last executing test programs: 5m16.604661974s ago: executing program 3 (id=6559): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x8000451b, 0xffffffffffffffff) 5m16.562957125s ago: executing program 3 (id=6561): r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='pagemap\x00') fchdir(r0) 5m16.465745498s ago: executing program 3 (id=6564): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)=ANY=[@ANYBLOB="500100001a000100000000000200000002001c1f0000c808ffffffea080006000700000008000400", @ANYBLOB="06001c00"], 0x150}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4040084) 5m16.271344803s ago: executing program 3 (id=6569): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 5m15.740691087s ago: executing program 3 (id=6576): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xea3, 0x4, 0xffffffff, 0x5, 0xf6b65ff}) 5m15.008809007s ago: executing program 3 (id=6593): r0 = socket(0x11, 0x3, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, &(0x7f0000000380)) 5m14.762849963s ago: executing program 32 (id=6593): r0 = socket(0x11, 0x3, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, &(0x7f0000000380)) 3.432113307s ago: executing program 1 (id=14674): r0 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x101140) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x48, 0x9, 0x2, "b7f04e08a9d50d5e8278680f0be8e7a9c90226b02f470a563e7f88e249e2dcd2", 0x4824504d}) 3.401153828s ago: executing program 1 (id=14676): r0 = syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f00000011c0)=@overlay={0x2, 0x9, 0x4, 0x204, 0x80, {0x0, 0x2710}, {0x3, 0x8, 0x7, 0x8, 0x55, 0x80, "0ad750b3"}, 0x80000008, 0x3, {}, 0x5b}) 3.249596422s ago: executing program 1 (id=14682): syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0x61, 0x71, 0xb6, 0x10, 0x424, 0xcf30, 0x3527, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x8, 0x0, 0xf, "", [{{0x9, 0x4, 0xf6, 0xff, 0x0, 0x52, 0xe1, 0xef, 0xb}}]}}]}}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000040)={0x56, 0x9, 0x0, {0x4, 0x1}, {0x7c9, 0x2}, @const={0x4, {0xfff7, 0x7, 0x7, 0x8}}}) 1.85067615s ago: executing program 0 (id=14726): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x0, 0x10, {{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x1, 0x0, 0x80}}, [@tmpl={0x104, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x40}, {{@in=@loopback, 0x0, 0x3c}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xfd}, 0x0, 0x0, 0x0, 0x0, 0x800}, {{@in=@loopback, 0x0, 0x2b}, 0x0, @in6=@remote, 0x0, 0x3, 0x1}, {{@in6=@mcast1, 0x0, 0x2b}, 0x0, @in=@private=0xa010101, 0x3504, 0x0, 0x0, 0x1, 0x0, 0xabf}]}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 1.729624113s ago: executing program 0 (id=14737): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 1.623983606s ago: executing program 0 (id=14730): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000000)=@setlink={0x58, 0x13, 0x5, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x44601}, [@IFLA_IFNAME={0x14, 0x3, 'veth0_vlan\x00'}, @IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x9, 0x6}}]}]}, @IFLA_TXQLEN={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x40012}, 0x48000) 1.420270522s ago: executing program 0 (id=14735): syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x2010880, &(0x7f0000007400)=ANY=[], 0x1, 0x6174, &(0x7f0000001280)="$eJzs3b2PHGcdB/Dfvt6LiXNKEQULoYsTXkKIX4MxBEhSQEGTArmhQLYul8jCAWQb5EQWvugaCipqChASJUKUiII/IAUtHRUVlmwkkCsGzd3z+OY2u95zzrezd8/nI51nf/vM7D5z353bWc/MPgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxHe/872znYi4/LN0x0rEp6IX0Y1YquvViFhaXcnz9yPiudhqjmcjYrAQUS+/9c/TEa9GxEfHI+7dv71W331uj/349h///rsfHHvrb38YnP7vn272Xps0361bv/zPn+/sb50BAACgNFVVVZ30Mf9E+nzfbbtTAMBM5Pf/Ksn3H/n6V/986y/z1B+1Wq1Wq2dQN1Xj3WkWEbHRXKbeZ3A4HgAOmY140HYXaJH8i9aPiGNtdwKYa522O8CBuHf/9lon5dtpvh+sbrfnc0F25b/ReXh9x6TpNKPnmMzq9bUZvXhmQn+WZtSHeZLz747mf3m7fZjmO+j8Z2VS/sPtS5+Kk/PvjeY/4ujk3x2bf6ly/v3Hyr8nfwAAAAAAmGP5//9XWj7+u7D/VdmTRx3/XZ1RHwAAAAAAAADgSdvv+H8PGf8PAAAA5lb9Wb32m+M79036Lrb6/kudiKdG5gcKky6WWW67HwAAAAAAAAAAAABQkv72ObyXOhGDiHhqebmqqvqnabR+XPtd/rArff2hZG3/kQcAgG0fHR+5lr8TsRgRl9J3/Q2Wl5eranFpuVqulhby/uxwYbFaanyuzdP6voXhHnaI+8OqfrDFxnJN0z4vT2sffbz6uYZVbw8de0IG6bc5obmlsAEg2X43uucd6Yipqqcn7XzALrb/o8f2z160/ToFAAAADl5VVVUnfZ33iXTMv9t2pwCAmcjv/6PHBQ6kjjjYx5/3emHn9z4X/VGr1Wp1cXVTNd6dZhERG81l6n0Gw/EDwCGzEQ/a7gItkn/R+hHxXNudAOZap+0OcCDu3b+91kn5dprvB2l893wuyK78Nzpby+Xlx02nGT3HZFavr83oxTMT+vPsjPowT3L+3dH8L2+3D9N8B53/rEzKv17PlRb607acf280/xFHJ//u2PxLlfPvP1b+PfkDAAAAAMAcy///v+L4b15lAAAAAAAAADh07t2/vZave83H/z8zZj7Xfx5NOf+O/IuU8++O5P/Fkfl6jdt339zJ/9/3b6/9/ua/Pp2ne81/IT9kJ72yOukV0UnP1Omn6T5XcMTmoDesn2nQ6fb66ZyfavBOXI1rsR5nds3bTb+Pnfazu9rrng52tZ/b1d7/WPv5Xe2D9L0D1VJuPxVr8eO4Fm9vtddtC1PWf3FKezWlPeffs/0XKeffb/zU+S+n9s7ItHb3w+7HtvvmdNzzvHH1s784c/CrM9Vm9B6uW1O9fidb6M+ZiF8/iIif3li/furWlZs3r5+NNDk2bNx7LtLkCcv5D7Z+Fnb+/r+w3Z7/7je317sfDh87/3mxGf2J+b/QuF2v70sz7lsbcv7D9JPzfzu1j9/+D3P+k7f/l1voDwAAAAAAAAAAAAAAADxKVVVbl4i+EREX0vU/bV2bCQDMxvE0ze//9f7A9xvtVaJWq9Vqtfro1E3VeK83i4j4a3OZep/h5+MeDACYZ/+LiH+03QlaI/+C5e/7q6cvtt0ZYKZuvP/BD69cu7Z+/UbbPQEAAAAAAAAAPqk8/udqY/znFyNiZWS+XeO/vhmr+x3/s59vPBxg9AkP9D3BZnfY6zaGG38+tsbnPjVp/O+T8ejxv/tTnm8wpX04pX1hSvvi2Ht30hp7oUdDzv/5xnjndf4nRoZfL2H819Ex70uQ8z/ZeD3X+X9hZL5m/tVv5y7/jb3OuBndXfmfvvneT07feP+DV66+d+Xd9XfXf3T+7Nkz5y9cuHjx4ul3rl5bP7P978H0eg7k/PPY184DLUvOP2cu/7Lk/D+XavmXJef/+VTLvyw5/7y/J/+y5PzzZx/5lyXn/1Kq5V+WnP+XUi3/suT8X061/MuS8/9yquVflpz/K6mWf1ly/qdSLf+y5PxPp3oP+ft6+CMk55+PcNn+y5Lzz2c2yL8sOf9zqZZ/WXL+51Mt/7Lk/F9NtfzLkvP/SqrlX5ac/4VUy78sOf+vplr+Zcn5X0y1/MuS8/9aquVflpz/11Mt/7Lk/F9LtfzLkvP/RqrlX5ac/zdTLf+y5Py/lWr5lyXn/3qq5V+Wne//d8MNN9zIN9r+ywQAAAAAAAAAAAAAjJrF6cRtryMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvbuLkeus7wd+Zl/stUOIgRCc/A1sEhNCsmTXduIX/k0xAQINUAokFPqC7XrXZsFveO0SKJJNDSUSRkUVVdMLWkCojVpVWBUXtKI0F1Vfrkp7QW8qqkpIjaqAAhJSXyBbzZzneTwzOztn7R2vZ8/z+Uj2b3fmzJwzZ87M7nft7x4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa3f7Guc80iqJo/mn9taUoXtD8eNPkltZlr7veWwgAAACs1k9bfz93U7pg/wpu1LbM373iH7++uLi4WLxv9HfHv7C4mK6YLIrxjUXRui669O/vb7QvE1woJhojbZ+PVKx+tOL6sYrrxyuu31Bx/caK6ycqrl+yA5bYVP48pnVn21sfbil3aXFzMd66bnuPW11obBwZiT/LaWm0brM4fqSYL44Vc8VMx/Llso3W8t+8vbmutxZxXSNt69rWPEJ++InDcRsaYR9v71jX5fuMvv+GYvJHP/zE4T868+ytvWblbui4v3I7776juZ2fCpeU29ooNqZ9ErdzpG07t/V4TkY7trPRul3z4+7tfG6F2zl6eTPXVPdzPlGMtD7+dms/jbX/WC/tp23hsv+6syiK85c3u3uZJesqRorNHZeMXH5+JsojsnkfzUPpxcXYFR2nt6/gOG3O2e2dx2n3ayI+/7eH240tsw3tT9P3P7lhyfN+pcdp1HzUy71Wuo/BQb9WhuUYjMfFt1sP+omex+D28Pg/cdfyx2DPY6fHMZged9sxeEfVMTiyYbS1zelJaLRuc/kY3NGx/GhrTY3WfOau/sfg9Jnjp6YXPvbx184fP3R07ujciV07dszs2r17796900fmj83NlH9f5d4efpuLkfQauCPsu/gaeHXXsu2H6uKXB/c6nOjzOtzSteygX4dj3Q+usTYvyKXHdPnaeLS50ycujhTLvMZaz889q38dpsfd9joca3sd9vya0uN1OLaC12FzmVP3rOx7lrG2P7224Vp9LdjSdgx2fz/SfQwO+vuRYTkGJ8Jx8a/3LP+1YFvY3iemrvT7kdElx2B6uOG9p3lJ+n5/Ym9r9Doub2teccOG4uzC3On7Hj905szpHUUYa+IlbcdK9/G6ue0xFUuO15ErPl73z7/iidt6XL4l7KuJ1zb/mlj2uWouc/99/Z+r1le33vuz49KdRRgDttb7s9dX8+b+TFmyz/5sLvOp6dV/L55yadv77/gy778x9z9fri/d1YXR8bHy9Tua9s54x/tx51M11nrvarTW/dz0yt6Px8OftX4/vrnP+/HWrmUH/X483v3g4vtxo+qnHavT/XxOhOPk2Ez/9+PmMlt3XukxOdb3/fjOMBth/78mJIWUi9qOneWO27SusbHx8LjG4ho6j9NdHcuPh2zWXNdTO6/uOL37zvK+RtOju2ytjtPJrmUHfZym96vljtNG1U/frk738zkRjoubd/U/TpvLPH3/6t87N8UP2947N1Qdg+OjG5rbPJ4OwvL9fnFTPAbvKw4XJ4tjxWzr2g2t46nRWtfUAys7BjeEP2v9Xrm1zzF4d9eygz4G09ex5Y69xtjSBz8A3c/nRDgunnyg/zHYXOZNewb7vevd4ZK0TNv3rt0/X1vuZ163de2ma/kzr+Z2/s2e/j+bbS5zbO+V5sz+++necMkNPfZT9+t3udfUbLE2+2lr2M5n9y6/n5rb01zmC/tWeDztL4ri3Eceav28N/z7yp+f/c7XO/7dpde/6Zz7yEM/uPHI317J9gOw/j1fjs3l17q2f5layb//AwAAAOtCzP0jYSbyPwAAANRGzP3xf4Un8j8AAADURsz9Y2EmmeT/rW96dv75c0Vq5i8G8fq0Gx4pl4sd15nw+eTiZc3LH/rq3I//8tzK1j1SFMVPHvmNnstvfSRuV2kybOelN3devvSG51a0/oOPXV6uvb/+pXD/8fGs9DDoVcGdKYrimzd9rrWeyfdfbM2nHznYmu8+/8SF5jLP7Ss/j7d/5iXl8l8M5d/9Rw513P6ZsB++F+bM23rvj3i7r118zbY97728vni7xh0vbD3sJz9Q3m/8PTmfv1AuH/fzctv/V5996mvN5R9/Ve/tPzfSe/ufCvf71TD/++Xl8u3PQfPzeLtPh+2P64u3u+8r3+q5/Zc+Uy5/6uFyuYNhxvXfHT7f/vCz8+376/HGoY7HVbylXC6uf+Y7v926Pt5fvP/u7Z84cLFjf3QfH0//c3k/013Lx8vjeqK/6Fp/837aj8+4/qd+62DHfq5a/6V3P/Py5v12r//eruVGu27f/Rub/uDTn+u5vrg9+//sVMfj2f+u8DoO63/yA+F4DNf/z6XPdaw3OviuzvefuPyXtpzreDzRW39Urv/S64+25n9M/vj3b3jBjS88/8rmviuKb7+nvL+q9R/9w5Md2//lW+5pPR/x+tjR717/cuL6T3906sTJhbPzs217tfW7c95ebs/GiU2bm9t7U3hv7f78wMkzH5w7PTkzOVMUk/X9FXpX7Sth/qAc56/09vc8Fp7P237vm5vv+qfPxsv/5dHy8otvK79uvTos9/lw+Zby+VtsrHL9T95+S+v13Xi6/Lyjxz4A27b/594VLRgef/f3BfF4P/XSD7b2Q/O61teN+Lpe5fZ/d7a8n2+E/boYfjPzHbdcXl/78vF3I1x8T/l6X/X+C29z8Xn94/B8v+N75f3H7YqP97vh+5hvbe18v4vHxzfOjXTff+u3eJwP7yfF+fL6uFTc3xefu6Xn5sXfQ1Kcv7X1+e+k+7n1ih7mchY+tjB9bP7E2cenz8wtnJle+NjHDxw/efbEmQOt3+V54ENVt7/8/rS59f40O7f7/mJmU1EUJ4uZNXjDujbb3/xoZdt/6rHDs3tm7pqdO3Lo7JEzj52aO3308MLC4bnZhbsOHTky99Gq28/PPrhj575de3ZOHZ2ffXDvvn279k3NnzjZ3Ixyoyrsnvnw1InTB1o3WXjw/n07Hnjg/pmp4ydn5x7cMzMzdbbq9q2vTVPNW//61Om5Y4fOzB+fm1qY//jcgzv27d69s/K3AR4/dWRhcvr02RPTZxfmTk+Xj2XyTOvi5te+qttTTwv/Vn4/261R/iK+4p337k6/n7Xpq59c9q7KRbp+geiz4XfR/MOLTu1dyecx94+HmWSS/wEAACAHMfdvCDOR/wEAAKA2Yu7fGGYi/wMAAEBtxNw/EWaSSf7X/9f/X1n/v7xe/z+v/v+pj5S90vXe/4/9ef3/PFzn/v+q16//r/9fv/7/yvvz63379f/1/1lq2Pr/MfdvKoos8z8AAADkIOb+zWEm8j8AAADURsz9N4SZyP8AAABQGzH3vyDMJJP8r/+/ov7/zqrCVf37/87/r/9frM/+f3xy9P+zccX9+/c+2vGp/n+g/6//r/+v/6//z6qNL3vN9er/x9x/Y5hJJvkfAAAAchBz/wvDTOR/AAAAqI2Y+28KM5H/AQAAoDZi7t8SZpJJ/tf/d/5//X/9/3XU/+8o0q7J+f/bNkb/f32o3/n/f6r/vy76/xP6/+ux/z8+2O0f7v5/5ebr/3NNDNv5/2Puf1GYSSb5HwAAAHIQc/+Lw0zkfwAAAKiNmPtfEmYi/wMAAEBtxNx/c5hJJvlf/1//f4X9/y/p/+v/D0H/v+PxrEn/v+/5/8uP9P+HS/36/87/X6yL/r/z/xfrsf8/4O0f7v7/oM//P/7m7tvr/9PLsPX/Y+5/aZhJJvkfAAAAchBz/y1hJvI/AAAA1EbM/S8LM5H/AQAAoDZi7t8aZpJJ/tf/1/93/n/9f/3/3uuv7v+X9P+Hi/5/f/r/FfT/9f/1/1fW/+/xza/+P70MW/8/5v5bw0wyyf8AAACQg5j7bwszkf8BAACgNmLu/39hJvI/AAAA1EbM/dvCTDLJ//r/+v/6/3n1/+/doP+v/19v+v/96f9X0P/X/9f/X+H5/5e6kv7/xqo7ozaGrf8fc//Lw0wyyf8AAACQg5j7XxFmIv8DAABAbcTc/8owE/kfAAAAaiPm/skwk0zyv/5/vfr/f/rXT76y0P/X/69Yf037//Ew0P/PnP5/f/r/FfT/9f/1/9ek/08+hq3/H3P/7WEmmeR/AAAAyEHM/XeEmcj/AAAAUBsx998ZZiL/AwAAQG3E3L89zCST/K//X6/+f6T/v4b9/y8+nO5H/7/k/P+96f+vDf3/HtpepPr/FfT/9f+z7//H7371/xmMYev/x9z/qjCTTPI/AAAA5CDm/rvCTOR/AAAAqI2Y+18dZiL/AwAAQG3E3H93mEkm+V//X/9f/9/5//X/e69f/3990v/vT/+/gv6//n/2/X/n/2ewhq3/H3P/a8JMMsn/AAAAkIOY++8JM5H/AQAAoDbi/98s/9+r/A8AAAB1FHP/VJhJJvlf/1//P6f+f0P/X/9f/7/29P/70/+voP+v/6//r//PQA1b/z/m/teGmWSS/wEAACAHMfffF2Yi/wMAAEBtxNw/HWYi/wMAAEBtxNw/E2aSSf7X/9f/z6n/7/z/+v/rof/f0P9fFf3//vT/K+j/6//Xrf9fFPr/XFfD1v+PuX9HmEkm+R8AAAByEHP/zjAT+R8AAABqI+b+XWEm8j8AAADURsz994eZZJL/9f/1//X/9f/1/3uv3/n/1yf9//70/yvo/+v/163/7/z/XGfD1v+Puf+BMJNM8j8AAADkIOb+3WEm8j8AAADURsz9e8JM5H8AAACojZj794aZZJL/9f9r0v//zb/vWLf+v/5/v/UPpv+/Sf8/TP3/4VLT/n/3y+Kq6f9X0P/X/9f/1/9noIat/x9z/74wk0zyPwAAAOQg5v7XhZl05P8Lf7LGmwUAAAAMUMz9/z/MxL//AwAAQG3E3P8zYSaZ5H/9/5r0/7vo/+v/91u/8//r/9dZTfv/A6P/XyHX/n94Q7ve/fnVut7br/+v/89S177/Hz9aWf8/5v4Hw0wyyf8AAACQg5j7fzbMRP4HAACA2oi5//VhJvI/AAAA1EbM/fvDTDLJ//r/+v/6//r/16b///qi2zD2/5sHj/5/vej/96f/XyHX/n9wvfvz63379f/1/1lq2M7/H3P/G8JMMsn/AAAAkIOY+x8KM5H/AQAAoDZi7n9jmIn8DwAAALURc/+bwkwyyf/6//r/+v/6/87/33v9+v/rk/5/f/r/FfT/9f/1//X/Gahh6//H3P/mMJNM8j8AAADkIOb+h8NM5H8AAACojZj73xJmIv8DAABAbcTc/9Ywk0zyv/6//r/+v/6//n/v9ev/r0/6//3p/1fQ/9f/797+1pu9/r/+P1dr2Pr/Mff/XJhJJvkfAAAAchBz/yNhJvI/AAAA1EbM/W8LM5H/AQAAoDZi7n97mEkm+V//X/9f/1//X/+/9/r1/9cn/f/+9P8r6P/r/zv/v/4/AzVs/f+Y+98RZpJJ/gcAAIAcxNz/82Em8j8AAADURsz97wwzkf8BAACgNmLu/4Uwk0zyv/6//r/+v/5/Fv3/5o30/7Og/9+f/n+FHv3/jfr/A+vPbxrIVl6/7a+i/6//z1LD1v+Puf9dYSaZ5H8AAADIQcz97w4zkf8BAACgNmLuf0+YifwPAAAAtRFz/6NhJpnkf/3/LPv/6SHr/5f0/zPo/zv/fzb0//vT/6/g/P/O/6//r//PQA1b/z/m/sfCTDLJ/wAAAJCDmPvfG2Yi/wMAAEBtxNz/i2Em8j8AAADURsz97wszyST/6/9n2f93/v816/+PdRwfOfX/J9qez3Rc6v/r/68B/f/+9P8r6P/r/w9z/z8czZuWub3+P8No2Pr/Mfe/P8wkk/wPAAAAOYi5/5fCTOR/AAAAqI2Y+385zET+BwAAgNqIuf9Xwkwyyf/6//r/+v/O/+/8/73Xr/+/Pun/96f/X0H/X/9/mPv/FfT/GUbD1v+Puf9Xw0wyyf8AAACQg5j7PxBmIv8DAABAbcTcfyDMRP4HAACA2oi5/2CYSSb5X/+/u/8fz6iq/6//r/+v/6//vx4Nrv//shuLQv9f/1//X/9f/1//n9UYtv5/zP2Hwkwyyf8AAACQg5j7fy3MRP4HAACA2oi5/3CYifwPAAAAtRFz/2yYSSb5X///Wp3/P16ST///J/r/+v+B/n9v+v9rw/n/+9P/r6D/r/+v/6//z0ANW/8/5v65MJNM8j8AAADUWPpxcMz9R8JM5H8AAACojZj7j4aZyP8AAABQGzH3fzDMJJP8r/9/rfr/zv/fa/v1/2P/f6xjef3/kv6//v8g6P/3p/9fQf9f/1//X/+fgRq2/n/M/fNhJpnkfwAAAMhBzP0fCjOR/wEAAKA2Yu7/cJiJ/A8AAAC1EXP/sTCTTPJ/ffr//1tus/5/x+30/6v7/42iOO/8//r/vdav/78+6f/3p/9fQf9f/1//X/+fgRq2/n/M/cfDTDLJ/wAAAJCDmPtPhJnI/wAAwP+xdx9Nct1VH8f78WNb0gpeAlXsWLGEFW+BLTuq2LChSCYHY3IwweRkggkm5xxNzjlnk3M0yYaqoTw650gz07otadoz9/7P57PgoEHjblmD4Oepb11gGLn77xu32P8AAAAwjNz994tbmuz/cfr//ET9/0r/v4Dn/+/9+fr/0/T/+v9tONDfX3phn3/O/v/Od7ninvp//b/+f5L+X/+v/2e/ufX/ufvvH7c02f8AAADQQe7+B8Qt9j8AAAAMI3f/A+MW+x8AAACGkbv/irilyf7X/+v/9f/6/z39/w36//Ps/++YH9f/z4vn/0/T/2+wnf7//1f6f/2//l//z6659f+5+x8UtzTZ/wAAANBB7v4Hxy32PwAAAAwjd/9D4hb7HwAAAIaRu/+hcUuT/a//1//r//X/nv+//vU9/3+Z9P/T9P8beP6//l//r/9nq+bW/+fuf1jc0mT/AwAAQAe5+x8et9j/AAAAMIzc/Y+IW+x/AAAAGEbu/kfGLU32v/5f/6//1//r/9e/vv5/ma5bnfkzQf9/kP5/gw39/2ql/59y3v38+l/ect7/Oej/9f8cNLf+P3f/o+KWJvsfAAAAOsjd/+i4xf4HAACAYeTuvzJusf8BAABgGLn7HxO3NNn/+n/9v/5f/6//X//6+v9l8vz/aYfv/+90+/vcq2//7/n/0zz/X/+v/2e/ufX/ufuvilua7H8AAADoIHf/Y+MW+x8AAACGkbv/cXGL/Q8AAADDyN3/+Lilyf7X/7fp/3drF/2//l//r/8fnf5/muf/b7D7x9yp+qH+X/+v/9f/czhz6/9z9z8hbmmy/wEAAKCD3P1PjFvsfwAAABhG7v4nxS32PwAAAAwjd/+T45Ym+1//36b/9/x//b/+X//fgv5/mv5/g1Ge/3+RXzXH3c8f1nG/f/2//p+D5tb/5+5/StzSZP8DAABAB7n7nxq32P8AAAAwjNz9T4tb7H8AAAAYRu7+q+OWJvtf/7+l/v+ygx/T/2+z/89X0P/r//X/+v9p+v9p+v8NRun/L9Jx9/NLf//6f/0/B82t/8/d//S4pcn+BwAAgA5y9z8jbrH/AQAAYBi5+58Zt9j/AAAAMIzc/c+KW5rsf/2/5/9fTP9/b8//1//r//X/M6X/n6b/30D/r//X/+v/2aq59f+5+6+JW5rsfwAAAOggd/+z4xb7HwAAAIaRu/85cYv9DwAAAMPI3f/cuKXJ/tf/6/+X8fx//b/+X/+v/z8/+v9p+v8N9P/6f/2//p+tmlH/f9ZnnVw9L25psv8BAACgg9z9z49b7H8AAAAYRu7+F8Qt9j8AAAAMI3f/C+OWJvtf/z+b/n835xur/z+1Wq30/6um/f+ps34/6+tS/6//PwL6/2n6/w30//p//b/+n62aUf+/++Pc/S+KW5rsfwAAAOggd/+L4xb7HwAAAIaRu/8lcYv9DwAAAMPI3f/SuGWo/X/inP+J/n82/f+usfp/z//f//Ux5/7/1p/k+f/6/xHo/6fp/zfQ/+v/9f/6f7Zqbv1/7v5rb/0z9Oozf53LL7v4XyMAAAAwL9fu/uvJ1cvilqG+/w8AAAC95e5/edxi/wMAAMBCXXPgI7n7XxG3NNn/+v/t9v+Xn/Ux/b/+f//Xx5z7/20//1//f5D+/2jo/6fp/zfQ/+v/9f/6f7Zqbv1/7v5Xxi1N9j8AAAB0kLv/urjF/gcAAIBh5O5/Vdxi/wMAAMAwcve/Om5psv/1/57/r//X/+v/17++/n+Z9P/T9P8b6P/1/8fb/58482/1/4zhAvr/nZ2dK2/z/j93/2vilib7HwAAADrI3f/auGXP/r9+/7ejAAAAgAXJ3X993OL7/wAAADCM3P2vi1ua7H/9f9P+P7/U9f+79P/6/3Wvr/9fJv3/NP3/Bvp//b/n/+v/2aq5Pf8/d//r45Ym+x8AAAA6yN3/hrjF/gcAAIBh5O5/Y9xi/wMAAMAwcve/KW5psv/1/037f8//1//r/4+6/79lpf8/Eovo/0+d+/Xn3v9fpf/X/09o1//f/a57fqj/1/9z0Nz6/9z9b45bmux/AAAA6CB3/1viFvsfAAAAhpG7/61xi/0PAAAAw8jd/7a46dIm+1//r//X/+v/9f/rX/+In/9/+Wq10v9vwSL6/wlz7/89/1//P6Vd/7+P/l//z0Fz6/9z9789bmmy/wEAAKCD3P3viFvsfwAAABhG7v53xi32PwAAAAwjd/+74pYm+1//r//X/194/3/zzs6O/n9B/f9Vi+j/Pf9/S/T/0/T/G+j/9f/6f/0/R+K4+v/c/e+OW5rsfwAAAOggd/974hb7HwAAAIaRu/+9cYv9DwAAAMPI3f++uKXJ/tf/6//1/57/f2J2/f/JPX+9Js//1/9vif5/2hz7/7P/DNH/6/+X/P4H6f+v0f+zTXN7/n/u/vfHLU32PwAAAHSQu/8Dcesf3dr/AAAAMIzc/R+MW+x/AAAAGEbu/g/FLU32v/5f/6//1/8P//x//X8r+v9pc+z/z6b/1/8v+f0P0v97/j9bNbf+P3f/h+OWJvsfAAAAOsjd/5G4xf4HAACAYeTu/2jcYv8DAADAMHL33xC3NNn/+n/9v/5f/6//P/17qP8fg/5/2tH0/6f0//r/6uf/L/5boP/X/2/6fMY0t/4/d//H4pYm+x8AAAA6yN3/8bjF/gcAAIBh5O7/RNxi/wMAAMAiXbrmY7n7Pxm3NNn/+n/9v/5f/6//X//6+v9l0v9P8/z/DfT/F9jP32HPj5b2/P/9//ul/9f/s31z6/9z938qbmmy/wEAAKCD3P2fjlvsfwAAABhG7v7PxC32PwAAAAwjd/9n45Ym+1//r//X/+v/9f/rX1//v0z6/2n6/w30/8f6/Pylv3/9v/6fg+bW/+fu/1zc0mT/AwAAQAe5+z8ft9j/AAAAMIzc/V+IW+x/AAAAGMbu7s+4rOH+1//r//X/+n/9//rX1/8vk/5/mv5/A/2//l//r/9nq+bW/39x97NOrr4UtzTZ/wAAANBB7v4vxy32PwAAAAwjd/9X4hb7HwAAAIaRu/+rcUuT/a//1/8vo//f2dm5Uv+v/9/76znT/9+o/6fo/6fp/zfQ/+v/9f/6f7Zqbv1/7v6vxS1N9j8AAAB0kLv/63GL/Q8AAADDyN3/jbjF/gcAAIBh5O7/ZtzSZP/r/2fQ/5/U/3v+v/5/5fn/+v8t0f9P0/9vMGL/f/L8f/nH3c8f1nG/f/2//p+D5tb/5+7/VtzSZP8DAABAB7n7vx232P8AAAAwjNz934lb7H8AAAAYRu7+78YtTfa//v/o+v9b/951ef7/qdX696//1//r//X/tzX9/zT9/wYj9v8X4Lj7+aW/f/2//p+D5tb/5+7/XtzSZP8DAABAB7n7vx+32P8AAAAwjNz9P4hb7H8AAAAYRu7+H8YtTfa//n8Gz/8fsP/3/P/1Xx/6/1n3/5fo/8eg/5+m/99A/6//1/9vqf/Pr2b9f3dz6/9z9/8obmmy/wEAAKCD3P0/jlvsfwAAABhG7v6fxC32PwAAAAwjd/+NcctZ+39d2z0K/b/+X/+v/9f/r399/f8y6f+nnW//f2J1uP4/6f/1//r/rv2/5/9z2tz6/9z9P41bfP8fAAAAFueyc3w8d//P4hb7HwAAAIaRu//ncYv9DwAAAMPI3f+LuOWmS47rLR0p/b/+X/+v/9f/r399/f8y6f+nef7/Bovv/3d2ds7z/4ets6V+/m76/zH6/9VK/8/hza3/z93/y7jF9/8BAABgGLn7fxW32P8AAAAwjNz9v45b7H8AAAAYRu7+38QtTfa//l//f8j+fzfN1P+fpv8/Tf+/nv7/aOj/p+n/N1h8/384x93PL/39j9b/e/4/2zC3/j93/2/jlib7HwAAADrI3f+7uMX+BwAAgGHk7v993GL/AwAAwDBy9/8hbmmy/4+t/4+/1fr/xff/nv+v/9f/6/9nRf8/Tf+/gf5f/6//1/+zVXPr/3P3/zFuabL/AQAAoIPc/X+KW+x/AAAAGEbu/j/HLfY/AAAADCN3/1/ilib73/P/9f/6f/2//n/96+v/l0n/P03/v179Run/9f/6f/0/WzW3/j93/1/jlib7HwAAADrI3f+3uMX+BwAAgGHk7r8pbrH/AQAAYBi5+/8etzTZ//p//b/+X/+v/1//+vr/ZdL/TzvO/v8et9v8sp7/f+z9f74F/b/+X//PVsyt/8/d/4+4pcn+BwAAgA5y9/8zbrH/AQAAYBi5+/8Vt9j/AAAAMIzc/f+OW5rs/w39/4n6ifr/Sfr/ve9f/7/+60P/r//X/9/29P/TPP9/A/2/5//r//X/bNXc+v/c/TfHLU32PwAAAHSQu/+WuMX+BwAAgGHk7v9P3GL/AwAAwDBy9/83bmmy/z3/X/+v/9f/6//Xv77+f5n0/9P0/xvo//X/+n/9P1s1t/4/d///AgAA//+XbGLE") truncate(&(0x7f0000000000)='./file1\x00', 0x103000) 1.068202891s ago: executing program 1 (id=14747): r0 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002) pread64(r0, &(0x7f0000001340)=""/4096, 0x1000, 0x7fffffffffffffff) 1.010721803s ago: executing program 2 (id=14749): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0xb8}}, 0x0) 900.548696ms ago: executing program 2 (id=14752): set_mempolicy(0x4005, &(0x7f0000000040)=0x8, 0x5) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) 874.101567ms ago: executing program 4 (id=14753): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1400000035000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x90) 818.797418ms ago: executing program 2 (id=14754): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, 0x0, 0x9, 0x401, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_TUPLE={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x91}, 0x20000000) 773.11898ms ago: executing program 4 (id=14756): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'bridge_slave_0\x00', &(0x7f0000000180)=@ethtool_perm_addr={0x4b, 0x41, "53698d5cdd00004786b89e6f0000000000402a09008ecde7"}}) 690.680062ms ago: executing program 2 (id=14758): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x40, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x5}]}, @CTA_TUPLE_ORIG={0x20, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @loopback}}}]}]}, 0x40}}, 0x0) 690.535972ms ago: executing program 5 (id=14760): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@flushpolicy={0x40, 0x12, 0x105, 0x4, 0x25dfdbff, "", [@address_filter={0x28, 0x1a, {@in=@remote, @in=@private=0xa010100, 0x2, 0x6, 0x10}}, @proto={0x5, 0x19, 0xff}]}, 0x40}, 0x1, 0x0, 0x0, 0x880}, 0x20040840) 674.456333ms ago: executing program 4 (id=14761): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="280300001300010029bd7010e6964439ca9448ff", @ANYRES32=0x0, @ANYBLOB="0004000091f90000140003006272696467655f736c6176655f310000880018800400018080000180070002002cf4000008000100000000000800010004000000140004006938bfe7c3b8ae42240b16c0ed6b8768140004000c9b73b021b79fd2025f27082114a6d0140004009feccbb316587f1fafb7dbd8e9ed8d8d14000400f33646b47b166d68a8a26e25f05ece0a130002006272696467655f736c6176655f31000005002700060000000a000100c28360e46eb90000"], 0x328}, 0x1, 0x0, 0x0, 0x4040010}, 0x400c010) 595.185014ms ago: executing program 5 (id=14762): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000190001002fbd7000f9dbdf2502201400ff02ff020018000008000100ac1414aa040008"], 0x28}, 0x1, 0x0, 0x0, 0x44050}, 0x1000) 407.632499ms ago: executing program 5 (id=14763): r0 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, 0x0, 0x0) 349.656801ms ago: executing program 5 (id=14764): syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x1000000, &(0x7f0000020940)=ANY=[], 0x1, 0x18e, &(0x7f0000000440)="$eJzskb9OKkEUxr9ZlgVucXNJbkUDyb1RGmV3UWNstMTeB5CsKxLBPyyJQijWGGNhYSytLXgAX8DE0kYLQ6ztTCiorAxmZs4uA6/g/AoO58x3zpxvdi84DlIAvkY9DxsQJPAbL4zBBJBnsjY0ZLyh+ErxWgY8k26T6ucUc0Gnu19tNPxWYa2A7KQwZp9jCRBrgvUzAxnROBj1PD5zG4BUATvARxaAgSGLNIk3U+gjTc4E/goT41jDFTyZB1BqN49KQae7UG9Wa37NP3Dd8oq9ZNvLbmm33vBt+WuRL94urJAfDn+vjLJCEsAFnf2i8wimrEbn1hPvTQAY9TxLecPiv0mfct2UPYaH+N6UHC9GbWEOaQAnIX0IXh3ISSaEpYooy8Qxlf2ANAykxcGid5gUZRa19WHGM5x3JOPEVZPyahiteknxP8UKxf6Mtbw1XTDFhCvKimG0YsvhwtNqu91yAEv+c+Oa+yfE/V08iN96a6jmgMfZ15z6PBqNRqPRaDQajUbzI/gOAAD//1q+erI=") openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40000, 0x0) 349.601891ms ago: executing program 4 (id=14765): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101041, 0x0) ioctl$SNDCTL_DSP_GETCAPS(r0, 0x8004500f, &(0x7f0000000100)) 349.045691ms ago: executing program 0 (id=14774): r0 = socket$l2tp6(0xa, 0x2, 0x73) recvmmsg(r0, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0}, 0xffff}], 0x1, 0x40000061, 0x0) 247.698074ms ago: executing program 4 (id=14766): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f00000001c0)={0xff, {{0xa, 0x4e22, 0x5, @private2, 0x8}}, {{0xa, 0x4e21, 0x4, @private1, 0x9}}}, 0x108) 247.120434ms ago: executing program 2 (id=14777): setresuid(0xee00, 0xee01, 0x0) pivot_root(0x0, 0x0) 154.117186ms ago: executing program 2 (id=14767): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x8000, &(0x7f0000000180)={[{@resuid}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000100)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 154.073206ms ago: executing program 5 (id=14768): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x102440, 0x0) fcntl$setlease(r0, 0x400, 0x2000000) 128.431037ms ago: executing program 4 (id=14769): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0xffffff3c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0xffff, 0xffffffffffffffff, 0x7, 0xf}, 0xa}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000044}, 0x90) 127.870797ms ago: executing program 1 (id=14770): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) close_range(r0, 0xffffffffffffffff, 0x6) 22.09767ms ago: executing program 5 (id=14771): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x3, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f00000004c0)={0x0, 0x102, "7243c247208b72bdf3ae68cc6d2d3cfbf9d2b32320876d5d26ac36485f887c1e", 0x4, 0x2, 0x8, 0x8bb, 0x2, 0x872, 0x7f, 0x3, [0x6, 0x401, 0x2f8, 0xc]}) 21.05654ms ago: executing program 1 (id=14783): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0xb, 0x0, 0x0) 0s ago: executing program 0 (id=14772): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x29}}, @in={0x2, 0x4e23, @remote}], 0x20) kernel console output (not intermixed with test programs): TTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 708.638892][T31323] loop2: detected capacity change from 0 to 128 [ 708.651086][T31324] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12332'. [ 708.730249][T31327] libceph: resolve '.‹R¯HÖe'ì»Ë /Ïâµüë1ýC¸ £~—1W–쯑ë¨eþxEA®ÁþeSb{~Rð' (ret=-3): failed [ 708.892259][T31342] overlayfs: missing 'lowerdir' [ 709.113024][T31358] netlink: 'syz.4.12349': attribute type 46 has an invalid length. [ 709.121057][T31358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12349'. [ 709.165387][ T6300] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 709.507519][ T7695] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 709.582374][ T6300] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 709.592592][ T6300] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 709.601535][ T6300] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 709.610612][ T6300] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.620582][ T6300] usb 1-1: config 0 descriptor?? [ 709.764040][ T7695] usb 2-1: Using ep0 maxpacket: 32 [ 709.892453][ T7695] usb 2-1: config 76 has an invalid descriptor of length 0, skipping remainder of the config [ 710.084939][ T7695] usb 2-1: New USB device found, idVendor=069a, idProduct=0001, bcdDevice=51.c5 [ 710.094065][ T7695] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.102188][ T7695] usb 2-1: Product: syz [ 710.106389][ T7695] usb 2-1: Manufacturer: syz [ 710.110963][ T7695] usb 2-1: SerialNumber: syz [ 710.138477][ T6300] Bluetooth: Can't get state to change to load configuration err [ 710.146248][ T6300] Bluetooth: Loading sysconfig file failed [ 710.152956][ T6300] ath3k: probe of 1-1:0.0 failed with error -16 [ 710.164874][ T7695] pwc: Askey VC010 type 1 USB webcam detected. [ 710.166881][ T6300] usb 1-1: USB disconnect, device number 114 [ 710.427002][ T7695] pwc: send_video_command error -71 [ 710.432273][ T7695] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 710.439888][ T7695] Philips webcam: probe of 2-1:76.0 failed with error -71 [ 710.448482][ T7695] usb 2-1: USB disconnect, device number 118 [ 710.455865][ T5433] udevd[5433]: setting mode of /dev/bus/usb/002/118 to 020664 failed: No such file or directory [ 710.466688][ T5433] udevd[5433]: setting owner of /dev/bus/usb/002/118 to uid=0, gid=0 failed: No such file or directory [ 710.721211][T31382] netlink: 'syz.0.12358': attribute type 10 has an invalid length. [ 710.801542][T31388] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12364'. [ 711.179896][T31423] loop2: detected capacity change from 0 to 512 [ 711.249607][T31423] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 711.379643][T31441] netlink: 288 bytes leftover after parsing attributes in process `syz.0.12388'. [ 711.840434][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 711.846818][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 711.919813][T31484] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12408'. [ 712.060989][T31494] Cannot find add_set index 3 as target [ 712.186889][T31508] CIFS: bad ip= option (.‹R¯HÖe'ì»Ë /Ïâµüë1ýC¸ £~—1W–쯑ë¨eþxEA®ÁþeSb{~Rð) [ 712.243169][T31513] hsr0: VLAN not yet supported [ 712.255056][ T6300] usb 1-1: new full-speed USB device number 115 using dummy_hcd [ 712.360440][T31523] netlink: 'syz.1.12428': attribute type 10 has an invalid length. [ 712.532968][ T7] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 712.677294][ T6300] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 712.789481][ T7] usb 5-1: Using ep0 maxpacket: 16 [ 712.828334][T31537] loop2: detected capacity change from 0 to 2048 [ 712.871577][T31537] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 712.907662][ T6300] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 712.940488][ T6300] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.955523][T31537] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 712.964957][ T6300] usb 1-1: Product: syz [ 712.969176][ T6300] usb 1-1: Manufacturer: syz [ 712.988306][ T6300] usb 1-1: SerialNumber: syz [ 713.019362][ T6300] usb 1-1: config 0 descriptor?? [ 713.089071][ T7] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 713.097183][T31547] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.099252][ T6300] asix: probe of 1-1:0.0 failed with error -22 [ 713.118175][T31547] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.122281][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.149646][ T7] usb 5-1: Product: syz [ 713.154114][ T7] usb 5-1: Manufacturer: syz [ 713.155668][T31550] ieee802154 phy0 wpan0: encryption failed: -22 [ 713.158845][ T7] usb 5-1: SerialNumber: syz [ 713.172365][ T7] r8152-cfgselector 5-1: config 0 descriptor?? [ 713.178860][T31547] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.193942][T31547] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.208015][T31547] device geneve0 entered promiscuous mode [ 713.320448][ T6300] usb 1-1: USB disconnect, device number 115 [ 713.452490][ T7695] usb 3-1: new full-speed USB device number 104 using dummy_hcd [ 713.687624][ T7] r8152-cfgselector 5-1: Unknown version 0x0000 [ 713.694027][ T7] r8152-cfgselector 5-1: bad CDC descriptors [ 713.719761][ T7] r8152-cfgselector 5-1: Unknown version 0x0000 [ 713.729104][ T7696] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 713.735581][ T7] r8152-cfgselector 5-1: USB disconnect, device number 102 [ 713.881360][T31590] netlink: 72 bytes leftover after parsing attributes in process `syz.1.12462'. [ 713.901594][ T7695] usb 3-1: config 155 has an invalid interface number: 109 but max is 0 [ 713.911854][ T7695] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 713.933425][ T7695] usb 3-1: config 155 has no interface number 0 [ 713.951784][T31592] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12463'. [ 713.954784][ T7695] usb 3-1: too many endpoints for config 155 interface 109 altsetting 97: 114, using maximum allowed: 30 [ 713.990368][ T7695] usb 3-1: config 155 interface 109 altsetting 97 has 0 endpoint descriptors, different from the interface descriptor's value: 114 [ 714.009032][T31594] Unsupported ieee802154 address type: 0 [ 714.028536][ T7695] usb 3-1: config 155 interface 109 has no altsetting 0 [ 714.054945][ T7696] usb 6-1: Using ep0 maxpacket: 8 [ 714.059329][T31598] netlink: 1244 bytes leftover after parsing attributes in process `syz.0.12466'. [ 714.243622][ T7695] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 714.252718][ T7695] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.282142][ T7695] usb 3-1: Product: syz [ 714.292344][ T7695] usb 3-1: Manufacturer: syz [ 714.305441][ T7695] usb 3-1: SerialNumber: syz [ 714.409993][ T7696] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55 [ 714.426935][ T7696] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.445899][ T7696] usb 6-1: Product: syz [ 714.456707][ T7696] usb 6-1: Manufacturer: syz [ 714.467765][ T7696] usb 6-1: SerialNumber: syz [ 714.474459][ T7696] usb 6-1: config 0 descriptor?? [ 714.640462][ T7695] imon 3-1:155.109: unable to register, err -19 [ 714.666688][ T7695] usb 3-1: USB disconnect, device number 104 [ 714.692478][ T7] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 714.789446][ T7696] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 714.806613][ T7696] dvb_usb_af9015: probe of 6-1:0.0 failed with error -22 [ 714.818666][ T7696] usb 6-1: USB disconnect, device number 32 [ 714.948975][ T7] usb 5-1: Using ep0 maxpacket: 16 [ 715.123500][ T7] usb 5-1: unable to get BOS descriptor or descriptor too short [ 715.165925][T31616] netlink: 56 bytes leftover after parsing attributes in process `syz.0.12484'. [ 715.175451][T31616] netlink: 56 bytes leftover after parsing attributes in process `syz.0.12484'. [ 715.223289][ T7] usb 5-1: config 7 has an invalid interface number: 192 but max is 0 [ 715.237626][ T7] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 715.260866][ T7] usb 5-1: config 7 has no interface number 0 [ 715.267008][ T7] usb 5-1: config 7 interface 192 has no altsetting 0 [ 715.430066][ T6300] Bluetooth: hci0: command 0x0401 tx timeout [ 715.461480][T31632] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 715.462492][ T7] usb 5-1: New USB device found, idVendor=0421, idProduct=0128, bcdDevice=a6.39 [ 715.547807][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 715.555858][ T7] usb 5-1: Product: syz [ 715.568408][ T7] usb 5-1: Manufacturer: syz [ 715.601364][ T7] usb 5-1: SerialNumber: syz [ 715.848262][T31656] netlink: 28 bytes leftover after parsing attributes in process `syz.5.12496'. [ 715.926597][ T7] usb 5-1: bad CDC descriptors [ 715.939910][ T7] usb 5-1: bad CDC descriptors [ 715.987219][ T7] usb 5-1: USB disconnect, device number 103 [ 716.149681][T31677] xt_nfacct: accounting object `syz1' does not exist [ 716.506802][T31695] device macsec0 entered promiscuous mode [ 716.636477][T31663] loop0: detected capacity change from 0 to 32768 [ 716.854270][T31721] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12526'. [ 716.909058][T31721] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12526'. [ 716.967312][T31729] No such timeout policy "syz0" [ 717.108673][ T7695] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 717.154519][T31738] loop2: detected capacity change from 0 to 2048 [ 717.192814][T31747] device netdevsim0 left promiscuous mode [ 717.237251][T31747] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 717.259296][T18257] loop2: p3 p4 < > [ 717.263283][T18257] loop2: p3 size 201326592 extends beyond EOD, truncated [ 717.399008][ T7695] usb 6-1: Using ep0 maxpacket: 16 [ 717.399345][T31738] loop2: p3 p4 < > [ 717.445103][T31738] loop2: p3 size 201326592 extends beyond EOD, truncated [ 717.553110][ T3561] loop2: p3 p4 < > [ 717.561999][ T3561] loop2: p3 size 201326592 extends beyond EOD, truncated [ 717.646391][T31767] Process accounting resumed [ 717.718115][ T7695] usb 6-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 717.731850][ T7695] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.750596][ T7695] usb 6-1: Product: syz [ 717.798266][ T7695] usb 6-1: Manufacturer: syz [ 717.802931][ T7695] usb 6-1: SerialNumber: syz [ 717.853303][ T7695] usb 6-1: config 0 descriptor?? [ 717.863853][ T5433] udevd[5433]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 717.886920][T31784] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12550'. [ 717.887581][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 717.939958][T31784] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12550'. [ 717.996146][ T3854] device veth1_vlan left promiscuous mode [ 718.015634][T18257] udevd[18257]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 718.043550][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 718.121483][T31790] netlink: 'syz.2.12553': attribute type 10 has an invalid length. [ 718.156377][T31790] device virt_wifi0 entered promiscuous mode [ 718.184317][T31790] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 718.200694][ T7695] speedtch 6-1:0.0: speedtch_bind: data interface not found! [ 718.208138][ T7695] speedtch 6-1:0.0: usbatm_usb_probe: bind failed: -19! [ 718.212253][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 718.234846][ T5433] udevd[5433]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 718.455861][ T21] usb 6-1: USB disconnect, device number 33 [ 718.736344][T31826] ip6t_srh: unknown srh match flags 4001 [ 719.292982][T31866] __nla_validate_parse: 2 callbacks suppressed [ 719.293001][T31866] netlink: 132 bytes leftover after parsing attributes in process `syz.0.12584'. [ 719.639084][T31892] loop5: detected capacity change from 0 to 1024 [ 719.767812][T31892] hfsplus: keylen 65060 too large [ 719.775538][T31892] hfsplus: keylen 65060 too large [ 719.832937][T31911] nfs: Deprecated parameter 'nointr' [ 719.962540][T31922] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12607'. [ 720.022636][T31922] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12607'. [ 720.403609][T31961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12628'. [ 720.720455][T31992] xt_CT: You must specify a L4 protocol and not use inversions on it [ 720.743441][ T7] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 720.999850][ T7] usb 6-1: Using ep0 maxpacket: 32 [ 721.117878][T32017] loop2: detected capacity change from 0 to 256 [ 721.128451][ T7] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 721.136566][ T7] usb 6-1: config 0 has no interface number 0 [ 721.181953][ T7] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 721.194634][T32017] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x3855f621, utbl_chksum : 0xe619d30d) [ 721.203615][T31980] loop4: detected capacity change from 0 to 32768 [ 721.244014][T31980] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.12638 (31980) [ 721.263289][ T7] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 721.289900][T32017] exFAT-fs (loop2): error, tried to truncate zeroed cluster. [ 721.292436][ T7] usb 6-1: config 0 interface 85 has no altsetting 0 [ 721.340519][T31980] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 721.345011][T32017] exFAT-fs (loop2): Filesystem has been set read-only [ 721.373767][T31980] BTRFS info (device loop4): enabling disk space caching [ 721.406549][T31980] BTRFS info (device loop4): force zlib compression, level 3 [ 721.437943][T31980] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 721.485178][T31980] BTRFS info (device loop4): setting nodatasum [ 721.491416][T31980] BTRFS info (device loop4): setting nodatacow [ 721.513942][ T7] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 721.523049][ T7] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 721.539178][T31980] BTRFS info (device loop4): enabling ssd optimizations [ 721.553715][T31980] BTRFS info (device loop4): using spread ssd allocation scheme [ 721.571770][ T7] usb 6-1: Product: syz [ 721.575993][ T7] usb 6-1: Manufacturer: syz [ 721.597958][T31980] BTRFS error (device loop4): cannot disable free space tree [ 721.611841][ T7] usb 6-1: SerialNumber: syz [ 721.642126][ T7] usb 6-1: config 0 descriptor?? [ 721.686225][T31980] BTRFS error (device loop4): open_ctree failed: -22 [ 722.165301][ T7] appletouch 6-1:0.85: Failed to request geyser raw mode [ 722.172794][ T7] appletouch: probe of 6-1:0.85 failed with error -5 [ 722.237866][ T7] usb 6-1: USB disconnect, device number 34 [ 722.589887][T32056] QAT: failed to copy from user cfg_data. [ 722.966002][T32078] netlink: 9412 bytes leftover after parsing attributes in process `syz.5.12685'. [ 723.045385][T32081] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 723.086282][T32086] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 723.181086][T32086] overlayfs: overlapping lowerdir path [ 723.214576][T32092] netlink: 'syz.1.12690': attribute type 8 has an invalid length. [ 723.272402][T32092] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.12690'. [ 723.518144][T32110] bridge0: port 2(batadv0) entered blocking state [ 723.555379][T32110] bridge0: port 2(batadv0) entered disabled state [ 723.582813][T32110] device batadv0 entered promiscuous mode [ 723.624348][T32110] bridge0: port 2(batadv0) entered blocking state [ 723.631817][T32110] bridge0: port 2(batadv0) entered forwarding state [ 723.664015][ T4833] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 723.674407][ T4833] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 723.675662][T32118] loop2: detected capacity change from 0 to 2048 [ 723.704062][T32118] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 723.794646][T32118] attempt to access beyond end of device [ 723.794646][T32118] loop2: rw=524288, want=33554432, limit=2048 [ 723.813481][T32123] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 723.854576][ T7696] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 723.909816][T32118] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 723.963810][T32118] Remounting filesystem read-only [ 724.147773][T32139] loop4: detected capacity change from 0 to 1024 [ 724.158975][T32102] loop0: detected capacity change from 0 to 32768 [ 724.217010][T32139] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 724.233657][T32102] [ 724.233657][T32102] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 724.233657][T32102] [ 724.290229][T32102] ERROR: (device loop0): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 724.290229][T32102] [ 724.375208][T32102] ERROR: (device loop0): jfs_unlink: [ 724.375208][T32102] [ 724.506578][ T7696] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 724.522032][T32159] netlink: 32 bytes leftover after parsing attributes in process `syz.2.12724'. [ 724.534072][ T7696] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 724.559605][ T4186] ERROR: (device loop0): xtTruncate: XT_GETPAGE: xtree page corrupt [ 724.559605][ T4186] [ 724.564189][ T7696] usb 2-1: Product: syz [ 724.605215][ T4833] ERROR: (device loop0): diWrite: ixpxd invalid [ 724.605215][ T4833] [ 724.614150][ T7696] usb 2-1: Manufacturer: syz [ 724.629762][ T7696] usb 2-1: SerialNumber: syz [ 724.629791][ T4833] ERROR: (device loop0): txCommit: [ 724.629791][ T4833] [ 724.676760][ T4833] jfs_write_inode: jfs_commit_inode failed! [ 724.714959][ T7696] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 724.716632][ T4186] [ 724.716632][ T4186] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 724.716632][ T4186] [ 724.762628][ T4186] [ 724.762628][ T4186] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 724.762628][ T4186] [ 724.801912][T32171] raw_sendmsg: syz.2.12731 forgot to set AF_INET. Fix it! [ 724.927631][T32177] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12734'. [ 725.041119][ T21] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 725.089934][T32185] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.12725'. [ 725.308307][ T21] usb 6-1: Using ep0 maxpacket: 16 [ 725.350256][T32205] loop2: detected capacity change from 0 to 1024 [ 725.454530][ T21] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 725.464349][ T7696] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 725.488903][ T21] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 725.500283][ T21] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 725.510364][ T21] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 725.526931][ T21] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 725.538058][ T21] usb 6-1: config 1 interface 0 has no altsetting 0 [ 725.545382][ T21] usb 6-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 725.554934][ T21] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.641231][ T21] ums-sddr09 6-1:1.0: USB Mass Storage device detected [ 725.707410][T32229] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12759'. [ 725.868235][ T21] scsi host1: usb-storage 6-1:1.0 [ 726.004645][ T6300] usb 2-1: USB disconnect, device number 119 [ 726.067785][T32263] device gtp0 entered promiscuous mode [ 726.098594][ T21] usb 6-1: USB disconnect, device number 35 [ 726.214024][T32269] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551614) [ 726.230963][T32269] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 726.282246][T32261] loop0: detected capacity change from 0 to 8192 [ 726.356284][T32261] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 726.356366][T32261] REISERFS (device loop0): using ordered data mode [ 726.356377][T32261] reiserfs: using flush barriers [ 726.357425][T32261] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 726.357732][T32261] REISERFS (device loop0): checking transaction log (loop0) [ 726.495671][T32285] Cannot find del_set index 3 as target [ 726.635028][T32261] REISERFS (device loop0): Using tea hash to sort names [ 726.635360][T32261] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 726.636373][T32293] (unnamed net_device) (uninitialized): option lacp_active: invalid value (161) [ 726.652000][ T7696] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 726.652131][ T7696] ath9k_htc: Failed to initialize the device [ 726.652624][ T6300] usb 2-1: ath9k_htc: USB layer deinitialized [ 726.889659][T32304] netlink: 'syz.5.12793': attribute type 1 has an invalid length. [ 726.889682][T32304] netlink: 'syz.5.12793': attribute type 3 has an invalid length. [ 726.889696][T32304] netlink: 224 bytes leftover after parsing attributes in process `syz.5.12793'. [ 727.520065][T32352] loop4: detected capacity change from 0 to 1024 [ 727.642827][ T406] hfsplus: b-tree write err: -5, ino 25 [ 727.648694][ T406] hfsplus: b-tree write err: -5, ino 4 [ 727.671919][ T406] hfsplus: b-tree write err: -5, ino 2 [ 727.690849][T32365] netlink: zone id is out of range [ 727.696853][ T406] hfsplus: b-tree write err: -5, ino 26 [ 727.709408][T32365] netlink: set zone limit has 8 unknown bytes [ 727.731074][T32360] loop0: detected capacity change from 0 to 4096 [ 727.804269][T32360] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 727.827520][T32360] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 727.872911][T32360] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 727.920238][T32360] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 727.975747][T32360] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 728.063928][T32360] ntfs: volume version 3.1. [ 728.102917][T32360] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 728.181403][T32360] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 728.222126][T32360] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 728.309212][T32360] ntfs: (device loop0): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 728.361250][T32360] ntfs: (device loop0): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 728.424410][T32401] IPv6: NLM_F_CREATE should be specified when creating new route [ 728.687753][T32421] loop2: detected capacity change from 0 to 128 [ 728.786317][T32431] loop0: detected capacity change from 0 to 128 [ 728.799003][T32421] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 728.844138][T32421] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 728.892786][T32437] netlink: 'syz.1.12859': attribute type 13 has an invalid length. [ 729.102283][T32447] device vlan0 entered promiscuous mode [ 729.117253][T32449] netlink: 56 bytes leftover after parsing attributes in process `syz.4.12864'. [ 729.131670][T32447] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 729.157033][ T7696] usb 6-1: new full-speed USB device number 36 using dummy_hcd [ 729.574151][ T7696] usb 6-1: config 0 has an invalid descriptor of length 141, skipping remainder of the config [ 729.601961][ T7696] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x77, skipping [ 729.648686][ T7696] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 61941, setting to 64 [ 729.694597][ T7696] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 729.841354][ T7696] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 729.872212][ T7696] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 729.904573][ T7696] usb 6-1: Manufacturer: syz [ 729.935981][ T7696] usb 6-1: config 0 descriptor?? [ 729.947316][T32504] loop0: detected capacity change from 0 to 256 [ 729.983622][T32508] loop2: detected capacity change from 0 to 256 [ 730.088406][T32504] FAT-fs (loop0): Directory bread(block 64) failed [ 730.095461][T32504] FAT-fs (loop0): Directory bread(block 65) failed [ 730.105241][T32508] FAT-fs (loop2): Directory bread(block 64) failed [ 730.113472][T32504] FAT-fs (loop0): Directory bread(block 66) failed [ 730.133964][T32508] FAT-fs (loop2): Directory bread(block 65) failed [ 730.151146][T32504] FAT-fs (loop0): Directory bread(block 67) failed [ 730.153321][T32508] FAT-fs (loop2): Directory bread(block 66) failed [ 730.204946][T32504] FAT-fs (loop0): Directory bread(block 68) failed [ 730.230344][T32508] FAT-fs (loop2): Directory bread(block 67) failed [ 730.233596][T32504] FAT-fs (loop0): Directory bread(block 69) failed [ 730.253858][T32508] FAT-fs (loop2): Directory bread(block 68) failed [ 730.257346][ T7696] usb 6-1: USB disconnect, device number 36 [ 730.275345][T32508] FAT-fs (loop2): Directory bread(block 69) failed [ 730.288824][T32504] FAT-fs (loop0): Directory bread(block 70) failed [ 730.316070][T32504] FAT-fs (loop0): Directory bread(block 71) failed [ 730.336017][T32508] FAT-fs (loop2): Directory bread(block 70) failed [ 730.338831][T32520] netlink: 80 bytes leftover after parsing attributes in process `syz.1.12901'. [ 730.352583][T32504] FAT-fs (loop0): Directory bread(block 72) failed [ 730.364935][T32508] FAT-fs (loop2): Directory bread(block 71) failed [ 730.375889][T32504] FAT-fs (loop0): Directory bread(block 73) failed [ 730.406609][T32508] FAT-fs (loop2): Directory bread(block 72) failed [ 730.428249][T32508] FAT-fs (loop2): Directory bread(block 73) failed [ 730.718433][T32538] netlink: 'syz.4.12911': attribute type 2 has an invalid length. [ 730.726780][T32538] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 730.828238][T32544] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 730.974400][ T7696] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 731.052496][T32556] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12919'. [ 731.272884][T32573] netlink: 'syz.2.12927': attribute type 16 has an invalid length. [ 731.310777][T32571] loop4: detected capacity change from 0 to 4096 [ 731.320896][T32573] device ipip0 entered promiscuous mode [ 731.346138][T32576] loop5: detected capacity change from 0 to 1024 [ 731.422287][T32576] EXT4-fs (loop5): Ignoring removed orlov option [ 731.487596][T32571] ntfs: volume version 0.0. [ 731.494399][T32576] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 731.526791][T32576] EXT4-fs (loop5): orphan cleanup on readonly fs [ 731.545516][T32576] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.12928: Invalid inode table block 0 in block_group 0 [ 731.637399][ T7696] usb 2-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40 [ 731.646523][ T7696] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 731.664196][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 731.695333][ T7696] usb 2-1: Product: syz [ 731.699560][ T7696] usb 2-1: Manufacturer: syz [ 731.731193][ T7696] usb 2-1: SerialNumber: syz [ 731.736132][T32576] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 731.768580][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 731.782323][T32576] EXT4-fs error (device loop5): ext4_quota_write:6648: inode #3: comm syz.5.12928: mark_inode_dirty error [ 731.854099][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 731.882777][T32576] EXT4-fs error (device loop5): ext4_acquire_dquot:6236: comm syz.5.12928: Failed to acquire dquot type 0 [ 731.934830][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 731.973465][T32576] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.12928: Invalid inode table block 0 in block_group 0 [ 732.002539][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.009091][T32576] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 732.024707][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.036185][T32576] EXT4-fs error (device loop5): ext4_ext_truncate:4472: inode #15: comm syz.5.12928: mark_inode_dirty error [ 732.064916][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.072739][T32588] loop0: detected capacity change from 0 to 32768 [ 732.076367][T32576] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.12928: Invalid inode table block 0 in block_group 0 [ 732.117114][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.142601][T32576] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 732.165714][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.174812][ T4177] loop0: p1 p3 < p5 p6 > [ 732.179259][ T4177] loop0: partition table partially beyond EOD, truncated [ 732.185172][T32576] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 732.202160][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.204928][ T7696] usb 2-1: unit 5 not found! [ 732.215494][ T7696] usb 2-1: unit 102 not found! [ 732.221076][T32588] loop0: p1 p3 < p5 p6 > [ 732.230870][T32588] loop0: partition table partially beyond EOD, truncated [ 732.248176][T32576] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.12928: Invalid inode table block 0 in block_group 0 [ 732.257408][ T7696] usb 2-1: USB disconnect, device number 120 [ 732.273579][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.291676][T32576] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 732.306160][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.313603][T32576] EXT4-fs error (device loop5): ext4_truncate:4286: inode #15: comm syz.5.12928: mark_inode_dirty error [ 732.325699][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.334521][T32576] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 732.344551][T32576] EXT4-fs (loop5): Remounting filesystem read-only [ 732.351144][T32576] EXT4-fs (loop5): 1 truncate cleaned up [ 732.361743][T32576] EXT4-fs (loop5): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000040,stripe=0x0000000000000007,errors=remount-ro,lazytime,data_err=ignore,noblock_validity,minixdf,orlov,. Quota mode: writeback. [ 732.465315][ T6300] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 732.473788][T32610] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12938'. [ 732.474624][T32576] EXT4-fs error (device loop5): ext4_search_dir:1549: inode #2: block 16: comm syz.5.12928: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 732.765635][ T6300] usb 5-1: Using ep0 maxpacket: 16 [ 732.898735][ T6300] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 732.928669][ T6300] usb 5-1: config 0 has no interface number 0 [ 733.112635][ T6300] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 733.121722][ T6300] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.165261][ T6300] usb 5-1: Product: syz [ 733.176061][ T6300] usb 5-1: Manufacturer: syz [ 733.193644][ T6300] usb 5-1: SerialNumber: syz [ 733.230962][ T6300] usb 5-1: config 0 descriptor?? [ 733.281145][T18257] udevd[18257]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 733.281768][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 733.295787][ T5432] udevd[5432]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 733.301923][ T6300] hub 5-1:0.132: bad descriptor, ignoring hub [ 733.314767][ T4386] udevd[4386]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory [ 733.368154][ T6300] hub: probe of 5-1:0.132 failed with error -5 [ 733.372681][T32658] loop2: detected capacity change from 0 to 64 [ 733.400408][ T6300] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input44 [ 733.663433][ T4386] udevd[4386]: inotify_add_watch(7, /dev/nbd0p4, 10) failed: No such file or directory [ 734.171014][T23654] usb 6-1: new full-speed USB device number 37 using dummy_hcd [ 734.368236][T32694] loop0: detected capacity change from 0 to 4096 [ 734.378370][T32700] loop2: detected capacity change from 0 to 256 [ 734.428308][T32700] exfat: Deprecated parameter 'utf8' [ 734.434163][T32700] exfat: Deprecated parameter 'namecase' [ 734.444995][T32700] exfat: Deprecated parameter 'namecase' [ 734.484617][T32694] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 734.541194][T32700] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d) [ 734.588487][T23654] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 734.749843][T32713] loop0: detected capacity change from 0 to 8 [ 734.801599][T23654] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 734.810726][T23654] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 734.861331][T23654] usb 6-1: Product: syz [ 734.878712][T23654] usb 6-1: Manufacturer: syz [ 734.883397][T23654] usb 6-1: SerialNumber: syz [ 734.917801][T23654] usb 6-1: config 0 descriptor?? [ 734.994679][T23654] hub 6-1:0.0: bad descriptor, ignoring hub [ 735.000640][T23654] hub: probe of 6-1:0.0 failed with error -5 [ 735.030610][T23654] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input45 [ 735.079567][ T7696] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 735.154398][ T7] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 735.410830][ T6300] usb 1-1: new high-speed USB device number 116 using dummy_hcd [ 735.421888][ T7] usb 3-1: Using ep0 maxpacket: 32 [ 735.442641][T32754] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13009'. [ 735.452643][T32754] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13009'. [ 735.463253][T32754] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13009'. [ 735.549981][ T7] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 735.564656][ T7] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 735.581747][ T7] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 735.607903][ T7] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 735.624602][ T7] usb 3-1: config 1 has no interface number 0 [ 735.630745][ T7] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 735.656693][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 735.716588][ T7] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 735.731806][ T7696] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 735.751716][ T7696] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.757825][ T302] loop4: detected capacity change from 0 to 256 [ 735.765050][ T7696] usb 2-1: Product: syz [ 735.770273][ T7696] usb 2-1: Manufacturer: syz [ 735.775228][ T7696] usb 2-1: SerialNumber: syz [ 735.797696][ T302] exfat: Deprecated parameter 'utf8' [ 735.803383][ T302] exfat: Deprecated parameter 'namecase' [ 735.809305][ T302] exfat: Deprecated parameter 'namecase' [ 735.828916][ T7696] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 735.867612][ T302] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d) [ 735.945847][ T7] snd_usb_pod 3-1:1.1: set_interface failed [ 735.951822][ T7] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 735.965192][ T7] snd_usb_pod: probe of 3-1:1.1 failed with error -71 [ 735.972773][ T6300] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50 [ 735.983684][ T7] usb 3-1: USB disconnect, device number 105 [ 735.990977][ T6300] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 736.015898][ T6300] usb 1-1: Product: syz [ 736.015920][ T6300] usb 1-1: Manufacturer: syz [ 736.015935][ T6300] usb 1-1: SerialNumber: syz [ 736.024929][ T6300] usb 1-1: config 0 descriptor?? [ 736.064839][ T6300] usb 1-1: Waiting for MOTU Microbook II to boot up... [ 736.064868][ T6300] usb 1-1: failed setting the sample rate for Motu MicroBook II: -22 [ 736.064890][ T6300] snd-usb-audio: probe of 1-1:0.0 failed with error -22 [ 736.296662][ T7] usb 1-1: USB disconnect, device number 116 [ 736.391197][ T320] xt_TCPMSS: Only works on TCP SYN packets [ 736.528036][ T7695] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 736.634038][ T338] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13034'. [ 736.643269][ T338] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13034'. [ 736.786750][ T342] loop4: detected capacity change from 0 to 1024 [ 736.819585][ T342] EXT4-fs (loop4): Ignoring removed orlov option [ 736.857422][ T334] loop2: detected capacity change from 0 to 32768 [ 736.872879][ T342] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 736.881575][ T342] EXT4-fs (loop4): orphan cleanup on readonly fs [ 736.892627][ T342] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz.4.13036: Invalid inode table block 0 in block_group 0 [ 736.906802][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 736.943100][ T342] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 736.954237][ T334] jfs_strtoUCS: char2uni returned -22. [ 736.964169][ T334] charset = cp864, char = 0x9f [ 736.969437][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 736.978376][ T342] EXT4-fs error (device loop4): ext4_quota_write:6648: inode #3: comm syz.4.13036: mark_inode_dirty error [ 736.986525][ T7696] usb 2-1: USB disconnect, device number 121 [ 737.009616][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.027189][ T342] __quota_error: 8 callbacks suppressed [ 737.027205][ T342] Quota error (device loop4): write_blk: dquota write failed [ 737.057791][ T342] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 737.076083][ T342] EXT4-fs error (device loop4): ext4_acquire_dquot:6236: comm syz.4.13036: Failed to acquire dquot type 0 [ 737.120480][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.127250][ T342] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz.4.13036: Invalid inode table block 0 in block_group 0 [ 737.185713][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.192326][ T342] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 737.223842][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.231033][ T342] EXT4-fs error (device loop4): ext4_ext_truncate:4472: inode #15: comm syz.4.13036: mark_inode_dirty error [ 737.297988][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.308534][ T342] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz.4.13036: Invalid inode table block 0 in block_group 0 [ 737.354999][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.362187][ T342] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 737.372576][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.389016][T23654] usb 6-1: USB disconnect, device number 37 [ 737.401421][ T368] netlink: 14 bytes leftover after parsing attributes in process `syz.0.13046'. [ 737.443001][ T342] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 737.463244][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.472797][ T342] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz.4.13036: Invalid inode table block 0 in block_group 0 [ 737.494365][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.501457][ T342] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 737.520562][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.559726][ T342] EXT4-fs error (device loop4): ext4_truncate:4286: inode #15: comm syz.4.13036: mark_inode_dirty error [ 737.578290][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.614208][ T342] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 737.656235][ T342] EXT4-fs (loop4): Remounting filesystem read-only [ 737.667208][ T7695] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 737.677480][ T342] EXT4-fs (loop4): 1 truncate cleaned up [ 737.683268][ T342] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000040,stripe=0x0000000000000007,errors=remount-ro,lazytime,data_err=ignore,noblock_validity,minixdf,orlov,. Quota mode: writeback. [ 737.684278][ T7695] ath9k_htc: Failed to initialize the device [ 737.822221][ T7696] usb 2-1: ath9k_htc: USB layer deinitialized [ 737.958912][ T342] EXT4-fs error (device loop4): ext4_search_dir:1549: inode #2: block 16: comm syz.4.13036: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 738.136328][ T412] dlm: non-version read from control device 4096 [ 738.297444][ T6300] usb 3-1: new full-speed USB device number 106 using dummy_hcd [ 738.385720][ T433] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 738.431785][ T437] loop4: detected capacity change from 0 to 256 [ 738.648457][ T6299] usb 5-1: USB disconnect, device number 104 [ 738.693247][ T6300] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 738.721664][ T451] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13087'. [ 738.800122][ T6300] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 738.917469][ T6300] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 739.069975][ T468] netlink: 44 bytes leftover after parsing attributes in process `syz.5.13097'. [ 739.087839][ T468] netlink: 51 bytes leftover after parsing attributes in process `syz.5.13097'. [ 739.097566][ T468] netlink: 'syz.5.13097': attribute type 4 has an invalid length. [ 739.110000][ T6300] usb 3-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9 [ 739.119070][ T6300] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 739.162640][ T6300] usb 3-1: Product: syz [ 739.194607][ T6300] usb 3-1: Manufacturer: syz [ 739.203340][ T6300] usb 3-1: SerialNumber: syz [ 739.214717][ T475] netlink: 'syz.4.13100': attribute type 1 has an invalid length. [ 739.237051][ T478] netlink: 'syz.5.13101': attribute type 1 has an invalid length. [ 739.246252][ T6300] usb 3-1: config 0 descriptor?? [ 739.262988][ T479] netlink: 'syz.0.13102': attribute type 2 has an invalid length. [ 739.312858][ T479] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.13102'. [ 739.325284][ T6300] ti_usb_3410_5052 3-1:0.0: required endpoints missing [ 739.421477][ T487] netlink: 14 bytes leftover after parsing attributes in process `syz.4.13106'. [ 739.525330][ T489] xt_hashlimit: overflow, try lower: 3/0 [ 739.542572][ T4231] usb 3-1: USB disconnect, device number 106 [ 739.636736][ T495] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.665145][ T495] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.719311][ T495] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.749902][ T495] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.817696][ T495] device geneve1 entered promiscuous mode [ 739.824817][ T507] netlink: 'syz.1.13116': attribute type 12 has an invalid length. [ 739.873644][ T507] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.13116'. [ 740.163823][ T525] loop5: detected capacity change from 0 to 1024 [ 740.170592][ T527] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13126'. [ 740.281574][ T525] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 740.435524][ T7695] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 740.448327][ T503] loop4: detected capacity change from 0 to 32768 [ 740.628009][ T503] XFS (loop4): Mounting V5 Filesystem [ 740.832226][ T503] XFS (loop4): Ending clean mount [ 740.858881][ T4192] XFS (loop4): Unmounting Filesystem [ 740.863368][ T7695] usb 1-1: config 251 has an invalid interface number: 154 but max is 0 [ 740.872588][ T7695] usb 1-1: config 251 has no interface number 0 [ 740.906454][ T7695] usb 1-1: config 251 interface 154 has no altsetting 0 [ 741.130686][ T7695] usb 1-1: New USB device found, idVendor=041e, idProduct=4051, bcdDevice=6a.3e [ 741.152476][ T7695] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 741.169100][ T592] device bridge3 entered promiscuous mode [ 741.174457][ T7695] usb 1-1: Product: syz [ 741.179077][ T7695] usb 1-1: Manufacturer: syz [ 741.194420][ T7695] usb 1-1: SerialNumber: syz [ 741.306943][ T593] loop2: detected capacity change from 0 to 4096 [ 741.341080][ T601] netlink: 'syz.1.13160': attribute type 10 has an invalid length. [ 741.387060][ T601] device team0 entered promiscuous mode [ 741.392661][ T601] device team_slave_0 entered promiscuous mode [ 741.452394][ T593] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 741.465048][ T601] device team_slave_1 entered promiscuous mode [ 741.483943][ T601] device virt_wifi0 entered promiscuous mode [ 741.505672][ T593] ntfs3: loop2: Failed to load $Extend. [ 741.511813][ T601] device macvlan1 entered promiscuous mode [ 741.528482][ T601] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 741.582560][ T7695] gspca_main: gspca_zc3xx-2.14.0 probing 041e:4051 [ 741.609191][ T7695] gspca_zc3xx: reg_w_i err -71 [ 741.633002][ T7695] gspca_zc3xx: probe of 1-1:251.154 failed with error -71 [ 741.641648][ T7695] usb 1-1: USB disconnect, device number 117 [ 742.028715][ T4231] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 742.036636][ T636] __nla_validate_parse: 22 callbacks suppressed [ 742.036653][ T636] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13176'. [ 742.446037][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 742.466131][ T4231] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 742.497179][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 742.525290][ T669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13193'. [ 742.542781][ T4231] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 742.563859][ T6299] usb 6-1: new full-speed USB device number 38 using dummy_hcd [ 742.571693][ T4231] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 742.589101][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.615820][ T4231] usb 5-1: config 0 descriptor?? [ 742.705534][ T681] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13198'. [ 742.805128][ T685] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 742.814947][ T685] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 742.894523][ T4231] hdpvr 5-1:0.0: firmware version 0xd9 dated ÚL–W@ô‚Ôõ'^£ñR"Î5ËçèÝD¤ÙBUN§Æ=rp]’ÑEÈ/ [ 742.910030][ T4231] hdpvr 5-1:0.0: untested firmware, the driver might not work. [ 742.918417][ T6300] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 742.969265][ T6299] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 64 [ 743.129697][ T4231] hdpvr 5-1:0.0: device init failed [ 743.134958][ T4231] hdpvr: probe of 5-1:0.0 failed with error -12 [ 743.149736][ T4231] usb 5-1: USB disconnect, device number 105 [ 743.161922][ T6299] usb 6-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 743.180703][ T6299] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 743.189140][ T6299] usb 6-1: Product: syz [ 743.194146][ T6299] usb 6-1: Manufacturer: syz [ 743.199075][ T6299] usb 6-1: SerialNumber: syz [ 743.207484][ T6299] usb 6-1: config 0 descriptor?? [ 743.226124][ T651] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 743.233236][ T651] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 743.248014][ T6299] port100 6-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 743.368797][ T1108] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 743.428967][ T6300] usb 1-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1 [ 743.444431][ T6300] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 743.453858][ T6300] usb 1-1: Manufacturer: syz [ 743.467966][ T6300] usb 1-1: config 0 descriptor?? [ 743.479580][ T4231] usb 6-1: USB disconnect, device number 38 [ 743.607260][ T730] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13223'. [ 743.617293][ T730] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13223'. [ 743.765549][ T738] loop2: detected capacity change from 0 to 764 [ 743.772360][ T6300] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 743.779032][ T1108] usb 2-1: config index 0 descriptor too short (expected 45, got 27) [ 743.794931][ T6300] dvb_usb_af9015: probe of 1-1:0.0 failed with error -22 [ 743.807215][ T1108] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 743.836704][ T6300] usb 1-1: USB disconnect, device number 118 [ 744.004314][ T1108] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 744.021082][ T1108] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 744.040987][ T752] netlink: 124 bytes leftover after parsing attributes in process `syz.2.13234'. [ 744.041402][ T1108] usb 2-1: Product: syz [ 744.070293][ T752] netlink: 'syz.2.13234': attribute type 3 has an invalid length. [ 744.088880][ T1108] usb 2-1: Manufacturer: syz [ 744.100463][ T1108] usb 2-1: SerialNumber: syz [ 744.130736][ T758] netlink: 4844 bytes leftover after parsing attributes in process `syz.4.13237'. [ 744.162622][ T1108] rtl8150 2-1:1.0: couldn't find required endpoints [ 744.186915][ T1108] rtl8150: probe of 2-1:1.0 failed with error -5 [ 744.225128][ T764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13240'. [ 744.239412][ T764] netlink: 6 bytes leftover after parsing attributes in process `syz.4.13240'. [ 744.388740][ T4231] usb 2-1: USB disconnect, device number 122 [ 744.818774][T23654] usb 1-1: new high-speed USB device number 119 using dummy_hcd [ 744.863574][ T808] netdevsim netdevsim2: Firmware load for './cgroup/../file0' refused, path contains '..' component [ 744.972939][ T812] loop4: detected capacity change from 0 to 1024 [ 745.145243][ T822] program syz.1.13269 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 745.336390][ T830] xt_bpf: check failed: parse error [ 745.502900][T23654] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 745.522357][T23654] usb 1-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 745.538806][T23654] usb 1-1: Product: syz [ 745.567079][T23654] usb 1-1: Manufacturer: syz [ 745.571726][T23654] usb 1-1: SerialNumber: syz [ 745.588947][T23654] usb 1-1: config 0 descriptor?? [ 745.642927][T23654] ch341 1-1:0.0: ch341-uart converter detected [ 745.877038][ T7696] usb 3-1: new full-speed USB device number 107 using dummy_hcd [ 745.992584][ T834] loop4: detected capacity change from 0 to 32768 [ 746.022448][ T864] ip6t_rpfilter: unknown options [ 746.097748][ T834] JBD2: Ignoring recovery information on journal [ 746.108037][ T834] jbd2_journal_bmap: journal block not found at offset 32 on loop4-75 [ 746.116579][T23654] usb 1-1: failed to send control message: -71 [ 746.128121][ T834] JBD2: bad block at offset 32 [ 746.129619][T23654] ch341-uart: probe of ttyUSB0 failed with error -71 [ 746.203254][ T834] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 746.235463][T23654] usb 1-1: USB disconnect, device number 119 [ 746.260230][T23654] ch341 1-1:0.0: device disconnected [ 746.326379][ T7696] usb 3-1: config 0 has an invalid descriptor of length 91, skipping remainder of the config [ 746.352418][ T7696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 746.382961][ T4192] ocfs2: Unmounting device (7,4) on (node local) [ 746.397310][ T7696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 746.413017][ T7696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 746.427706][ T7696] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 746.444914][ T7696] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 746.476012][ T7696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 746.541265][ T7696] usb 3-1: config 0 descriptor?? [ 746.557024][ T887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13310'. [ 746.561685][ T889] netlink: 'syz.5.13301': attribute type 10 has an invalid length. [ 746.579898][ T889] device team0 entered promiscuous mode [ 746.585954][ T889] device team_slave_0 entered promiscuous mode [ 746.598911][ T889] device team_slave_1 entered promiscuous mode [ 746.611810][ T889] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 746.721625][ T7696] rc_core: IR keymap rc-hauppauge not found [ 746.727594][ T7696] Registered IR keymap rc-empty [ 746.737633][ T896] loop0: detected capacity change from 0 to 512 [ 746.787963][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 746.849838][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 746.882979][ T7696] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 746.941882][ T896] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 746.966599][ T7696] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input46 [ 746.984993][ T913] loop4: detected capacity change from 0 to 256 [ 747.009263][ T896] Quota error (device loop0): find_tree_dqentry: Getting block too big (514 >= 6) [ 747.021638][ T896] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 747.048736][ T896] EXT4-fs error (device loop0): ext4_acquire_dquot:6236: comm syz.0.13303: Failed to acquire dquot type 0 [ 747.076874][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.147626][ T913] FAT-fs (loop4): Directory bread(block 64) failed [ 747.154857][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.170525][ T913] FAT-fs (loop4): Directory bread(block 65) failed [ 747.192072][ T913] FAT-fs (loop4): Directory bread(block 66) failed [ 747.198645][ T913] FAT-fs (loop4): Directory bread(block 67) failed [ 747.214546][ T913] FAT-fs (loop4): Directory bread(block 68) failed [ 747.231930][ T913] FAT-fs (loop4): Directory bread(block 69) failed [ 747.241049][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.282288][ T913] FAT-fs (loop4): Directory bread(block 70) failed [ 747.320470][ T913] FAT-fs (loop4): Directory bread(block 71) failed [ 747.326164][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.343165][ T913] FAT-fs (loop4): Directory bread(block 72) failed [ 747.375625][ T913] FAT-fs (loop4): Directory bread(block 73) failed [ 747.401365][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.477314][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.487008][ T948] loop0: detected capacity change from 0 to 164 [ 747.544805][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.577953][ T948] Unable to read rock-ridge attributes [ 747.583462][ T948] isofs_fill_super: root inode is not a directory. Corrupted media? [ 747.594613][ T954] tmpfs: Bad value for 'mpol' [ 747.608906][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.673076][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.745659][ T965] x_tables: unsorted entry at hook 3 [ 747.758719][ T7696] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 747.791681][ T7696] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 747.831339][ T7696] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 747.852317][ T7696] usb 3-1: USB disconnect, device number 107 [ 747.918417][ T978] xt_nat: multiple ranges no longer supported [ 748.070436][ T988] loop4: detected capacity change from 0 to 1764 [ 748.227049][ T1006] device vti0 entered promiscuous mode [ 748.309564][ T1012] netlink: 'syz.2.13359': attribute type 1 has an invalid length. [ 748.474903][ T7684] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 748.628893][ T1045] __nla_validate_parse: 2 callbacks suppressed [ 748.628909][ T1045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13373'. [ 748.716473][ T7696] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 748.830087][ T1067] netlink: 76 bytes leftover after parsing attributes in process `syz.4.13382'. [ 748.850364][ T1067] netlink: 72 bytes leftover after parsing attributes in process `syz.4.13382'. [ 748.859458][ T1067] netlink: 'syz.4.13382': attribute type 3 has an invalid length. [ 748.913768][ T1067] netlink: 11 bytes leftover after parsing attributes in process `syz.4.13382'. [ 748.918672][ T7684] usb 6-1: config 7 descriptor has 1 excess byte, ignoring [ 748.960973][ T7684] usb 6-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 749.148766][ T7696] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 749.164260][ T7696] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 749.191200][ T7684] usb 6-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 7.84 [ 749.210451][ T7684] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.224321][ T7696] usb 1-1: config 0 descriptor?? [ 749.240348][ T7684] usb 6-1: Product: syz [ 749.245237][ T7684] usb 6-1: Manufacturer: syz [ 749.249856][ T7684] usb 6-1: SerialNumber: syz [ 749.289351][ T7696] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 749.346670][ T7684] rndis_wlan 6-1:7.0: skipping garbage [ 749.358886][ T7684] usb 6-1: bad CDC descriptors [ 749.400465][ T7684] rndis_host 6-1:7.0: skipping garbage [ 749.427253][ T7684] usb 6-1: bad CDC descriptors [ 749.474521][ T7684] option 6-1:7.0: GSM modem (1-port) converter detected [ 749.522477][ T4231] usb 3-1: new full-speed USB device number 108 using dummy_hcd [ 749.574986][ T1108] usb 6-1: USB disconnect, device number 39 [ 749.606254][ T1108] option 6-1:7.0: device disconnected [ 749.753142][ T7696] gspca_cpia1: usb_control_msg 03, error -71 [ 749.800454][ T7696] gspca_cpia1: usb_control_msg 01, error -71 [ 749.814086][ T7696] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 749.858753][ T7696] usb 1-1: USB disconnect, device number 120 [ 749.914371][ T4231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 750.101969][ T4231] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 750.139448][ T4231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.172780][ T4231] usb 3-1: Product: syz [ 750.187199][ T4231] usb 3-1: Manufacturer: syz [ 750.191847][ T4231] usb 3-1: SerialNumber: syz [ 750.214254][ T1152] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13417'. [ 750.235949][ T4231] usb 3-1: config 0 descriptor?? [ 750.250697][ T1152] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13417'. [ 750.303633][ T4231] hub 3-1:0.0: bad descriptor, ignoring hub [ 750.309593][ T4231] hub: probe of 3-1:0.0 failed with error -5 [ 750.344334][ T4231] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input47 [ 750.367055][ T1164] netlink: 'syz.4.13420': attribute type 8 has an invalid length. [ 750.407332][ T1169] xt_hashlimit: size too large, truncated to 1048576 [ 750.471004][ T1169] xt_hashlimit: overflow, try lower: 9223372036854775807/9 [ 750.508938][ T1174] netlink: 72 bytes leftover after parsing attributes in process `syz.1.13425'. [ 750.735013][T23654] usb 3-1: USB disconnect, device number 108 [ 750.895956][ T1207] snd_dummy snd_dummy.0: control 3:5:3:syz1:9 is already present [ 751.106401][ T1226] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 751.198848][ T1233] netlink: 'syz.4.13449': attribute type 1 has an invalid length. [ 751.259735][ T1235] netlink: 'syz.1.13450': attribute type 21 has an invalid length. [ 751.640058][ T1273] SET target dimension over the limit! [ 751.703397][ T6300] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 751.959901][ T6300] usb 1-1: Using ep0 maxpacket: 8 [ 752.053546][ T1313] netlink: 16 bytes leftover after parsing attributes in process `syz.5.13488'. [ 752.053573][ T1314] loop4: detected capacity change from 0 to 512 [ 752.094913][ T1313] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13488'. [ 752.202893][ T1314] EXT4-fs (loop4): 1 truncate cleaned up [ 752.221096][ T1314] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,stripe=0x000000000000030c,jqfmt=vfsv1,nojournal_checksum,jqfmt=vfsv1,usrjquota=,resgid=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: none. [ 752.259501][ T6300] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 752.268618][ T6300] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 752.374718][ T6300] usb 1-1: Product: syz [ 752.406713][ T6300] usb 1-1: Manufacturer: syz [ 752.435476][ T6300] usb 1-1: SerialNumber: syz [ 752.471299][ T1340] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 752.475376][ T6300] usb 1-1: config 0 descriptor?? [ 752.533936][ T1340] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 752.549958][ T6300] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 752.574581][ T1340] overlayfs: missing 'lowerdir' [ 752.660276][ T1350] loop4: detected capacity change from 0 to 512 [ 752.794643][ T1350] Quota error (device loop4): do_check_range: Getting dqdh_next_free 256 out of range 0-7 [ 752.815538][ T1350] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 752.826375][ T1350] EXT4-fs error (device loop4): ext4_acquire_dquot:6236: comm syz.4.13502: Failed to acquire dquot type 1 [ 752.847677][ T1350] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #16: comm syz.4.13502: corrupted inode contents [ 752.865407][ T1350] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #16: comm syz.4.13502: mark_inode_dirty error [ 752.886152][ T1350] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #16: comm syz.4.13502: corrupted inode contents [ 752.907470][ T7684] usb 6-1: new full-speed USB device number 40 using dummy_hcd [ 752.915320][ T7696] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 752.923553][ T1350] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.13502: mark_inode_dirty error [ 752.948853][ T1350] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #16: comm syz.4.13502: corrupted inode contents [ 752.992416][ T1350] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 753.002857][ T1350] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #16: comm syz.4.13502: corrupted inode contents [ 753.018367][ T6300] gspca_zc3xx: reg_r err -71 [ 753.023071][ T6300] gspca_zc3xx: probe of 1-1:0.0 failed with error -71 [ 753.052279][ T6300] usb 1-1: USB disconnect, device number 121 [ 753.067514][ T1350] EXT4-fs error (device loop4): ext4_truncate:4286: inode #16: comm syz.4.13502: mark_inode_dirty error [ 753.091082][ T1350] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 753.122846][ T1350] EXT4-fs (loop4): 1 truncate cleaned up [ 753.129089][ T1350] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 753.165447][ T1359] loop2: detected capacity change from 0 to 32768 [ 753.218718][ T7696] usb 2-1: Using ep0 maxpacket: 16 [ 753.228874][ T1359] JBD2: Ignoring recovery information on journal [ 753.243037][ T1359] jbd2_journal_bmap: journal block not found at offset 32 on loop2-75 [ 753.251435][ T1359] JBD2: bad block at offset 32 [ 753.261230][ T1359] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 753.382300][ T7684] usb 6-1: config 150 has an invalid interface number: 204 but max is 2 [ 753.414621][ T7684] usb 6-1: config 150 has an invalid descriptor of length 0, skipping remainder of the config [ 753.458856][ T7684] usb 6-1: config 150 has 1 interface, different from the descriptor's value: 3 [ 753.486650][ T7684] usb 6-1: config 150 has no interface number 0 [ 753.499647][ T7684] usb 6-1: config 150 interface 204 has no altsetting 0 [ 753.503263][ T1375] loop4: detected capacity change from 0 to 1764 [ 753.520432][ T4185] ocfs2: Unmounting device (7,2) on (node local) [ 753.574827][ T7696] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 753.595592][ T7696] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.603640][ T7696] usb 2-1: Product: syz [ 753.651465][ T7696] usb 2-1: Manufacturer: syz [ 753.671325][ T7696] usb 2-1: SerialNumber: syz [ 753.689411][ T7696] usb 2-1: config 0 descriptor?? [ 753.745538][ T7684] usb 6-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 753.754652][ T7684] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.797037][ T7684] usb 6-1: Product: syz [ 753.812982][ T7684] usb 6-1: Manufacturer: syz [ 753.818740][ T7684] usb 6-1: SerialNumber: syz [ 753.844466][ T1386] kAFS: unable to lookup cell '(/' [ 753.914122][ T1391] IPv6: Can't replace route, no match found [ 753.933473][ T1392] IPv6: Can't replace route, no match found [ 753.982165][ T7696] speedtch 2-1:0.0: speedtch_bind: data interface not found! [ 754.005608][ T7696] speedtch 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 754.175258][ T7684] xr_serial 6-1:150.204: skipping garbage [ 754.181046][ T7684] xr_serial 6-1:150.204: invalid descriptor buffer length [ 754.203030][ T7684] usb 6-1: USB disconnect, device number 40 [ 754.221236][ T7696] usb 2-1: USB disconnect, device number 123 [ 754.603728][ T1446] loop2: detected capacity change from 0 to 2048 [ 754.674481][ T1451] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 754.696932][ T1453] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13549'. [ 754.985876][ T1474] netlink: 'syz.5.13559': attribute type 8 has an invalid length. [ 755.039328][ T1477] kAFS: unable to lookup cell 'Þ({^ú@' [ 755.162160][ T1489] netlink: 256 bytes leftover after parsing attributes in process `syz.1.13566'. [ 755.197576][ T1489] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 755.354399][ T1506] tmpfs: Bad value for 'mpol' [ 755.418582][ T1505] loop5: detected capacity change from 0 to 2048 [ 755.506603][ T1505] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 755.762870][ T1540] loop5: detected capacity change from 0 to 64 [ 755.802993][ T1542] syz.4.13592 (1542): /proc/1541/oom_adj is deprecated, please use /proc/1541/oom_score_adj instead. [ 755.979785][ T21] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 756.150798][ T1108] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 756.165033][T23654] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 756.204591][ T1565] netlink: 'syz.5.13603': attribute type 10 has an invalid length. [ 756.247512][ T1565] batman_adv: batadv0: Adding interface: netdevsim0 [ 756.275461][ T1565] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 756.301123][ C0] vkms_vblank_simulate: vblank timer overrun [ 756.350745][ T1565] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active [ 756.443546][ T1573] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13607'. [ 756.460697][T23654] usb 1-1: Using ep0 maxpacket: 16 [ 756.567746][ T1108] usb 3-1: config 127 has an invalid interface number: 95 but max is 0 [ 756.588313][ T1108] usb 3-1: config 127 has no interface number 0 [ 756.600331][T23654] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 756.619407][T23654] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 756.619736][ T1108] usb 3-1: config 127 interface 95 altsetting 0 endpoint 0xC has an invalid bInterval 132, changing to 11 [ 756.632102][ T21] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 756.656385][T23654] usb 1-1: config 0 has no interface number 0 [ 756.662665][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.670965][ T1108] usb 3-1: config 127 interface 95 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 32 [ 756.671007][ T1108] usb 3-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice= e.76 [ 756.671029][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.706216][ T21] usb 2-1: Product: syz [ 756.710838][ T1545] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 756.730440][ T21] usb 2-1: Manufacturer: syz [ 756.738209][ T21] usb 2-1: SerialNumber: syz [ 756.750685][ T1108] ti_usb_3410_5052 3-1:127.95: TI USB 3410 1 port adapter converter detected [ 756.771057][ T1108] ti_usb_3410_5052 3-1:127.95: missing endpoints [ 756.819476][ T21] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 756.892968][T23654] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 756.907304][T23654] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.920807][T23654] usb 1-1: Product: syz [ 756.925537][T23654] usb 1-1: Manufacturer: syz [ 756.941138][T23654] usb 1-1: SerialNumber: syz [ 756.961436][T23654] usb 1-1: config 0 descriptor?? [ 757.008775][T23654] usb 1-1: Found UVC 0.00 device syz (046d:08d3) [ 757.028952][T23654] usb 1-1: No valid video chain found. [ 757.045548][ T6300] usb 3-1: USB disconnect, device number 109 [ 757.064758][ T1583] loop4: detected capacity change from 0 to 32768 [ 757.182548][ T1583] XFS (loop4): Mounting V5 Filesystem [ 757.216562][ T1583] XFS (loop4): Ending clean mount [ 757.224262][ T1583] XFS (loop4): Quotacheck needed: Please wait. [ 757.240800][ T1108] usb 1-1: USB disconnect, device number 122 [ 757.297716][ T1583] XFS (loop4): Quotacheck: Done. [ 757.336398][ T4192] XFS (loop4): Unmounting Filesystem [ 757.380208][T23654] usb 6-1: new full-speed USB device number 41 using dummy_hcd [ 757.561918][ T21] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 757.700840][ T1616] netlink: 16 bytes leftover after parsing attributes in process `syz.4.13626'. [ 757.801169][T23654] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 757.828685][T23654] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.873093][T23654] usb 6-1: config 0 descriptor?? [ 757.963621][T23654] cp210x 6-1:0.0: cp210x converter detected [ 758.103237][ T1108] usb 2-1: USB disconnect, device number 124 [ 758.116045][ T1640] netlink: 2 bytes leftover after parsing attributes in process `syz.4.13638'. [ 758.417267][T23654] cp210x 6-1:0.0: failed to get vendor val 0x370c size 13: -71 [ 758.430811][T23654] cp210x 6-1:0.0: GPIO initialisation failed: -71 [ 758.453663][T23654] usb 6-1: cp210x converter now attached to ttyUSB0 [ 758.497593][T23654] usb 6-1: USB disconnect, device number 41 [ 758.501456][ T1668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13651'. [ 758.519045][T23654] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 758.543811][T23654] cp210x 6-1:0.0: device disconnected [ 758.721747][ T21] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 758.748020][ T21] ath9k_htc: Failed to initialize the device [ 758.766060][ T1108] usb 2-1: ath9k_htc: USB layer deinitialized [ 758.805358][ T1689] netlink: 'syz.4.13661': attribute type 9 has an invalid length. [ 758.829353][ T1689] netlink: 'syz.4.13661': attribute type 7 has an invalid length. [ 758.866254][ T1689] netlink: 'syz.4.13661': attribute type 8 has an invalid length. [ 758.969530][ T1697] netlink: 36 bytes leftover after parsing attributes in process `syz.1.13664'. [ 759.118552][ T1698] loop0: detected capacity change from 0 to 4096 [ 759.192825][ T1698] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 759.257296][ T1698] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 759.322147][ T1698] ntfs: volume version 3.1. [ 759.370523][ T1698] ntfs: (device loop0): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 759.393851][ T1718] loop5: detected capacity change from 0 to 512 [ 759.443481][ T1698] ntfs: (device loop0): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 759.475808][ T1698] ntfs: (device loop0): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 759.572909][ T1718] EXT4-fs error (device loop5): ext4_do_update_inode:5229: inode #3: comm syz.5.13675: corrupted inode contents [ 759.709625][ T1718] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #3: comm syz.5.13675: mark_inode_dirty error [ 759.790335][ T1718] EXT4-fs error (device loop5): ext4_do_update_inode:5229: inode #3: comm syz.5.13675: corrupted inode contents [ 759.844619][ T1718] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #3: comm syz.5.13675: mark_inode_dirty error [ 759.859923][ T1735] device hsr0 left promiscuous mode [ 759.865475][ T1735] device vlan0 left promiscuous mode [ 759.871188][ T1735] device geneve1 left promiscuous mode [ 759.876841][ T1735] device wlan0 left promiscuous mode [ 759.882502][ T1735] device gtp0 left promiscuous mode [ 759.885702][ T1718] Quota error (device loop5): write_blk: dquota write failed [ 759.887829][ T1735] device bond1 left promiscuous mode [ 759.900756][ T1735] device bridge4 left promiscuous mode [ 759.906886][ T1735] device bond2 left promiscuous mode [ 759.913315][ T1735] device ip6erspan0 left promiscuous mode [ 759.915284][ T1718] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 759.929743][ T1735] device vti0 left promiscuous mode [ 759.956512][ T1718] EXT4-fs error (device loop5): ext4_acquire_dquot:6236: comm syz.5.13675: Failed to acquire dquot type 0 [ 759.993715][ T1718] EXT4-fs error (device loop5): ext4_do_update_inode:5229: inode #16: comm syz.5.13675: corrupted inode contents [ 759.993911][ T1711] loop2: detected capacity change from 0 to 32768 [ 760.006572][ T1718] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #16: comm syz.5.13675: mark_inode_dirty error [ 760.053560][ T1718] EXT4-fs error (device loop5): ext4_do_update_inode:5229: inode #16: comm syz.5.13675: corrupted inode contents [ 760.085146][ T1718] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #16: comm syz.5.13675: mark_inode_dirty error [ 760.130202][ T1711] ea_get: extended attribute size too large: 2617245744 > INT_MAX [ 760.151206][ T1718] EXT4-fs error (device loop5): ext4_do_update_inode:5229: inode #16: comm syz.5.13675: corrupted inode contents [ 760.213700][ T1718] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 760.235105][ T1718] EXT4-fs error (device loop5): ext4_do_update_inode:5229: inode #16: comm syz.5.13675: corrupted inode contents [ 760.309336][ T1718] EXT4-fs error (device loop5): ext4_truncate:4286: inode #16: comm syz.5.13675: mark_inode_dirty error [ 760.322490][ T1754] loop0: detected capacity change from 0 to 8 [ 760.371565][ T1718] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 760.424708][ T1718] EXT4-fs (loop5): 1 truncate cleaned up [ 760.448791][ T1718] EXT4-fs (loop5): mounted filesystem without journal. Opts: resuid=0x0000000000000000,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 760.492649][ T26] audit: type=1800 audit(731.222:44): pid=1754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.13690" name="file0" dev="loop0" ino=1 res=0 errno=0 [ 761.054570][ T6299] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 761.335632][ T6299] usb 5-1: Using ep0 maxpacket: 8 [ 761.464112][ T6299] usb 5-1: config index 0 descriptor too short (expected 1307, got 27) [ 761.482119][ T6299] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 761.504618][ T6299] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 761.559564][ T1827] netlink: 68 bytes leftover after parsing attributes in process `syz.1.13717'. [ 761.569334][ T6299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 214, changing to 11 [ 761.597081][ T1827] netlink: 68 bytes leftover after parsing attributes in process `syz.1.13717'. [ 761.598591][ T6299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 49299, setting to 1024 [ 761.651635][ T1833] netlink: 'syz.0.13720': attribute type 1 has an invalid length. [ 761.859579][ T6299] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 761.879587][ T6299] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.926820][ T6299] usb 5-1: Product: syz [ 761.931041][ T6299] usb 5-1: Manufacturer: syz [ 761.947131][ T6299] usb 5-1: SerialNumber: syz [ 761.961560][ T6299] usb 5-1: config 0 descriptor?? [ 762.009929][ T6299] hub 5-1:0.0: bad descriptor, ignoring hub [ 762.024232][ T6299] hub: probe of 5-1:0.0 failed with error -5 [ 762.049233][ T6299] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input48 [ 762.241241][ T6299] usb 5-1: USB disconnect, device number 106 [ 762.396516][ T1878] loop0: detected capacity change from 0 to 4096 [ 762.521859][ T1878] ntfs: (device loop0): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 762.633654][ T1878] ntfs: volume version 3.1. [ 762.685450][ T1878] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 762.846456][ T1903] netlink: 600 bytes leftover after parsing attributes in process `syz.2.13745'. [ 763.028768][ T1903] bridge0: port 2(bridge_slave_1) entered disabled state [ 763.096668][ T1903] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 763.272687][ T1927] netlink: 'syz.4.13756': attribute type 1 has an invalid length. [ 763.469224][ T1943] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13765'. [ 763.488020][ T1943] netlink: 43 bytes leftover after parsing attributes in process `syz.1.13765'. [ 763.505862][ T1943] netlink: 'syz.1.13765': attribute type 6 has an invalid length. [ 763.523989][ T1943] netlink: 'syz.1.13765': attribute type 5 has an invalid length. [ 763.580822][ T1943] netlink: 43 bytes leftover after parsing attributes in process `syz.1.13765'. [ 763.647560][ T1960] usb usb8: check_ctrlrecip: process 1960 (syz.2.13773) requesting ep 01 but needs 81 [ 763.684780][ T1960] usb usb8: usbfs: process 1960 (syz.2.13773) did not claim interface 0 before use [ 763.704185][ T1966] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13774'. [ 763.719680][ T6299] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 763.730980][ T1966] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13774'. [ 763.750771][ T1966] netlink: 48 bytes leftover after parsing attributes in process `syz.1.13774'. [ 763.854839][ T1973] netlink: 16 bytes leftover after parsing attributes in process `syz.5.13777'. [ 763.976234][ T6299] usb 5-1: Using ep0 maxpacket: 32 [ 764.104699][ T6299] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 764.133547][ T6299] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 764.286439][ T6299] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 764.317410][ T6299] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 764.350447][ T6299] usb 5-1: Product: syz [ 764.354665][ T6299] usb 5-1: Manufacturer: syz [ 764.426204][ T6299] hub 5-1:4.0: USB hub found [ 764.574191][ T2032] netlink: 'syz.1.13800': attribute type 21 has an invalid length. [ 764.591609][ T2033] loop2: detected capacity change from 0 to 512 [ 764.655957][ T2033] EXT4-fs (loop2): Ignoring removed nobh option [ 764.662851][ T6299] hub 5-1:4.0: 2 ports detected [ 764.683650][ T2033] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 764.722647][ T2033] EXT4-fs (loop2): orphan cleanup on readonly fs [ 764.733224][ T2033] EXT4-fs error (device loop2): ext4_orphan_get:1432: comm syz.2.13803: bad orphan inode 15 [ 764.751988][ T2033] ext4_test_bit(bit=14, block=18) = 1 [ 764.803990][ T2033] is_bad_inode(inode)=0 [ 764.808327][ T2033] NEXT_ORPHAN(inode)=1023 [ 764.813510][ T2033] max_ino=32 [ 764.816768][ T2033] i_nlink=0 [ 764.828348][ T2051] xt_SECMARK: invalid mode: 2 [ 764.842106][ T2033] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.13803: bg 0: block 161: padding at end of block bitmap is not set [ 764.884304][ T2033] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 764.895542][ T6299] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 764.908740][ T6299] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 764.970892][ T2033] EXT4-fs (loop2): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000002,nobh,,errors=continue. Quota mode: none. [ 764.982299][ T6299] usb 5-1: USB disconnect, device number 107 [ 765.201661][ T2069] openvswitch: netlink: Message has 8 unknown bytes. [ 765.303700][ T2071] usb usb8: usbfs: process 2071 (syz.5.13823) did not claim interface 0 before use [ 765.366512][ T2082] netlink: 'syz.2.13820': attribute type 1 has an invalid length. [ 765.479304][ T2089] xt_hashlimit: size too large, truncated to 1048576 [ 765.569035][ T2099] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 765.609000][ T2103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 766.279428][ T2166] exfat: Deprecated parameter 'debug' [ 766.300170][ T2166] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 766.354585][ T2166] exFAT-fs (loop4): unable to read boot sector [ 766.360272][T23654] usb 1-1: new high-speed USB device number 123 using dummy_hcd [ 766.381227][ T2166] exFAT-fs (loop4): failed to read boot sector [ 766.414512][ T2166] exFAT-fs (loop4): failed to recognize exfat type [ 766.468813][ T2176] loop2: detected capacity change from 0 to 512 [ 766.518586][ T2180] xt_hashlimit: size too large, truncated to 1048576 [ 766.562712][ T2180] xt_hashlimit: max too large, truncated to 1048576 [ 766.585122][ T2176] EXT4-fs (loop2): orphan cleanup on readonly fs [ 766.643566][ T2192] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 766.648475][ T2176] __quota_error: 5 callbacks suppressed [ 766.648489][ T2176] Quota error (device loop2): v2_read_file_info: Block with free entry too big (9 >= 6). [ 766.711200][ T2176] EXT4-fs warning (device loop2): ext4_enable_quotas:6488: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 766.737283][ T2176] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 766.779216][ T2176] EXT4-fs error (device loop2): ext4_orphan_get:1432: comm syz.2.13872: bad orphan inode 14 [ 766.831137][T23654] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 766.839472][T23654] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 766.857702][ T2176] ext4_test_bit(bit=13, block=18) = 1 [ 766.883133][ T2176] is_bad_inode(inode)=0 [ 766.896243][T23654] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 766.917142][ T2176] NEXT_ORPHAN(inode)=0 [ 766.938018][T23654] usb 1-1: config 220 has no interface number 2 [ 766.941381][ T2176] max_ino=32 [ 766.947140][T23654] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 766.960005][ T2204] ceph: No path or : separator in source [ 766.973883][ T2176] i_nlink=1 [ 766.983972][T23654] usb 1-1: config 220 interface 0 has no altsetting 0 [ 766.997030][T23654] usb 1-1: config 220 interface 76 has no altsetting 0 [ 767.007870][ T2176] EXT4-fs (loop2): 1 truncate cleaned up [ 767.022280][ T2176] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 767.034267][T23654] usb 1-1: config 220 interface 1 has no altsetting 0 [ 767.269297][T23654] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 767.280170][T23654] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.295291][T23654] usb 1-1: Product: syz [ 767.316532][T23654] usb 1-1: Manufacturer: syz [ 767.341873][T23654] usb 1-1: SerialNumber: syz [ 767.692303][ T2247] __nla_validate_parse: 6 callbacks suppressed [ 767.692320][ T2247] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13902'. [ 767.772750][T23654] usb 1-1: selecting invalid altsetting 0 [ 767.782953][T23654] usb 1-1: selecting invalid altsetting 0 [ 767.789281][T23654] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 767.820278][T23654] usb 1-1: No valid video chain found. [ 767.849931][ T2253] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13905'. [ 767.964893][T23654] usb 1-1: selecting invalid altsetting 0 [ 767.970705][T23654] usbtest: probe of 1-1:220.1 failed with error -22 [ 767.997622][ T2262] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13908'. [ 768.030842][T23654] usb 1-1: USB disconnect, device number 123 [ 768.058929][ T2262] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13908'. [ 768.253641][ C1] sd 0:0:1:0: tag#1817 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 768.263585][ C1] sd 0:0:1:0: tag#1817 CDB: opcode=0x2 [ 768.269115][ C1] sd 0:0:1:0: tag#1817 CDB[00]: 02 4f 35 6d 46 cb 6f 41 1b fa 91 fc e1 37 8a 59 [ 768.278203][ C1] sd 0:0:1:0: tag#1817 CDB[10]: 2a a0 42 c5 04 41 9d ac 89 0e e5 10 22 9a 75 90 [ 768.287551][ C1] sd 0:0:1:0: tag#1817 CDB[20]: 47 [ 768.293089][ T2239] loop2: detected capacity change from 0 to 32768 [ 768.329542][ T26] audit: type=1800 audit(738.537:45): pid=2263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.4.13910" name="/" dev="tmpfs" ino=701 res=0 errno=0 [ 768.527583][ T2296] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13924'. [ 768.636976][ T2239] XFS (loop2): Mounting V5 Filesystem [ 768.743030][ T2316] netlink: 48 bytes leftover after parsing attributes in process `syz.5.13931'. [ 768.744826][ T2239] XFS (loop2): Ending clean mount [ 768.862187][ T2239] XFS (loop2): Quotacheck needed: Please wait. [ 768.912068][ T2325] netlink: zone id is out of range [ 768.922788][ T2325] netlink: zone id is out of range [ 768.993524][ T2239] XFS (loop2): Quotacheck: Done. [ 769.105812][ T4185] XFS (loop2): Unmounting Filesystem [ 769.204005][T23654] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 769.235182][ T2343] loop5: detected capacity change from 0 to 1764 [ 769.269603][ T26] audit: type=1800 audit(739.426:46): pid=2332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.4.13939" name="/" dev="sockfs" ino=126716 res=0 errno=0 [ 769.450317][ T2350] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 769.492794][T23654] usb 2-1: Using ep0 maxpacket: 16 [ 769.563053][ T2356] netlink: 'syz.4.13950': attribute type 1 has an invalid length. [ 769.580504][ T2358] netlink: 'syz.5.13951': attribute type 10 has an invalid length. [ 769.623087][ T2358] bond0: (slave wlan1): Opening slave failed [ 769.643948][T23654] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 769.651990][T23654] usb 2-1: config 0 has no interface number 0 [ 769.676187][T23654] usb 2-1: config 0 interface 8 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 769.837649][T23654] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 769.867439][T23654] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 769.889078][T23654] usb 2-1: Product: syz [ 769.893328][T23654] usb 2-1: SerialNumber: syz [ 769.943381][T23654] usb 2-1: config 0 descriptor?? [ 769.963669][ T2326] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 769.997248][T23654] usbhid 2-1:0.8: couldn't find an input interrupt endpoint [ 770.222878][ T2398] i2c i2c-0: Invalid block write size 150 [ 770.367247][ T2404] device bridge3 entered promiscuous mode [ 770.497557][ T4231] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 770.618630][ T2425] netlink: 32 bytes leftover after parsing attributes in process `syz.5.13982'. [ 770.683729][ T2431] loop2: detected capacity change from 0 to 64 [ 770.718902][ T2435] kAFS: No cell specified [ 770.764728][ T4231] usb 5-1: Using ep0 maxpacket: 16 [ 770.863126][ T2442] loop0: detected capacity change from 0 to 1024 [ 770.919535][ T2442] hfsplus: Filesystem is marked locked, mounting read-only. [ 771.064275][ T4231] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 771.066609][ T2455] loop5: detected capacity change from 0 to 128 [ 771.073377][ T4231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 771.073402][ T4231] usb 5-1: Product: syz [ 771.084293][ T4231] usb 5-1: Manufacturer: syz [ 771.118764][ T4231] usb 5-1: SerialNumber: syz [ 771.142572][ T4231] usb 5-1: config 0 descriptor?? [ 771.201492][ T2468] IPv6: sit3: Disabled Multicast RS [ 771.234704][ T2471] loop0: detected capacity change from 0 to 8 [ 771.252445][ T2455] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 771.287296][ T2455] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 771.311674][ T2473] program syz.2.14003 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 771.358793][ T2471] SQUASHFS error: Unable to read inode 0x11f [ 771.410960][ T2477] sctp: [Deprecated]: syz.5.14004 (pid 2477) Use of int in max_burst socket option deprecated. [ 771.410960][ T2477] Use struct sctp_assoc_value instead [ 771.430067][ T4231] speedtch 5-1:0.0: speedtch_bind: data interface not found! [ 771.463060][ T4231] speedtch 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 771.593133][ T2488] loop0: detected capacity change from 0 to 64 [ 771.647987][ T6300] usb 5-1: USB disconnect, device number 108 [ 772.064640][ T2527] netlink: 'syz.0.14025': attribute type 3 has an invalid length. [ 772.083893][ T2527] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.14025'. [ 772.119252][ T7684] usb 2-1: USB disconnect, device number 125 [ 772.510690][ T2578] libceph: resolve 'c' (ret=-3): failed [ 772.701235][ T2601] netlink: 20 bytes leftover after parsing attributes in process `syz.2.14054'. [ 772.758221][ T2607] netlink: 'syz.5.14057': attribute type 12 has an invalid length. [ 772.788824][ T2607] netlink: 132 bytes leftover after parsing attributes in process `syz.5.14057'. [ 772.916013][ T2625] usb usb7: usbfs: process 2625 (syz.4.14065) did not claim interface 0 before use [ 772.921287][ T2627] netlink: 'syz.2.14064': attribute type 1 has an invalid length. [ 772.977788][ T2627] netlink: 'syz.2.14064': attribute type 1 has an invalid length. [ 773.029160][ T2636] loop5: detected capacity change from 0 to 64 [ 773.105346][ T2641] overlayfs: unrecognized mount option "\" or missing value [ 773.563678][ T2620] loop0: detected capacity change from 0 to 32768 [ 773.668288][ T21] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 773.692381][ T2620] JBD2: Ignoring recovery information on journal [ 773.889855][ T2620] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 774.078240][ T4186] ocfs2: Unmounting device (7,0) on (node local) [ 774.160756][ T2723] netlink: 'syz.0.14101': attribute type 7 has an invalid length. [ 774.198746][ T2723] netlink: 'syz.0.14101': attribute type 1 has an invalid length. [ 774.238827][ T2723] __nla_validate_parse: 1 callbacks suppressed [ 774.238843][ T2723] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.14101'. [ 774.335648][ T21] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 774.359488][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.394577][ T21] usb 2-1: Product: syz [ 774.398819][ T21] usb 2-1: Manufacturer: syz [ 774.414555][ T21] usb 2-1: SerialNumber: syz [ 774.494888][ T2745] loop5: detected capacity change from 0 to 16 [ 774.502523][ T21] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 774.595336][ T2745] erofs: (device loop5): mounted with root inode @ nid 36. [ 774.620041][ T2751] netlink: 32 bytes leftover after parsing attributes in process `syz.0.14113'. [ 774.666056][ T2751] batman_adv: Cannot find parent device [ 774.677501][ T4231] usb 5-1: new full-speed USB device number 109 using dummy_hcd [ 775.046682][ T2785] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14126'. [ 775.060295][ T2787] loop5: detected capacity change from 0 to 128 [ 775.067631][ T2785] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14126'. [ 775.105297][ T4231] usb 5-1: unable to get BOS descriptor or descriptor too short [ 775.159766][ T4231] usb 5-1: not running at top speed; connect to a high speed hub [ 775.181750][ T7684] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 775.254963][ T4231] usb 5-1: config 13 has an invalid interface number: 102 but max is 0 [ 775.272677][ T4231] usb 5-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 775.308935][ T4231] usb 5-1: config 13 has no interface number 0 [ 775.360948][ T2809] netlink: 'syz.0.14136': attribute type 28 has an invalid length. [ 775.485429][ T4231] usb 5-1: New USB device found, idVendor=0421, idProduct=df51, bcdDevice=d7.eb [ 775.499204][ T4231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 775.529809][ T4231] usb 5-1: Product: syz [ 775.539430][ T4231] usb 5-1: Manufacturer: syz [ 775.552726][ T4231] usb 5-1: SerialNumber: syz [ 775.621212][T23654] usb 2-1: USB disconnect, device number 126 [ 775.896775][ T4231] cdc_phonet 5-1:13.102: skipping garbage [ 775.910479][ T4231] cdc_phonet: probe of 5-1:13.102 failed with error -22 [ 775.941553][ T4231] usb 5-1: USB disconnect, device number 109 [ 775.963399][ T7695] usb 1-1: new high-speed USB device number 124 using dummy_hcd [ 776.017848][ T2858] xt_NFQUEUE: number of total queues is 0 [ 776.106874][ T2864] netlink: 16 bytes leftover after parsing attributes in process `syz.5.14162'. [ 776.131578][ T6299] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 776.317123][ T2878] netlink: 48 bytes leftover after parsing attributes in process `syz.5.14169'. [ 776.325733][ T2877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14168'. [ 776.338269][ T7684] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 776.345625][ T7684] ath9k_htc: Failed to initialize the device [ 776.352181][T23654] usb 2-1: ath9k_htc: USB layer deinitialized [ 776.398696][ T6299] usb 3-1: Using ep0 maxpacket: 8 [ 776.410329][ T7695] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 776.421786][ T2880] xt_cluster: node mask cannot exceed total number of nodes [ 776.452007][ T7695] usb 1-1: config 0 interface 0 has no altsetting 0 [ 776.528294][ T6299] usb 3-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 776.546301][ T2888] bond0: option ad_select: unable to set because the bond device is up [ 776.557672][ T6299] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 776.609788][ T6299] usb 3-1: config 0 descriptor?? [ 776.631114][ T2894] ieee802154 phy0 wpan0: encryption failed: -22 [ 776.677144][ T7695] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 776.695216][ T7695] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.740708][ T7695] usb 1-1: Product: syz [ 776.755854][ T7695] usb 1-1: Manufacturer: syz [ 776.760501][ T7695] usb 1-1: SerialNumber: syz [ 776.793448][ T7695] usb 1-1: config 0 descriptor?? [ 776.801167][ T2912] netlink: 'syz.1.14182': attribute type 3 has an invalid length. [ 776.835142][ T2912] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.14182'. [ 776.848477][ T2915] netlink: 88 bytes leftover after parsing attributes in process `syz.5.14184'. [ 776.892291][ T7695] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 776.914989][ T6299] usb 3-1: string descriptor 0 read error: -71 [ 776.933738][ T7695] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 776.936704][ T6299] uvcvideo 3-1:0.0: Found multiple Units with ID 1 [ 776.979528][ T7695] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 776.979754][ T6299] usb 3-1: Found UVC 0.00 device (2833:0201) [ 777.000211][ T7695] usb 1-1: media controller created [ 777.006243][ T6299] usb 3-1: No valid video chain found. [ 777.038703][ T6299] usb 3-1: USB disconnect, device number 110 [ 777.087710][ T7695] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 777.245899][ T7695] DVB: Unable to find symbol tda10046_attach() [ 777.260087][ T7695] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 777.294359][ T7695] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 777.315524][ T2946] loop5: detected capacity change from 0 to 4096 [ 777.365181][ T2946] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 777.404975][ T2946] NILFS (loop5): mounting unchecked fs [ 777.411587][ T2946] NILFS (loop5): recovery required for readonly filesystem [ 777.423872][ T2946] NILFS (loop5): write access will be enabled during recovery [ 777.453458][ T4177] udevd[4177]: incorrect nilfs2 checksum on /dev/loop5 [ 777.506993][ T2946] NILFS (loop5): norecovery option specified, skipping roll-forward recovery [ 777.523502][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 777.529847][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 777.574833][ T7695] dvb_usb_m920x: probe of 1-1:0.0 failed with error -71 [ 777.589052][ T2946] NILFS (loop5): couldn't remount because the filesystem is in an incomplete recovery state [ 777.604014][ T7695] usb 1-1: USB disconnect, device number 124 [ 777.611941][ T4177] udevd[4177]: incorrect nilfs2 checksum on /dev/loop5 [ 777.702650][ T2965] netlink: 64 bytes leftover after parsing attributes in process `syz.2.14201'. [ 777.932815][ T2948] loop4: detected capacity change from 0 to 32768 [ 777.981811][ T2948] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.14195 (2948) [ 778.022976][ T2982] netlink: 'syz.5.14208': attribute type 10 has an invalid length. [ 778.031922][ T2948] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 778.047643][ T2948] BTRFS info (device loop4): using free space tree [ 778.051922][ T2982] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 778.054373][ T2948] BTRFS info (device loop4): has skinny extents [ 778.132548][ T2984] device hsr_slave_0 left promiscuous mode [ 778.181549][ T2984] device hsr_slave_1 left promiscuous mode [ 778.374358][ T2948] BTRFS info (device loop4): enabling ssd optimizations [ 778.583613][ T4177] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by udevd (4177) [ 778.739989][ T7695] usb 1-1: new high-speed USB device number 125 using dummy_hcd [ 779.015536][ T3050] netlink: 'syz.4.14219': attribute type 1 has an invalid length. [ 779.154131][ T3058] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 779.344356][ T3071] overlayfs: missing 'lowerdir' [ 779.393709][ T7695] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 779.450663][ T7695] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.485086][ T7695] usb 1-1: Product: syz [ 779.502863][ T7695] usb 1-1: Manufacturer: syz [ 779.528945][ T7695] usb 1-1: SerialNumber: syz [ 779.548975][ T7695] usb 1-1: config 0 descriptor?? [ 779.598389][ T7695] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 779.716500][ T3096] Unsupported ieee802154 address type: 0 [ 779.973814][ T3114] __nla_validate_parse: 3 callbacks suppressed [ 779.973830][ T3114] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14263'. [ 780.055923][ T7684] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 780.065692][ T7695] gspca_sunplus: reg_w_riv err -71 [ 780.070990][ T7695] sunplus: probe of 1-1:0.0 failed with error -71 [ 780.104647][ T7695] usb 1-1: USB disconnect, device number 125 [ 780.305810][ T3136] netlink: 44 bytes leftover after parsing attributes in process `syz.1.14273'. [ 780.364902][ T7684] usb 6-1: Using ep0 maxpacket: 8 [ 780.401060][ T3142] dlm: no locking on control device [ 780.495482][ T3146] loop4: detected capacity change from 0 to 2048 [ 780.510049][ T7684] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 780.534613][ T3146] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 780.547060][ T7684] usb 6-1: config 179 has no interface number 0 [ 780.553363][ T7684] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 780.645661][ T7684] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 780.674174][ T7684] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 780.699211][ T7684] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 780.778818][ T7684] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 780.824818][ T7684] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.899725][ T3098] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 781.152027][ T3194] netlink: 'syz.1.14301': attribute type 3 has an invalid length. [ 781.167547][ T7695] usb 6-1: USB disconnect, device number 42 [ 781.172487][ T3194] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 781.209649][ T9026] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 781.444337][ T3215] usb usb8: usbfs: process 3215 (syz.0.14311) did not claim interface 0 before use [ 781.605174][ T9026] usb 3-1: config 227 has an invalid interface number: 20 but max is 0 [ 781.618484][ T9026] usb 3-1: config 227 has no interface number 0 [ 781.646477][ T9026] usb 3-1: config 227 interface 20 altsetting 5 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 781.658216][ T3227] netlink: 'syz.0.14318': attribute type 2 has an invalid length. [ 781.673103][ T9026] usb 3-1: config 227 interface 20 altsetting 5 endpoint 0x8F has invalid maxpacket 26274, setting to 1024 [ 781.685159][ T3227] netlink: 'syz.0.14318': attribute type 1 has an invalid length. [ 781.693347][ T9026] usb 3-1: config 227 interface 20 altsetting 5 bulk endpoint 0x8F has invalid maxpacket 1024 [ 781.718684][ T9026] usb 3-1: config 227 interface 20 altsetting 5 endpoint 0x7 has an invalid bInterval 128, changing to 11 [ 781.730852][ T9026] usb 3-1: config 227 interface 20 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 781.742986][ T9026] usb 3-1: config 227 interface 20 altsetting 5 bulk endpoint 0xA has invalid maxpacket 32 [ 781.753845][ T9026] usb 3-1: config 227 interface 20 altsetting 5 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 781.799710][ T9026] usb 3-1: config 227 interface 20 has no altsetting 0 [ 781.975329][ T9026] usb 3-1: New USB device found, idVendor=045e, idProduct=040a, bcdDevice=67.7b [ 781.975362][ T9026] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.975382][ T9026] usb 3-1: Product: syz [ 781.975398][ T9026] usb 3-1: Manufacturer: syz [ 781.975414][ T9026] usb 3-1: SerialNumber: syz [ 782.009741][ T3256] loop5: detected capacity change from 0 to 256 [ 782.010299][ T3179] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 782.010535][ T3179] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 782.015261][ T3254] befs: Unrecognized mount option "f2fs" or missing value [ 782.322149][ T9026] ipaq 3-1:227.20: PocketPC PDA converter detected [ 782.328851][ T9026] usb 3-1: active config #227 != 1 ?? [ 782.369430][ T9026] usb 3-1: USB disconnect, device number 111 [ 782.799195][ T3308] netlink: 16 bytes leftover after parsing attributes in process `syz.5.14356'. [ 782.969079][ T3316] loop4: detected capacity change from 0 to 16 [ 783.043846][ T3322] netlink: 'syz.1.14363': attribute type 21 has an invalid length. [ 783.073016][ T3326] loop2: detected capacity change from 0 to 128 [ 783.091030][ T3322] netlink: 120 bytes leftover after parsing attributes in process `syz.1.14363'. [ 783.112727][ T3316] erofs: (device loop4): mounted with root inode @ nid 36. [ 783.132035][ T3322] netlink: 'syz.1.14363': attribute type 1 has an invalid length. [ 783.161994][ T3322] netlink: 9 bytes leftover after parsing attributes in process `syz.1.14363'. [ 783.177514][ T3326] hpfs: hpfs_map_4sectors(): unaligned read [ 783.183460][ T3326] hpfs: filesystem error: can't load hotfix map; already mounted read-only [ 783.317452][ T3331] netlink: 'syz.4.14368': attribute type 4 has an invalid length. [ 783.325349][ T3331] netlink: 152 bytes leftover after parsing attributes in process `syz.4.14368'. [ 783.335460][ T3326] hpfs: hpfs_map_sector(): read error [ 783.418868][ T3331] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 783.450513][ T3290] loop0: detected capacity change from 0 to 32768 [ 783.626129][ T3346] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 783.736097][ T3290] XFS (loop0): Mounting V5 Filesystem [ 784.133171][ T3290] XFS (loop0): Starting recovery (logdev: internal) [ 784.213707][ T3290] XFS (loop0): Ending recovery (logdev: internal) [ 784.222182][ T3379] loop5: detected capacity change from 0 to 512 [ 784.333414][ T4186] XFS (loop0): Unmounting Filesystem [ 784.428809][ T3379] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 784.497621][ T3395] netlink: 108 bytes leftover after parsing attributes in process `syz.2.14395'. [ 784.617371][ T3399] netlink: 'syz.1.14398': attribute type 32 has an invalid length. [ 785.138446][ T3437] usb usb8: usbfs: process 3437 (syz.4.14415) did not claim interface 0 before use [ 785.357509][ T3455] netlink: 'syz.1.14425': attribute type 13 has an invalid length. [ 785.365459][ T3455] netlink: 144 bytes leftover after parsing attributes in process `syz.1.14425'. [ 785.443930][ T3455] syz_tun: refused to change device tx_queue_len [ 785.542297][ T3460] loop0: detected capacity change from 0 to 4096 [ 785.581425][ T3476] netlink: 4 bytes leftover after parsing attributes in process `syz.5.14433'. [ 785.642547][ T3460] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 785.762017][ T3460] ntfs3: loop0: failed to convert "c46c" to cp1255 [ 785.865176][ T3500] sp0: Synchronizing with TNC [ 785.970576][ T3511] netlink: 16 bytes leftover after parsing attributes in process `syz.1.14446'. [ 786.074067][ T6299] usb 5-1: new full-speed USB device number 110 using dummy_hcd [ 786.103320][ T3521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14451'. [ 786.114996][ T3521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14451'. [ 786.414618][ T3541] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14460'. [ 786.469752][ T6299] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 786.498789][ T6299] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 786.502525][ T3547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14462'. [ 786.608252][ T6299] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 786.617405][ T6299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 786.680866][ T6299] usb 5-1: SerialNumber: syz [ 786.737920][ T6299] usb 5-1: bad CDC descriptors [ 786.754066][ T6299] usb-storage 5-1:1.0: USB Mass Storage device detected [ 786.784772][ T6299] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 786.802969][ T6299] scsi host1: usb-storage 5-1:1.0 [ 787.069571][ T3598] (unnamed net_device) (uninitialized): up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms [ 787.127445][ T3598] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (100), value rounded to 0 ms [ 787.177228][ T3607] IPVS: length: 218 != 24 [ 787.494990][ T3617] netlink: 16 bytes leftover after parsing attributes in process `syz.0.14494'. [ 787.667296][ T3604] loop5: detected capacity change from 0 to 32768 [ 787.786235][ T3601] loop2: detected capacity change from 0 to 32768 [ 787.807463][ T26] audit: type=1800 audit(756.768:47): pid=3604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.14488" name="file1" dev="loop5" ino=7 res=0 errno=0 [ 787.928208][ T3631] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14502'. [ 787.964266][ T3631] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14502'. [ 788.213563][ T6296] usb 5-1: USB disconnect, device number 110 [ 788.860709][ T3677] netlink: 'syz.5.14524': attribute type 1 has an invalid length. [ 788.881764][ T3671] loop0: detected capacity change from 0 to 1024 [ 789.025217][ T3652] loop2: detected capacity change from 0 to 32768 [ 789.046669][ T3671] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,bsddf,quota,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,nodelalloc,noauto_da_alloc,stripe=0x0000000000000005,barrier,,errors=continue. Quota mode: writeback. [ 789.069920][ C0] vkms_vblank_simulate: vblank timer overrun [ 789.149355][ T3689] loop4: detected capacity change from 0 to 4096 [ 789.355177][ T3707] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 789.384018][ T3652] XFS (loop2): Mounting V5 Filesystem [ 789.460444][ T3713] loop5: detected capacity change from 0 to 512 [ 789.485619][ T3713] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 789.549021][ T3713] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8817e02c, mo2=0002] [ 789.622512][ T3652] XFS (loop2): Ending clean mount [ 789.627865][ T3721] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 789.635104][ T3713] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 33261: comm syz.5.14537: invalid block [ 789.757694][ T4185] XFS (loop2): Unmounting Filesystem [ 789.765321][ T3713] EXT4-fs (loop5): Remounting filesystem read-only [ 789.771914][ T3713] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.14537: invalid indirect mapped block 2683928664 (level 1) [ 789.803081][ T3735] xt_bpf: check failed: parse error [ 789.911045][ T3713] EXT4-fs (loop5): Remounting filesystem read-only [ 789.946938][ T3713] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.14537: bg 0: block 361: padding at end of block bitmap is not set [ 790.015334][ T3713] EXT4-fs (loop5): Remounting filesystem read-only [ 790.048039][ T3713] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 790.064053][ T3713] EXT4-fs (loop5): Remounting filesystem read-only [ 790.081362][ T3713] EXT4-fs (loop5): 1 truncate cleaned up [ 790.082370][ T3746] loop4: detected capacity change from 0 to 512 [ 790.088251][ T3713] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_dev=0x0000000000000008,grpquota,nomblk_io_submit,data_err=ignore,errors=remount-ro,noblock_validity,noauto_da_alloc,. Quota mode: writeback. [ 790.187717][ T3746] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 790.227342][ T3713] EXT4-fs error (device loop5): ext4_empty_dir:3145: inode #2: block 5: comm syz.5.14537: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 790.318246][ T3713] EXT4-fs (loop5): Remounting filesystem read-only [ 790.333537][ T3713] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #2: comm syz.5.14537: directory missing '.' [ 790.363103][ T3746] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,dioread_nolock,abort,grpjquota=,lazytime,auto_da_alloc,grpid,max_dir_size_kb=0x0000000000000100,min_batch_time=0x000000000000007a,auto_da_alloc=0x0000000000000800,,errors=continue. Quota mode: writeback. [ 790.555922][ T3762] netlink: 'syz.4.14559': attribute type 5 has an invalid length. [ 790.728455][ T3773] __nla_validate_parse: 7 callbacks suppressed [ 790.728471][ T3773] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.14564'. [ 790.783952][ T3778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14567'. [ 790.828031][ T3778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14567'. [ 790.836566][ T3785] device netdevsim0 entered promiscuous mode [ 790.869186][ T3785] netlink: 64 bytes leftover after parsing attributes in process `syz.0.14570'. [ 790.930649][ T3785] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 790.982843][ T3789] netlink: 16 bytes leftover after parsing attributes in process `syz.5.14572'. [ 791.130316][ T3803] netlink: 232 bytes leftover after parsing attributes in process `syz.0.14578'. [ 791.641672][ T3857] loop4: detected capacity change from 0 to 512 [ 791.700115][ T3865] netlink: 'syz.2.14607': attribute type 3 has an invalid length. [ 791.722045][ T3857] EXT4-fs (loop4): Test dummy encryption mode enabled [ 791.757383][ T3857] EXT4-fs error (device loop4): ext4_get_branch:178: inode #13: block 33619980: comm syz.4.14603: invalid block [ 791.771841][ T6296] usb 1-1: new full-speed USB device number 126 using dummy_hcd [ 791.794812][ T3857] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:476: comm syz.4.14603: Invalid block bitmap block 0 in block_group 0 [ 791.822647][ T3857] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 791.843259][ T3857] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.14603: attempt to clear invalid blocks 983261 len 1 [ 792.067110][ T3857] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.14603: invalid indirect mapped block 2683928664 (level 0) [ 792.123043][ T3857] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz.4.14603: Invalid inode table block 0 in block_group 0 [ 792.142148][ T3870] ODEBUG: Out of memory. ODEBUG disabled [ 792.164043][ T3857] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 792.178123][ T6296] usb 1-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x78, skipping [ 792.210879][ T3857] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 792.221650][ T6296] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 221, setting to 64 [ 792.252925][ T3857] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz.4.14603: Invalid inode table block 0 in block_group 0 [ 792.268291][ T6296] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 792.300553][ T6296] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.308998][ T3857] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 792.347485][ T3857] EXT4-fs error (device loop4): ext4_truncate:4286: inode #13: comm syz.4.14603: mark_inode_dirty error [ 792.359156][ T3836] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 792.392043][ T3836] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 792.402830][ T3857] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 792.416349][ T6296] usb 1-1: invalid MIDI in EP 0 [ 792.430998][ T3857] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz.4.14603: Invalid inode table block 0 in block_group 0 [ 792.468199][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 792.476295][ T3857] EXT4-fs (loop4): 1 truncate cleaned up [ 792.483240][ T3857] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,noblock_validity,data_err=ignore,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 792.518073][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 792.531634][ T6296] snd-usb-audio: probe of 1-1:27.0 failed with error -22 [ 792.547803][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 792.560684][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 792.598286][ T4385] udevd[4385]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 792.637990][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 792.641984][T23654] usb 1-1: USB disconnect, device number 126 [ 792.662359][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 792.686609][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 792.708902][ T3888] device team0 left promiscuous mode [ 792.735004][ T3888] device team_slave_0 left promiscuous mode [ 792.741232][ T3888] device team_slave_1 left promiscuous mode [ 792.775374][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 792.789155][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 792.797755][ T3888] device wg1 left promiscuous mode [ 792.810165][ T3888] device macsec0 left promiscuous mode [ 792.816343][ T3888] device geneve1 left promiscuous mode [ 792.822919][ T3888] device bridge2 left promiscuous mode [ 792.829072][ T3888] device gtp0 left promiscuous mode [ 792.837568][ T3888] device bridge3 left promiscuous mode [ 792.844627][ T3888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge4: link becomes ready [ 792.981082][ T3908] netlink: 'syz.2.14627': attribute type 2 has an invalid length. [ 792.989016][ T3908] netlink: 'syz.2.14627': attribute type 1 has an invalid length. [ 793.014282][ T3908] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14627'. [ 793.297414][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 793.333285][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 793.524110][ T3952] netlink: 'syz.5.14648': attribute type 13 has an invalid length. [ 793.610693][ T3957] [U] ^C [ 793.793004][ T3980] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14660'. [ 793.834229][ T3977] loop5: detected capacity change from 0 to 4096 [ 793.920331][ T3977] ntfs3: loop5: ino=3, Correct links count -> 2. [ 793.989365][ T3977] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 794.410755][ T4040] overlayfs: unrecognized mount option "\" or missing value [ 794.590209][ T4055] netlink: 36 bytes leftover after parsing attributes in process `syz.4.14696'. [ 794.732770][ T4056] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.14694'. [ 794.797241][T23654] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 795.006013][ T4066] netlink: 'syz.2.14700': attribute type 1 has an invalid length. [ 795.057911][ T4069] netlink: 'syz.0.14702': attribute type 5 has an invalid length. [ 795.079957][T23654] usb 2-1: Using ep0 maxpacket: 16 [ 795.224913][T23654] usb 2-1: config 0 has an invalid interface number: 246 but max is 0 [ 795.239574][T23654] usb 2-1: config 0 has no interface number 0 [ 795.260567][T23654] usb 2-1: config 0 interface 246 has no altsetting 0 [ 795.470821][T23654] usb 2-1: New USB device found, idVendor=0424, idProduct=cf30, bcdDevice=35.27 [ 795.490252][T23654] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.520283][T23654] usb 2-1: Product: syz [ 795.529593][T23654] usb 2-1: Manufacturer: syz [ 795.546013][T23654] usb 2-1: SerialNumber: syz [ 795.576797][T23654] usb 2-1: config 0 descriptor?? [ 795.669925][ T4117] loop2: detected capacity change from 0 to 8 [ 795.750769][ T26] audit: type=1800 audit(764.195:48): pid=4117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.14725" name="file0" dev="loop2" ino=1 res=0 errno=0 [ 795.951229][ T4131] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 796.000957][T23654] usb 2-1: USB disconnect, device number 127 [ 796.195924][ T4149] loop4: detected capacity change from 0 to 8 [ 796.301278][ T26] audit: type=1800 audit(764.709:49): pid=4149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.14739" name="file0" dev="loop4" ino=1 res=0 errno=0 [ 796.630431][ T4198] __nla_validate_parse: 1 callbacks suppressed [ 796.630447][ T4198] netlink: 68 bytes leftover after parsing attributes in process `syz.5.14751'. [ 796.646845][ T4198] netlink: 68 bytes leftover after parsing attributes in process `syz.5.14751'. [ 796.750273][ T4143] loop0: detected capacity change from 0 to 32768 [ 796.877428][ T4236] netlink: 600 bytes leftover after parsing attributes in process `syz.4.14761'. [ 797.024785][ T4236] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.050926][ T4143] ea_get: extended attribute size too large: 2617245744 > INT_MAX [ 797.064378][ T4236] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 797.274926][ T4243] loop5: detected capacity change from 0 to 8 [ 797.331506][ T26] audit: type=1800 audit(765.682:50): pid=4243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.14764" name="file0" dev="loop5" ino=1 res=0 errno=0 [ 797.448791][ T4252] loop2: detected capacity change from 0 to 512 [ 797.463819][ T4254] netlink: 68 bytes leftover after parsing attributes in process `syz.4.14769'. [ 797.498526][ T4254] netlink: 68 bytes leftover after parsing attributes in process `syz.4.14769'. [ 797.574314][ T4252] ================================================================== [ 797.583330][ T4252] BUG: KASAN: use-after-free in __ext4_iget+0x2bb/0x3e50 [ 797.590389][ T4252] Read of size 8 at addr ffff888074af1320 by task syz.2.14767/4252 [ 797.598298][ T4252] [ 797.600631][ T4252] CPU: 0 PID: 4252 Comm: syz.2.14767 Not tainted syzkaller #0 [ 797.608095][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 797.618161][ T4252] Call Trace: [ 797.621453][ T4252] [ 797.624392][ T4252] dump_stack_lvl+0x188/0x250 [ 797.629086][ T4252] ? show_regs_print_info+0x20/0x20 [ 797.634303][ T4252] ? load_image+0x400/0x400 [ 797.638822][ T4252] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 797.644309][ T4252] ? __rwlock_init+0x140/0x140 [ 797.649199][ T4252] print_address_description+0x60/0x2d0 [ 797.654759][ T4252] ? __ext4_iget+0x2bb/0x3e50 [ 797.659443][ T4252] kasan_report+0xdf/0x130 [ 797.663853][ T4252] ? __ext4_iget+0x2bb/0x3e50 [ 797.668557][ T4252] __ext4_iget+0x2bb/0x3e50 [ 797.673086][ T4252] ? __free_pages+0x95/0x1a0 [ 797.677697][ T4252] ? apply_workqueue_attrs+0x170/0x170 [ 797.683176][ T4252] ? ext4_get_projid+0x140/0x140 [ 797.688127][ T4252] ? mb_cache_create+0x428/0x530 [ 797.693093][ T4252] ext4_fill_super+0x73f9/0x94f0 [ 797.698047][ T4252] ? format_decode+0x898/0x1300 [ 797.702949][ T4252] ? ext4_mount+0x40/0x40 [ 797.707305][ T4252] ? set_blocksize+0x1f3/0x370 [ 797.712088][ T4252] ? sb_set_blocksize+0xa5/0xe0 [ 797.716957][ T4252] mount_bdev+0x287/0x3c0 [ 797.721303][ T4252] ? ext4_mount+0x40/0x40 [ 797.725653][ T4252] legacy_get_tree+0xe6/0x180 [ 797.730348][ T4252] ? ext4_errno_to_code+0x160/0x160 [ 797.735572][ T4252] vfs_get_tree+0x88/0x270 [ 797.740008][ T4252] do_new_mount+0x24a/0xa40 [ 797.744530][ T4252] __se_sys_mount+0x2e3/0x3d0 [ 797.749223][ T4252] ? __x64_sys_mount+0xc0/0xc0 [ 797.754018][ T4252] ? lockdep_hardirqs_on+0x94/0x140 [ 797.759326][ T4252] ? __x64_sys_mount+0x1c/0xc0 [ 797.764109][ T4252] do_syscall_64+0x4c/0xa0 [ 797.768567][ T4252] ? clear_bhb_loop+0x30/0x80 [ 797.773255][ T4252] ? clear_bhb_loop+0x30/0x80 [ 797.777920][ T4252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 797.783800][ T4252] RIP: 0033:0x7f8e05b9e04a [ 797.788205][ T4252] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 797.807799][ T4252] RSP: 002b:00007f8e03df5e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 797.816204][ T4252] RAX: ffffffffffffffda RBX: 00007f8e03df5ee0 RCX: 00007f8e05b9e04a [ 797.824173][ T4252] RDX: 0000200000000340 RSI: 0000200000000980 RDI: 00007f8e03df5ea0 [ 797.832131][ T4252] RBP: 0000200000000340 R08: 00007f8e03df5ee0 R09: 0000000000008000 [ 797.840113][ T4252] R10: 0000000000008000 R11: 0000000000000246 R12: 0000200000000980 [ 797.848085][ T4252] R13: 00007f8e03df5ea0 R14: 0000000000000519 R15: 0000200000000180 [ 797.856065][ T4252] [ 797.859067][ T4252] [ 797.861370][ T4252] Allocated by task 12218: [ 797.865763][ T4252] __kasan_slab_alloc+0x9c/0xd0 [ 797.870597][ T4252] slab_post_alloc_hook+0x4c/0x380 [ 797.875690][ T4252] kmem_cache_alloc+0x100/0x290 [ 797.880520][ T4252] reiserfs_alloc_inode+0x19/0xb0 [ 797.885715][ T4252] new_inode_pseudo+0x5f/0x210 [ 797.890495][ T4252] new_inode+0x25/0x1c0 [ 797.894642][ T4252] reiserfs_mkdir+0x1d2/0x920 [ 797.899305][ T4252] reiserfs_xattr_init+0x331/0x720 [ 797.904405][ T4252] reiserfs_fill_super+0x1fe6/0x2440 [ 797.909674][ T4252] mount_bdev+0x287/0x3c0 [ 797.913991][ T4252] legacy_get_tree+0xe6/0x180 [ 797.918652][ T4252] vfs_get_tree+0x88/0x270 [ 797.923067][ T4252] do_new_mount+0x24a/0xa40 [ 797.927552][ T4252] __se_sys_mount+0x2e3/0x3d0 [ 797.932210][ T4252] do_syscall_64+0x4c/0xa0 [ 797.936608][ T4252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 797.942497][ T4252] [ 797.944807][ T4252] Last potentially related work creation: [ 797.950508][ T4252] kasan_save_stack+0x35/0x60 [ 797.955167][ T4252] kasan_record_aux_stack+0xb8/0x100 [ 797.960437][ T4252] call_rcu+0x189/0x950 [ 797.964577][ T4252] evict+0x834/0x8d0 [ 797.968474][ T4252] evict_inodes+0x60c/0x6a0 [ 797.972971][ T4252] generic_shutdown_super+0x93/0x300 [ 797.978240][ T4252] kill_block_super+0x7c/0xe0 [ 797.982916][ T4252] deactivate_locked_super+0x93/0xf0 [ 797.988205][ T4252] cleanup_mnt+0x42d/0x4e0 [ 797.992624][ T4252] task_work_run+0x125/0x1a0 [ 797.997206][ T4252] exit_to_user_mode_loop+0x10f/0x130 [ 798.002582][ T4252] exit_to_user_mode_prepare+0xee/0x180 [ 798.008170][ T4252] syscall_exit_to_user_mode+0x16/0x40 [ 798.013621][ T4252] do_syscall_64+0x58/0xa0 [ 798.018035][ T4252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 798.023913][ T4252] [ 798.026221][ T4252] Second to last potentially related work creation: [ 798.032786][ T4252] kasan_save_stack+0x35/0x60 [ 798.037453][ T4252] kasan_record_aux_stack+0xb8/0x100 [ 798.042750][ T4252] call_rcu+0x189/0x950 [ 798.046886][ T4252] evict+0x834/0x8d0 [ 798.050774][ T4252] evict_inodes+0x60c/0x6a0 [ 798.055384][ T4252] generic_shutdown_super+0x93/0x300 [ 798.060667][ T4252] kill_block_super+0x7c/0xe0 [ 798.065336][ T4252] deactivate_locked_super+0x93/0xf0 [ 798.070708][ T4252] cleanup_mnt+0x42d/0x4e0 [ 798.075131][ T4252] task_work_run+0x125/0x1a0 [ 798.079723][ T4252] exit_to_user_mode_loop+0x10f/0x130 [ 798.085100][ T4252] exit_to_user_mode_prepare+0xee/0x180 [ 798.090643][ T4252] syscall_exit_to_user_mode+0x16/0x40 [ 798.096088][ T4252] do_syscall_64+0x58/0xa0 [ 798.100492][ T4252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 798.106369][ T4252] [ 798.108673][ T4252] The buggy address belongs to the object at ffff888074af0d40 [ 798.108673][ T4252] which belongs to the cache reiser_inode_cache of size 1568 [ 798.123424][ T4252] The buggy address is located 1504 bytes inside of [ 798.123424][ T4252] 1568-byte region [ffff888074af0d40, ffff888074af1360) [ 798.136871][ T4252] The buggy address belongs to the page: [ 798.142526][ T4252] page:ffffea0001d2bc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888074af6360 pfn:0x74af0 [ 798.153964][ T4252] head:ffffea0001d2bc00 order:3 compound_mapcount:0 compound_pincount:0 [ 798.162276][ T4252] memcg:ffff88802a27f801 [ 798.166499][ T4252] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 798.174507][ T4252] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8881462f4780 [ 798.183077][ T4252] raw: ffff888074af6360 0000000080130005 00000001ffffffff ffff88802a27f801 [ 798.191669][ T4252] page dumped because: kasan: bad access detected [ 798.198066][ T4252] page_owner tracks the page as allocated [ 798.203760][ T4252] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4841, ts 78558836234, free_ts 78137249330 [ 798.225967][ T4252] get_page_from_freelist+0x1bbd/0x1ca0 [ 798.231514][ T4252] __alloc_pages+0x1ee/0x480 [ 798.236091][ T4252] new_slab+0xc0/0x4b0 [ 798.240148][ T4252] ___slab_alloc+0x80a/0xdd0 [ 798.244729][ T4252] kmem_cache_alloc+0x195/0x290 [ 798.249563][ T4252] reiserfs_alloc_inode+0x19/0xb0 [ 798.254575][ T4252] iget5_locked+0x9e/0x250 [ 798.258985][ T4252] reiserfs_fill_super+0x122d/0x2440 [ 798.264255][ T4252] mount_bdev+0x287/0x3c0 [ 798.268592][ T4252] legacy_get_tree+0xe6/0x180 [ 798.273279][ T4252] vfs_get_tree+0x88/0x270 [ 798.277692][ T4252] do_new_mount+0x24a/0xa40 [ 798.282187][ T4252] __se_sys_mount+0x2e3/0x3d0 [ 798.286860][ T4252] do_syscall_64+0x4c/0xa0 [ 798.291278][ T4252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 798.297158][ T4252] page last free stack trace: [ 798.301809][ T4252] free_unref_page_prepare+0x637/0x6c0 [ 798.307251][ T4252] free_unref_page+0x8f/0x2a0 [ 798.311929][ T4252] __unfreeze_partials+0x1a5/0x200 [ 798.317026][ T4252] put_cpu_partial+0x12d/0x190 [ 798.321770][ T4252] qlist_free_all+0x35/0x90 [ 798.326259][ T4252] kasan_quarantine_reduce+0x150/0x160 [ 798.331718][ T4252] __kasan_slab_alloc+0x2f/0xd0 [ 798.336556][ T4252] slab_post_alloc_hook+0x4c/0x380 [ 798.341653][ T4252] kmem_cache_alloc+0x100/0x290 [ 798.346484][ T4252] getname_flags+0xb5/0x500 [ 798.350972][ T4252] user_path_at_empty+0x2a/0x190 [ 798.355891][ T4252] do_readlinkat+0xd9/0x490 [ 798.360397][ T4252] __x64_sys_readlink+0x7b/0x90 [ 798.365230][ T4252] do_syscall_64+0x4c/0xa0 [ 798.369630][ T4252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 798.375506][ T4252] [ 798.377811][ T4252] Memory state around the buggy address: [ 798.383428][ T4252] ffff888074af1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 798.391492][ T4252] ffff888074af1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 798.399550][ T4252] >ffff888074af1300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 798.407595][ T4252] ^ [ 798.412716][ T4252] ffff888074af1380: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 [ 798.420758][ T4252] ffff888074af1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 798.428796][ T4252] ================================================================== [ 798.436846][ T4252] Disabling lock debugging due to kernel taint [ 798.449044][ T4252] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 798.456266][ T4252] CPU: 0 PID: 4252 Comm: syz.2.14767 Tainted: G B syzkaller #0 [ 798.465118][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 798.475178][ T4252] Call Trace: [ 798.478445][ T4252] [ 798.481359][ T4252] dump_stack_lvl+0x188/0x250 [ 798.486020][ T4252] ? show_regs_print_info+0x20/0x20 [ 798.491221][ T4252] ? load_image+0x400/0x400 [ 798.495708][ T4252] panic+0x2e5/0x810 [ 798.499589][ T4252] ? bpf_jit_dump+0xd0/0xd0 [ 798.504072][ T4252] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 798.510073][ T4252] ? _raw_spin_unlock+0x40/0x40 [ 798.514927][ T4252] ? __ext4_iget+0x2bb/0x3e50 [ 798.519587][ T4252] check_panic_on_warn+0x80/0xa0 [ 798.524526][ T4252] ? __ext4_iget+0x2bb/0x3e50 [ 798.529188][ T4252] end_report+0x6d/0xf0 [ 798.533332][ T4252] kasan_report+0x102/0x130 [ 798.537816][ T4252] ? __ext4_iget+0x2bb/0x3e50 [ 798.542470][ T4252] __ext4_iget+0x2bb/0x3e50 [ 798.546954][ T4252] ? __free_pages+0x95/0x1a0 [ 798.551535][ T4252] ? apply_workqueue_attrs+0x170/0x170 [ 798.556979][ T4252] ? ext4_get_projid+0x140/0x140 [ 798.561904][ T4252] ? mb_cache_create+0x428/0x530 [ 798.566865][ T4252] ext4_fill_super+0x73f9/0x94f0 [ 798.571790][ T4252] ? format_decode+0x898/0x1300 [ 798.576632][ T4252] ? ext4_mount+0x40/0x40 [ 798.580942][ T4252] ? set_blocksize+0x1f3/0x370 [ 798.585687][ T4252] ? sb_set_blocksize+0xa5/0xe0 [ 798.590553][ T4252] mount_bdev+0x287/0x3c0 [ 798.594868][ T4252] ? ext4_mount+0x40/0x40 [ 798.599181][ T4252] legacy_get_tree+0xe6/0x180 [ 798.603835][ T4252] ? ext4_errno_to_code+0x160/0x160 [ 798.609014][ T4252] vfs_get_tree+0x88/0x270 [ 798.613413][ T4252] do_new_mount+0x24a/0xa40 [ 798.617898][ T4252] __se_sys_mount+0x2e3/0x3d0 [ 798.622583][ T4252] ? __x64_sys_mount+0xc0/0xc0 [ 798.627340][ T4252] ? lockdep_hardirqs_on+0x94/0x140 [ 798.632526][ T4252] ? __x64_sys_mount+0x1c/0xc0 [ 798.637283][ T4252] do_syscall_64+0x4c/0xa0 [ 798.641703][ T4252] ? clear_bhb_loop+0x30/0x80 [ 798.646364][ T4252] ? clear_bhb_loop+0x30/0x80 [ 798.651022][ T4252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 798.656899][ T4252] RIP: 0033:0x7f8e05b9e04a [ 798.661295][ T4252] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 798.680885][ T4252] RSP: 002b:00007f8e03df5e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 798.689306][ T4252] RAX: ffffffffffffffda RBX: 00007f8e03df5ee0 RCX: 00007f8e05b9e04a [ 798.697284][ T4252] RDX: 0000200000000340 RSI: 0000200000000980 RDI: 00007f8e03df5ea0 [ 798.705244][ T4252] RBP: 0000200000000340 R08: 00007f8e03df5ee0 R09: 0000000000008000 [ 798.713219][ T4252] R10: 0000000000008000 R11: 0000000000000246 R12: 0000200000000980 [ 798.721191][ T4252] R13: 00007f8e03df5ea0 R14: 0000000000000519 R15: 0000200000000180 [ 798.729172][ T4252] [ 798.732491][ T4252] Kernel Offset: disabled [ 798.737129][ T4252] Rebooting in 86400 seconds..