last executing test programs: 1m42.797678896s ago: executing program 2 (id=1525): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000004c0)="e0d6bb4ee2dbd89da573425576ea", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1m42.498531051s ago: executing program 2 (id=1527): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNGETVNETLE(r0, 0x800454dd, &(0x7f0000000300)) 1m41.844576367s ago: executing program 2 (id=1529): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_TYPE={0x5, 0x2, 0x83}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 1m41.334974803s ago: executing program 2 (id=1532): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x1) 1m40.908462506s ago: executing program 2 (id=1534): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000000)=0x1) read(r0, 0x0, 0xa00) 1m39.783943085s ago: executing program 2 (id=1539): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000180)=[{0x40, 0x0, 0x0, 0x3}, {0x30, 0x1, 0x0, 0xfffff024}, {0x6, 0x2, 0x0, 0x5}]}, 0x10) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000500)="c2c2ced1806347", 0x7}], 0x1) 1m39.103311991s ago: executing program 32 (id=1539): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000180)=[{0x40, 0x0, 0x0, 0x3}, {0x30, 0x1, 0x0, 0xfffff024}, {0x6, 0x2, 0x0, 0x5}]}, 0x10) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000500)="c2c2ced1806347", 0x7}], 0x1) 5.396741885s ago: executing program 3 (id=2263): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)=ANY=[@ANYBLOB="120100003a982a08cd0ca310a223010203010902120001000000000904"], 0x0) syz_usb_control_io$uac2(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="400a0600000082ff9c5578cc40d856"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 3.546199173s ago: executing program 3 (id=2274): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000080)={[{@acl}, {@nodatacow}, {@flushoncommit}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@nodatasum}, {@compress_algo={'compress', 0x3d, 'no'}}, {@rescue={'rescue', 0x3d, 'usebackuproot'}}, {@max_inline={'max_inline', 0x3d, [0x45, 0x38, 0x67, 0x74, 0x65, 0x65]}}]}, 0x3, 0x512d, &(0x7f000000f380)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h795j5Lrqw4Gf2dd4H97dBH4i5IdggTrGBa/XdniopWKdpioKpaxLSlQhio29Dos32NhOwRFQxwalKIKmJRL8URRHCNX8kdQiQUADihsJo6h5oFSNSKJEpHWCiELTAAqFSLiavffM3jl352F71/G6n4/knTPzPc87D8+59865AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf8Oxz378b1rF7/3t5Y8+cdXkRw5uuurZT11+4YMhTM09XsnClYEbvjL589suu/3gXRtuufPEFW/sy8vl8TBY+9OV3/lMrPXEyhC+VQmhJw2sHcoCvfn9oVjfq4ZCuCDMB+olpgeyEmnD4fv9IRwO84F6Vd/pD2GoELjyoXvu/nwtcXN/CKtCCNW0jcerWRv9aeCSviwwkAZ29WSBX53M1APf7soCcMbim6H+oj861ZhhdOFyTV5/vYvWsZdWOrzumBhtnu9nm5a4UwV96QNTZ/S0lapjSZTeHse825bBu620nW/ytBW/SOXfUE7Oh6qha/v0jq3Xzu6Lj3SF8fHuZjUt0fP8yPOf3HYq6WXzOowdGF2U1+EXHlh1W/ead99/59pVTx9506FnzrSbPyps0mJ6qVVD/ppbNs9jNOnzZBm8/UrfksZ86Qoh7Pjw77ynVbw0/x9tPf+PL+d429WQO9b64nA2N4+PDMXEc8PZ3BwAAACWjeWw13TX+PfeVig+Uk3qK83/xzo7/h8P+eeT+Wy0x0KYnEscGgnhornHs8DXY3MfGgnhtXOpqcbApiRwLIRXziXW1KtKSqyIJcaSwE+G88BkEjgeA1NJ4GsxcFMS+EwMHE0C22LgWBK4LAbCTOM4fnc4H0fHgf4Y2JJtxKPxLIRfDMfWkm31WL0qAACARZLPDnsb7xbOdTjTDHF6ebS/XYZ4BnbTDNWkhnQGW59WNa2hp10NXe1qqI/7QOvhl2qutKu5dBpGpTHDV375V+8NLZTm/xOt5//VBTpSKR3/D2Hz3N+YuyuPzNbjW6YaMgAAAABnYPB/nvxqq3hp/j/Z2fn/cZ9IdyFzuC/uhtg5EsJEYyCr9vfLgeyo92AeAAAAgOWgfjy+fix8Jr/NTtFO59Pl/FOnmD8e+J9cMH/fse9uadXf0vx/qrPz/wcab7NOHI+9+OJICCsKgR/EXtYCc8Zi4MfvaAzk4z8eN8CNsar8xIR6VTfGEltiYCIJHG5W4of1Ehc1BvInq974ofo4ZvIShQAAAACcdXF3QDwuH8//f91vNny8VbnS/H/LqZ3/PzcPLp3ePzsYwrqeELrTHwbcN5AtDBgDQ5U88b2BrK7upKq/jiV70qqezNf/70nXGHyoP6sqBi563ZHnL6klvtofwrpi4OH33/rmWmJfEqiP48/7Q3hNbbRp499ckTXemzb+pRUhvLoQqFf1oRUh1BrrS6u6p5pfxyCt6p+qIbysEKhX9ZZqCPsDAMtU/K90e/HBvfuv27l1dnZ6zxIm4j78/rBjZnZ6fNuu2e3VJn3anvS5YRmj68tj6vTKN4/lSxS9747NQ+V0b+nx+u8EJ4pt5fvxSycO5vfjd6HeuXFu6G24uzEd8hteX24iFL5JNRty16IMuZyO/RooVjL/JJbqj/n7wmBYce3e6T3jn9i6b9+e9dnfTrNvyP7Gw0zZtlqfbquBhfrWwcuj6WpZidPdVquLlazbd83udXv3X7d25pqtV09fPf3R9W/ZMHHpxMaJt166rjaqiexvm6GuXqjqZKgnb+1wXIs41It7CpWcjU8NCQmJ5ZbYNbi65f/Jpfn/7tbz//ipEz/58/UZmh3/H42H+bPH5w/zb4mBw50e/x9tdjS/fmLAWBI4EAMHHOYHAADg/BAn+XFvZtwr/dM133y6VbnS/P9AZ7//X6T1/+tL11/RbJn/NbHERLP1/9Nl/uvr/x9otv5/usx/ff3/wy/B+v/X1gPJJvmF9f8BAIDzwdlb/7/t8v7pBQJKGdou759eIKCUoe0y/p1eIOCU1/9//D/+4r9CC6X5/02dzf8t3A8AAADnjk//ycf/X6t4af5/uLP5/9lf/y80O/9/rFlgqtnCgNb/AwAAYJlqtv7f6A0DH2xVrjT/P9rZ/D+edtHVkDvW+uJwtqZdSNe0e264/pMBAAAAWB66wvh4b4d5G1ZG3XT6bT6SLwXaKl305B+dOLXz/491Nv9v+F3GFx5YdVv3mnff/+Kda1c9feRNh56ZP/4PAAAALJ1O90sAAAAAAAAAAAAAAAAvvSf//eDGVvHS7//D5rnHm/3+P173L/6+4OUNuWOt7df/y+9f+a7b988tWXjfcAivLwZ2Htx5Qcivzb+6GLj7A2teUUscTEt894nLnqolPpgG3rn2whdqibcngS1xkcRXpoF4VcUXViaBuLziv6WBuD2OpoG+PPC5ldk4Kum2+ulQtq0q6bZ6dCiEkUKgvq2+NZS1UUkHeHMSqA/wY2kgDvBP80BX2qvbB7NexcBQLHrLYNYrAADOWfFbYG/YMTM7PRG/wsfbi3sab6OGJcuuL1db6bD5x/Klyd53x+ahTtLd6XfR+WuN94ZqbQjrS19Xi1kqc6NcnFrabLqXNxlyu9XeupqUS53qputrPqL+bETj23bNbu9tO/CN7bNs6GmbZX1pslPM0jW3SdvVUthULfrSwYg63DYddDne7wrj491Jrt+LwdHQoN0rotPf6xfX+Wv2Kijm+eiJQ79qVV9p/j/a2fy/WhzXC/nFAA7EK+v97Yhl/gEAAGBpfW7Tr78c/733hnsfbpW3NP8f62z+H3fL5IeCs70dx+L1/w+NhDB3af3RLPD12NyHRkJ47VxqKpbILqh/RSwxkQW+HneYrIkltkw1VrUiBo4mgZ8M54FjSeB4DOR7KY6EfFfO3w2H8Oa51ObGErtjidEk8J4YGEsC4zEwkQRWxsBkEnh2ZR6YSgL/GgNhpnFb3bEy31YAAACnIp9n9TbeDek872hPuwyVdhkG2mXoapeh2jJDbzjabBTx/jdiht5KeSvEh3rTZvuTWkoZ4sXwm3a87datH/7/YWPOtGCp6Xj+Qf18g0pjhrve1lMNLZTm/xOdzf8HGm+z1o/H+f/89f+ywA9i974YTx0fi4Efv6MxkO8YOB4nuzfWq5rKS+ST9htjickYGEsCu2NgMgls2ZwHDr+iMZDPtOuNH6o3PpOXKAQAAADgrIs7COJumjj/v2XvZwdblSvN/yc7m//H9gaLjX0m1npiZQjfqsz3ph5YO5QF4n6Mofjz+FcNhXBBYQdHvcT0QFaiL2k4fL8/+4V6X1rVd/qzHx/E+1c+dM/dn68lbu4PYVVh70u9jcerWRv9aeCSviwwkAZ29WSBuOenHvh2VxaAM1bfKxhfUPmpLnWjC5dr8vo7X64Jmg6vtA90gXwL/eZqqZR2uOb7VOtO7Wlruf+WRVN6exzzbluO77ZR77biF6n8G8rJ+VA1dG2f3rH12tl98ZHiL1lLluh5Lv5KtZP0IrwOD5x+b9urv3DW5bcTycfHxMLlFn4dVmJ1X3hg1W3da959/51rVz195E2Hnum4G03EHwrf86l/GfpRYfMutWrIX3PL7vNkyufJsvhvIHl3j3naQgibn/3Sja3ipfn/VGfz/57kds6v48bcOxLCGwob9764+f9wJPscLASyT8mXlQPZIff/HG76yQkAAACLrb67o76/YCa/zU4IT+fJ5fxTIZwcOYX8cX/F5IL5O+33wF9+YFWreGn+v6X1/H9F0k3H/x3/Z4k4/r+gOLzu5PZc2RW9In3gwBntii5Vx5Jw/H9B5/6Bn4Tj/8Hx/wX7d3aO/8cOOP5fdB4f/+85peqWqXP9aSt9S9rtS1cI4ek/+N6jreKl+f/uzub/1v9beNG++vp/W5qt/7e72fp/B6z/BwAALKkmC82l87zS6n2lDOnqfaUMbRcIbLvEYOv1/1qss3ferP9X2qjt1v976uLHfxNaKM3/D3Q2/48vh8Fi68tl/b+xzU2quikGdlsYEAAAgHNRs30TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvLTu+vv/3t4qfu9vL3/0iasmP3Jw01XPfuryCx8MYWbu8UoWrgzc8JXJn9922e0H79pwy50nrnhjNS/Xm9/+/4bcsdYXh0M4XHhkKCaeG67dmQ9c+a7b9/fUEvcNh/D6YmDnwZ0X1BJfGw5hdTFw9wfWvKKWOJiW+O4Tlz1VS3wwDbxz7YUv1BJvzwOVtLv/sDLrbiXt7udXhjBSCNS7+5GVjVXV2/jjPNCVtvGPQ1kbMTAUi355KGsjBmZjiZkVIazrCaE7rerealZVd1rVP1ezqrrTqj5dDeHtIYSetKon+rKqetKRP9iXVRUDF73uyPOX1BKH+0JYVww8/P5b31xLfCwJ1Bv/s74QXlN7yaSNf6M3a7w3bfzm3hBeHULoS0v8sicr0ZeWeLInhJcVAvXGP9wTwv7AeSF++DR8ou3df93OrbOz03uWMNGXt9UfdszMTo9v2zW7vZr0qZlKIX3y+tMf+2PPf3Jb7fZ9d2we6iTdk5frnevyht6GuxvP9d7Hfg0UK5l/Pkr1x/x9YTCsuHbv9J7xT2zdt2/P+uxvp9k3ZH+782i2rdYvl221uljJun3X7F63d/91a2eu2Xr19NXTH13/lg0Tl05snHjrpetqo5rI/i7GUG89+0O9uKdQydn4AJCQkFhuia6GT7eJc/2DvPRFf76jvaE69wFdmlYUs1TmRrkYg950miM+ne8pbUe0vjRxKGXZsECW6xuzbCxNJuZr6c+yzH2vK00Oi411zW3SeL8rjI93N9sOo413i5v3Z2eweR/JN13LdCWEA6ffBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP+yAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswLEAAAAAgDB/6yQ6NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBFAQAA//8SOCLS") mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a62438, &(0x7f0000000f80)=ANY=[@ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRES8, @ANYRESOCT, @ANYRES16, @ANYBLOB="0d9435a8af712ba22db08aad61bf52901d77aded910bc7949acdf1a626f568d38938f8ec34f72c1e0b3e6540dc1e44beac32958b12631708d0a5635580b2f9fef13a977211e5d519ab9531321cfb53a9b413ea91f290924482d4007a70a19759dd63f9fc81f2c63fe27bce5e7dddf01fa5c3f09ef226ee04045b0cf0661e3d5a67446c4d93db12c2ac7a15f0265fd7eade1a72cbd696413a03174375c955f8c82a9774c2c8ac5046d59c86dbd5165e6e447586", @ANYRESDEC, @ANYBLOB="37b57cfa7d0121345c29b6064f49a0f95b88671b8e9149556e5ff3c7012f7856b6557bae1d1d61efea623114a0b4b52f68387d2040dd08c5aa753b596ede3f3d637f96752310a389efcd8cf335ca9dbbbc10bda7a16342968c9ab4fd1ac65da604cd9b42d6d0dc0e895e0b2f42822d1b342f88a8d607008d20b22b776a70a07a2c53fc32be094c857279c58542b176bfbcc6c7e9808da687b44a8b21d23cc2f80050f8fd457f5a5595226d2008bcded226ab2e75d00ab5592daa23e809e04c2b370af460ae93b7efc32bf174830779058ad75290b9abb59be5f8859001e651c1d404a5f28eaf3781f2288249ae7b385a9c40929cae3fa5a6f142cd057ebdbc000000e34db2d14a6458499de0819d89f570a72fee0dd8cf744e0daf8f31b1d8edda87296ca7632e1e6e23", @ANYBLOB="48c9428afe91e0967e32398240fa5dee66bfe55cd9927ca554375cfebb0f3df02627b5d3adac5d8d30cc2c9b366e42a6a34983b683ce2a2fbcafdc214f5dff0bb1004de7cb3fc8b2586f875fba1b7bb2d9a9062adbc5dd3ae2fff0a9f50c3eb1eab1687885d87300db28cabc879a95bc025c2b8db8a3687e46589a15edbf0c", @ANYRESHEX, @ANYBLOB="ac2d5b5b8945d57e7869648ebe10b8d2719763b4bf3f6667bf8f722606d2b3593f26218e9a5fba2e7d4166787da71737b380045fb0a682e2915271f214c0112961b73c4638e7ba68deb34826d7682ace7549c83bf52bd9142b6c5adebf82155270d33204c09c07ed4ca2fc932af48646c9624e3e3544d68f61a2b073fb85332599b299a4f441a8e2f74c57aa38b5b596238280c1693bba97ff258679ab84485970b60f81093dda6501baba18a7790ca3e6fcfa12898b9fff3faf613d71f9d64dbd5c2edad8e774fb0da39e532d92164e2d34aff7cae32f3cd7aa9aace000f136323e4808d0c66c0828942def38deb2e1d847555fe0d5ba8084babb3169f9f06246ecd5327758448c9c7e4591da12ff1b084e757d05af4f0f0444ecfcc0c4d2067a98d49fe52412218380bb75e21cd23724e0390b116b9a1c1e3350b3e6f17c5bd1f1adb4ce1d03d5b30eb0690340708f06dfca5c9d74a7c140cabddd0f37d8bcf15e578dde85d7c28ccb1c9633ceeb54bb278d55097220ca53a2ea4781aca2b70189199938afba9a700a610225311fe8316794ca0ae139a50dbd34d572d6165eaaa94844620045e615d51f5e19c29aadad3539490961135851f15bbfd0604f3926877583d85c45a04c6f155ad6e1966d2004ab6ab51f9beb82dbcdcaaab886564cbf81b581da397eba4fc8fe430ef93ed613cd588e399669b9f4b63481163e6c2b74112538192be9551ca400bc2b947a535fccbc567a68a3ab94554385bb1f2a0e2146310113102a9ffbcbbf44d30e076d363d6201faecf8bbbbc9d7fcd38195860bbc85ee3f5f9b2c990164abc3a7674ab2a631147d708585f52694a46b681cbc623b53a272f21f2aa5597beec8094954541316cc45ec9751fef12369e7272b7bdcb527bac4a19e0bba1b68ef98e3563705e9ca40bb914cece2fd75c2375b81a06dadcdb1c54a175855e30c3d9ca58ca873e43d703b1471526fb3dfe12e140b81df3afae6104e5ffa4e8585b456a7199c75c5abc7afeca743fce310df09062f20b9a99fac5d019338d98606805f4faad9cc81ebf03b7239a340c973828b676af4e594d796689f9823730c5ead8dba256925869ab0d7196a99b75a15f9927852d7813aa5a4cb76764749e882d59c094c5ebd1911153150e8d53aa8abbf360a4045b63e0e296d03158de8aa02b5aeb459dcdc6b9d5aa8c0e455e7cb6a5d9b26ee5420e41d89590a0c04ca8701a6a386716a32e04102f281f66317a21940c0cf83e128f4f83bdf6770170d74d43f3b1f4c0bb5e8c69254e0bfd15c6d02596bf3b547e5b9b8e84390455a9c4b00b633c661616aca4a4158868be21633f343155996eaff00c2c347fea03c6f06e7adcd83cf320e3a446d07dba202e5960632560da8a3b60efe5a814a5cb2a4ff0842fff23897b583b381e5030e506caef8dc97bef9532111e3eb3621870ec39fe2351d3814a02d2f9e38aac1f0897f32ddbffdc6e0acdea95ff7f67865daae1130f68f00985682ecefc43fb6f8521514923b5cf3560be0739aeb4eb00b389d39ebb9b974e054120fcd48c0d6bc09441c2c19f41bdfceed01a3b686921500fae88795f216794d21dd3a98f2fdb5a1590e0cbdc5cd9593b164e255131c21f22ed7e7ed4ec83db91f8bf5f327d7222be1e470a7c0d0a657c73ad606f2ef0c59d3c118c601d23d67ee16ce3658c9153b8131f06c1e4f83c49dbe6dbc3478b1313b9221bc4c5eadebfd16cd07afde509f2e926fcfd5f8feabe836f4080ea5e65c1e4d859f16ac45ad8c804eb9ecce363faf19c1409d8192a644823578ccfd5b643478eb948223676d375f811fffa874f7c2a281104a28baf4da2716ae870abb3e0f05e63466176356728a700fe39ebb62bdbff139fdbf21520022984dc6d3eed1d81b94f28a07cc238ccb64d65e87534c0111bb76212368c6e8e9a536e758fa2f16a2cab9d31984055488b27bcff12bcc5a0fe21a0e44edfb87c681060e6944ff89dce4a9c7122c53acc27913a5fbf15c9ada971df88f0df3f82eb563f63c640ad6e39a1f5c1aad83c364957ec6d645f4243d1fb4ecef275d4c0ca0284064cde0c282d793f290bab5a4dec15f3e2adcc9d455d2e28bd040d6e0f651ac6f20f55d1303d2aaef2104b393afc849e9cd7743ca20a6f092cbf42a67446892493128d38bb0d0f507ffe3fd718ec48eff58df729728bc01ee180d676dfa22c81da0e4e3fda94f4f94195bc82e1f941d8a290ca0d416373d420eba196470e4f25940506061c601f12b3656d6d6b3a47e50d5235b7fd0f82bb0835aee3470b69bf7e59616ece447d9af36c396f687214ff7d7e27961f461c780b4c563aeb47fa9f335cbdade8a06711ba79b6fe8778ac1bc06bb59131c17409c1d1d0cc746aec8c3b1348f9585945192d8e32002c676753ab246a92702fc8e3a3ce89b84661b1b10dcd73fddacd311ca663d483b87a59225f60627eecf409d6188236b198633d47c5f1c0ba0bb4321aac88a6061d5e97883914cd74284ab937b9579ccee6ab5bb39f6274a04e3e7a8c3d033e340357bc15c5f6daa047b1cee448ac380bbde4bf806b0891a04b9e408609b040b7d3a02d2a76d4013756d79244792c543fe2327a3c371852bed5ab54de987bc4699b32ad1c08f7fff7a23069e72bddc9a590b2c707bac3957d46b657a4e17f1914db58fb6436bdd58b86df491016a2b9ebe0c35a859b216f17f4828c8dee30a38ed1fc36347af978999d0c404313cf99c9281c45194abd79475a80ea1486840aad72b1c0c4f17fe35a150fcb574fa9fcc09a7fc5dcd34e15d4bf1bccfa8bf423d2437e2eb0d3ca9324fbfc7e256b862c50ebc8db3fb69f69003d37807af8ddccf2d929ad9d06ebbb7e538d93bb0b7bc828e1639e0b5e89c22badca307ad28183c3083e87c917feb4c882397d397ea2e7ff0e05ebb252940302cdc0f0f7efe40685f7c3e8923e3795d70d69c70d9a071e401cee771f29dcb5316471768464c4659f2c76d11713ab44f4c944a4819deb1248b02457403e9630aaf4a180e9e55bb4d291e9a2bc85a1ed17f906d54935c7e5e8b707ead56284fda0208bd88ab5c3259bd5329c0d26653eb07b6856ad799fd6fa8d2111da3970ff8509bc2ef3a8813d04f36001526b70757646ed4bf25a256751b8ec714f2e62dea19e82aacec389195532bf7f335afae4351adb93c846e22f1f2a3e0d620d81688bd5530e389f2284b3c997d4abab7c30aac1b141425cd9aa315dc5a5e8b04fd503d79896b1494d8be48048c7392fc92c325b76bde4496c49da34c9ff95969bec8f95c356239d5336907957383b12c512fff6d797097a26a5aee9251bae940ef1a19b3f746396300d3baeb476b023f740ed7c1da92fdbf1834c3a882a6079885b933333d0e194cc1f25a06c3a2d370936886cb385d9861d6762c7416a1db5275228b6499cdef9767fb998d43251b963bc4477b2c051b70a0317de5f6ec3158914145bd036ff194df9722d2a3d2ac2397891b573a34ad16236cdc7ca77bc15f0fdbc3cae923d61633a42bab450a80cf3ee6580e792b1617d74fa189d450a64ca12d8c797698208ea61010b6072885b762af598159621f838ebacc00ea11f5924b39b2bbbc5c7d667871ce32e9aa75893a9fa13a2ffe66b360e266446259a8745addb4e186139d86d4e8d48537ac35029b0d87c03e8c1a9b9a422594496feda8bc5502777428fe737198ed896c2128a4f7d552f2eea8fef6e68feaf3cbfd549e622eea7bc988bb16fc49b7ab241426f2e40edcca07d4f947ccb1d3b8c2e9cb14a0c04495dbb75bd9c935f36bfe398455b0e5f927d5726e617c69ca81fe36c3e6ea510c5fe4735161c992f9ebf66727e5a7ded590061d4da3b86b996846a6bb102e47d33465d88a68644c8a76a770d5e0318e6c301e7c7f5575bf15a9589b32cfaa41ee15972488497195a2cb49a6b6f937a8e311e34d311dfd4fe222d3abc095b0b24a1b7193eb3353def0cc1511c8fce9b0a7867ae2fed4db93009646dc91a3745387cbe61b37f749b40d5d38970856b7ab8b6e1e0b81c078c68cb55c57854b8b5863b7a4c87f42e6d6dca2de0326b1b26970168c99f59816877448e7f72626f5354fdb5e033cd6b42e9476665efae66287e656590d1f80b3a09557a57d7de4bade6a122d40a92db1d347463b74151d44a02dbe067259c633b8c84425e77a736fca99f06d0fd66e35365511ec017537f4c212e7f2e23369958c3a7b92feffad9edb12139f1f690f9512725c0a1a164e78b4130c91fd3961df91c1a11783c24b03bcf305fd0e14e6510f4d58cf73326e94f2bc1b1ab295297bee7a98b77afe483a7d66e780d5e111b4202285f580ce571ecc0985501faa0e9f2f5b9848d770d8d8ad7b90a951f83279073e45a0c7abcf89cd6200f7fc320e46ea3de2addee3a984432501063f9928d0897d93dde20fe8fbe4dabc1ac34b0efdb3d7c7b4d49571ea64252d7209ff6d0ae5b95ef35d8160c5976f7ed9c4b69db81a73f6d00fd254c417696d6af694f3688826cc04db8019f2419fa99e47dc436fd76890b5291cd2724717a1e604e6cb5e214235664e8c7148c2bd87996c05bcfe1f29200f40a0d766df3ddc6faef82fb34d385f90b8f0e4bb7ba519e7986735c169cb3546d62fb70fbd49eec4edd70397d2fcbfdb9cd87331fce3c9786b7090501b904c8f925a1dbfa151a18e6c145ebb74da7100de60a627100d6c04ce789a7d4e88692cb090fd9ff2006e5ddb870f5b2aa502081eb7a26744de9a0d29a66ef18eb097e1d396561078e3f9258046a3a3e9b5878964d71b526755084f385d9777b2ab503f9d77c09a46004b5005f69eedee80edd87dd17f2292eba00f71dedb010b7b003a8400f6b44d63559a10bc0052c678ac8ed9658aff4f858778ebb60cbaf53d82248a260c7255f943711e8ac31a4b7a4694dcdace3be25ea43bdc9dfd52d369292d8d7581a6979d1b8ad543baeb9296907e0926025f4c3597e98e2eacd048a5dedd0e9dabc3268ed35a91c6180908af07a95bf374573c7b4f611eb30bbb5f1721a6550f483dcaed51d84fdaa5c6a52d7c4d04ca4edfd288d5aaebf6f06c6fff8bff813923ac8c6edd0eadefab938442ff09b1b3ff926c963d67a01cccbd86cb69bb5e5a4adca82110f87d3ee7800b14412b48cd94feacbaa9c1921e816d0287ad1198b94fd6de314912b79938a0d00ef5968ca4cb506afa1496ce4886c8c44955a92c9d2395f108a357e240511cc7e6548ac4174e5b52cc1f03ea8fa8268a7283e9cd25518cc71114869537891b64337222f04c111407bc2c8777f1132e1b294ec533610fd1ae3b4aa7e20c315d87aeed3a19151677e04173fbd55e88669f515dea19c8b99f8d7e829734f615a9b95e278fec62cf2d1a37d535ef71996530c62e65bb6fde625447e9122cfd947d7032c7580bfa5286bdde0bd9c4f0c63cbceddc302e1daef7f27bf289f72456802560e4477b27520b45f3a39e787824f169b3fa0ec7fba1c37f4499d43a9cdca7595f3e9ab74223c34819b260130d8a7613653101cc9a6e236ac01965356c90814c632ed421a62654a457ccc66040026451610b94898d13292cf2096fc1744b8fe67cebbcee0a3830be987694e593d732f05e3c6503a71173dc9870c3eca017318b628dd651232ea1c424a98b394188c8b8dbf30d69f1976219fd5b1975f8deebabeca970581f011f428c164bb35e0d6be187a5a2887d6bb0889c41c5c24d0b173f05db5d3a9e50318b448b3c8c000000", @ANYRESDEC, @ANYBLOB="88d2558618f7c490fc796749fc7ad4d0e58a1456eed8a4ece86afc5ea4c6fafb51156d1a84e65c2115c6890b817c3c84054fcb6e09c697f5fe747a744b0983d57aed44c796d041e32f9d122351ae59b4143d516e078d3e88f94735a93412c604b42d89dc3a0c0a8d30d011f4a4908aca5c2b040e20f825", @ANYRES16], 0xb, 0x0, &(0x7f0000000100)) 3.544674143s ago: executing program 4 (id=2277): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff004) 3.395562881s ago: executing program 4 (id=2280): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "eb"}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 3.239545979s ago: executing program 4 (id=2281): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000a00)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x100, 0x62) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x40086610, &(0x7f00000004c0)={@id={0x2, 0x2000000, @b}}) 3.237917609s ago: executing program 1 (id=2282): io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x25, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x100000001, 0x407}, 0x1}, 0x1) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6c800, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000032e, 0x0, 0x40, 0x1) 3.065329478s ago: executing program 1 (id=2283): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x14, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_lsm={0x1d, 0x5, &(0x7f00000000c0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f00000000c0), 0x0}, 0x20) 2.805290242s ago: executing program 1 (id=2286): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)=ANY=[@ANYBLOB="120100003a982a08cd0ca310a223010203010902120001000000000904"], 0x0) syz_usb_control_io$uac2(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="400a0600000082ff9c5578cc40d856"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 1.043479945s ago: executing program 1 (id=2287): syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="040f0400010d20"], 0x7) getpid() sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 1.043349855s ago: executing program 3 (id=2288): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e1f, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) sendmmsg$sock(r0, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@txtime={{0x18, 0x1, 0x3d, 0x10001}}], 0x18}}], 0x2, 0x4c8d0) 1.037843055s ago: executing program 0 (id=2297): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f000001fe40), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x6, @empty, 0x88d}}}, 0x30) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 1.037184975s ago: executing program 4 (id=2289): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000340), r0) sendmsg$NFC_CMD_START_POLL(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090129bd7000ffdbdf250600000008000100", @ANYRES32=0x0, @ANYBLOB="080003"], 0x24}, 0x1, 0x0, 0x0, 0x44880}, 0x800) 951.00217ms ago: executing program 4 (id=2291): r0 = syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x120c083, &(0x7f0000000480), 0xfd, 0x111d, &(0x7f0000000640)="$eJzs2bFqFFEUBuD/7qwm3cjYD4IWFhIS1gcwhcK2ttqIBARTZUFQfA3fwLfwFTSVtSG9FgFLYWScHRMloCGbQOD7YPeeOTNnzr3lvRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoTZOvJbk5SZoxN0lSkrbdnx8macf8jY/VJCWPd+aLh3uzR4sk1a/Hy5Ok9FV9WZqt2+vNrJk1W839B9t3Pi1ev3n5bHd3Z2/5mpI2B0crXUUZ/6qTubLSHgAAAHBldedW592r/+l0/cvF9AcAAAD+ZeUHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABn1NXHcTMGkyQladv9+WGS9pS6a5c0PwAAAOD8SiZ5Wp+WH44Bjt3L57r8zvfj99LHm3lfp0wvb8oAAABw5bz48Mdlt7YMTn5f/9EN+n333UyHffn6cO9WptnYGOLlkG/bSZVk869eB0dvn4+/0lXJ2sWsCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJ/swAEJAAAAgKD/r9sRKAAAAAAAAAAAAAAAAAAAAAAAAAAAFwUAAP//cLriEQ==") syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000100)='.\x00', 0x1a484bc, &(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYBLOB="eea73c3ca047349ab66dff07b1e2bdc61875c6ccebea30ba1b8977c632dd4bd75d3cfd10cce0c88ccff0ff447cd9caded4abf65767e9dbbd7b5841a8ce3eae5cb5abfd7d4fb44c7151dec2b7b8f9cf870af04f1cc951b195c7fd36ffdbd0622cdc14395f095fb0d31f384214d59a0105d577557215473973f3b70178f49f07562f4d21cad59fafb7fbaf76061c56fdd2093329e2ece7cf96435bca11a90ba7f31e69c4b73ba3d172906ffc90f5de134a696a731d20a9cf70009a31f83d4b774b0d99de69f14de9e655b84b646166d979b9cdbde38324510998bba500000000007cf791c3e2fc9c72f920a64e0000000000000000000000b5ff5bb6b1fa869800651587af", @ANYRES8, @ANYRESDEC=r0, @ANYRESOCT, @ANYRES16, @ANYRESHEX=r0, @ANYRESHEX, @ANYRESDEC], 0x1, 0x0, &(0x7f0000000480)) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) 900.950492ms ago: executing program 0 (id=2292): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff004) 882.066204ms ago: executing program 1 (id=2293): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e1d, 0x5, @remote, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000400)="80006466d3805699", 0x8, 0x20050008, &(0x7f0000000000)={0xa, 0x6e26, 0x805, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x43}, 0x1c) 857.310385ms ago: executing program 3 (id=2294): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa120000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) 723.512602ms ago: executing program 0 (id=2296): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 595.612219ms ago: executing program 0 (id=2298): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78) ioctl$SNDCTL_SEQ_SYNC(r0, 0x5101) 595.461328ms ago: executing program 1 (id=2299): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f000000c000/0x4000)=nil, 0x4000, 0xa, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000000000)=0xfffffffc, 0x0) 595.366388ms ago: executing program 3 (id=2300): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000040)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) 455.804636ms ago: executing program 0 (id=2301): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "eb"}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.43765ms ago: executing program 4 (id=2302): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f000001fe40), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x6, @empty, 0x88d}}}, 0x30) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 1.25943ms ago: executing program 3 (id=2303): r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r0, 0x29, 0x32, &(0x7f0000000040)="c4eb447efeccea5eea49c086ff02040000773c15", 0x14) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x6a27f823, @empty, 0xae42}, 0x1c) 0s ago: executing program 0 (id=2310): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x14, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_lsm={0x1d, 0x5, &(0x7f00000000c0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f00000000c0), 0x0}, 0x20) kernel console output (not intermixed with test programs): re error event [ 366.687156][ T5776] Bluetooth: hci1: hardware error 0x00 [ 366.722098][ T5818] dvb-usb: bulk message failed: -22 (2/0) [ 366.795866][ T5818] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 366.861744][ T5818] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 366.918384][ T9578] cxusb: i2c wr: len=80 is too big! [ 366.918384][ T9578] [ 366.932368][ T5818] usb 2-1: media controller created [ 367.061217][ T5818] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 367.159801][ T5818] usb 2-1: selecting invalid altsetting 7 [ 367.191309][ T5818] cxusb: set interface failed [ 367.217072][ T5818] dvb-usb: bulk message failed: -22 (1/0) [ 367.453469][ T5818] DVB: Unable to find symbol lgdt330x_attach() [ 367.476500][ T5818] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 367.837801][ T5818] rc_core: IR keymap rc-dvico-portable not found [ 367.850427][ T5818] Registered IR keymap rc-empty [ 367.889048][ T9597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1431'. [ 367.908290][ T5818] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 367.942375][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1431'. [ 367.957936][ T5818] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input14 [ 367.990256][ T9597] netlink: 'syz.2.1431': attribute type 13 has an invalid length. [ 368.023599][ T9597] netlink: 'syz.2.1431': attribute type 12 has an invalid length. [ 368.033904][ T5818] dvb-usb: schedule remote query interval to 100 msecs. [ 368.074250][ T5818] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 368.148686][ T5818] usb 2-1: USB disconnect, device number 11 [ 368.437083][ T5818] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 368.817753][ T5776] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 369.592316][ T9620] vlan2: entered allmulticast mode [ 369.601662][ T9620] bond0: entered allmulticast mode [ 369.611413][ T9620] bond_slave_0: entered allmulticast mode [ 369.624537][ T9620] bond_slave_1: entered allmulticast mode [ 369.845580][ T9622] loop2: detected capacity change from 0 to 1024 [ 369.865209][ T9622] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 369.892390][ T9622] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 369.923222][ T9622] EXT4-fs error (device loop2): ext4_get_journal_inode:5820: inode #32: comm syz.2.1443: iget: special inode unallocated [ 369.959440][ T9622] EXT4-fs (loop2): no journal found [ 369.977741][ T9622] EXT4-fs (loop2): can't get journal size [ 369.985246][ T9622] EXT4-fs (loop2): filesystem is read-only [ 370.001411][ T9622] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 370.269273][ T5774] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.298578][ T5783] Bluetooth: hci3: command 0x0406 tx timeout [ 372.207560][ T27] audit: type=1326 audit(1777305316.265:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f450b99cdd9 code=0x7ffc0000 [ 372.303146][ T9647] loop2: detected capacity change from 0 to 1024 [ 372.377731][ T27] audit: type=1326 audit(1777305316.265:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f450b99cdd9 code=0x7ffc0000 [ 372.562681][ T27] audit: type=1326 audit(1777305316.265:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f450b99cdd9 code=0x7ffc0000 [ 372.755557][ T27] audit: type=1326 audit(1777305316.325:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f450b99cdd9 code=0x7ffc0000 [ 372.941969][ T1074] hfsplus: b-tree write err: -5, ino 25 [ 372.952573][ T27] audit: type=1326 audit(1777305316.325:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f450b99cb42 code=0x7ffc0000 [ 373.007805][ T1074] hfsplus: b-tree write err: -5, ino 4 [ 373.042725][ T1074] hfsplus: b-tree write err: -5, ino 2 [ 373.131089][ T27] audit: type=1326 audit(1777305316.345:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f450b99cdd9 code=0x7ffc0000 [ 373.356919][ T27] audit: type=1326 audit(1777305316.355:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f450b95d60e code=0x7ffc0000 [ 373.521040][ T27] audit: type=1326 audit(1777305316.375:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f450b99cc07 code=0x7ffc0000 [ 373.694825][ T27] audit: type=1326 audit(1777305316.375:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f450b95d60e code=0x7ffc0000 [ 373.757618][ T35] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 373.821248][ T27] audit: type=1326 audit(1777305316.375:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f450b99ca6b code=0x7ffc0000 [ 373.931240][ T9664] loop3: detected capacity change from 0 to 4096 [ 373.962745][ T9664] ntfs3: Bad value for 'gid' [ 373.986544][ T35] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 374.011989][ T35] usb 3-1: config 0 has no interface number 0 [ 374.054405][ T35] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 374.124854][ T35] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 374.154934][ T35] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 374.182636][ T35] usb 3-1: Manufacturer: syz [ 374.217510][ T6038] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 374.252264][ T35] usb 3-1: SerialNumber: syz [ 374.278249][ T35] usb 3-1: config 0 descriptor?? [ 375.026724][ T35] usbtouchscreen: probe of 3-1:0.214 failed with error -71 [ 375.101155][ T35] usb 3-1: USB disconnect, device number 12 [ 375.298112][ T23] kernel write not supported for file /input/event2 (pid: 23 comm: kworker/1:0) [ 375.977480][ T35] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 375.979429][ T9692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1472'. [ 376.048444][ T9692] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1472'. [ 376.180127][ T35] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.247453][ T35] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.287599][ T35] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 376.311150][ T35] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.336202][ T35] usb 2-1: config 0 descriptor?? [ 376.619606][ T35] usbhid 2-1:0.0: can't add hid device: -71 [ 376.625884][ T35] usbhid: probe of 2-1:0.0 failed with error -71 [ 376.739826][ T35] usb 2-1: USB disconnect, device number 12 [ 377.319992][ T35] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 377.527723][ T35] usb 2-1: Using ep0 maxpacket: 16 [ 377.572048][ T35] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.604001][ T35] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.622708][ T35] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40 [ 377.633784][ T35] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.662085][ T35] usb 2-1: config 0 descriptor?? [ 377.730856][ T35] pegasus_notetaker 2-1:0.0: packet size is too small (0) [ 377.766496][ T35] pegasus_notetaker: probe of 2-1:0.0 failed with error -22 [ 377.959825][ T35] usbhid 2-1:0.0: can't add hid device: -71 [ 377.996050][ T35] usbhid: probe of 2-1:0.0 failed with error -71 [ 378.051198][ T35] usb 2-1: USB disconnect, device number 13 [ 378.988144][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.994808][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.297915][ T35] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 379.489967][ T35] usb 1-1: Using ep0 maxpacket: 8 [ 379.521465][ T35] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 379.540659][ T35] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.568874][ T35] usb 1-1: Product: syz [ 379.578845][ T35] usb 1-1: Manufacturer: syz [ 379.583693][ T35] usb 1-1: SerialNumber: syz [ 379.593750][ T9715] loop3: detected capacity change from 0 to 32768 [ 379.612423][ T35] usb 1-1: config 0 descriptor?? [ 379.810825][ T9715] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 379.874116][ T35] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 380.028536][ T9715] XFS (loop3): Ending clean mount [ 380.281850][ T35] usb write operation failed. (-71) [ 380.336466][ T35] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 380.388363][ T35] dvbdev: DVB: registering new adapter (Terratec H7) [ 380.407699][ T35] usb 1-1: media controller created [ 380.438207][ T35] usb read operation failed. (-71) [ 380.456527][ T35] usb write operation failed. (-71) [ 380.471908][ T35] dvb_usb_az6007: probe of 1-1:0.0 failed with error -5 [ 380.498140][ T35] usb 1-1: USB disconnect, device number 12 [ 380.692084][ T5775] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 380.842189][ T9727] loop2: detected capacity change from 0 to 32768 [ 380.873168][ T9727] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 381.272100][ T6038] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 381.929243][ T9745] ptrace attach of "./syz-executor exec"[5769] was attempted by ""[9745] [ 382.438860][ T9752] loop0: detected capacity change from 0 to 512 [ 382.863791][ T9752] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 382.929504][ T9752] ext4 filesystem being mounted at /371/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 383.116754][ T9752] EXT4-fs warning (device loop0): ext4_resize_fs:2025: can't read last block, resize aborted [ 383.404512][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.823111][ T9790] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 386.577815][ T5791] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 386.818686][ T5791] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 386.867044][ T5791] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 386.909172][ T5791] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.959119][ T5791] usb 2-1: Product: syz [ 386.963459][ T5791] usb 2-1: Manufacturer: syz [ 387.004855][ T5791] usb 2-1: SerialNumber: syz [ 387.057162][ T5791] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 387.742678][ T5791] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 387.854166][ T5791] usb 2-1: USB disconnect, device number 14 [ 388.293114][ T9813] loop0: detected capacity change from 0 to 32768 [ 388.419658][ T9813] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 388.496357][ T9813] JBD2: Ignoring recovery information on journal [ 388.836409][ T9813] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 389.247587][ T23] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 389.507673][ T23] usb 4-1: config 0 has an invalid interface number: 36 but max is 0 [ 389.516017][ T23] usb 4-1: config 0 has no interface number 0 [ 389.564878][ T23] usb 4-1: config 0 interface 36 altsetting 215 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.612145][ T23] usb 4-1: config 0 interface 36 altsetting 215 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.657540][ T23] usb 4-1: config 0 interface 36 has no altsetting 0 [ 389.698010][ T23] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 389.748944][ T5769] ocfs2: Unmounting device (7,0) on (node local) [ 389.757505][ T23] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 389.789196][ T23] usb 4-1: Manufacturer: syz [ 389.825046][ T23] usb 4-1: config 0 descriptor?? [ 389.964592][ T1095] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.231866][ T1095] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.285362][ T23] uclogic 0003:256C:006D.000F: interface is invalid, ignoring [ 390.291566][ T5783] Bluetooth: hci0: Malformed LE Event: 0x0d [ 390.559256][ T1095] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.607878][ T35] usb 4-1: USB disconnect, device number 14 [ 390.779255][ T1095] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.271634][ T5776] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 391.295687][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 391.307157][ T5776] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 391.358634][ T5776] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 391.377510][ T5776] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 391.396655][ T5776] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 391.798515][ T9880] program syz.0.1553 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 392.891909][ T9862] chnl_net:caif_netlink_parms(): no params data found [ 392.982686][ T9915] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1565'. [ 393.474617][ T5783] Bluetooth: hci3: command tx timeout [ 393.714135][ T23] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 393.723018][ T9946] netlink: 'syz.3.1573': attribute type 3 has an invalid length. [ 393.752869][ T9946] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1573'. [ 393.838588][ T9862] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.845913][ T9862] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.887778][ T9862] bridge_slave_0: entered allmulticast mode [ 393.895338][ T9862] bridge_slave_0: entered promiscuous mode [ 393.911687][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 393.934155][ T23] usb 2-1: unable to get BOS descriptor or descriptor too short [ 393.960533][ T23] usb 2-1: config 4 interface 0 has no altsetting 0 [ 393.981351][ T23] usb 2-1: string descriptor 0 read error: -22 [ 393.988601][ T23] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 394.009255][ T1095] hsr_slave_0: left promiscuous mode [ 394.019733][ T23] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 394.039784][ T1095] hsr_slave_1: left promiscuous mode [ 394.068295][ T23] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 394.089792][ T23] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 394.107833][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 394.134962][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 394.143222][ T23] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 394.157067][ T23] usb 2-1: media controller created [ 394.184826][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 394.221543][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 394.249058][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 394.258822][ T1095] bridge_slave_1: left allmulticast mode [ 394.269143][ T9959] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1577'. [ 394.277986][ T1095] bridge_slave_1: left promiscuous mode [ 394.307961][ T1095] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.321556][ T9932] usb 2-1: dvb_usb_au6610: wlen=0, aborting [ 394.348341][ T9932] usb 2-1: dvb_usb_au6610: wlen=83, aborting [ 394.366490][ T23] zl10353_read_register: readreg error (reg=127, ret==0) [ 394.418522][ T1095] bridge_slave_0: left allmulticast mode [ 394.458329][ T1095] bridge_slave_0: left promiscuous mode [ 394.475275][ T1095] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.508006][ T23] usb 2-1: USB disconnect, device number 15 [ 394.721988][ T1095] veth1_macvtap: left promiscuous mode [ 394.748978][ T1095] veth0_macvtap: left promiscuous mode [ 394.755126][ T1095] veth1_vlan: left promiscuous mode [ 394.788036][ T1095] veth0_vlan: left promiscuous mode [ 394.910254][ T9975] loop0: detected capacity change from 0 to 512 [ 394.934589][ T9975] EXT4-fs: Ignoring removed nobh option [ 394.957747][ T9975] EXT4-fs: Invalid uid value -1 [ 395.537487][ T5783] Bluetooth: hci3: command tx timeout [ 396.054705][ T9987] loop3: detected capacity change from 0 to 32768 [ 396.068448][ T9987] XFS: noikeep mount option is deprecated. [ 396.074352][ T9987] XFS: attr2 mount option is deprecated. [ 396.199664][ T9987] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 396.391796][T10007] netlink: 209588 bytes leftover after parsing attributes in process `syz.0.1594'. [ 396.428975][ T9987] XFS (loop3): Ending clean mount [ 396.481255][ T9987] XFS (loop3): Quotacheck needed: Please wait. [ 396.624063][ T9987] XFS (loop3): Quotacheck: Done. [ 396.967599][ T5775] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 397.478126][T10022] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1602'. [ 397.623960][ T5783] Bluetooth: hci3: command tx timeout [ 397.626549][T10025] loop0: detected capacity change from 0 to 256 [ 397.755894][T10025] FAT-fs (loop0): Directory bread(block 64) failed [ 397.786216][T10025] FAT-fs (loop0): Directory bread(block 65) failed [ 397.815588][T10025] FAT-fs (loop0): Directory bread(block 66) failed [ 397.840764][T10025] FAT-fs (loop0): Directory bread(block 67) failed [ 397.848184][T10025] FAT-fs (loop0): Directory bread(block 68) failed [ 397.869064][T10025] FAT-fs (loop0): Directory bread(block 69) failed [ 397.876358][T10025] FAT-fs (loop0): Directory bread(block 70) failed [ 397.903409][T10025] FAT-fs (loop0): Directory bread(block 71) failed [ 397.911528][T10025] FAT-fs (loop0): Directory bread(block 72) failed [ 397.933002][T10025] FAT-fs (loop0): Directory bread(block 73) failed [ 398.181141][ T1095] team0 (unregistering): Port device team_slave_1 removed [ 398.386555][ T1095] team0 (unregistering): Port device team_slave_0 removed [ 398.514116][ T1095] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 398.533784][ T1095] bond_slave_1 (unregistering): left allmulticast mode [ 398.672346][ T1095] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 398.710565][ T1095] bond_slave_0 (unregistering): left allmulticast mode [ 399.376374][ T1095] bond0 (unregistering): Released all slaves [ 399.492600][ T9862] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.500065][ T9862] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.509374][ T9862] bridge_slave_1: entered allmulticast mode [ 399.516435][ T9862] bridge_slave_1: entered promiscuous mode [ 399.572527][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1592'. [ 399.582205][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1592'. [ 399.595092][T10044] netem: change failed [ 399.680356][ T9862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 399.697458][ T5783] Bluetooth: hci3: command tx timeout [ 399.720214][ T9862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 399.802330][T10059] loop3: detected capacity change from 0 to 1024 [ 399.911378][T10059] hfsplus: bad catalog entry type [ 399.911890][ T9862] team0: Port device team_slave_0 added [ 399.970858][ T9862] team0: Port device team_slave_1 added [ 400.008909][ T49] hfsplus: b-tree write err: -5, ino 25 [ 400.019518][ T49] hfsplus: b-tree write err: -5, ino 4 [ 400.025165][ T49] hfsplus: b-tree write err: -5, ino 2 [ 400.113570][ T9862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 400.135513][ T9862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.178286][ T9862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 400.273183][ T9862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 400.285777][ T9862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.334324][ T9862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.353118][ T5783] Bluetooth: hci2: unexpected event for opcode 0x0c1a [ 400.443094][ T9862] hsr_slave_0: entered promiscuous mode [ 400.455307][ T9862] hsr_slave_1: entered promiscuous mode [ 400.489725][ T9862] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 400.497914][ T9862] Cannot create hsr debugfs directory [ 400.836866][ T1095] IPVS: stop unused estimator thread 0... [ 401.057829][T10068] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 401.127716][ T9862] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 401.163407][ T9862] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 401.211574][ T9862] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 401.273173][T10090] loop0: detected capacity change from 0 to 4096 [ 401.285042][T10094] loop3: detected capacity change from 0 to 256 [ 401.291637][ T9862] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 401.321430][T10094] exfat: Deprecated parameter 'utf8' [ 401.326830][T10094] exfat: Deprecated parameter 'utf8' [ 401.392478][T10094] exfat: Deprecated parameter 'utf8' [ 401.422078][T10097] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 401.512346][T10094] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 401.681469][ T9862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.796764][ T9862] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.859174][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.866580][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.909170][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.916437][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 402.404146][T10112] loop3: detected capacity change from 0 to 1024 [ 402.452351][T10112] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 402.522165][T10112] ext4 filesystem being mounted at /413/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 402.800167][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 402.985958][ T9862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 403.048177][T10134] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1641'. [ 403.093860][T10134] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1641'. [ 403.579291][ T5791] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 403.783131][ T5791] usb 4-1: too many configurations: 70, using maximum allowed: 8 [ 403.823471][ T5791] usb 4-1: config index 0 descriptor too short (expected 65016, got 133) [ 403.835236][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 403.854931][ T9862] veth0_vlan: entered promiscuous mode [ 403.863027][ T5791] usb 4-1: config index 1 descriptor too short (expected 65016, got 133) [ 403.879430][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 403.920041][ T5791] usb 4-1: config index 2 descriptor too short (expected 65016, got 133) [ 403.932000][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 403.960036][ T9862] veth1_vlan: entered promiscuous mode [ 403.961591][ T5791] usb 4-1: config index 3 descriptor too short (expected 65016, got 133) [ 403.991787][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 404.005567][ T5791] usb 4-1: config index 4 descriptor too short (expected 65016, got 133) [ 404.033368][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 404.061940][ T5791] usb 4-1: config index 5 descriptor too short (expected 65016, got 133) [ 404.095321][ T9862] veth0_macvtap: entered promiscuous mode [ 404.112849][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 404.139839][ T5791] usb 4-1: config index 6 descriptor too short (expected 65016, got 133) [ 404.144450][ T9862] veth1_macvtap: entered promiscuous mode [ 404.149273][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 404.193438][ T5791] usb 4-1: config index 7 descriptor too short (expected 65016, got 133) [ 404.204389][ T5791] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 404.212637][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 404.234773][ T5791] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 404.246534][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.250790][ T5791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.266794][ T5791] usb 4-1: Product: syz [ 404.267925][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 404.275558][ T5791] usb 4-1: Manufacturer: syz [ 404.292713][ T5791] usb 4-1: SerialNumber: syz [ 404.298205][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.317286][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 404.320381][ T5791] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 404.338824][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.361381][ T9862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 404.382560][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 404.413988][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.418514][ T23] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 404.442053][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 404.467560][ T8] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 404.475668][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.486435][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 404.497344][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.512150][ T9862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 404.550916][ T9862] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.573041][ T9862] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.601916][ T9862] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.621287][ T9862] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.660054][ T8] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 404.677664][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.704192][ T8] usb 1-1: config 0 descriptor?? [ 404.971473][ T1043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 405.010841][ T1043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.105952][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 405.134802][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.160818][ T8] [drm:udl_init] *ERROR* Selecting channel failed [ 405.245316][ T8] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [ 405.275449][ T8] [drm] Initialized udl on minor 2 [ 405.295132][ T8] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 405.353427][ T8] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 405.396442][ T5835] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 405.417513][ T8] usb 1-1: USB disconnect, device number 13 [ 405.455962][ T5836] usb 4-1: USB disconnect, device number 15 [ 405.476789][ T5835] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 406.100400][ T23] usb 4-1: Service connection timeout for: 256 [ 406.113593][ T23] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 406.149190][ T23] ath9k_htc: Failed to initialize the device [ 406.188048][ T5836] usb 4-1: ath9k_htc: USB layer deinitialized [ 406.212483][T10196] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 408.043703][T10221] loop0: detected capacity change from 0 to 40427 [ 408.105034][T10221] F2FS-fs (loop0): Found nat_bits in checkpoint [ 408.313448][T10221] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 408.488398][ T27] kauditd_printk_skb: 18 callbacks suppressed [ 408.488417][ T27] audit: type=1800 audit(1777305352.555:61): pid=10221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1674" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 408.535932][T10241] loop3: detected capacity change from 0 to 32768 [ 408.648886][ T5769] syz-executor: attempt to access beyond end of device [ 408.648886][ T5769] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 408.664985][ T5769] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 408.696352][T10241] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 408.761596][T10241] XFS (loop3): Ending clean mount [ 408.781629][T10241] XFS (loop3): Quotacheck needed: Please wait. [ 408.927311][T10241] XFS (loop3): Quotacheck: Done. [ 409.281309][ T5775] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 409.517498][T10282] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1682'. [ 409.878357][ T5818] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 409.902841][T10291] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 410.087432][ T5818] usb 4-1: Using ep0 maxpacket: 16 [ 410.104207][ T5818] usb 4-1: config 0 has an invalid interface number: 34 but max is 0 [ 410.141398][ T5818] usb 4-1: config 0 has no interface number 0 [ 410.156767][ T5818] usb 4-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 410.178113][ T5818] usb 4-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 410.223157][ T5818] usb 4-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 410.237505][ T5818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.245577][ T5818] usb 4-1: Product: syz [ 410.271532][ T5818] usb 4-1: Manufacturer: syz [ 410.276331][ T5818] usb 4-1: SerialNumber: syz [ 410.303452][ T5818] usb 4-1: config 0 descriptor?? [ 410.313062][T10285] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 410.327457][T10285] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 410.596669][T10285] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 410.621442][T10285] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 410.883169][ T5818] asix 4-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 410.982089][T10318] loop0: detected capacity change from 0 to 1024 [ 411.020003][T10318] EXT4-fs: Ignoring removed bh option [ 411.093107][ T5818] asix 4-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 411.127521][ T5818] asix 4-1:0.34 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 411.150689][ T5818] asix: probe of 4-1:0.34 failed with error -71 [ 411.161405][T10318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 411.177603][ T5818] usb 4-1: USB disconnect, device number 16 [ 411.409035][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.881132][T10341] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1696'. [ 412.597598][ T5818] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 412.643787][T10367] loop3: detected capacity change from 0 to 1024 [ 412.659733][T10367] EXT4-fs: Ignoring removed bh option [ 412.722352][T10367] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 412.814449][ T5818] usb 5-1: Using ep0 maxpacket: 16 [ 412.854989][ T5818] usb 5-1: config 127 has an invalid interface number: 124 but max is 0 [ 412.867895][ T5818] usb 5-1: config 127 has no interface number 0 [ 412.887343][ T5818] usb 5-1: config 127 interface 124 has no altsetting 0 [ 412.917514][ T5818] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 412.941526][ T5818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.942045][T10382] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1710'. [ 412.956027][ T5818] usb 5-1: Product: syz [ 412.966862][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 412.981770][ T5818] usb 5-1: Manufacturer: syz [ 412.986433][ T5818] usb 5-1: SerialNumber: syz [ 413.437647][T10395] loop0: detected capacity change from 0 to 1024 [ 413.489394][T10395] hfsplus: bad catalog entry type [ 413.544329][ T1043] hfsplus: b-tree write err: -5, ino 25 [ 413.555616][ T1043] hfsplus: b-tree write err: -5, ino 4 [ 413.567384][ T1043] hfsplus: b-tree write err: -5, ino 2 [ 413.669936][T10400] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1718'. [ 413.977640][ T5818] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 414.059608][T10386] loop3: detected capacity change from 0 to 40427 [ 414.106238][T10386] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 414.138450][T10386] F2FS-fs (loop3): invalid crc value [ 414.180900][T10386] F2FS-fs (loop3): Found nat_bits in checkpoint [ 414.347484][T10386] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 414.421868][ T5818] usb 5-1: failed to restore interface 124 altsetting 11 (error=-71) [ 414.445177][ T5818] usb 5-1: USB disconnect, device number 2 [ 414.514409][ T5775] syz-executor: attempt to access beyond end of device [ 414.514409][ T5775] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 414.567103][ T5775] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 415.207063][T10424] netlink: 4356 bytes leftover after parsing attributes in process `syz.4.1725'. [ 415.339730][T10418] loop0: detected capacity change from 0 to 40427 [ 415.362053][T10418] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 415.395365][T10418] F2FS-fs (loop0): invalid crc value [ 415.423766][T10418] F2FS-fs (loop0): Found nat_bits in checkpoint [ 415.530581][T10434] loop3: detected capacity change from 0 to 1024 [ 415.563851][T10418] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 415.566474][T10436] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 415.624424][T10434] hfsplus: bad catalog entry type [ 415.701954][ T1043] hfsplus: b-tree write err: -5, ino 25 [ 415.723537][ T1043] hfsplus: b-tree write err: -5, ino 4 [ 415.747941][ T1043] hfsplus: b-tree write err: -5, ino 2 [ 415.766814][ T5769] syz-executor: attempt to access beyond end of device [ 415.766814][ T5769] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 415.805524][ T5769] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 416.269597][T10432] loop4: detected capacity change from 0 to 32768 [ 416.415351][T10441] loop0: detected capacity change from 0 to 512 [ 416.448358][T10441] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 416.477030][T10441] EXT4-fs (loop0): 1 truncate cleaned up [ 416.485083][T10441] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 416.554654][T10441] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.0.1734: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 416.597971][T10441] EXT4-fs (loop0): Remounting filesystem read-only [ 416.718912][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.818068][ T5816] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 416.988353][T10456] netlink: 4356 bytes leftover after parsing attributes in process `syz.3.1740'. [ 417.034006][T10458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1741'. [ 417.057473][ T5816] usb 2-1: Using ep0 maxpacket: 16 [ 417.093624][ T5816] usb 2-1: config 127 has an invalid interface number: 124 but max is 0 [ 417.117466][ T5816] usb 2-1: config 127 has no interface number 0 [ 417.137427][ T5816] usb 2-1: config 127 interface 124 has no altsetting 0 [ 417.176820][ T5816] usb 2-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 417.198456][ T5816] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.207053][ T5816] usb 2-1: Product: syz [ 417.237150][ T5816] usb 2-1: Manufacturer: syz [ 417.244040][ T5816] usb 2-1: SerialNumber: syz [ 417.308145][T10465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1745'. [ 417.567474][ T23] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 417.757356][ T23] usb 5-1: Using ep0 maxpacket: 16 [ 417.775307][ T23] usb 5-1: config 0 has an invalid interface number: 34 but max is 0 [ 417.794403][ T23] usb 5-1: config 0 has no interface number 0 [ 417.804598][ T23] usb 5-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 417.822885][ T23] usb 5-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 417.846663][ T23] usb 5-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 417.866481][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.885452][ T23] usb 5-1: Product: syz [ 417.890678][ T23] usb 5-1: Manufacturer: syz [ 417.895341][ T23] usb 5-1: SerialNumber: syz [ 417.905484][T10470] loop3: detected capacity change from 0 to 32768 [ 417.913404][ T23] usb 5-1: config 0 descriptor?? [ 417.930075][T10467] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 417.947870][T10467] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 418.202770][ T5816] usb 2-1: reset high-speed USB device number 16 using dummy_hcd [ 418.221873][T10467] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 418.243335][T10467] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 418.469152][ T23] asix 5-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 418.654696][ T5816] usb 2-1: failed to restore interface 124 altsetting 11 (error=-71) [ 418.672003][ T5816] usb 2-1: USB disconnect, device number 16 [ 418.687620][ T23] asix 5-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 418.705176][ T23] asix 5-1:0.34 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 418.716883][ T23] asix: probe of 5-1:0.34 failed with error -71 [ 418.731417][ T23] usb 5-1: USB disconnect, device number 3 [ 419.292266][T10484] loop3: detected capacity change from 0 to 256 [ 419.403648][T10484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1750'. [ 419.443333][T10484] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1750'. [ 419.637583][ T23] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 419.678960][T10496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1754'. [ 419.827586][ T23] usb 5-1: Using ep0 maxpacket: 32 [ 419.844825][ T23] usb 5-1: config 0 has an invalid interface number: 35 but max is 0 [ 419.867393][ T23] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 419.898289][ T23] usb 5-1: config 0 has no interface number 0 [ 419.925309][ T23] usb 5-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 419.970941][ T23] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 419.997360][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.026129][ T23] usb 5-1: Product: syz [ 420.030847][ T23] usb 5-1: Manufacturer: syz [ 420.035598][ T23] usb 5-1: SerialNumber: syz [ 420.056049][ T23] usb 5-1: config 0 descriptor?? [ 420.083958][ T23] radio-si470x 5-1:0.35: could not find interrupt in endpoint [ 420.107413][ T23] radio-si470x: probe of 5-1:0.35 failed with error -5 [ 420.298976][ T23] radio-raremono 5-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 420.512073][ T23] radio-raremono 5-1:0.35: V4L2 device registered as radio48 [ 420.747771][ T5816] usb 5-1: USB disconnect, device number 4 [ 420.757833][ T5816] radio-raremono 5-1:0.35: Thanko's Raremono disconnected [ 421.040756][T10513] loop3: detected capacity change from 0 to 40427 [ 421.076015][T10513] F2FS-fs (loop3): Found nat_bits in checkpoint [ 421.131536][T10513] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 421.196172][ T27] audit: type=1800 audit(1777305365.265:62): pid=10513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1762" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 421.257802][ T5775] syz-executor: attempt to access beyond end of device [ 421.257802][ T5775] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 421.297415][ T5775] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 421.336359][T10521] loop0: detected capacity change from 0 to 256 [ 421.440098][T10523] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1766'. [ 421.466334][T10523] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1766'. [ 421.467785][T10521] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1764'. [ 421.516464][T10521] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1764'. [ 421.851332][T10531] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1768'. [ 421.884602][T10531] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1768'. [ 422.401223][T10549] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1782'. [ 422.423903][T10549] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1782'. [ 423.456528][ T5791] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 423.667877][ T5791] usb 2-1: Using ep0 maxpacket: 32 [ 423.691233][ T5791] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 423.707751][ T5791] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 423.738072][ T5791] usb 2-1: config 0 has no interface number 0 [ 423.744379][ T5791] usb 2-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 423.799578][ T5791] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 423.806459][T10564] loop0: detected capacity change from 0 to 32768 [ 423.817609][ T5791] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.846879][ T5791] usb 2-1: Product: syz [ 423.866990][ T5791] usb 2-1: Manufacturer: syz [ 423.873337][ T5791] usb 2-1: SerialNumber: syz [ 423.898230][ T5791] usb 2-1: config 0 descriptor?? [ 423.930666][ T5791] radio-si470x 2-1:0.35: could not find interrupt in endpoint [ 423.943086][T10564] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 423.973853][ T5791] radio-si470x: probe of 2-1:0.35 failed with error -5 [ 424.000120][T10599] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1779'. [ 424.026490][T10599] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1779'. [ 424.056837][T10564] XFS (loop0): Ending clean mount [ 424.069456][T10564] XFS (loop0): Quotacheck needed: Please wait. [ 424.157039][ T5791] radio-raremono 2-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 424.263369][T10564] XFS (loop0): Quotacheck: Done. [ 424.376361][ T5791] radio-raremono 2-1:0.35: V4L2 device registered as radio48 [ 424.561592][ T5769] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 424.667470][ T5791] usb 2-1: USB disconnect, device number 17 [ 424.690882][ T5791] radio-raremono 2-1:0.35: Thanko's Raremono disconnected [ 425.846031][T10621] loop3: detected capacity change from 0 to 32768 [ 425.974384][T10621] JBD2: Ignoring recovery information on journal [ 426.029177][T10619] loop4: detected capacity change from 0 to 40427 [ 426.063657][T10619] F2FS-fs (loop4): Found nat_bits in checkpoint [ 426.141149][T10621] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 426.320498][T10619] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 426.537187][ T27] audit: type=1800 audit(1777305370.605:63): pid=10619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1785" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 426.695235][ T9862] syz-executor: attempt to access beyond end of device [ 426.695235][ T9862] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 426.747393][ T9862] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 426.823150][ T5775] ocfs2: Unmounting device (7,3) on (node local) [ 426.863042][T10660] loop0: detected capacity change from 0 to 512 [ 426.963011][T10660] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 427.014986][T10660] ext4 filesystem being mounted at /456/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 427.149968][T10660] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 427.286246][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.559026][T10686] loop4: detected capacity change from 0 to 32768 [ 428.628267][T10686] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 428.768686][T10686] XFS (loop4): Ending clean mount [ 428.792636][T10686] XFS (loop4): Quotacheck needed: Please wait. [ 428.880896][T10686] XFS (loop4): Quotacheck: Done. [ 429.057799][ T9862] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 429.869501][T10746] loop4: detected capacity change from 0 to 512 [ 429.980927][T10746] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 430.004086][T10746] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 430.125295][T10746] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 430.520740][ T9862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.605659][T10773] loop0: detected capacity change from 0 to 256 [ 430.641574][T10773] exfat: Deprecated parameter 'utf8' [ 430.647128][T10773] exfat: Deprecated parameter 'utf8' [ 430.702322][T10773] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 431.022894][T10776] loop4: detected capacity change from 0 to 32768 [ 431.057817][T10776] JBD2: Ignoring recovery information on journal [ 431.096549][T10776] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 431.305048][ T9862] ocfs2: Unmounting device (7,4) on (node local) [ 431.343303][T10783] vim2m vim2m.0: vidioc_s_fmt queue busy [ 431.703836][T10792] vim2m vim2m.0: vidioc_s_fmt queue busy [ 432.299791][T10808] loop4: detected capacity change from 0 to 256 [ 432.308562][T10805] kernel profiling enabled (shift: 34) [ 432.312660][T10808] exfat: Deprecated parameter 'utf8' [ 432.314822][T10805] profiling shift: 34 too large [ 432.322942][T10808] exfat: Deprecated parameter 'utf8' [ 432.382966][T10808] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 435.791735][T10829] kernel profiling enabled (shift: 34) [ 435.798122][T10829] profiling shift: 34 too large [ 436.345882][T10827] loop0: detected capacity change from 0 to 32768 [ 436.373256][T10827] JBD2: Ignoring recovery information on journal [ 436.455758][T10827] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 436.883251][ T5769] ocfs2: Unmounting device (7,0) on (node local) [ 437.182573][T10861] __nla_validate_parse: 1 callbacks suppressed [ 437.182595][T10861] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1850'. [ 437.776664][T10888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1865'. [ 438.005266][T10898] overlayfs: missing 'lowerdir' [ 438.586925][T10923] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1880'. [ 438.620611][T10927] MPI: mpi too large (113288 bits) [ 438.977910][ T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 439.091881][T10940] loop3: detected capacity change from 0 to 8192 [ 439.110737][T10940] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 439.124537][T10940] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 439.135665][T10940] REISERFS (device loop3): using ordered data mode [ 439.143162][T10940] reiserfs: using flush barriers [ 439.157447][T10940] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 439.178268][T10940] REISERFS (device loop3): checking transaction log (loop3) [ 439.178406][ T23] usb 1-1: too many configurations: 70, using maximum allowed: 8 [ 439.206019][ T23] usb 1-1: config index 0 descriptor too short (expected 65016, got 133) [ 439.215365][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.228162][ T23] usb 1-1: config index 1 descriptor too short (expected 65016, got 133) [ 439.237886][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.264422][ T23] usb 1-1: config index 2 descriptor too short (expected 65016, got 133) [ 439.274223][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.287632][ T23] usb 1-1: config index 3 descriptor too short (expected 65016, got 133) [ 439.297671][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.309954][ T23] usb 1-1: config index 4 descriptor too short (expected 65016, got 133) [ 439.321786][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.342697][ T23] usb 1-1: config index 5 descriptor too short (expected 65016, got 133) [ 439.355670][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.379858][ T23] usb 1-1: config index 6 descriptor too short (expected 65016, got 133) [ 439.395807][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.410541][ T23] usb 1-1: config index 7 descriptor too short (expected 65016, got 133) [ 439.413851][T10940] REISERFS (device loop3): Using tea hash to sort names [ 439.420024][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.440548][ T23] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 439.447999][T10940] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 439.452491][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.473437][ T23] usb 1-1: Product: syz [ 439.480469][ T23] usb 1-1: Manufacturer: syz [ 439.485149][ T23] usb 1-1: SerialNumber: syz [ 439.502997][ T23] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 439.547112][ T5791] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 440.102386][T10950] loop4: detected capacity change from 0 to 16 [ 440.146964][T10950] erofs: (device loop4): mounted with root inode @ nid 36. [ 440.242910][ T27] audit: type=1800 audit(1777305384.315:64): pid=10950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1892" name="file1" dev="loop4" ino=86 res=0 errno=0 [ 440.263589][ C1] vkms_vblank_simulate: vblank timer overrun [ 440.394649][T10954] MPI: mpi too large (113288 bits) [ 440.414118][ T5836] usb 1-1: USB disconnect, device number 14 [ 440.440335][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.447134][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.643575][T10960] overlayfs: missing 'lowerdir' [ 441.057760][ T5791] usb 1-1: Service connection timeout for: 256 [ 441.064045][ T5791] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 441.101872][ T5791] ath9k_htc: Failed to initialize the device [ 441.133156][ T5836] usb 1-1: ath9k_htc: USB layer deinitialized [ 441.214161][T10965] loop4: detected capacity change from 0 to 8192 [ 441.233844][T10965] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 441.248811][T10965] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 441.258927][T10965] REISERFS (device loop4): using ordered data mode [ 441.265615][T10965] reiserfs: using flush barriers [ 441.281127][T10965] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 441.313868][T10965] REISERFS (device loop4): checking transaction log (loop4) [ 441.321162][T10969] loop3: detected capacity change from 0 to 2048 [ 441.357706][T10969] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 441.397451][T10971] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 441.441806][ T5785] udevd[5785]: incorrect nilfs2 checksum on /dev/loop3 [ 441.658147][T10965] REISERFS (device loop4): Using tea hash to sort names [ 441.665725][T10965] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 442.567682][ T5791] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 442.580989][T11002] loop4: detected capacity change from 0 to 2048 [ 442.603362][T11002] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 442.649022][T10999] loop0: detected capacity change from 0 to 8192 [ 442.659783][T11003] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 442.676013][T10999] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 442.725804][T10999] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 442.758892][T10999] REISERFS (device loop0): using ordered data mode [ 442.765663][T10999] reiserfs: using flush barriers [ 442.782482][ T5791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.837721][ T5791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.847909][T10999] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 442.848456][T10999] REISERFS (device loop0): checking transaction log (loop0) [ 442.887436][ T5791] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 442.897083][ T5791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.946328][ T5791] usb 4-1: config 0 descriptor?? [ 443.140996][T10999] REISERFS (device loop0): Using tea hash to sort names [ 443.157946][T10999] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 443.178735][ T23] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 443.368248][ T23] usb 2-1: too many configurations: 70, using maximum allowed: 8 [ 443.382662][ T23] usb 2-1: config index 0 descriptor too short (expected 65016, got 133) [ 443.393089][ T5791] cp2112 0003:10C4:EA90.0010: unbalanced collection at end of report description [ 443.410111][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.421567][ T5791] cp2112 0003:10C4:EA90.0010: parse failed [ 443.428143][ T5791] cp2112: probe of 0003:10C4:EA90.0010 failed with error -22 [ 443.439595][ T23] usb 2-1: config index 1 descriptor too short (expected 65016, got 133) [ 443.449233][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.499963][ T23] usb 2-1: config index 2 descriptor too short (expected 65016, got 133) [ 443.509767][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.530333][ T23] usb 2-1: config index 3 descriptor too short (expected 65016, got 133) [ 443.540988][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.561923][ T23] usb 2-1: config index 4 descriptor too short (expected 65016, got 133) [ 443.589623][ T5818] usb 4-1: USB disconnect, device number 17 [ 443.601521][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.625636][ T23] usb 2-1: config index 5 descriptor too short (expected 65016, got 133) [ 443.642814][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.655970][ T23] usb 2-1: config index 6 descriptor too short (expected 65016, got 133) [ 443.665132][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.687112][ T23] usb 2-1: config index 7 descriptor too short (expected 65016, got 133) [ 443.695849][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.710783][ T23] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 443.723971][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.733147][ T23] usb 2-1: Product: syz [ 443.742989][ T23] usb 2-1: Manufacturer: syz [ 443.748252][ T23] usb 2-1: SerialNumber: syz [ 443.760678][ T23] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 443.781260][ T5791] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 444.075995][T11014] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 444.084085][T11014] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 444.092811][T11014] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 444.111860][T11014] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 444.118228][T11014] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 444.131341][T11014] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 444.370922][T11027] loop4: detected capacity change from 0 to 128 [ 444.429541][T11027] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 444.432375][T11029] loop0: detected capacity change from 0 to 2048 [ 444.457924][ T8] usb 2-1: USB disconnect, device number 18 [ 444.469900][T11027] ext4 filesystem being mounted at /60/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 444.497545][T11029] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 444.576163][ T9862] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 444.576535][T11033] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 444.981596][T11044] loop3: detected capacity change from 0 to 256 [ 445.042024][T11044] FAT-fs (loop3): Directory bread(block 64) failed [ 445.067645][ T5791] usb 2-1: Service connection timeout for: 256 [ 445.083222][ T5791] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 445.097614][T11044] FAT-fs (loop3): Directory bread(block 65) failed [ 445.104552][T11044] FAT-fs (loop3): Directory bread(block 66) failed [ 445.118624][ T5791] ath9k_htc: Failed to initialize the device [ 445.130224][T11044] FAT-fs (loop3): Directory bread(block 67) failed [ 445.138431][ T8] usb 2-1: ath9k_htc: USB layer deinitialized [ 445.140815][T11044] FAT-fs (loop3): Directory bread(block 68) failed [ 445.154584][T11044] FAT-fs (loop3): Directory bread(block 69) failed [ 445.164250][T11044] FAT-fs (loop3): Directory bread(block 70) failed [ 445.174993][T11044] FAT-fs (loop3): Directory bread(block 71) failed [ 445.195239][T11044] FAT-fs (loop3): Directory bread(block 72) failed [ 445.202461][T11044] FAT-fs (loop3): Directory bread(block 73) failed [ 445.435194][ T8] IPVS: starting estimator thread 0... [ 445.547517][T11053] IPVS: using max 16 ests per chain, 38400 per kthread [ 445.943303][T11066] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1942'. [ 445.973215][T11066] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1942'. [ 445.976589][T11067] loop0: detected capacity change from 0 to 2048 [ 445.982647][T11066] netlink: 'syz.4.1942': attribute type 6 has an invalid length. [ 446.015210][T11067] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 446.054377][T11066] netlink: 'syz.4.1942': attribute type 5 has an invalid length. [ 446.064266][ T6038] udevd[6038]: incorrect nilfs2 checksum on /dev/loop0 [ 446.075017][T11068] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 446.081608][T11066] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1942'. [ 446.107319][ T5783] Bluetooth: hci2: command 0x0406 tx timeout [ 446.192007][ T5783] Bluetooth: hci3: command 0x0c1a tx timeout [ 446.616324][ T23] IPVS: starting estimator thread 0... [ 446.769880][T11082] IPVS: using max 18 ests per chain, 43200 per kthread [ 447.174945][T11081] loop4: detected capacity change from 0 to 32768 [ 447.197525][T11081] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.1948 (11081) [ 447.236701][T11081] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 447.248024][ T5791] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 447.258086][T11081] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 447.268244][T11081] BTRFS info (device loop4): using free space tree [ 447.389538][T11081] BTRFS info (device loop4): enabling ssd optimizations [ 447.396584][T11081] BTRFS info (device loop4): auto enabling async discard [ 447.437415][ T5791] usb 1-1: Using ep0 maxpacket: 32 [ 447.445123][ T5791] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 447.453802][ T5791] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 447.476066][ T5791] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 447.507312][ T5791] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 447.531516][ T5791] usb 1-1: config 0 interface 0 has no altsetting 0 [ 447.554777][ T5791] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 447.574532][ T5791] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 447.606432][ T5791] usb 1-1: Product: syz [ 447.611198][ T5791] usb 1-1: Manufacturer: syz [ 447.612526][ T9862] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 447.616319][ T5791] usb 1-1: SerialNumber: syz [ 447.670094][ T5791] usb 1-1: config 0 descriptor?? [ 447.686025][ T5791] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 447.708660][ T5791] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 447.805817][T11099] loop3: detected capacity change from 0 to 32768 [ 447.912126][T11099] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 448.099411][ T6038] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 9 /dev/loop4 scanned by udevd (6038) [ 448.168450][ T8] usb 1-1: USB disconnect, device number 15 [ 448.177863][ T8] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 448.187506][ T5783] Bluetooth: hci2: command 0x0406 tx timeout [ 448.254279][T11099] XFS (loop3): Ending clean mount [ 448.260003][ T5783] Bluetooth: hci3: command 0x0c1a tx timeout [ 448.292832][T11099] XFS (loop3): Quotacheck needed: Please wait. [ 448.408011][T11099] XFS (loop3): Quotacheck: Done. [ 448.695031][ T5775] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 449.470817][T11147] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1965'. [ 449.484793][T11147] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1965'. [ 449.494796][T11147] netlink: 'syz.3.1965': attribute type 6 has an invalid length. [ 449.503216][T11147] netlink: 'syz.3.1965': attribute type 5 has an invalid length. [ 449.511754][T11147] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1965'. [ 449.761199][ T8] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 449.895650][T11141] loop0: detected capacity change from 0 to 40427 [ 449.924493][T11141] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff [ 449.938431][T11141] F2FS-fs (loop0): invalid crc value [ 449.967094][T11141] F2FS-fs (loop0): Found nat_bits in checkpoint [ 449.987538][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 449.999771][ T8] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 450.037311][ T8] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 450.059818][ T8] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 450.093093][ T8] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 450.112161][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 450.125932][T11141] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 450.136789][ T8] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 450.149627][ T8] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 450.167654][ T8] usb 5-1: Product: syz [ 450.171983][ T8] usb 5-1: Manufacturer: syz [ 450.176623][ T8] usb 5-1: SerialNumber: syz [ 450.202576][ T8] usb 5-1: config 0 descriptor?? [ 450.231703][ T8] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 450.252873][ T8] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 450.280170][ T5769] syz-executor: attempt to access beyond end of device [ 450.280170][ T5769] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 450.336886][ T5769] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 450.347520][ T5783] Bluetooth: hci3: command 0x0c1a tx timeout [ 450.492681][ T8] usb 5-1: USB disconnect, device number 5 [ 450.505073][ T8] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 451.129312][T11175] loop3: detected capacity change from 0 to 128 [ 451.203541][T11175] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 451.261710][T11175] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 451.416053][T11182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1981'. [ 452.012578][T11176] loop4: detected capacity change from 0 to 32768 [ 452.048744][T11176] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 452.191922][T11176] XFS (loop4): Ending clean mount [ 452.211406][T11176] XFS (loop4): Quotacheck needed: Please wait. [ 452.312085][T11176] XFS (loop4): Quotacheck: Done. [ 452.524517][ T9862] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 453.139974][T11217] loop4: detected capacity change from 0 to 128 [ 453.174478][T11217] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 453.186268][ T5783] Bluetooth: hci2: unexpected event for opcode 0x0c14 [ 453.216619][T11217] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 453.599737][T11224] loop4: detected capacity change from 0 to 512 [ 453.616143][T11224] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 453.632250][T11224] EXT4-fs (loop4): orphan cleanup on readonly fs [ 453.641899][T11227] loop0: detected capacity change from 0 to 128 [ 453.648971][T11224] Quota error (device loop4): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6). [ 453.669660][T11224] EXT4-fs warning (device loop4): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 453.690979][T11227] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 453.755012][T11224] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 453.769177][T11227] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 453.809772][T11224] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm syz.4.1997: bg 0: block 15: invalid block bitmap [ 453.846981][T11224] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 453.886495][T11224] EXT4-fs (loop4): 1 truncate cleaned up [ 453.903394][T11224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 454.011947][T11224] EXT4-fs error (device loop4): ext4_get_link:104: inode #16: comm syz.4.1997: bad symlink. [ 454.065535][T11224] EXT4-fs error (device loop4): ext4_get_link:104: inode #16: comm syz.4.1997: bad symlink. [ 454.159137][ T9862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.797068][ T5783] Bluetooth: hci0: unexpected event for opcode 0x0c14 [ 454.931583][T11231] loop3: detected capacity change from 0 to 32768 [ 454.973991][T11231] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 455.171687][T11231] XFS (loop3): Ending clean mount [ 455.221458][T11231] XFS (loop3): Quotacheck needed: Please wait. [ 455.298878][T11231] XFS (loop3): Quotacheck: Done. [ 455.599604][ T5775] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 455.680703][T11278] loop0: detected capacity change from 0 to 512 [ 455.810718][T11278] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 455.897860][T11278] ext4 filesystem being mounted at /515/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 455.984837][T11283] program syz.3.2020 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 456.039561][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 456.653319][T11272] loop4: detected capacity change from 0 to 32768 [ 456.696141][T11272] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 456.707399][T11272] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 456.803909][T11272] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 456.875324][ T5818] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 456.898053][ T5818] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 456.974148][ T5791] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 457.034235][T11302] loop3: detected capacity change from 0 to 1024 [ 457.043115][ T5818] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 145ms [ 457.074786][ T5818] gfs2: fsid=syz:syz.0: jid=0: Done [ 457.087026][T11272] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 457.098902][T11302] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 457.198002][ T5791] usb 1-1: Using ep0 maxpacket: 32 [ 457.208647][ T5791] usb 1-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 457.227630][ T5783] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 457.237385][ T5791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.238306][ T5783] Bluetooth: hci2: Injecting HCI hardware error event [ 457.245423][ T5791] usb 1-1: Product: syz [ 457.255494][ T5783] Bluetooth: hci2: hardware error 0x00 [ 457.317578][ T5791] usb 1-1: Manufacturer: syz [ 457.322257][ T5791] usb 1-1: SerialNumber: syz [ 457.358701][ T5791] usb 1-1: config 0 descriptor?? [ 457.372523][T11310] netlink: 'syz.1.2031': attribute type 3 has an invalid length. [ 457.386472][ T5791] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 457.418837][ T5791] dvb-usb: bulk message failed: -22 (4/0) [ 457.444630][ T5791] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 457.496211][ T5791] dvb-usb: bulk message failed: -22 (5/0) [ 457.516679][ T5791] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 457.543294][ T5791] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 457.557960][ T5791] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 457.577949][ T5791] usb 1-1: media controller created [ 457.585305][T11298] ttusb2: i2c wr len=58 too high [ 457.629259][ T5791] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 457.660055][T11316] netlink: 'syz.1.2033': attribute type 27 has an invalid length. [ 457.718774][ T5791] usb 1-1: selecting invalid altsetting 3 [ 457.724856][ T5791] ttusb2: set interface to alts=3 failed [ 457.775427][ T5791] DVB: Unable to find symbol tda10086_attach() [ 457.784632][ T5791] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 457.794397][ T5791] dvb-usb: bulk message failed: -22 (4/0) [ 457.804814][T11272] gfs2: fsid=syz:syz.0: found 1 quota changes [ 457.805189][ T5791] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 457.837709][ T5791] dvb-usb: bulk message failed: -22 (5/0) [ 457.853772][ T5791] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 457.868965][ T5791] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 457.886499][ T5791] usb 1-1: USB disconnect, device number 16 [ 457.971615][ T5791] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 458.212599][ T9862] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 458.229869][ T9862] CPU: 0 PID: 9862 Comm: syz-executor Not tainted syzkaller #0 [ 458.237546][ T9862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 458.247747][ T9862] Call Trace: [ 458.251043][ T9862] [ 458.253983][ T9862] dump_stack_lvl+0x18c/0x250 [ 458.258697][ T9862] ? show_regs_print_info+0x20/0x20 [ 458.264358][ T9862] ? load_image+0x420/0x420 [ 458.268997][ T9862] ? do_raw_spin_unlock+0x121/0x230 [ 458.274222][ T9862] gfs2_assert_warn_i+0x193/0x2c0 [ 458.279265][ T9862] gfs2_qd_dispose+0x4aa/0x5b0 [ 458.284141][ T9862] gfs2_quota_cleanup+0x410/0x720 [ 458.289266][ T9862] ? spin_lock_bucket+0x150/0x150 [ 458.294381][ T9862] ? __might_sleep+0xe0/0xe0 [ 458.299072][ T9862] ? gfs2_ail_empty_tr+0x2f0/0x2f0 [ 458.304795][ T9862] ? gfs2_quota_sync+0x591/0x5a0 [ 458.309742][ T9862] gfs2_make_fs_ro+0x2aa/0x320 [ 458.314769][ T9862] ? gfs2_dinode_out+0xb10/0xb10 [ 458.319808][ T9862] ? __lock_acquire+0x7d40/0x7d40 [ 458.324975][ T9862] ? __rwlock_init+0x150/0x150 [ 458.329895][ T9862] ? do_raw_spin_unlock+0x121/0x230 [ 458.335198][ T9862] gfs2_put_super+0x224/0x930 [ 458.340127][ T9862] ? gfs2_evict_inode+0x1350/0x1350 [ 458.345453][ T9862] generic_shutdown_super+0x134/0x2b0 [ 458.351252][ T9862] kill_block_super+0x44/0x90 [ 458.356263][ T9862] deactivate_locked_super+0x97/0x100 [ 458.361786][ T9862] cleanup_mnt+0x43b/0x4d0 [ 458.366442][ T9862] task_work_run+0x1d4/0x260 [ 458.371108][ T9862] ? task_work_cancel+0x220/0x220 [ 458.376197][ T9862] ? exit_to_user_mode_loop+0x3b/0x110 [ 458.381714][ T9862] exit_to_user_mode_loop+0xe6/0x110 [ 458.387122][ T9862] exit_to_user_mode_prepare+0xee/0x180 [ 458.392991][ T9862] syscall_exit_to_user_mode+0x1a/0x50 [ 458.398697][ T9862] do_syscall_64+0x61/0xa0 [ 458.403226][ T9862] ? clear_bhb_loop+0x40/0x90 [ 458.408134][ T9862] ? clear_bhb_loop+0x40/0x90 [ 458.412881][ T9862] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 458.418919][ T9862] RIP: 0033:0x7f53ee39e017 [ 458.423446][ T9862] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 458.443258][ T9862] RSP: 002b:00007ffe54f3a938 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 458.451775][ T9862] RAX: 0000000000000000 RBX: 00007f53ee432120 RCX: 00007f53ee39e017 [ 458.459802][ T9862] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe54f3a9f0 [ 458.467921][ T9862] RBP: 00007ffe54f3a9f0 R08: 00007ffe54f3b9f0 R09: 00000000ffffffff [ 458.476109][ T9862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe54f3ba80 [ 458.484250][ T9862] R13: 00007f53ee432120 R14: 000000000006fcd3 R15: 00007ffe54f3bac0 [ 458.492433][ T9862] [ 458.599525][T11333] loop3: detected capacity change from 0 to 128 [ 458.613176][T11333] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 458.656860][T11333] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 458.898319][ T1135] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 458.944796][T11335] loop0: detected capacity change from 0 to 512 [ 459.031239][T11335] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 459.125260][T11335] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 459.198948][T11335] Quota error (device loop0): write_blk: dquota write failed [ 459.210382][T11335] Quota error (device loop0): find_free_dqentry: Can't write quota data block 5 [ 459.220154][T11345] netlink: 'syz.4.2044': attribute type 27 has an invalid length. [ 459.223532][T11335] Quota error (device loop0): write_blk: dquota write failed [ 459.238498][T11335] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 459.248664][T11335] EXT4-fs error (device loop0): ext4_acquire_dquot:6953: comm syz.0.2043: Failed to acquire dquot type 1 [ 459.279555][T11335] EXT4-fs (loop0): 1 truncate cleaned up [ 459.286718][T11335] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 459.307432][ T5783] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 459.510356][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 459.727381][ T5818] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 459.905069][T11347] loop3: detected capacity change from 0 to 32768 [ 459.927788][ T5818] usb 5-1: Using ep0 maxpacket: 32 [ 459.948527][ T5818] usb 5-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 459.974822][ T5818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.995750][ T5818] usb 5-1: Product: syz [ 460.002696][ T5818] usb 5-1: Manufacturer: syz [ 460.027457][ T5818] usb 5-1: SerialNumber: syz [ 460.056585][ T5818] usb 5-1: config 0 descriptor?? [ 460.074927][ T5818] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 460.083837][ T5818] dvb-usb: bulk message failed: -22 (2/0) [ 460.101871][ T5818] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 460.127911][ T5818] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 460.146519][ T5818] usb 5-1: media controller created [ 460.196641][ T5818] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 460.262185][ T5818] usb 5-1: selecting invalid altsetting 7 [ 460.289075][ T5818] cxusb: set interface failed [ 460.294098][ T5818] dvb-usb: bulk message failed: -22 (1/0) [ 460.305734][T11349] cxusb: i2c wr: len=80 is too big! [ 460.305734][T11349] [ 460.397600][ T5818] DVB: Unable to find symbol lgdt330x_attach() [ 460.403847][ T5818] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 460.569218][ T5818] rc_core: IR keymap rc-dvico-portable not found [ 460.575661][ T5818] Registered IR keymap rc-empty [ 460.598711][ T5818] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0 [ 460.602208][T11360] loop3: detected capacity change from 0 to 4096 [ 460.619786][ T5818] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input20 [ 460.650495][ T5818] dvb-usb: schedule remote query interval to 100 msecs. [ 460.652714][T11362] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 460.664035][ T5818] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 460.722235][ T5818] usb 5-1: USB disconnect, device number 6 [ 460.770873][ T5791] dvb-usb: bulk message failed: -22 (1/0) [ 460.827860][ T23] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 460.878571][ T5818] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 461.027436][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 461.043731][ T23] usb 2-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 461.071971][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.090763][ T23] usb 2-1: Product: syz [ 461.095173][ T23] usb 2-1: Manufacturer: syz [ 461.118921][ T23] usb 2-1: SerialNumber: syz [ 461.136095][ T23] usb 2-1: config 0 descriptor?? [ 461.146978][ T23] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 461.166339][ T23] dvb-usb: bulk message failed: -22 (4/0) [ 461.177482][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 461.207481][ T23] dvb-usb: bulk message failed: -22 (5/0) [ 461.213405][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 461.273371][ T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 461.308283][ T23] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 461.334972][ T23] usb 2-1: media controller created [ 461.378529][T11361] ttusb2: i2c wr len=58 too high [ 461.420948][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 461.469634][ T23] usb 2-1: selecting invalid altsetting 3 [ 461.484690][ T23] ttusb2: set interface to alts=3 failed [ 461.568748][T11371] bridge0: entered promiscuous mode [ 461.578664][T11370] bridge0: left promiscuous mode [ 461.639316][ T23] DVB: Unable to find symbol tda10086_attach() [ 461.645565][ T23] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 461.704810][ T23] dvb-usb: bulk message failed: -22 (4/0) [ 461.724955][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 461.766045][ T23] dvb-usb: bulk message failed: -22 (5/0) [ 461.786200][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 461.807495][ T23] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 461.840525][ T23] usb 2-1: USB disconnect, device number 19 [ 461.954519][T11359] loop0: detected capacity change from 0 to 32768 [ 461.974972][ T23] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 462.049459][T11359] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 462.090588][T11382] loop4: detected capacity change from 0 to 4096 [ 462.101129][T11359] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 462.137633][T11383] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 462.186987][T11359] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 462.222878][ T2184] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 462.238743][ T2184] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 462.407384][ T5818] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 462.439006][ T2184] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 200ms [ 462.478865][ T2184] gfs2: fsid=syz:syz.0: jid=0: Done [ 462.484875][T11359] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 462.637401][ T5818] usb 4-1: Using ep0 maxpacket: 32 [ 462.656778][ T5818] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 462.672674][ T5818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.684578][ T5818] usb 4-1: Product: syz [ 462.698720][ T5818] usb 4-1: Manufacturer: syz [ 462.705684][ T5818] usb 4-1: SerialNumber: syz [ 462.730585][ T5818] usb 4-1: config 0 descriptor?? [ 462.749820][ T5818] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 462.758878][ T5818] dvb-usb: bulk message failed: -22 (2/0) [ 462.771282][ T5818] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 462.782033][ T5818] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 462.808205][ T5818] usb 4-1: media controller created [ 462.831289][T11397] fuse: Unknown parameter '01777777777777777777777ÿÿÿÿÿÿÿÿ' [ 462.854034][ T5818] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 462.883922][ T5818] usb 4-1: selecting invalid altsetting 7 [ 462.892689][ T5818] cxusb: set interface failed [ 462.898601][ T5818] dvb-usb: bulk message failed: -22 (1/0) [ 462.967457][ T5818] DVB: Unable to find symbol lgdt330x_attach() [ 462.974834][T11359] gfs2: fsid=syz:syz.0: found 1 quota changes [ 462.978474][T11385] cxusb: i2c wr: len=80 is too big! [ 462.978474][T11385] [ 463.001734][ T5818] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 463.137924][ T5818] rc_core: IR keymap rc-dvico-portable not found [ 463.157364][ T5818] Registered IR keymap rc-empty [ 463.163447][ T5818] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 463.209130][ T5818] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input21 [ 463.245793][ T5818] dvb-usb: schedule remote query interval to 100 msecs. [ 463.272092][T11403] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2071'. [ 463.274699][ T5818] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 463.281344][T11403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2071'. [ 463.309344][ T5769] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 463.326182][ T5818] usb 4-1: USB disconnect, device number 18 [ 463.340324][ T5769] CPU: 0 PID: 5769 Comm: syz-executor Not tainted syzkaller #0 [ 463.347860][T11403] netlink: 'syz.1.2071': attribute type 13 has an invalid length. [ 463.348020][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 463.366385][ T5769] Call Trace: [ 463.369703][ T5769] [ 463.372671][ T5769] dump_stack_lvl+0x18c/0x250 [ 463.377442][ T5769] ? show_regs_print_info+0x20/0x20 [ 463.382882][ T5769] ? load_image+0x420/0x420 [ 463.387478][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 463.392427][T11403] netlink: 'syz.1.2071': attribute type 12 has an invalid length. [ 463.392712][ T5769] gfs2_assert_warn_i+0x193/0x2c0 [ 463.405816][ T5769] gfs2_qd_dispose+0x4aa/0x5b0 [ 463.410758][ T5769] gfs2_quota_cleanup+0x410/0x720 [ 463.415911][ T5769] ? spin_lock_bucket+0x150/0x150 [ 463.421175][ T5769] ? __might_sleep+0xe0/0xe0 [ 463.425818][ T5769] ? gfs2_ail_empty_tr+0x2f0/0x2f0 [ 463.430986][ T5769] ? gfs2_quota_sync+0x591/0x5a0 [ 463.435985][ T5769] gfs2_make_fs_ro+0x2aa/0x320 [ 463.440814][ T5769] ? gfs2_dinode_out+0xb10/0xb10 [ 463.445808][ T5769] ? __lock_acquire+0x7d40/0x7d40 [ 463.450888][ T5769] ? __rwlock_init+0x150/0x150 [ 463.455808][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 463.461085][ T5769] gfs2_put_super+0x224/0x930 [ 463.465918][ T5769] ? gfs2_evict_inode+0x1350/0x1350 [ 463.471259][ T5769] generic_shutdown_super+0x134/0x2b0 [ 463.476686][ T5769] kill_block_super+0x44/0x90 [ 463.481428][ T5769] deactivate_locked_super+0x97/0x100 [ 463.486990][ T5769] cleanup_mnt+0x43b/0x4d0 [ 463.491472][ T5769] task_work_run+0x1d4/0x260 [ 463.496151][ T5769] ? task_work_cancel+0x220/0x220 [ 463.501329][ T5769] exit_to_user_mode_loop+0xe6/0x110 [ 463.506756][ T5769] exit_to_user_mode_prepare+0xee/0x180 [ 463.512355][ T5769] syscall_exit_to_user_mode+0x1a/0x50 [ 463.518080][ T5769] do_syscall_64+0x61/0xa0 [ 463.522659][ T5769] ? clear_bhb_loop+0x40/0x90 [ 463.527484][ T5769] ? clear_bhb_loop+0x40/0x90 [ 463.532228][ T5769] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 463.538234][ T5769] RIP: 0033:0x7f087d99e017 [ 463.542704][ T5769] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 463.562624][ T5769] RSP: 002b:00007ffd6538cfb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 463.571184][ T5769] RAX: 0000000000000000 RBX: 00007f087da32120 RCX: 00007f087d99e017 [ 463.579218][ T5769] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6538d070 [ 463.587334][ T5769] RBP: 00007ffd6538d070 R08: 00007ffd6538e070 R09: 00000000ffffffff [ 463.595438][ T5769] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd6538e100 [ 463.603690][ T5769] R13: 00007f087da32120 R14: 00000000000710e9 R15: 00007ffd6538e140 [ 463.611814][ T5769] [ 463.692374][ T5818] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 463.923958][T11399] loop4: detected capacity change from 0 to 40427 [ 463.960945][T11399] F2FS-fs (loop4): Mismatch start address, segment0(0) cp_blkaddr(512) [ 463.988355][T11399] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 464.007450][T11399] F2FS-fs (loop4): build fault injection attr: rate: 19, type: 0x7ffff [ 464.016257][T11399] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x7698c [ 464.046474][T11399] F2FS-fs (loop4): invalid crc value [ 464.086406][T11399] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21d/0x9b0 [ 464.113857][T11399] F2FS-fs (loop4): Found nat_bits in checkpoint [ 464.228410][T11399] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650 [ 464.261498][ C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x597/0xe40 [ 464.304400][T11399] F2FS-fs (loop4): Start checkpoint disabled! [ 464.311011][T11399] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x5b4/0x19c0 [ 464.322840][T11399] F2FS-fs (loop4): invalid blkaddr: 1025, type: 10, run fsck to fix. [ 464.385755][T11399] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 464.404874][T11399] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 464.555129][T11427] vlan2: entered allmulticast mode [ 464.582370][T11427] bond0: entered allmulticast mode [ 464.592166][T11399] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xd7/0x5d0 [ 464.598866][T11427] bond_slave_0: entered allmulticast mode [ 464.615502][T11427] bond_slave_1: entered allmulticast mode [ 464.809047][ T1043] kworker/u4:5: attempt to access beyond end of device [ 464.809047][ T1043] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 464.823740][ T1043] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 465.552351][T11454] loop0: detected capacity change from 0 to 256 [ 465.618336][T11454] FAT-fs (loop0): Directory bread(block 64) failed [ 465.625365][T11454] FAT-fs (loop0): Directory bread(block 65) failed [ 465.637543][T11454] FAT-fs (loop0): Directory bread(block 66) failed [ 465.644310][T11454] FAT-fs (loop0): Directory bread(block 67) failed [ 465.651191][ T5835] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 465.667358][T11454] FAT-fs (loop0): Directory bread(block 68) failed [ 465.674441][T11454] FAT-fs (loop0): Directory bread(block 69) failed [ 465.695428][T11454] FAT-fs (loop0): Directory bread(block 70) failed [ 465.705478][T11454] FAT-fs (loop0): Directory bread(block 71) failed [ 465.725971][T11454] FAT-fs (loop0): Directory bread(block 72) failed [ 465.738164][T11454] FAT-fs (loop0): Directory bread(block 73) failed [ 465.848542][ T5835] usb 5-1: Using ep0 maxpacket: 32 [ 465.874763][ T5835] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 465.893482][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.906605][ T5835] usb 5-1: Product: syz [ 465.921390][ T5835] usb 5-1: Manufacturer: syz [ 465.936257][ T5835] usb 5-1: SerialNumber: syz [ 465.954079][ T5835] usb 5-1: config 0 descriptor?? [ 465.980537][ T5835] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 465.993002][ T5835] dvb-usb: bulk message failed: -22 (4/0) [ 466.002127][ T5835] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 466.013687][ T5835] dvb-usb: bulk message failed: -22 (5/0) [ 466.020155][ T5835] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 466.037132][ T5835] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 466.069942][ T5835] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 466.108048][ T5835] usb 5-1: media controller created [ 466.181513][ T5835] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 466.194323][T11458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2092'. [ 466.204930][T11458] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2092'. [ 466.206288][T11446] ttusb2: i2c wr len=58 too high [ 466.224674][T11458] netlink: 'syz.0.2092': attribute type 13 has an invalid length. [ 466.233853][ T5835] usb 5-1: selecting invalid altsetting 3 [ 466.247333][ T5835] ttusb2: set interface to alts=3 failed [ 466.253236][T11458] netlink: 'syz.0.2092': attribute type 12 has an invalid length. [ 466.338381][ T5776] Bluetooth: hci3: command 0x0c1a tx timeout [ 466.364310][ T5835] DVB: Unable to find symbol tda10086_attach() [ 466.391040][ T5835] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 466.423358][T11452] loop3: detected capacity change from 0 to 40427 [ 466.424933][ T5835] dvb-usb: bulk message failed: -22 (4/0) [ 466.444802][T11452] F2FS-fs (loop3): Mismatch start address, segment0(0) cp_blkaddr(512) [ 466.462601][ T5835] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 466.482016][T11452] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 466.483422][ T5835] dvb-usb: bulk message failed: -22 (5/0) [ 466.504990][T11452] F2FS-fs (loop3): build fault injection attr: rate: 19, type: 0x7ffff [ 466.510289][ T5835] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 466.535641][ T5835] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 466.542342][T11452] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x7698c [ 466.555704][T11462] loop0: detected capacity change from 0 to 4096 [ 466.578526][ T5835] usb 5-1: USB disconnect, device number 7 [ 466.632620][T11452] F2FS-fs (loop3): invalid crc value [ 466.672045][T11452] F2FS-fs (loop3): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21d/0x9b0 [ 466.686716][T11466] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 466.709887][T11452] F2FS-fs (loop3): Found nat_bits in checkpoint [ 466.746564][ T5835] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 466.836636][T11452] F2FS-fs (loop3): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650 [ 466.895813][ C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x597/0xe40 [ 466.962043][T11452] F2FS-fs (loop3): Start checkpoint disabled! [ 466.970497][T11452] F2FS-fs (loop3): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x5b4/0x19c0 [ 466.982077][T11452] F2FS-fs (loop3): invalid blkaddr: 1025, type: 10, run fsck to fix. [ 466.998838][T11452] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 467.006112][T11452] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 467.021016][ T27] audit: type=1326 audit(1777305411.095:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28afd9cdd9 code=0x7ffc0000 [ 467.117509][ T27] audit: type=1326 audit(1777305411.095:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28afd9cdd9 code=0x7ffc0000 [ 467.153733][T11452] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xd7/0x5d0 [ 467.222816][ T27] audit: type=1326 audit(1777305411.095:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28afd9cdd9 code=0x7ffc0000 [ 467.326830][ T27] audit: type=1326 audit(1777305411.095:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28afd9cdd9 code=0x7ffc0000 [ 467.356313][ T27] audit: type=1326 audit(1777305411.095:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f28afd9cdd9 code=0x7ffc0000 [ 467.432867][ T27] audit: type=1326 audit(1777305411.095:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f28afd9cb42 code=0x7ffc0000 [ 467.485316][ T27] audit: type=1326 audit(1777305411.095:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f28afd5d60e code=0x7ffc0000 [ 467.522402][ T27] audit: type=1326 audit(1777305411.125:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f28afd9cc07 code=0x7ffc0000 [ 467.552386][ T27] audit: type=1326 audit(1777305411.125:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f28afd5d60e code=0x7ffc0000 [ 467.579155][ T11] kworker/u4:0: attempt to access beyond end of device [ 467.579155][ T11] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 467.594375][ T27] audit: type=1326 audit(1777305411.125:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f28afd5d60e code=0x7ffc0000 [ 467.618857][ T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 467.825024][T11487] loop4: detected capacity change from 0 to 256 [ 467.963780][T11487] FAT-fs (loop4): Directory bread(block 64) failed [ 467.982409][T11487] FAT-fs (loop4): Directory bread(block 65) failed [ 468.004640][T11487] FAT-fs (loop4): Directory bread(block 66) failed [ 468.031067][T11487] FAT-fs (loop4): Directory bread(block 67) failed [ 468.044524][T11487] FAT-fs (loop4): Directory bread(block 68) failed [ 468.053548][T11487] FAT-fs (loop4): Directory bread(block 69) failed [ 468.064351][T11487] FAT-fs (loop4): Directory bread(block 70) failed [ 468.073420][T11487] FAT-fs (loop4): Directory bread(block 71) failed [ 468.084277][T11487] FAT-fs (loop4): Directory bread(block 72) failed [ 468.092547][T11487] FAT-fs (loop4): Directory bread(block 73) failed [ 468.448439][T11499] loop4: detected capacity change from 0 to 1024 [ 468.640543][ T11] hfsplus: b-tree write err: -5, ino 25 [ 468.651543][ T11] hfsplus: b-tree write err: -5, ino 4 [ 468.673726][ T11] hfsplus: b-tree write err: -5, ino 2 [ 469.237473][ T23] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 469.284867][T11518] loop0: detected capacity change from 0 to 1024 [ 469.301815][T11518] EXT4-fs: Ignoring removed bh option [ 469.325607][T11518] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 469.399966][T11518] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 469.447424][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 469.517548][ T23] usb 4-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 469.535149][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.563593][T11518] EXT4-fs error (device loop0): ext4_check_all_de:666: inode #12: block 7: comm syz.0.2119: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 469.599497][T11518] EXT4-fs (loop0): Remounting filesystem read-only [ 469.600241][ T23] usb 4-1: Product: syz [ 469.620740][ T23] usb 4-1: Manufacturer: syz [ 469.625524][ T23] usb 4-1: SerialNumber: syz [ 469.648709][ T23] usb 4-1: config 0 descriptor?? [ 469.663557][ T23] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 469.678071][ T23] dvb-usb: bulk message failed: -22 (4/0) [ 469.694457][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 469.707951][ T23] dvb-usb: bulk message failed: -22 (5/0) [ 469.713850][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 469.726767][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 469.800096][ T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 469.832625][ T23] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 469.867661][ T23] usb 4-1: media controller created [ 469.894012][T11510] ttusb2: i2c wr len=58 too high [ 469.942300][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 469.959194][T11540] vlan2: entered allmulticast mode [ 469.981795][T11540] bond0: entered allmulticast mode [ 469.997552][T11540] bond_slave_0: entered allmulticast mode [ 469.997586][ T23] usb 4-1: selecting invalid altsetting 3 [ 470.003414][T11540] bond_slave_1: entered allmulticast mode [ 470.037791][ T23] ttusb2: set interface to alts=3 failed [ 470.150408][ T23] DVB: Unable to find symbol tda10086_attach() [ 470.164758][ T23] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 470.177532][ T23] dvb-usb: bulk message failed: -22 (4/0) [ 470.183330][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 470.197821][ T23] dvb-usb: bulk message failed: -22 (5/0) [ 470.203695][ T23] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 470.214348][ T23] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 470.257872][ T23] usb 4-1: USB disconnect, device number 19 [ 470.330511][ T23] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 470.569871][T11557] loop0: detected capacity change from 0 to 128 [ 470.623416][T11557] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 470.686008][T11557] ext4 filesystem being mounted at /543/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 470.823452][ T5769] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 470.831915][T11561] loop3: detected capacity change from 0 to 1024 [ 470.840651][T11561] EXT4-fs: Ignoring removed bh option [ 470.894508][T11561] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 470.966038][T11561] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 470.997027][T11561] EXT4-fs error (device loop3): ext4_check_all_de:666: inode #12: block 7: comm syz.3.2136: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 471.039640][T11561] EXT4-fs (loop3): Remounting filesystem read-only [ 471.168704][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.516510][T11584] loop3: detected capacity change from 0 to 256 [ 471.568806][T11584] exfat: Deprecated parameter 'namecase' [ 471.574996][T11584] exfat: Deprecated parameter 'namecase' [ 471.634240][T11584] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 471.658866][ T23] kernel write not supported for file /input/event2 (pid: 23 comm: kworker/1:0) [ 472.266766][T11613] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2159'. [ 472.284705][T11613] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2159'. [ 472.326496][T11609] loop4: detected capacity change from 0 to 4096 [ 472.357035][T11609] ntfs3: Bad value for 'gid' [ 472.377500][ T8] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 472.444067][ T5785] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 472.583618][ T5835] kernel write not supported for file /input/event2 (pid: 5835 comm: kworker/0:5) [ 472.625247][ T8] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 472.658204][ T5783] Bluetooth: hci3: command 0x0c1a tx timeout [ 472.658338][ T8] usb 2-1: config 0 has no interface number 0 [ 472.697557][ T8] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 472.731488][T11625] loop4: detected capacity change from 0 to 1024 [ 472.767421][ T8] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 472.774318][T11625] hfsplus: bad catalog entry type [ 472.776516][ T8] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 472.827488][ T8] usb 2-1: Manufacturer: syz [ 472.832337][ T8] usb 2-1: SerialNumber: syz [ 472.861356][ T8] usb 2-1: config 0 descriptor?? [ 472.900720][ T1095] hfsplus: b-tree write err: -5, ino 25 [ 472.906719][ T1095] hfsplus: b-tree write err: -5, ino 4 [ 472.941357][ T1095] hfsplus: b-tree write err: -5, ino 2 [ 473.543654][ T8] usbtouchscreen: probe of 2-1:0.214 failed with error -71 [ 473.555531][ T8] usb 2-1: USB disconnect, device number 20 [ 474.677952][T11665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2184'. [ 474.688344][T11665] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2184'. [ 475.048120][ T5791] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 475.138641][ T5776] Bluetooth: hci3: command 0x0c1a tx timeout [ 475.239043][T11684] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2194'. [ 475.239481][ T5791] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 475.267345][ T5791] usb 4-1: config 0 has no interface number 0 [ 475.273526][ T5791] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 475.308369][ T5791] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 475.327311][ T5791] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 475.337838][ T5791] usb 4-1: Manufacturer: syz [ 475.342502][ T5791] usb 4-1: SerialNumber: syz [ 475.371743][ T5791] usb 4-1: config 0 descriptor?? [ 475.877746][ T5836] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 476.008370][ T5791] usbtouchscreen: probe of 4-1:0.214 failed with error -71 [ 476.034307][ T5791] usb 4-1: USB disconnect, device number 20 [ 476.062211][T11701] loop4: detected capacity change from 0 to 256 [ 476.093621][ T5836] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 476.112509][T11701] FAT-fs (loop4): Directory bread(block 64) failed [ 476.126704][ T5836] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 476.134278][T11701] FAT-fs (loop4): Directory bread(block 65) failed [ 476.150316][T11701] FAT-fs (loop4): Directory bread(block 66) failed [ 476.157097][T11701] FAT-fs (loop4): Directory bread(block 67) failed [ 476.168463][ T5836] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 476.170331][T11701] FAT-fs (loop4): Directory bread(block 68) failed [ 476.187530][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.200095][T11701] FAT-fs (loop4): Directory bread(block 69) failed [ 476.208416][ T5836] usb 1-1: config 0 descriptor?? [ 476.211724][T11701] FAT-fs (loop4): Directory bread(block 70) failed [ 476.229398][T11701] FAT-fs (loop4): Directory bread(block 71) failed [ 476.237964][T11701] FAT-fs (loop4): Directory bread(block 72) failed [ 476.248924][T11701] FAT-fs (loop4): Directory bread(block 73) failed [ 476.441397][ T5836] usbhid 1-1:0.0: can't add hid device: -71 [ 476.458516][ T5836] usbhid: probe of 1-1:0.0 failed with error -71 [ 476.483992][ T5836] usb 1-1: USB disconnect, device number 17 [ 476.538885][T11705] loop4: detected capacity change from 0 to 16 [ 476.565756][T11705] erofs: (device loop4): mounted with root inode @ nid 36. [ 476.613717][T11705] syz.4.2202: attempt to access beyond end of device [ 476.613717][T11705] loop4: rw=0, sector=36, nr_sectors = 1 limit=16 [ 476.636372][T11705] syz.4.2202: attempt to access beyond end of device [ 476.636372][T11705] loop4: rw=0, sector=131156, nr_sectors = 1 limit=16 [ 476.657007][T11705] syz.4.2202: attempt to access beyond end of device [ 476.657007][T11705] loop4: rw=0, sector=36, nr_sectors = 1 limit=16 [ 476.696103][T11705] syz.4.2202: attempt to access beyond end of device [ 476.696103][T11705] loop4: rw=0, sector=131157, nr_sectors = 1 limit=16 [ 476.722058][T11705] syz.4.2202: attempt to access beyond end of device [ 476.722058][T11705] loop4: rw=0, sector=41, nr_sectors = 1 limit=16 [ 476.743085][T11705] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 476.899176][T11715] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2209'. [ 476.917309][T11715] netlink: 'syz.4.2209': attribute type 4 has an invalid length. [ 477.128130][ T5836] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 477.219825][ T5776] Bluetooth: hci3: command 0x0c1a tx timeout [ 477.296849][T11729] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2216'. [ 477.337642][ T5836] usb 1-1: Using ep0 maxpacket: 16 [ 477.365070][ T5836] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 477.397273][ T5836] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 477.422480][ T5836] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40 [ 477.447296][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.468853][T11731] loop4: detected capacity change from 0 to 256 [ 477.485983][ T5836] usb 1-1: config 0 descriptor?? [ 477.508934][ T5836] pegasus_notetaker 1-1:0.0: packet size is too small (0) [ 477.527177][ T5836] pegasus_notetaker: probe of 1-1:0.0 failed with error -22 [ 477.733790][ T5836] usbhid 1-1:0.0: can't add hid device: -71 [ 477.757667][ T5836] usbhid: probe of 1-1:0.0 failed with error -71 [ 477.788051][ T5836] usb 1-1: USB disconnect, device number 18 [ 477.968264][T11743] mkiss: ax0: crc mode is auto. [ 478.130513][T11745] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2223'. [ 478.533374][T11764] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2230'. [ 478.569586][T11764] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2230'. [ 478.926825][T11770] loop3: detected capacity change from 0 to 8192 [ 478.978962][T11770] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 479.049931][T11770] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 479.098523][T11770] REISERFS (device loop3): using ordered data mode [ 479.157363][T11770] reiserfs: using flush barriers [ 479.182453][T11770] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7 [ 479.228404][T11770] REISERFS (device loop3): checking transaction log (loop3) [ 479.266676][T11770] REISERFS (device loop3): Using r5 hash to sort names [ 479.277769][T11770] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 479.327409][T11770] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 479.514920][T11776] loop4: detected capacity change from 0 to 32768 [ 479.596590][T11776] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 479.840287][T11776] XFS (loop4): Ending clean mount [ 479.876573][T11773] loop0: detected capacity change from 0 to 32768 [ 479.894856][T11773] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9 [ 480.054016][ T9862] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 480.087429][ T5836] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 480.160152][ T6038] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9 [ 480.300963][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.334181][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 480.353204][ T5836] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 480.368083][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.404803][ T5836] usb 4-1: config 0 descriptor?? [ 480.657513][ T5836] usbhid 4-1:0.0: can't add hid device: -71 [ 480.672751][ T5836] usbhid: probe of 4-1:0.0 failed with error -71 [ 480.706042][T11806] loop0: detected capacity change from 0 to 2048 [ 480.706846][ T5836] usb 4-1: USB disconnect, device number 21 [ 480.734345][T11806] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 480.760119][T11806] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 480.908017][ T5818] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 481.097298][ T5818] usb 5-1: Using ep0 maxpacket: 8 [ 481.122818][ T5818] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 481.137515][ T5818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.145574][ T5818] usb 5-1: Product: syz [ 481.167320][ T5818] usb 5-1: Manufacturer: syz [ 481.172067][ T5818] usb 5-1: SerialNumber: syz [ 481.189154][ T5818] usb 5-1: config 0 descriptor?? [ 481.307463][ T5836] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 481.424511][ T5818] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 481.517476][ T5836] usb 4-1: Using ep0 maxpacket: 16 [ 481.539637][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.557259][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 481.577286][ T5836] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40 [ 481.586398][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.610620][ T5836] usb 4-1: config 0 descriptor?? [ 481.628532][ T5836] pegasus_notetaker 4-1:0.0: packet size is too small (0) [ 481.641312][ T5836] pegasus_notetaker: probe of 4-1:0.0 failed with error -22 [ 481.828293][ T5818] usb write operation failed. (-71) [ 481.850520][ T5818] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 481.860601][ T5836] usbhid 4-1:0.0: can't add hid device: -71 [ 481.866875][ T5836] usbhid: probe of 4-1:0.0 failed with error -71 [ 481.870428][ T5818] dvbdev: DVB: registering new adapter (Terratec H7) [ 481.883852][ T5818] usb 5-1: media controller created [ 481.891070][ T5818] usb read operation failed. (-71) [ 481.897793][ T5836] usb 4-1: USB disconnect, device number 22 [ 481.904171][ T5818] usb write operation failed. (-71) [ 481.921180][ T5818] dvb_usb_az6007: probe of 5-1:0.0 failed with error -5 [ 481.942348][ T5818] usb 5-1: USB disconnect, device number 8 [ 482.144195][T11815] ptrace attach of "./syz-executor exec"[5773] was attempted by ""[11815] [ 482.505563][ T5818] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 482.697443][ T5818] usb 2-1: Using ep0 maxpacket: 16 [ 482.705552][ T5818] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.725997][ T5818] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.737176][ T5818] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 482.753706][ T5818] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 482.773429][ T5818] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.786790][T11829] loop0: detected capacity change from 0 to 256 [ 482.819420][ T5818] usb 2-1: config 0 descriptor?? [ 482.890571][T11829] FAT-fs (loop0): Directory bread(block 64) failed [ 482.910477][T11829] FAT-fs (loop0): Directory bread(block 65) failed [ 482.936957][T11829] FAT-fs (loop0): Directory bread(block 66) failed [ 482.957415][T11829] FAT-fs (loop0): Directory bread(block 67) failed [ 482.976627][T11829] FAT-fs (loop0): Directory bread(block 68) failed [ 483.002105][T11829] FAT-fs (loop0): Directory bread(block 69) failed [ 483.019600][T11829] FAT-fs (loop0): Directory bread(block 70) failed [ 483.026688][T11829] FAT-fs (loop0): Directory bread(block 71) failed [ 483.049939][T11829] FAT-fs (loop0): Directory bread(block 72) failed [ 483.056574][T11829] FAT-fs (loop0): Directory bread(block 73) failed [ 483.255186][ T5818] microsoft 0003:045E:07DA.0011: No inputs registered, leaving [ 483.286402][ T5818] microsoft 0003:045E:07DA.0011: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 483.338035][ T5818] microsoft 0003:045E:07DA.0011: no inputs found [ 483.344555][ T5818] microsoft 0003:045E:07DA.0011: could not initialize ff, continuing anyway [ 483.464175][ T5818] usb 2-1: USB disconnect, device number 21 [ 483.474644][T11831] loop4: detected capacity change from 0 to 32768 [ 483.510523][T11831] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9 [ 483.587360][ T5785] I/O error, dev loop4, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 483.975140][T11846] ptrace attach of "./syz-executor exec"[9862] was attempted by ""[11846] [ 484.197515][ T5818] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 484.388253][ T5818] usb 4-1: Using ep0 maxpacket: 8 [ 484.418238][ T5818] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 484.435383][T11862] loop0: detected capacity change from 0 to 1024 [ 484.444184][ T5818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.453493][ T5818] usb 4-1: Product: syz [ 484.458244][ T5818] usb 4-1: Manufacturer: syz [ 484.462998][ T5818] usb 4-1: SerialNumber: syz [ 484.477834][ T5776] Bluetooth: hci3: unexpected event for opcode 0x200d [ 484.487468][ T5818] usb 4-1: config 0 descriptor?? [ 484.705087][ T5818] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 485.107905][ T5818] usb write operation failed. (-71) [ 485.119933][ T5818] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 485.130745][ T5818] dvbdev: DVB: registering new adapter (Terratec H7) [ 485.138176][ T5818] usb 4-1: media controller created [ 485.143699][ T5818] usb read operation failed. (-71) [ 485.152262][ T5818] usb write operation failed. (-71) [ 485.160497][ T5818] dvb_usb_az6007: probe of 4-1:0.0 failed with error -5 [ 485.174961][ T5818] usb 4-1: USB disconnect, device number 23 [ 486.078129][T11881] loop4: detected capacity change from 0 to 512 [ 486.202345][T11881] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 486.220332][T11881] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 486.352070][T11881] EXT4-fs warning (device loop4): ext4_resize_fs:2025: can't read last block, resize aborted [ 486.414456][T11873] loop3: detected capacity change from 0 to 32768 [ 486.433316][T11873] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 486.545603][ T9862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 486.591332][ T6038] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 486.767348][ T5818] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 486.949046][ T5818] usb 2-1: Using ep0 maxpacket: 8 [ 486.969184][ T5818] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 486.979691][ T5818] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.988235][ T5818] usb 2-1: Product: syz [ 486.992441][ T5818] usb 2-1: Manufacturer: syz [ 486.997155][ T5818] usb 2-1: SerialNumber: syz [ 487.004324][ T5818] usb 2-1: config 0 descriptor?? [ 487.220538][ T5818] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 487.623760][ T5818] usb write operation failed. (-71) [ 487.635768][ T5818] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 487.646623][ T5818] dvbdev: DVB: registering new adapter (Terratec H7) [ 487.653636][ T5818] usb 2-1: media controller created [ 487.659568][ T5818] usb read operation failed. (-71) [ 487.665046][ T5818] usb write operation failed. (-71) [ 487.675126][ T5818] dvb_usb_az6007: probe of 2-1:0.0 failed with error -5 [ 487.684602][ T5818] usb 2-1: USB disconnect, device number 22 [ 488.605632][T11907] loop4: detected capacity change from 0 to 8192 [ 488.623442][T11907] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 488.665452][T11907] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 488.694408][T11907] REISERFS (device loop4): using ordered data mode [ 488.707882][T11907] reiserfs: using flush barriers [ 488.716174][T11907] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 488.741771][T11907] REISERFS (device loop4): checking transaction log (loop4) [ 488.821893][T11907] REISERFS (device loop4): Using r5 hash to sort names [ 488.874133][T11907] reiserfs: enabling write barrier flush mode [ 488.892194][T11907] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 488.939360][T11907] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 488.971524][T11907] REISERFS (device loop4): Remounting filesystem read-only [ 488.987340][T11907] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 489.032406][T11907] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 489.056801][T11907] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 489.076208][T11907] REISERFS error (device loop4): zam-7001 reiserfs_find_entry: io error [ 489.085405][T11907] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 489.108216][T11907] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 489.122912][T11907] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 489.138680][T11907] REISERFS warning (device loop4): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 489.216609][ T9862] ------------[ cut here ]------------ [ 489.222653][ T9862] kernel BUG at fs/reiserfs/journal.c:1916! [ 489.234560][ T9862] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 489.240698][ T9862] CPU: 0 PID: 9862 Comm: syz-executor Not tainted syzkaller #0 [ 489.248288][ T9862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 489.258558][ T9862] RIP: 0010:do_journal_release+0x4e6/0x4f0 [ 489.264508][ T9862] Code: b5 ff e9 a8 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 06 fd ff ff 4c 89 ff e8 14 db b5 ff e9 f9 fc ff ff e8 fa a3 5d ff <0f> 0b e8 f3 a3 5d ff 0f 0b 90 66 0f 1f 00 41 57 41 56 53 48 89 f3 [ 489.284414][ T9862] RSP: 0018:ffffc90003497b00 EFLAGS: 00010293 [ 489.290528][ T9862] RAX: ffffffff82297e06 RBX: 1ffff92000692f64 RCX: ffff888019700000 [ 489.298752][ T9862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 489.306760][ T9862] RBP: ffffc90003497bf8 R08: ffffc90003497b77 R09: 0000000000000000 [ 489.315011][ T9862] R10: ffffc90003497b40 R11: fffff52000692f6f R12: ffffc9000d08b000 [ 489.322996][ T9862] R13: dffffc0000000000 R14: ffff88805569a630 R15: 0000000000000000 [ 489.331068][ T9862] FS: 0000555570162500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 489.340113][ T9862] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 489.346813][ T9862] CR2: 000055557017da28 CR3: 000000007d476000 CR4: 00000000003506f0 [ 489.354824][ T9862] Call Trace: [ 489.358137][ T9862] [ 489.361099][ T9862] ? journal_release+0x30/0x30 [ 489.365904][ T9862] journal_release+0x1f/0x30 [ 489.370614][ T9862] reiserfs_put_super+0x26b/0x510 [ 489.375660][ T9862] ? hook_inode_free_security+0xb0/0xb0 [ 489.381220][ T9862] ? evict_inodes+0x63c/0x6a0 [ 489.385911][ T9862] ? reiserfs_dirty_inode+0x270/0x270 [ 489.391388][ T9862] ? fscrypt_destroy_keyring+0x288/0x2a0 [ 489.397269][ T9862] ? reiserfs_dirty_inode+0x270/0x270 [ 489.402661][ T9862] generic_shutdown_super+0x134/0x2b0 [ 489.408045][ T9862] kill_block_super+0x44/0x90 [ 489.412752][ T9862] deactivate_locked_super+0x97/0x100 [ 489.418220][ T9862] cleanup_mnt+0x43b/0x4d0 [ 489.422658][ T9862] task_work_run+0x1d4/0x260 [ 489.427265][ T9862] ? task_work_cancel+0x220/0x220 [ 489.432351][ T9862] ? exit_to_user_mode_loop+0x3b/0x110 [ 489.437856][ T9862] exit_to_user_mode_loop+0xe6/0x110 [ 489.443161][ T9862] exit_to_user_mode_prepare+0xee/0x180 [ 489.448801][ T9862] syscall_exit_to_user_mode+0x1a/0x50 [ 489.454274][ T9862] do_syscall_64+0x61/0xa0 [ 489.458791][ T9862] ? clear_bhb_loop+0x40/0x90 [ 489.463486][ T9862] ? clear_bhb_loop+0x40/0x90 [ 489.468175][ T9862] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 489.474079][ T9862] RIP: 0033:0x7f53ee39e017 [ 489.478504][ T9862] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 489.498209][ T9862] RSP: 002b:00007ffe54f3a938 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 489.506724][ T9862] RAX: 0000000000000000 RBX: 00007f53ee432120 RCX: 00007f53ee39e017 [ 489.514719][ T9862] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe54f3a9f0 [ 489.522773][ T9862] RBP: 00007ffe54f3a9f0 R08: 00007ffe54f3b9f0 R09: 00000000ffffffff [ 489.530758][ T9862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe54f3ba80 [ 489.538872][ T9862] R13: 00007f53ee432120 R14: 00000000000776b9 R15: 00007ffe54f3bac0 [ 489.547119][ T9862] [ 489.550146][ T9862] Modules linked in: [ 489.567048][ T9862] ---[ end trace 0000000000000000 ]--- [ 489.572838][ T9862] RIP: 0010:do_journal_release+0x4e6/0x4f0 [ 489.580537][ T9862] Code: b5 ff e9 a8 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 06 fd ff ff 4c 89 ff e8 14 db b5 ff e9 f9 fc ff ff e8 fa a3 5d ff <0f> 0b e8 f3 a3 5d ff 0f 0b 90 66 0f 1f 00 41 57 41 56 53 48 89 f3 [ 489.600857][ T9862] RSP: 0018:ffffc90003497b00 EFLAGS: 00010293 [ 489.607123][ T9862] RAX: ffffffff82297e06 RBX: 1ffff92000692f64 RCX: ffff888019700000 [ 489.616053][ T9862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 489.625330][ T9862] RBP: ffffc90003497bf8 R08: ffffc90003497b77 R09: 0000000000000000 [ 489.640307][ T9862] R10: ffffc90003497b40 R11: fffff52000692f6f R12: ffffc9000d08b000 [ 489.651860][ T9862] R13: dffffc0000000000 R14: ffff88805569a630 R15: 0000000000000000 [ 489.666888][ T9862] FS: 0000555570162500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 489.677044][ T9862] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 489.684014][ T9862] CR2: 00007f28affea2f8 CR3: 000000007d476000 CR4: 00000000003506f0 [ 489.692724][ T9862] Kernel panic - not syncing: Fatal exception [ 489.699370][ T9862] Kernel Offset: disabled [ 489.703731][ T9862] Rebooting in 86400 seconds..