492][ T8122] REISERFS (device loop5): using ordered data mode [ 169.625924][ T8122] reiserfs: using flush barriers [ 169.633607][ T8122] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 169.650524][ T8122] REISERFS (device loop5): checking transaction log (loop5) [ 169.808739][ T8122] REISERFS (device loop5): Using tea hash to sort names [ 169.822170][ T8122] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 169.824235][ T7321] usb 7-1: USB disconnect, device number 6 [ 169.873337][ T7321] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 170.207812][ T8132] overlay: Unknown parameter '/' [ 170.248602][ T8130] loop7: detected capacity change from 0 to 8192 [ 170.261482][ T8130] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 170.275425][ T8130] REISERFS (device loop7): found reiserfs format "3.6" with non-standard journal [ 170.284930][ T8130] REISERFS (device loop7): using ordered data mode [ 170.291623][ T8130] reiserfs: using flush barriers [ 170.298479][ T8130] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 170.315371][ T8130] REISERFS (device loop7): checking transaction log (loop7) [ 170.342484][ T8134] loop6: detected capacity change from 0 to 1024 [ 170.526408][ T8130] REISERFS (device loop7): Using tea hash to sort names [ 170.544564][ T8130] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 170.569760][ T42] hfsplus: b-tree write err: -5, ino 4 [ 170.964830][ T8151] loop7: detected capacity change from 0 to 256 [ 170.986957][ T8151] exFAT-fs (loop7): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 171.079389][ T8148] loop6: detected capacity change from 0 to 32768 [ 171.093115][ T8148] (syz.6.570,8148,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 171.120474][ T8148] (syz.6.570,8148,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 171.151426][ T8154] loop5: detected capacity change from 0 to 512 [ 171.178779][ T8154] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 171.214663][ T8154] EXT4-fs (loop5): 1 truncate cleaned up [ 171.230281][ T8148] JBD2: Ignoring recovery information on journal [ 171.245486][ T8154] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.333889][ T8154] EXT4-fs error (device loop5): ext4_check_dx_root:2266: inode #2: comm syz.5.575: Corrupt dir, invalid name for '..', running e2fsck is recommended [ 171.374392][ T8148] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 171.388513][ T8154] EXT4-fs (loop5): Remounting filesystem read-only [ 171.441325][ T6691] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.562133][ T8161] loop7: detected capacity change from 0 to 32768 [ 171.631017][ T28] audit: type=1800 audit(1752560449.379:119): pid=8161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.574" name="file1" dev="loop7" ino=4 res=0 errno=0 [ 171.741805][ T8171] loop5: detected capacity change from 0 to 1024 [ 171.764865][ T8171] EXT4-fs: Ignoring removed nobh option [ 171.770614][ T8171] EXT4-fs: Ignoring removed bh option [ 171.796477][ T8171] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 171.850715][ T8171] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.935862][ T7224] ocfs2: Unmounting device (7,6) on (node local) [ 171.986727][ T6691] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.948150][ T8180] loop6: detected capacity change from 0 to 32768 [ 172.970193][ T8180] XFS: ikeep mount option is deprecated. [ 173.010706][ T8180] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.172064][ T8180] XFS (loop6): Ending clean mount [ 173.179982][ T8180] XFS (loop6): Quotacheck needed: Please wait. [ 173.235331][ T8180] XFS (loop6): Quotacheck: Done. [ 173.327165][ T7224] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.455473][ T8207] futex_wake_op: syz.2.591 tries to shift op by 32; fix this program [ 173.670947][ T8215] syzkaller1: entered promiscuous mode [ 173.692769][ T8215] syzkaller1: entered allmulticast mode [ 174.013732][ T8214] loop6: detected capacity change from 0 to 32768 [ 174.061194][ T28] audit: type=1800 audit(1752560451.809:120): pid=8214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.592" name="file1" dev="loop6" ino=4 res=0 errno=0 [ 174.423152][ T8217] loop2: detected capacity change from 0 to 32768 [ 174.443775][ T8217] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.603 (8217) [ 174.504210][ T8217] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 174.536448][ T8217] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 174.554569][ T8217] BTRFS info (device loop2): turning on sync discard [ 174.568582][ T8217] BTRFS info (device loop2): use zlib compression, level 3 [ 174.577881][ T8217] BTRFS info (device loop2): turning off barriers [ 174.590279][ T8217] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 174.626505][ T8217] BTRFS info (device loop2): trying to use backup root at mount time [ 174.655503][ T8217] BTRFS info (device loop2): enabling auto defrag [ 174.662054][ T8217] BTRFS info (device loop2): max_inline at 0 [ 174.686051][ T8217] BTRFS info (device loop2): using free space tree [ 174.751989][ T1128] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 174.789354][ T8217] BTRFS error (device loop2): failed to load root extent [ 174.797062][ T8217] BTRFS warning (device loop2): try to load backup roots slot 1 [ 174.817394][ T43] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 174.874360][ T8217] BTRFS warning (device loop2): couldn't read tree root [ 174.886747][ T8217] BTRFS warning (device loop2): try to load backup roots slot 2 [ 174.929655][ T43] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 174.965078][ T8217] BTRFS warning (device loop2): couldn't read tree root [ 174.985913][ T8217] BTRFS warning (device loop2): try to load backup roots slot 3 [ 175.029130][ T8217] BTRFS info (device loop2): enabling ssd optimizations [ 175.076574][ T8217] BTRFS info (device loop2): rebuilding free space tree [ 175.130401][ T8217] BTRFS info (device loop2): checking UUID tree [ 175.134057][ T8226] loop5: detected capacity change from 0 to 40427 [ 175.151663][ T8226] F2FS-fs (loop5): invalid crc value [ 175.179591][ T8226] F2FS-fs (loop5): Found nat_bits in checkpoint [ 175.215878][ T8253] loop7: detected capacity change from 0 to 1024 [ 175.228237][ T8253] EXT4-fs: Ignoring removed orlov option [ 175.243360][ T7321] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 175.266769][ T8226] F2FS-fs (loop5): Start checkpoint disabled! [ 175.269318][ T8253] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.305585][ T8226] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 175.340886][ T7772] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 175.440794][ T7748] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.460290][ T7321] usb 7-1: Using ep0 maxpacket: 32 [ 175.483838][ T7321] usb 7-1: config 0 has an invalid interface number: 132 but max is 0 [ 175.504872][ T7321] usb 7-1: config 0 has no interface number 0 [ 175.511882][ T7321] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 175.557328][ T7321] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 175.569913][ T7321] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.578167][ T7321] usb 7-1: Product: syz [ 175.582416][ T7321] usb 7-1: Manufacturer: syz [ 175.608574][ T7321] usb 7-1: SerialNumber: syz [ 175.645297][ T7321] usb 7-1: config 0 descriptor?? [ 175.655875][ T7321] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 175.675024][ T7321] em28xx 7-1:0.132: Video interface 132 found: [ 175.862994][ T3460] kworker/u4:10: attempt to access beyond end of device [ 175.862994][ T3460] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 175.888410][ T3460] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 175.911824][ T8262] loop7: detected capacity change from 0 to 4096 [ 175.929840][ T8262] ntfs3: loop7: Different NTFS sector size (4096) and media sector size (512). [ 175.971526][ T8262] ntfs3: loop7: Inode r=19 is not in use! [ 175.980951][ T8262] ntfs3: loop7: Mark volume as dirty due to NTFS errors [ 175.998246][ T8262] ntfs3: loop7: Failed to initialize $Extend/$Reparse. [ 176.065417][ T7321] em28xx 7-1:0.132: unknown em28xx chip ID (0) [ 176.267356][ T8274] loop5: detected capacity change from 0 to 256 [ 176.280584][ T8274] exfat: Deprecated parameter 'namecase' [ 176.290269][ T8274] exfat: Deprecated parameter 'namecase' [ 176.296150][ T8276] loop7: detected capacity change from 0 to 128 [ 176.303546][ T8276] UDF-fs: bad mount option "partItion=0000$000Á*5¥5ðíÃ" or missing value [ 176.304425][ T8274] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 176.475978][ T7321] em28xx 7-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 176.497239][ T8280] loop5: detected capacity change from 0 to 2048 [ 176.503910][ T7321] em28xx 7-1:0.132: board has no eeprom [ 176.511455][ T8280] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 176.548426][ T8281] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 176.582308][ T8280] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 262144 [ 176.591457][ T7321] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 176.600141][ T7321] em28xx 7-1:0.132: analog set to bulk mode. [ 176.606360][ T8280] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 176.621145][ T5857] em28xx 7-1:0.132: Registering V4L2 extension [ 176.633129][ T7321] usb 7-1: USB disconnect, device number 7 [ 176.652761][ T7321] em28xx 7-1:0.132: Disconnecting em28xx [ 176.662850][ T8280] Remounting filesystem read-only [ 176.668279][ T8280] NILFS (loop5): error -5 truncating bmap (ino=15) [ 176.726359][ T6691] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 176.745571][ T6691] NILFS (loop5): discard dirty page: offset=0, ino=2 [ 176.752519][ T6691] NILFS (loop5): discard dirty block: blocknr=18, size=1024 [ 176.760028][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 176.769991][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 176.780131][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 176.796795][ T6691] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 176.813902][ T6691] NILFS (loop5): discard dirty block: blocknr=3, size=1024 [ 176.834190][ T6691] NILFS (loop5): discard dirty block: blocknr=36, size=1024 [ 176.841534][ T6691] NILFS (loop5): discard dirty block: blocknr=37, size=1024 [ 176.857919][ T8278] loop7: detected capacity change from 0 to 32768 [ 176.864528][ T6691] NILFS (loop5): discard dirty block: blocknr=38, size=1024 [ 176.871855][ T6691] NILFS (loop5): discard dirty page: offset=268697600, ino=6 [ 176.879469][ T5857] em28xx 7-1:0.132: Config register raw data: 0xffffffed [ 176.888862][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 176.898195][ T5857] em28xx 7-1:0.132: AC97 chip type couldn't be determined [ 176.905483][ T6691] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 176.912709][ T6691] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 176.913893][ T28] audit: type=1800 audit(1752560454.659:121): pid=8278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.611" name="file1" dev="loop7" ino=4 res=0 errno=0 [ 176.920060][ T5857] em28xx 7-1:0.132: No AC97 audio processor [ 176.926892][ T5857] usb 7-1: Decoder not found [ 176.954146][ T6691] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 176.984919][ T6691] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 176.991657][ T6691] NILFS (loop5): discard dirty block: blocknr=42, size=1024 [ 176.999539][ T5857] em28xx 7-1:0.132: failed to create media graph [ 177.009696][ T5857] em28xx 7-1:0.132: V4L2 device video103 deregistered [ 177.021670][ T6691] NILFS (loop5): discard dirty block: blocknr=43, size=1024 [ 177.037429][ T5857] em28xx 7-1:0.132: Remote control support is not available for this card. [ 177.054179][ T6691] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [ 177.068904][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 177.078116][ T7321] em28xx 7-1:0.132: Closing input extension [ 177.104192][ T6691] NILFS (loop5): discard dirty page: offset=196608, ino=3 [ 177.111362][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 177.144299][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 177.150475][ T7321] em28xx 7-1:0.132: Freeing device [ 177.161693][ T6691] NILFS (loop5): discard dirty block: blocknr=49, size=1024 [ 177.184240][ T6691] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 177.194824][ T8290] loop6: detected capacity change from 0 to 512 [ 177.215702][ T8290] UDF-fs: warning (device loop6): udf_load_vrs: No VRS found [ 177.229292][ T8290] UDF-fs: Scanning with blocksize 512 failed [ 177.246448][ T8290] UDF-fs: warning (device loop6): udf_load_vrs: No VRS found [ 177.253851][ T8290] UDF-fs: Scanning with blocksize 1024 failed [ 177.295592][ T8293] loop5: detected capacity change from 0 to 64 [ 177.302268][ T8290] UDF-fs: warning (device loop6): udf_load_vrs: No VRS found [ 177.311504][ T8290] UDF-fs: Scanning with blocksize 2048 failed [ 177.325489][ T8290] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256 [ 177.341438][ T8290] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 177.627788][ T8301] loop2: detected capacity change from 0 to 256 [ 177.649550][ T8299] loop7: detected capacity change from 0 to 1024 [ 177.674788][ T8299] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 177.745745][ T8299] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.775462][ T8303] loop5: detected capacity change from 0 to 4096 [ 177.778954][ T8299] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 177.951103][ T7748] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.172392][ T8308] loop6: detected capacity change from 0 to 32768 [ 178.223419][ T8308] JBD2: Ignoring recovery information on journal [ 178.298343][ T8308] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 178.430488][ T28] audit: type=1804 audit(1752560456.179:122): pid=8308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.622" name="/newroot/70/file1/file1" dev="loop6" ino=17058 res=1 errno=0 [ 178.537421][ T7224] ocfs2: Unmounting device (7,6) on (node local) [ 178.759045][ T8319] loop7: detected capacity change from 0 to 32768 [ 178.798001][ T28] audit: type=1800 audit(1752560456.549:123): pid=8319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.626" name="file1" dev="loop7" ino=4 res=0 errno=0 [ 178.895657][ T8329] loop6: detected capacity change from 0 to 64 [ 179.650173][ T8355] netlink: 452 bytes leftover after parsing attributes in process `syz.5.640'. [ 179.702107][ T8357] vlan2: entered allmulticast mode [ 179.707404][ T8357] vlan1: entered allmulticast mode [ 179.712632][ T8357] veth0_vlan: entered allmulticast mode [ 179.719824][ T8357] bridge0: port 3(vlan2) entered blocking state [ 179.726493][ T8357] bridge0: port 3(vlan2) entered disabled state [ 179.734433][ T8357] vlan2: entered promiscuous mode [ 179.739576][ T8357] vlan1: entered promiscuous mode [ 179.748893][ T8357] bridge0: port 3(vlan2) entered blocking state [ 179.755361][ T8357] bridge0: port 3(vlan2) entered forwarding state [ 179.774149][ T8361] loop5: detected capacity change from 0 to 64 [ 179.875482][ T8361] syz.5.643: attempt to access beyond end of device [ 179.875482][ T8361] loop5: rw=34817, sector=14, nr_sectors = 61 limit=64 [ 180.186333][ T8378] loop6: detected capacity change from 0 to 512 [ 180.193869][ T8378] EXT4-fs: Ignoring removed orlov option [ 180.217876][ T8378] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 180.274529][ T8378] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 180.344427][ T8378] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2244: inode #15: comm syz.6.650: corrupted in-inode xattr: e_value size too large [ 180.399499][ T8378] EXT4-fs error (device loop6): ext4_orphan_get:1404: comm syz.6.650: couldn't read orphan inode 15 (err -117) [ 180.422281][ T8385] loop2: detected capacity change from 0 to 128 [ 180.435329][ T8385] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 180.462112][ T8378] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.590208][ T8378] System zones: 1-12 [ 180.612058][ T8378] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 180.672624][ T7224] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.303423][ T8401] loop6: detected capacity change from 0 to 32768 [ 181.637693][ T8406] loop2: detected capacity change from 0 to 32768 [ 181.645775][ T8406] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.662 (8406) [ 181.666522][ T8406] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 181.698180][ T8406] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 181.725669][ T8406] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 181.746711][ T8406] BTRFS info (device loop2): trying to use backup root at mount time [ 181.765650][ T8406] BTRFS info (device loop2): enabling auto defrag [ 181.772138][ T8406] BTRFS info (device loop2): turning on sync discard [ 181.800381][ T8406] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 181.824154][ T8406] BTRFS info (device loop2): trying to use backup root at mount time [ 181.832437][ T8406] BTRFS info (device loop2): using free space tree [ 181.954052][ T8406] BTRFS error (device loop2: state M): unrecognized mount option '' [ 182.051218][ T7772] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 182.076502][ T8436] pim6reg1: entered promiscuous mode [ 182.081955][ T8436] pim6reg1: entered allmulticast mode [ 182.432440][ T8411] loop6: detected capacity change from 0 to 32768 [ 182.559147][ T8442] loop7: detected capacity change from 0 to 2048 [ 182.606033][ T8411] find_entry called with index = 0 [ 182.611445][ T8442] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found [ 182.629508][ T8442] UDF-fs: Scanning with blocksize 512 failed [ 182.653251][ T8442] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.804908][ T8441] UDF-fs: warning (device loop7): udf_truncate_tail_extent: Too long extent after EOF in inode 818: i_size: 134285904 lbcount: 134288384 extent 65+34816 [ 182.875679][ T8453] loop2: detected capacity change from 0 to 512 [ 182.888175][ T8453] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 182.914324][ T131] kworker/u4:5: attempt to access beyond end of device [ 182.914324][ T131] loop7: rw=1, sector=2048, nr_sectors = 2 limit=2048 [ 182.940396][ T131] Buffer I/O error on dev loop7, logical block 1024, lost async page write [ 182.953863][ T131] kworker/u4:5: attempt to access beyond end of device [ 182.953863][ T131] loop7: rw=1, sector=2048, nr_sectors = 2 limit=2048 [ 182.973354][ T8453] EXT4-fs (loop2): 1 truncate cleaned up [ 182.977660][ T131] Buffer I/O error on dev loop7, logical block 1024, lost async page write [ 182.988036][ T131] kworker/u4:5: attempt to access beyond end of device [ 182.988036][ T131] loop7: rw=1, sector=2050, nr_sectors = 2 limit=2048 [ 182.993348][ T8453] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.001930][ T131] Buffer I/O error on dev loop7, logical block 1025, lost async page write [ 183.022824][ T131] kworker/u4:5: attempt to access beyond end of device [ 183.022824][ T131] loop7: rw=1, sector=2050, nr_sectors = 2 limit=2048 [ 183.036450][ T131] Buffer I/O error on dev loop7, logical block 1025, lost async page write [ 183.046076][ T131] kworker/u4:5: attempt to access beyond end of device [ 183.046076][ T131] loop7: rw=1, sector=2052, nr_sectors = 2 limit=2048 [ 183.059698][ T131] Buffer I/O error on dev loop7, logical block 1026, lost async page write [ 183.068455][ T131] kworker/u4:5: attempt to access beyond end of device [ 183.068455][ T131] loop7: rw=1, sector=2052, nr_sectors = 2 limit=2048 [ 183.082313][ T131] Buffer I/O error on dev loop7, logical block 1026, lost async page write [ 183.091051][ T131] kworker/u4:5: attempt to access beyond end of device [ 183.091051][ T131] loop7: rw=1, sector=2054, nr_sectors = 2 limit=2048 [ 183.116455][ T131] Buffer I/O error on dev loop7, logical block 1027, lost async page write [ 183.118289][ T5842] libceph: connect (1)[c::]:6789 error -101 [ 183.140542][ T131] kworker/u4:5: attempt to access beyond end of device [ 183.140542][ T131] loop7: rw=1, sector=2054, nr_sectors = 2 limit=2048 [ 183.141820][ T5842] libceph: mon0 (1)[c::]:6789 connect error [ 183.179661][ T8457] ceph: No mds server is up or the cluster is laggy [ 183.179879][ T5842] libceph: connect (1)[c::]:6789 error -101 [ 183.194199][ T131] Buffer I/O error on dev loop7, logical block 1027, lost async page write [ 183.198612][ T5842] libceph: mon0 (1)[c::]:6789 connect error [ 183.220380][ T131] kworker/u4:5: attempt to access beyond end of device [ 183.220380][ T131] loop7: rw=1, sector=2056, nr_sectors = 2 limit=2048 [ 183.229477][ T7772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.233984][ T131] Buffer I/O error on dev loop7, logical block 1028, lost async page write [ 183.253165][ T131] kworker/u4:5: attempt to access beyond end of device [ 183.253165][ T131] loop7: rw=1, sector=2056, nr_sectors = 2 limit=2048 [ 183.267121][ T131] Buffer I/O error on dev loop7, logical block 1028, lost async page write [ 183.522473][ T8472] loop5: detected capacity change from 0 to 512 [ 183.657609][ T8472] EXT4-fs (loop5): 1 orphan inode deleted [ 183.675560][ T8472] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.688867][ T3460] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 183.708430][ T3460] EXT4-fs error (device loop5): ext4_release_dquot:6974: comm kworker/u4:10: Failed to release dquot type 1 [ 183.729535][ T8472] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.790734][ T8489] loop6: detected capacity change from 0 to 1024 [ 183.808223][ T6691] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.820315][ T8489] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.833729][ T8489] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.883162][ T8489] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 183.904317][ T7321] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 183.918374][ T8489] EXT4-fs (loop6): Remounting filesystem read-only [ 184.010517][ T7224] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.126193][ T7321] usb 3-1: config index 0 descriptor too short (expected 539, got 27) [ 184.138648][ T7321] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 4 [ 184.174856][ T7321] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 41407, setting to 1023 [ 184.303102][ T7321] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 184.312494][ T7321] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.320660][ T7321] usb 3-1: Product: syz [ 184.325094][ T7321] usb 3-1: Manufacturer: syz [ 184.329791][ T7321] usb 3-1: SerialNumber: syz [ 184.336827][ T7321] usb 3-1: config 0 descriptor?? [ 184.343932][ T7321] hub 3-1:0.0: bad descriptor, ignoring hub [ 184.350298][ T7321] hub: probe of 3-1:0.0 failed with error -5 [ 184.359861][ T7321] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input17 [ 184.373612][ T7321] usbtouchscreen 3-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -22 [ 184.402740][ T7321] usbtouchscreen: probe of 3-1:0.0 failed with error -22 [ 184.674499][ T5842] usb 3-1: USB disconnect, device number 9 [ 184.727502][ T5857] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 184.756358][ T5829] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 184.917441][ T5857] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.933520][ T5857] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.945523][ T5857] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 184.954481][ T5829] usb 7-1: Using ep0 maxpacket: 8 [ 184.969873][ T5857] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.993948][ T5829] usb 7-1: unable to get BOS descriptor or descriptor too short [ 185.003212][ T5857] usb 6-1: config 0 descriptor?? [ 185.008863][ T5829] usb 7-1: config index 0 descriptor too short (expected 100, got 68) [ 185.021798][ T5829] usb 7-1: config 4 has an invalid interface number: 189 but max is 0 [ 185.030112][ T5829] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 185.040375][ T5829] usb 7-1: config 4 has no interface number 0 [ 185.046676][ T5829] usb 7-1: config 4 interface 189 has no altsetting 0 [ 185.059237][ T5829] usb 7-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=ca.f9 [ 185.068366][ T5829] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.079800][ T5829] usb 7-1: Product: syz [ 185.094133][ T5829] usb 7-1: Manufacturer: syz [ 185.098781][ T5829] usb 7-1: SerialNumber: syz [ 185.227754][ T5857] usbhid 6-1:0.0: can't add hid device: -71 [ 185.233792][ T5857] usbhid: probe of 6-1:0.0 failed with error -71 [ 185.256714][ T5857] usb 6-1: USB disconnect, device number 7 [ 185.320098][ T5829] cdc_ether 7-1:4.189: invalid descriptor buffer length [ 185.332411][ T5829] usb 7-1: bad CDC descriptors [ 185.337814][ T5829] usb 7-1: unsupported MDLM descriptors [ 185.345078][ T5829] cdc_acm 7-1:4.189: invalid descriptor buffer length [ 185.359553][ T5829] usb 7-1: USB disconnect, device number 8 [ 185.474506][ T5856] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 185.654213][ T5856] usb 8-1: Using ep0 maxpacket: 16 [ 185.661536][ T5856] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.671659][ T5856] usb 8-1: config 0 interface 0 has no altsetting 0 [ 185.684357][ T5856] usb 8-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 185.693416][ T5856] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.705328][ T5856] usb 8-1: config 0 descriptor?? [ 185.824245][ T5857] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 186.004197][ T5857] usb 6-1: Using ep0 maxpacket: 16 [ 186.016171][ T5857] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.034646][ T5857] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.059103][ T5857] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.40 [ 186.074143][ T5857] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.098266][ T5857] usb 6-1: config 0 descriptor?? [ 186.121808][ T5856] hid (null): report_id 67708416 is invalid [ 186.153871][ T5856] cougar 0003:060B:500A.000B: usage count exceeds max: fixing up report descriptor [ 186.167727][ T5856] cougar 0003:060B:500A.000B: unexpected long global item [ 186.181524][ T5856] cougar 0003:060B:500A.000B: parse failed [ 186.199686][ T8544] syz.2.712 (8544) used greatest stack depth: 17672 bytes left [ 186.206758][ T5856] cougar: probe of 0003:060B:500A.000B failed with error -22 [ 186.293303][ T8541] loop6: detected capacity change from 0 to 32768 [ 186.316234][ T8541] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 186.337086][ T5856] usb 8-1: USB disconnect, device number 3 [ 186.361498][ T28] audit: type=1800 audit(1752560464.109:124): pid=8541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.710" name="file1" dev="loop6" ino=17058 res=0 errno=0 [ 186.454981][ T8541] [ 186.457353][ T8541] ====================================================== [ 186.464402][ T8541] WARNING: possible circular locking dependency detected [ 186.471408][ T8541] 6.6.98-syzkaller #0 Not tainted [ 186.476407][ T8541] ------------------------------------------------------ [ 186.483400][ T8541] syz.6.710/8541 is trying to acquire lock: [ 186.489268][ T8541] ffff88805daf3498 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_del_inode_from_orphan+0x135/0x740 [ 186.502228][ T8541] [ 186.502228][ T8541] but task is already holding lock: [ 186.509574][ T8541] ffff88805d9e3f60 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0 [ 186.520187][ T8541] [ 186.520187][ T8541] which lock already depends on the new lock. [ 186.520187][ T8541] [ 186.530583][ T8541] [ 186.530583][ T8541] the existing dependency chain (in reverse order) is: [ 186.539590][ T8541] [ 186.539590][ T8541] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 186.548448][ T8541] down_write+0x97/0x1f0 [ 186.553217][ T8541] ocfs2_create_local_dquot+0x1a4/0x1790 [ 186.559382][ T8541] ocfs2_acquire_dquot+0x7cf/0xaf0 [ 186.565012][ T8541] dqget+0x77c/0xeb0 [ 186.569440][ T8541] __dquot_initialize+0x3ba/0xcb0 [ 186.574979][ T8541] ocfs2_get_init_inode+0x13c/0x1b0 [ 186.580684][ T8541] ocfs2_mknod+0x867/0x20f0 [ 186.585691][ T8541] ocfs2_mkdir+0x196/0x410 [ 186.590615][ T8541] vfs_mkdir+0x296/0x440 [ 186.595367][ T8541] do_mkdirat+0x1d4/0x440 [ 186.600235][ T8541] __x64_sys_mkdirat+0x89/0xa0 [ 186.605521][ T8541] do_syscall_64+0x55/0xb0 [ 186.610448][ T8541] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 186.616854][ T8541] [ 186.616854][ T8541] -> #2 (&dquot->dq_lock){+.+.}-{3:3}: [ 186.624494][ T8541] __mutex_lock+0x129/0xcc0 [ 186.629529][ T8541] dqget+0x6fc/0xeb0 [ 186.633947][ T8541] __dquot_initialize+0x3ba/0xcb0 [ 186.639482][ T8541] ocfs2_get_init_inode+0x13c/0x1b0 [ 186.645194][ T8541] ocfs2_mknod+0x867/0x20f0 [ 186.650205][ T8541] ocfs2_mkdir+0x196/0x410 [ 186.655140][ T8541] vfs_mkdir+0x296/0x440 [ 186.659894][ T8541] do_mkdirat+0x1d4/0x440 [ 186.664733][ T8541] __x64_sys_mkdirat+0x89/0xa0 [ 186.670005][ T8541] do_syscall_64+0x55/0xb0 [ 186.674949][ T8541] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 186.681346][ T8541] [ 186.681346][ T8541] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}: [ 186.691846][ T8541] down_write+0x97/0x1f0 [ 186.696601][ T8541] ocfs2_evict_inode+0x1313/0x3e60 [ 186.702304][ T8541] evict+0x486/0x870 [ 186.706711][ T8541] ocfs2_dentry_iput+0x248/0x370 [ 186.712156][ T8541] __dentry_kill+0x431/0x650 [ 186.717256][ T8541] dentry_kill+0xb8/0x290 [ 186.722085][ T8541] dput+0xfe/0x1e0 [ 186.726313][ T8541] __fput+0x5e5/0x970 [ 186.730804][ T8541] task_work_run+0x1ce/0x250 [ 186.735910][ T8541] exit_to_user_mode_loop+0xe6/0x110 [ 186.741729][ T8541] exit_to_user_mode_prepare+0xb1/0x140 [ 186.747816][ T8541] syscall_exit_to_user_mode+0x1a/0x50 [ 186.753817][ T8541] do_syscall_64+0x61/0xb0 [ 186.758774][ T8541] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 186.765201][ T8541] [ 186.765201][ T8541] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}: [ 186.775515][ T8541] __lock_acquire+0x2ddb/0x7c80 [ 186.780872][ T8541] lock_acquire+0x197/0x410 [ 186.785879][ T8541] down_write+0x97/0x1f0 [ 186.790661][ T8541] ocfs2_del_inode_from_orphan+0x135/0x740 [ 186.796984][ T8541] ocfs2_dio_end_io+0x47b/0x10f0 [ 186.802426][ T8541] dio_complete+0x254/0x710 [ 186.807445][ T8541] __blockdev_direct_IO+0x2dc8/0x3420 [ 186.813325][ T8541] ocfs2_direct_IO+0x240/0x2b0 [ 186.818591][ T8541] generic_file_direct_write+0x1d4/0x3e0 [ 186.824731][ T8541] __generic_file_write_iter+0x11b/0x230 [ 186.830886][ T8541] ocfs2_file_write_iter+0x1582/0x1d00 [ 186.836846][ T8541] do_iter_write+0x79a/0xc70 [ 186.841940][ T8541] iter_file_splice_write+0x66f/0xc50 [ 186.847814][ T8541] direct_splice_actor+0xe8/0x130 [ 186.853339][ T8541] splice_direct_to_actor+0x2f0/0x870 [ 186.859212][ T8541] do_splice_direct+0x1b7/0x2c0 [ 186.864563][ T8541] do_sendfile+0x5dc/0xf70 [ 186.869477][ T8541] __se_sys_sendfile64+0x13f/0x190 [ 186.875086][ T8541] do_syscall_64+0x55/0xb0 [ 186.880007][ T8541] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 186.886399][ T8541] [ 186.886399][ T8541] other info that might help us debug this: [ 186.886399][ T8541] [ 186.896604][ T8541] Chain exists of: [ 186.896604][ T8541] &ocfs2_sysfile_lock_key[args->fi_sysfile_type] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key [ 186.896604][ T8541] [ 186.913539][ T8541] Possible unsafe locking scenario: [ 186.913539][ T8541] [ 186.920979][ T8541] CPU0 CPU1 [ 186.926332][ T8541] ---- ---- [ 186.931687][ T8541] lock(&ocfs2_quota_ip_alloc_sem_key); [ 186.937307][ T8541] lock(&dquot->dq_lock); [ 186.944232][ T8541] lock(&ocfs2_quota_ip_alloc_sem_key); [ 186.952367][ T8541] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 186.959462][ T8541] [ 186.959462][ T8541] *** DEADLOCK *** [ 186.959462][ T8541] [ 186.967589][ T8541] 3 locks held by syz.6.710/8541: [ 186.972593][ T8541] #0: ffff88804afba418 (sb_writers#15){.+.+}-{0:0}, at: do_sendfile+0x5b9/0xf70 [ 186.981712][ T8541] #1: ffff88805d9e42d8 (&sb->s_type->i_mutex_key#27){+.+.}-{3:3}, at: ocfs2_file_write_iter+0x40b/0x1d00 [ 186.992998][ T8541] #2: ffff88805d9e3f60 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0 [ 187.004020][ T8541] [ 187.004020][ T8541] stack backtrace: [ 187.009890][ T8541] CPU: 1 PID: 8541 Comm: syz.6.710 Not tainted 6.6.98-syzkaller #0 [ 187.017761][ T8541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 187.027795][ T8541] Call Trace: [ 187.031058][ T8541] [ 187.033975][ T8541] dump_stack_lvl+0x16c/0x230 [ 187.038649][ T8541] ? load_image+0x3b0/0x3b0 [ 187.043147][ T8541] ? show_regs_print_info+0x20/0x20 [ 187.048330][ T8541] ? print_circular_bug+0x12b/0x1a0 [ 187.053512][ T8541] check_noncircular+0x2bd/0x3c0 [ 187.058435][ T8541] ? print_deadlock_bug+0x5d0/0x5d0 [ 187.063618][ T8541] ? lockdep_lock+0xe0/0x220 [ 187.068194][ T8541] ? _find_first_zero_bit+0xd3/0x100 [ 187.073462][ T8541] __lock_acquire+0x2ddb/0x7c80 [ 187.078301][ T8541] ? ocfs2_get_system_file_inode+0x1e3/0x7b0 [ 187.084267][ T8541] ? __lock_acquire+0x7c80/0x7c80 [ 187.089272][ T8541] ? verify_lock_unused+0x140/0x140 [ 187.094452][ T8541] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 187.100069][ T8541] ? do_raw_spin_lock+0x121/0x2c0 [ 187.105076][ T8541] ? mutex_unlock+0x10/0x10 [ 187.109568][ T8541] lock_acquire+0x197/0x410 [ 187.114225][ T8541] ? ocfs2_del_inode_from_orphan+0x135/0x740 [ 187.120189][ T8541] ? ocfs2_get_system_file_inode+0x1f1/0x7b0 [ 187.126154][ T8541] ? __might_sleep+0xe0/0xe0 [ 187.130725][ T8541] ? read_lock_is_recursive+0x20/0x20 [ 187.136085][ T8541] ? ocfs2_fast_symlink_read_folio+0x530/0x530 [ 187.142254][ T8541] ? do_raw_spin_unlock+0x121/0x230 [ 187.147441][ T8541] down_write+0x97/0x1f0 [ 187.151667][ T8541] ? ocfs2_del_inode_from_orphan+0x135/0x740 [ 187.157638][ T8541] ? down_read_killable+0x340/0x340 [ 187.162826][ T8541] ocfs2_del_inode_from_orphan+0x135/0x740 [ 187.168621][ T8541] ? __might_sleep+0xe0/0xe0 [ 187.173194][ T8541] ? read_lock_is_recursive+0x20/0x20 [ 187.178551][ T8541] ? ocfs2_add_inode_to_orphan+0x710/0x710 [ 187.184341][ T8541] ? __lock_acquire+0x1334/0x7c80 [ 187.189348][ T8541] ? down_write+0x162/0x1f0 [ 187.194438][ T8541] ? down_read_killable+0x340/0x340 [ 187.199616][ T8541] ocfs2_dio_end_io+0x47b/0x10f0 [ 187.204548][ T8541] ? ocfs2_dio_wr_get_block+0x17a0/0x17a0 [ 187.210265][ T8541] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 187.216151][ T8541] ? _raw_spin_unlock+0x40/0x40 [ 187.221006][ T8541] ? debug_check_no_obj_freed+0x51f/0x540 [ 187.226717][ T8541] ? mark_lock+0x94/0x320 [ 187.231028][ T8541] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 187.237183][ T8541] ? lock_chain_count+0x20/0x20 [ 187.242035][ T8541] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 187.247911][ T8541] ? lockdep_hardirqs_on+0x98/0x150 [ 187.253091][ T8541] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 187.258966][ T8541] ? ocfs2_dio_wr_get_block+0x17a0/0x17a0 [ 187.264678][ T8541] dio_complete+0x254/0x710 [ 187.269167][ T8541] __blockdev_direct_IO+0x2dc8/0x3420 [ 187.274519][ T8541] ? find_get_entries+0xe8/0x8c0 [ 187.279465][ T8541] ? show_vfsstat+0x3a0/0x3a0 [ 187.284127][ T8541] ? ocfs2_lock_get_block+0x60/0x60 [ 187.289315][ T8541] ? filemap_write_and_wait_range+0x18e/0x1f0 [ 187.295373][ T8541] ? ocfs2_lock_get_block+0x60/0x60 [ 187.300552][ T8541] ocfs2_direct_IO+0x240/0x2b0 [ 187.305298][ T8541] generic_file_direct_write+0x1d4/0x3e0 [ 187.310919][ T8541] __generic_file_write_iter+0x11b/0x230 [ 187.316534][ T8541] ? ocfs2_file_write_iter+0x1559/0x1d00 [ 187.322154][ T8541] ocfs2_file_write_iter+0x1582/0x1d00 [ 187.327619][ T8541] ? ocfs2_file_read_iter+0xa30/0xa30 [ 187.332977][ T8541] ? stack_trace_snprint+0xf0/0xf0 [ 187.338072][ T8541] ? kasan_set_track+0x5f/0x70 [ 187.342866][ T8541] ? aa_path_link+0xdd0/0xdd0 [ 187.347530][ T8541] ? iter_file_splice_write+0x18a/0xc50 [ 187.353054][ T8541] ? direct_splice_actor+0xe8/0x130 [ 187.358234][ T8541] ? splice_direct_to_actor+0x2f0/0x870 [ 187.363762][ T8541] ? do_splice_direct+0x1b7/0x2c0 [ 187.368775][ T8541] ? do_sendfile+0x5dc/0xf70 [ 187.373356][ T8541] ? __se_sys_sendfile64+0x13f/0x190 [ 187.378628][ T8541] ? do_syscall_64+0x55/0xb0 [ 187.383212][ T8541] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 187.389261][ T8541] ? end_current_label_crit_section+0x149/0x170 [ 187.395489][ T8541] ? common_file_perm+0x198/0x1f0 [ 187.400505][ T8541] do_iter_write+0x79a/0xc70 [ 187.405099][ T8541] ? vfs_iter_write+0xa0/0xa0 [ 187.409775][ T8541] ? __asan_memset+0x22/0x40 [ 187.414363][ T8541] ? iov_iter_bvec+0xd4/0x1b0 [ 187.419021][ T8541] ? vfs_iter_write+0x6e/0xa0 [ 187.423676][ T8541] iter_file_splice_write+0x66f/0xc50 [ 187.429036][ T8541] ? splice_from_pipe+0x150/0x150 [ 187.434042][ T8541] ? splice_shrink_spd+0xc0/0xc0 [ 187.438964][ T8541] ? common_file_perm+0x198/0x1f0 [ 187.443980][ T8541] ? splice_from_pipe+0x150/0x150 [ 187.448986][ T8541] direct_splice_actor+0xe8/0x130 [ 187.453993][ T8541] splice_direct_to_actor+0x2f0/0x870 [ 187.459356][ T8541] ? direct_file_splice_eof+0xb0/0xb0 [ 187.464711][ T8541] ? warn_unsupported+0xc0/0xc0 [ 187.469544][ T8541] ? fsnotify_perm+0x5d/0x5e0 [ 187.474200][ T8541] ? security_file_permission+0x79/0xa0 [ 187.479726][ T8541] do_splice_direct+0x1b7/0x2c0 [ 187.484561][ T8541] ? splice_direct_to_actor+0x870/0x870 [ 187.490092][ T8541] ? rcu_read_lock_any_held+0xb4/0x120 [ 187.495534][ T8541] ? do_splice_direct+0x2c0/0x2c0 [ 187.500542][ T8541] do_sendfile+0x5dc/0xf70 [ 187.504947][ T8541] ? do_pwritev+0x340/0x340 [ 187.509437][ T8541] __se_sys_sendfile64+0x13f/0x190 [ 187.514540][ T8541] ? lock_chain_count+0x20/0x20 [ 187.519377][ T8541] ? __x64_sys_sendfile64+0xb0/0xb0 [ 187.524558][ T8541] ? lockdep_hardirqs_on+0x98/0x150 [ 187.529743][ T8541] do_syscall_64+0x55/0xb0 [ 187.534147][ T8541] ? clear_bhb_loop+0x40/0x90 [ 187.538824][ T8541] ? clear_bhb_loop+0x40/0x90 [ 187.543501][ T8541] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 187.549458][ T8541] RIP: 0033:0x7f688998e929 [ 187.553869][ T8541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.573555][ T8541] RSP: 002b:00007f688a7e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 187.581956][ T8541] RAX: ffffffffffffffda RBX: 00007f6889bb5fa0 RCX: 00007f688998e929 [ 187.589913][ T8541] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 187.597867][ T8541] RBP: 00007f6889a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 187.605828][ T8541] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000000 [ 187.613785][ T8541] R13: 0000000000000000 R14: 00007f6889bb5fa0 R15: 00007ffee177b588 [ 187.621769][ T8541] [ 187.651869][ T5857] usbhid 6-1:0.0: can't add hid device: -71 [ 187.663523][ T7224] (syz-executor,7224,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 187.663623][ T5857] usbhid: probe of 6-1:0.0 failed with error -71 [ 187.678050][ T7224] ocfs2: Unmounting device (7,6) on (node local) [ 187.688119][ T5857] usb 6-1: USB disconnect, device number 8 [ 194.486526][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.492846][ T1282] ieee802154 phy1 wpan1: encryption failed: -22