last executing test programs: 4.290916817s ago: executing program 1 (id=972): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000940), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r0, &(0x7f0000009dc0)={0x0, 0x0, &(0x7f0000009d80)={&(0x7f0000009d00)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008050}, 0x4044000) 4.067463939s ago: executing program 0 (id=975): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x40, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x6, 0x5, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x2400c005}, 0x0) 3.935411625s ago: executing program 1 (id=976): r0 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f00000003c0), 0x4) sendto$inet6(r0, 0x0, 0x0, 0x40000c0, &(0x7f0000000180)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xac}}, 0x9}, 0x1c) 3.822079111s ago: executing program 0 (id=978): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0xa, 0x7, 0x2, 0x4}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.814843271s ago: executing program 1 (id=979): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="6115bf00000000006113100000000000bfa000000000000007000000ee00160e5e03010000000000140500000000000069163a0000000000bf07000000000000360507000fff0720670600001f000000150600000ee6ffc0bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000ec0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000001000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6939fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a34b8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b7543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8f23e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae0000c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910ab193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b884057aeb68f3d675a79907a72ace70902459f6950a06a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68fe6b7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f8ce659e340c714809ec4d060bb1c9cfcde57b79625e2979fe689a5a246cbbd488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546308a0004be94dfab28c2a51dc816df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d044fa492aa38717481455e86dcd7816ad8940bd192595369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d4f17a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9570d730a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b94952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d830e1431ed6d646d13e8e7230300ef0a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c52be71d780c300000000000000000000000002000000000044ff72f96f084f4b6cdcb1b4a9d8e9f9021b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded5027a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b092b70f77f0f428d2000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634009aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3f19f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f9863800f127d6b4518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c104fe52837a19006952fe2724c0105ab158a54a6a73000000000000000000000000b0d135da438cbe303f3ae070def97d6649b5a693ff5c788e5a406e1d06942ed51bff073011f6e6c29d3ea22e5fc26c7fbe37656229a6a12857ae9ed131ccdd513066bc9422ec38a1dc5212986d9bc330a23eb3b200af1a3678c2bfbe4b4ba6e8471495f6e82c5ee425973c590253e875352a3acaee044868f9b80f8fdc9d402007bb4c8df1b69d3d2b364ec9e4ed2f554118684eff1adf5b49b6b29232198e682dfa45dced8b332c404c8f292f36730845dc37dfe7a59e252ddc33ea9072dcd697a700cfac90b487660795f564ddb61fa3e4835f936984200000000000000000008e9f7bc3a00cd72ced7684e264e45398f7087734fcf2023a7a4c880f562f46f14cdc1bf472d74bc0c777b1021ff75de086c08f72a41399d3a3065b2f50a531cc90edbf88370ff50ba1aa6cc59076165a3ab90a3c90527b7c9711cf85bbb0cb0aebc47ab5c65458c40020f2cfb10e5f0a1594ae491e8756446e6873a8b222ae7e58dd7640666e359fc583e17ed6bcb30c0fafbba761e756ca80286d38bb92dd9ba17c1bb628e5b8d52c9a02a67f788ab88dca817cb4886942a279e06f45c8c936f5c46e1a008097471ca0ee26bcfabf7adb9c90a10539d960dec5c84464f6bc68318e7e899acf20ea41b071132d7a5945e941334855ce6149deaae1b5b83045e83bfc208079e6e58ebb4176b126c743111c5a712f465a3007d665ac21c43a544947c9d13e5206a21025f6acd47c2d333e648dcbf2e4989a1d4a176fe8f7a8cf0aeaf9736118b036639cb35810ea88213ff2a0842d420d418d026a101222a4ebd18fc89f04b5a9056ca6c00308936679474fa83bdf6eac126c9be33c551bccd42d8000736ed9a64ff7cb87d44c9bcf821c96dcd34aadfcc42fabd5976cedc9a4eef24764168056d0645c7aa007d69df4fa8de1224a56f0799ad59ee5c84418a1faae590b6c896cdd808376b6b51b217fcad5fbd7e3208d009e37484378df3ee5969f817d715d60fdd02c04e3fdd62a29285ac92f6836cbeb4d04d84c396150b2e17828d924013978173c48635e0b1ad4a0c5956717629794b39cf18d599e723d3c24689a5fea6cc1f59d1ba1fccfba88e02f9907"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x18000000000002a0, 0x7ee, 0x7ee, &(0x7f0000000e80)="b9e403c6631e39495aa05dc7cf1c", 0x0, 0x7ab, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 3.702330426s ago: executing program 1 (id=981): syz_usb_connect(0x5, 0x27, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000b75c7f40470501026411010203010902120001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f00000002c0)=[{0xee, 0x9010, 0x1, &(0x7f00000000c0)="d5"}, {0x640c, 0x10, 0x0, 0x0}], 0x2}) 3.639802139s ago: executing program 0 (id=983): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000080)={0x80, 0x100006, 0xed34, 0x400ff7, 0xb4, "20cde7b23a5cf0b4a5a300000400", 0x1e, 0xdb25}) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000)) 3.42548449s ago: executing program 0 (id=987): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002dc0)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_RANGE_TO_DATA={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, 'k'}]}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, ']'}]}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) 3.347172304s ago: executing program 4 (id=988): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_QUEUE_FLAGS={0x6, 0x3, 0x1, 0x0, 0x24}]}}}]}]}], {0x14}}, 0x7c}}, 0x0) 3.213692011s ago: executing program 4 (id=992): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x2, 0xf04, &(0x7f0000000f40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfXQRkpc2X5vvX72sOuxPbv2/n7St2/fvNn5vslazsx49m0AhlZj5fHkydkihHc/fefRl58qfru87K72GkdWHovYa4UQmh39Itve53HBtSsvndmsLcLxlcfUD49dbr92MoSwGI6Ez0IrfDS/8OWH7z1y9OPXJ2556+Izr+zS7rfl+wEAAPvRpT8v/P2+f/7pgZmrlw6fDuPt5en4vBX7k/G4/1g8UE7Hy42wvl90RKexbL2RGI1svZFsvdEsz2hJvma2nWbJemNd8o10LNtsPwEAAGAvSue1rVA05tb1G425udXz/mWfT48Vc8+dXzh3oU+FAgAAAJX959WVm26FEEIIIUSt0RyAGoQQQgxTLE33+woEAAAAMGzy+cI2WNzZmbraW2v1lv/yw43NXw87oO6ff/n3Vv4PXvMbBwCA6vbr0WTar3QcneYxyOcRHMlet9Xj/0a2ndEt1lk2r+C65cXgvk1l9ef/roOqrP6tvo/9UlZ/Ph/moCqrP5+nc1CV1T9ecx1VldU/UXMdVZXVf6DmOqoqq/9gzXVUVVb/ZM11VFVW/1TNdVRVVv8NNddRVVn9h2quo6qy+vfKbbVl9bdqrqOqsvpnaq6jqrL6b6y5jqrK6r+p5jqqKqv/5prr6Jc7Y5v+HQ5n453nz/k53V45xwMAAIBh9z/z/wkhhBAbYuU+iAGoQ4j9HcUA1CC+Ktp/7xuAWoQQ249X+3r1AQAAABgE6XMB6QPoS1EaH+kyPho/S7QyPrG2Qhpvdnn9WJfx8S7jAAAAQAi/e+PcbW8Xa5/z3+58eB3zRl0PFeYxyie622r+7c57tt38e2XeMgAAAIZL8b3Prt//6PsvzFy9dPh0x9nv9Xi+m+YBHY3XBj6J/XRfwFTWL9I59On1eRol6+XXB24o297j29xRAAAAGGLp/L0VisZcx3l3KzQac3Nr5+OzoVmcO79w9ljsp+9n+eN0c3x5+UM11w0AAAD0bu18f/Pz//Q9vrNhrJh77vzCuQur/an28maj87rA9NryovO6QCtbfrxk+YnYT9/f+YPpAyvL5878cOGpnd55AAAAGBIXXrz4zJMLC2d/5IknnnjSftLv30wAAMBO++KLd5o/PjH1+9XP/6/Nf5c+/38k9ltxbr+/xBXSfQLpcwAbPq//xPo802XrPb9+vVa23kiM8azuiY7tLDuQvW6mLF9r/XbGSvJNZvmmsnz5PAWj2fop36FseT4/YVpvOluez8M4muUosvx3BwAAACg3/8Kzz89fePHig+efffLps0+ffe7E8VPfPXXq2EPfeWh+5b7++c67+wEAAIC9aO2m335XAgAAAAAAAAAAAAAAAAAAAMOrjq8T6/c+AgAAwLD796shhEUhhKgcS+P9r0EIIYQQQog9Eyvf7V5/3ka/rz8AAAAAw+falZfOhDARQlhuN7FY7Gi+9tZaq831K6t5Uzv14N9mliOtdvnhkXWvP7ij1TDsrsWfu9RusMM///LvrfwfvLaz+SfSk55//2WXjE9Xy3vv/C9nO/PfPtpj/nz/H6+W/2iW/97QW/6l97P8T1TLf1+W/2CP+Tfs//PV8t8f88/G/tF7es2//v0fj23ajwM95v92tv9PhV7zZ/vf6jFh5oGYHwCG0X69ASAdJaTj6MnYT/sbDzfDSPa6rR7/N7LtjG678vXbTcdBt8Z+Ol6ayvImW61/MtveDRXrzOV1Daqy+nfqfdxtZfU3a66jqrL6x2quo6qy+sdrrqOqsvonaq6jqrL6ez0P7bey+vfKdeWy+idrrqOqsvqnaq6jqrL6t/r/eL+U1X+o5jqqKqt/uuY6qiqrv+JltdqV1T9Tcx1VldV/Y811VFVW/00111FVWf0311xHv9wR27Lz4XT+OR3HUr+V9cc3+bfcr9cWAAAAYK/519DO/xevdPS9DiGEEELs1ZgY9GOJZFe2P7rL2xd1x3+XVvW7DiHE7sXSUt1XHBgku/tpZgAGld//w837P9y8/8PN+89XSffwF1k/GekyPtplvNllfCwbz39ex7uM35Rtdyld14xu7jL+tS7jh7qM39plfLbL+G1dxm/vMn5Hl3EAAACGwy2xdX4IAAAA+9fLv/rkzd/c+8SVmauXDp8OYxvmnT8W++Pxb+tvxH4+733SjH/z/0ns/yK2f4jtP7L13X8CAAAAuy99T4y//wMAAMD+lb6n1Pk/AAAA7F8zsXX+DwAAAPvXjbF1/g8AAAD7WDGx+eLYpusCd8e213n9AIDB9/XY3hnbw7G9K7bfiG06Drgntt+sqT4AYOf8/Ps/PfV2sTbf/4ls/FpcntoNFlevFBSN9TP5H4jtwdh+q8d68u8D6DV/cqjHPLuVf3qb+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/aOx8njy5GwRwrufvvPoz8be/OvysrvaaxxZeSxirxVCaLZfl0bX+r+OK1678tKZzvZ6bItwPBShaC8Pj11uZ5oMISyGI+Gz0AofzS98+eF7jxz9+PWJW966+Mwru/hPsG7/AAAAYD/6fwAAAP//ScMebw==") rename(&(0x7f0000001980)='./file1\x00', &(0x7f00000001c0)='./file0/file1\x00') open(&(0x7f0000000580)='./file1\x00', 0x80042, 0x43) 3.209311821s ago: executing program 0 (id=993): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) ioctl$TCSETS(r0, 0x804c4700, 0x0) 2.485589077s ago: executing program 0 (id=998): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010100ffd9f810f80600b0f97d0102030109021b0401000000020904000001ff615a000905880b"], 0x0) 2.244476989s ago: executing program 4 (id=999): setrlimit(0x2, &(0x7f00000000c0)={0x0, 0x2400000}) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffb000/0x3000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) 1.61525325s ago: executing program 1 (id=1000): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x181, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, 0x0) 1.583513892s ago: executing program 2 (id=1001): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)={0x64, r0, 0x1, 0x0, 0x0, {0x39}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0x64}}, 0x0) 1.482461147s ago: executing program 1 (id=1002): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x2) 1.310478425s ago: executing program 2 (id=1003): sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0xb4, 0x0, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x278e73ee}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_SOCK={0x64, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffff}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffc0000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3ff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000080}, 0x8801) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000200025a729bc7000fdb5df250a000007ff00000103000100080006000000000008000d"], 0x34}, 0x1, 0x0, 0x0, 0x48891}, 0x0) 1.236476839s ago: executing program 2 (id=1005): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x2, {0x0, 0x0, 0x0, r1, {0x0, 0xfff8}, {0xffff, 0xffff}, {0x16, 0xa}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000020000000008f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0xd, 0x81, 0x16, 0x2, 0x12, 0x5}}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) 1.188355121s ago: executing program 4 (id=1006): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000240)='./bus\x00', 0x1800840, &(0x7f0000000c40)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c756e695f786c6174653d312c696f636861727365743d63703835372c726f6469722c696f636861727365743d63703933322c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e39352c757466383d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c00829149d77f4d7e312a88a1023a30524995ddf5c5954c4a9f053f27e212945cae1b573213dfe996f36084859a2dc8fc770b6fa27a675a33e783b301ce955d75e31c5d3e99467b97e47370f610db5fe8466d4b7944d78bb523dc57db0e2887b66cdee1d764a7044d6dcbecf533cca1"], 0x1, 0x368, &(0x7f00000008c0)="$eJzs3U1oXFUUAOAzefkttMlCKArC052goT+40FVKSaGYjcpQdSEONlXJxEIGB9NFp3EjLgWXunIjLnThomsRFHGn4NYKUhUX2l3B4pWZefM/maaFtAa/bzGcnnvPu/fOvGZeXjI3r6zExvmZuHDjxvWYny/F9MrplbhZiqXIouNKjJodkwMADoabKcVfqW2PJaV9nhIAsM9a7/+vHe7LvPP1pP7Juz8AHHjF9/8Lk/rM79ZwcV+mBADss5H7/48ONM8O/qh/uu+3AgCAg+r5F1965tRaxHN5Ph+x+W69XC/H0732UxfijajGehyLxbgV0b5QaD6UWo9nzq6tHsvzvBG/LkW5WVEvR2w26uX2lcKprFU/F8djMZaK+uJqI6WUnflibfV43hIRVxqt8WOzVC/PxKFi/J8OxXqciDweGKmPOLu2eiIvDlDe7NQ3InZ69y2a81+Oxfj+1bgY1Ti/cC5S6lzWrK1ePp7np9PaQH29PBfnu8/CrndAAAAAAAAAAAAAAAAAAAAAAADgriznXUvd/W9Sb/+e5eUx7a39cdr1xf5AO+39gdJcipT+fPuJ8ntZDOwPNLw/T708HVP3d+kAAAAAAAAAAAAAAAAAAADwn1Hbno1Ktbq+Vdu+tNEfNLZq21MR0cy8+e1nXy3EaJ/bBNPFGH1NeZG6tFFJWadzygb6FEHWHLyT+fRqd8b9fea6qxg7jbndm6rVw4/88mE388PDWefI//T6ZDF+gdnQNPqDzSPtKd3JE3XpZBGcuE3naymloaZSZ6zLL49WRSli+s5fuMlBagbfXH/9wZO1o0+2Ml+mtsceXzx37YOPf9+oVJsjN1U/md2q3UobleLf40+23YOs7/wpRW/J3TNhelL5zmCmkv34xwsPvf/d3kZP/Zm3xvTJ2sv5fKu2XSr+p7SaZttBMzdUtVA9m0UMHWdm6OSfmjSxmLrbF+7oRyuVq5d//m2vVX1fJGzUAQAAAAAAAAAAAAAAAAAA90TfZ8ULxYd9ZyZVPfXs/s8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6d3t//7wt2RjJ7Cf5uxGjT3PpWLeLI/V4mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8GAAD//9sCaPI=") utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={{0x77359400}, {0x0, 0x3fffffff}}, 0x0) 1.056702287s ago: executing program 2 (id=1007): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6, 0x0, 0x0, 0x4}]}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 923.825894ms ago: executing program 3 (id=1008): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000711821000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 840.448589ms ago: executing program 2 (id=1009): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000004, &(0x7f0000000c00)={[{@block_validity}, {@minixdf}, {@noblock_validity}, {@lazytime}, {@noauto_da_alloc}, {@block_validity}, {@init_itable_val={'init_itable', 0x3d, 0xb}}, {@debug}, {@usrjquota}, {@nolazytime}, {@norecovery}]}, 0xfe, 0x48a, &(0x7f00000015c0)="$eJzs3M1vFOUfAPDv7G5fgB+/VsQXEKSKRqKxpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzszZVt2y5ZuO8H9fJJpn2fm2XnmOzPP7DPz7G4APWsk/ZNE/C8ifouIoSy7ssBI9u/WjctTf924PJVEvf7mn0mj3M0bl6eKosXrdmSZej3PD7So98o7EZNzczMX8vzY4rn3xxYuXnp+9tzkmZkzM+cnTpw4emR///GJY12JM43r5t6P5vftOfn21denTl1998ekFlncsSqObhnJ9m5LT3e7spLtbEo3duyyAz/fTrc6EyhTNSLSw9XXaP9DUY1ty8uG4tVPS904YFPV6/X6GlflpTrwH5ZE2VsAlCO/BWjc/xbTFnY/Snf9pewGKI37Vj5lS2pRyRIH+lbd33bTSEScWvr7y3SKTXoOAQDQ7Nu0/zOYpVf2/yrxcJboT//8Px9DGY6IByJiV0Q8GBG7I+KhiEbZRyLi0XXWv3qE5M7+T+XavUXWmbT/92I+trWy/1cpigxX89zORvx9yenZuZnD+T45FH0Dp2eTmfE16vjulV8/b7esuf+XTmn9RV8w345rtYHBFa+Znlyc3FDQTa5/ErG31ir+JIphnCQi9kTE3nusY/bZWttld49/De1X27H6VxHPZMd/KVbFX0jajk+Ov3B84tjYYMzNHB4rzoo7/fTLlTfa1b+h+LsgPf7bW57/y/EPJ4MRCxcvnW2M1y6sv44rv3/W9p6ms/N/OXNyZ37+9ydvNWb05ws+nFxcvDAe0Z+8duf8idtrK/JF+TT+Qwdbt/9djVGxbE88FhH7ImJ/RDye3hTm2/5ERDwZEQfXiP+Hl596b/3xb81YaRr/9N2OfzQf//Unqme//+bu8afXuHbH/2gjdSif08n1r9MN3Mi+AwAAgPtFpfEZ+KQymtTydKUyOpp9hn93bK/MzS8sPnd6/oPz09ln5Yejr1I86Rpqeh46nj8bLvITq/JH8ufGX1S3NfKjU/Nz02UHDz1uR9H+l68FWftP/VEte+uATdeFcTTgPqX9Q+/S/qE3Jdo/9DTtH3pXq/b/cdvSo19v6sYAW8r7P/SuDtr/Uvavfa8AuD95/4fepf1DT2r73fjKhr7yv+WJf/LfM9y6SgfKDrnzRDU2Yc1RKT2utRPF21p3VtgXEeWEU+v4xyzWkagPZTsnnTPQskyplyUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+TcAAP//4tDcZA==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x20, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) 662.828917ms ago: executing program 3 (id=1010): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @none, 0x4, 0x2}, 0xe) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000001c0), 0x2) 554.937373ms ago: executing program 4 (id=1011): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) 466.220117ms ago: executing program 3 (id=1012): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x40}}, 0x0) 318.306694ms ago: executing program 4 (id=1013): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) 294.013585ms ago: executing program 3 (id=1014): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000200)=0x7) 204.92118ms ago: executing program 3 (id=1015): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x17, {0xc, 0x1c000, @l2={'eth', 0x3a, 'geneve1\x00'}}}}}, 0x34}, 0x1, 0x0, 0x0, 0x24044085}, 0x480d4) 121.316984ms ago: executing program 2 (id=1016): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x70bd2b, 0x2, {0x7, r1}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x2, 0x2, {@ip4=@loopback}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x22004804}, 0x40080c0) 0s ago: executing program 3 (id=1017): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000780)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r1], 0x1}) kernel console output (not intermixed with test programs): : ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.469341][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.480137][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.490344][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.502108][ T4231] Bluetooth: hci3: command 0x040f tx timeout [ 63.507105][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.508522][ T4231] Bluetooth: hci2: command 0x040f tx timeout [ 63.518201][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.530126][ T4231] Bluetooth: hci1: command 0x040f tx timeout [ 63.536323][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.541280][ T4231] Bluetooth: hci0: command 0x040f tx timeout [ 63.552382][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.575135][ T4231] Bluetooth: hci4: command 0x040f tx timeout [ 63.581265][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.590954][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.603193][ T4189] device veth1_vlan entered promiscuous mode [ 63.621560][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.635630][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.647479][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.657950][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.668058][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.679284][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.690261][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.722626][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.731178][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.740188][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.749546][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.777706][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.790531][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.795583][ T4189] device veth0_macvtap entered promiscuous mode [ 63.808345][ T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.810362][ T4195] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.816975][ T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.837678][ T4195] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.846909][ T4195] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.856106][ T4195] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.867427][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.875796][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.885846][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.894964][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.907763][ T156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.918672][ T156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.930783][ T4189] device veth1_macvtap entered promiscuous mode [ 63.941296][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.952747][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.960934][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.991208][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.004156][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.017794][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.029421][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.039571][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.051371][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.062725][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.075220][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.088108][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.110393][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.119654][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.152793][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.165797][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.179094][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.192949][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.220986][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.258786][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.289206][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.308101][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.319311][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.337813][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.351262][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.359616][ T4265] loop2: detected capacity change from 0 to 4096 [ 64.367516][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.379325][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.388622][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.410765][ T4265] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 64.437666][ T4189] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.464177][ T4189] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.489341][ T4189] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.498872][ T4189] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.654841][ T4238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.673321][ T4238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.700342][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.724926][ T4238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.777346][ T4238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.795870][ T4264] loop3: detected capacity change from 0 to 32768 [ 64.837561][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.843627][ T4264] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.4 (4264) [ 64.920366][ T4264] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 64.939680][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.968341][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.985883][ T4264] BTRFS info (device loop3): setting nodatacow, compression disabled [ 65.015352][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.041846][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.063562][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.073231][ T4264] BTRFS info (device loop3): setting datasum, datacow enabled [ 65.080772][ T4264] BTRFS info (device loop3): force clearing of disk cache [ 65.086119][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.158698][ T4264] BTRFS info (device loop3): enabling ssd optimizations [ 65.202735][ T4264] BTRFS info (device loop3): using spread ssd allocation scheme [ 65.233078][ T4264] BTRFS info (device loop3): turning on sync discard [ 65.239840][ T4264] BTRFS info (device loop3): enabling disk space caching [ 65.302015][ T4264] BTRFS info (device loop3): enabling auto defrag [ 65.335020][ T4264] BTRFS info (device loop3): turning off barriers [ 65.355163][ T4264] BTRFS info (device loop3): not using ssd optimizations [ 65.377283][ T4287] loop4: detected capacity change from 0 to 256 [ 65.378256][ T4264] BTRFS info (device loop3): not using spread ssd allocation scheme [ 65.456440][ T4264] BTRFS info (device loop3): disk space caching is enabled [ 65.503387][ T4290] loop0: detected capacity change from 0 to 128 [ 65.509797][ T4264] BTRFS info (device loop3): has skinny extents [ 65.575022][ T7] Bluetooth: hci0: command 0x0419 tx timeout [ 65.602120][ T7] Bluetooth: hci1: command 0x0419 tx timeout [ 65.618597][ T7] Bluetooth: hci2: command 0x0419 tx timeout [ 65.635020][ T7] Bluetooth: hci3: command 0x0419 tx timeout [ 65.646340][ T4231] Bluetooth: hci4: command 0x0419 tx timeout [ 65.957178][ T4264] BTRFS info (device loop3): clearing free space tree [ 65.968396][ T4264] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.980685][ T4264] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.991774][ T4322] capability: warning: `syz.1.18' uses deprecated v2 capabilities in a way that may be insecure [ 66.312904][ T4276] loop2: detected capacity change from 0 to 32768 [ 66.416815][ T4325] loop1: detected capacity change from 0 to 32768 [ 66.435423][ T26] audit: type=1800 audit(1774066781.438:2): pid=4264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 66.471704][ T4325] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 66.480167][ T4325] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 66.509588][ T4325] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 66.509588][ T4325] bh = 19 (type: exp=5, found=4) [ 66.509588][ T4325] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493 [ 66.530543][ T4325] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 66.538223][ T4325] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 66.547179][ T4325] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 66.554725][ T4325] gfs2: fsid=syz:syz.0: File system withdrawn [ 66.560830][ T4325] CPU: 0 PID: 4325 Comm: syz.1.20 Not tainted syzkaller #0 [ 66.568058][ T4325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 66.573654][ T4264] BTRFS info (device loop3): balance: start -sconvert=dup,soft,usage=8,limit=2 [ 66.578223][ T4325] Call Trace: [ 66.578252][ T4325] [ 66.578261][ T4325] dump_stack_lvl+0x188/0x250 [ 66.578288][ T4325] ? kobject_uevent_env+0x371/0x890 [ 66.578313][ T4325] ? show_regs_print_info+0x20/0x20 [ 66.578337][ T4325] ? load_image+0x400/0x400 [ 66.613564][ T4325] ? kobject_uevent_env+0x371/0x890 [ 66.618820][ T4325] gfs2_withdraw+0x1149/0x1490 [ 66.623655][ T4325] ? gfs2_lm+0x240/0x240 [ 66.627928][ T4325] ? gfs2_meta_read+0x7de/0xa60 [ 66.632916][ T4325] ? gfs2_meta_read+0x7de/0xa60 [ 66.637795][ T4325] ? gfs2_meta_new+0x160/0x160 [ 66.642692][ T4325] gfs2_metatype_check_ii+0x74/0x90 [ 66.647936][ T4325] gfs2_meta_buffer+0x262/0x310 [ 66.652838][ T4325] __fillup_metapath+0x14d/0x340 [ 66.657823][ T4325] __gfs2_iomap_get+0x709/0x1400 [ 66.662927][ T4325] ? gfs2_alloc_extent+0x580/0x580 [ 66.668073][ T4325] ? rcu_is_watching+0x11/0xa0 [ 66.672882][ T4325] gfs2_block_map+0x2a0/0x740 [ 66.677612][ T4325] ? gfs2_iomap_end+0x7a0/0x7a0 [ 66.682500][ T4325] ? mark_lock+0x94/0x320 [ 66.686875][ T4325] ? verify_lock_unused+0x140/0x140 [ 66.692122][ T4325] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 66.698388][ T4325] ? lockdep_hardirqs_on+0x94/0x140 [ 66.703730][ T4325] gfs2_write_alloc_required+0x3ae/0x680 [ 66.708995][ T4276] XFS (loop2): Mounting V5 Filesystem [ 66.709400][ T4325] ? gfs2_map_journal_extents+0xb10/0xb10 [ 66.709449][ T4325] ? _raw_spin_unlock+0x24/0x40 [ 66.725674][ T4325] ? gfs2_glock_nq+0xcb0/0x1550 [ 66.730600][ T4325] gfs2_jdesc_check+0x1c3/0x290 [ 66.736289][ T4325] init_journal+0xd02/0x22f0 [ 66.740943][ T4325] ? end_bio_io_page+0x100/0x100 [ 66.746080][ T4325] ? vsnprintf+0x1b21/0x1c20 [ 66.750732][ T4325] ? snprintf+0xe5/0x140 [ 66.755022][ T4325] ? init_journal+0x74d/0x22f0 [ 66.759824][ T4325] ? vscnprintf+0x80/0x80 [ 66.764181][ T4325] ? gfs2_glock_nq_num+0x17a/0x1b0 [ 66.769339][ T4325] init_inodes+0xdb/0x320 [ 66.773796][ T4325] gfs2_fill_super+0x16b2/0x1f00 [ 66.778794][ T4325] ? gfs2_reconfigure+0xd30/0xd30 [ 66.783858][ T4325] ? gfs2_glock_nq_num+0x82/0x1b0 [ 66.788942][ T4325] ? sb_set_blocksize+0xa5/0xe0 [ 66.794030][ T4325] get_tree_bdev+0x3f1/0x610 [ 66.798785][ T4325] ? gfs2_reconfigure+0xd30/0xd30 [ 66.804057][ T4325] gfs2_get_tree+0x4d/0x1e0 [ 66.808606][ T4325] vfs_get_tree+0x88/0x270 [ 66.813062][ T4325] do_new_mount+0x24a/0xa40 [ 66.817759][ T4325] __se_sys_mount+0x2e3/0x3d0 [ 66.822499][ T4325] ? __x64_sys_mount+0xc0/0xc0 [ 66.827308][ T4325] ? lockdep_hardirqs_on+0x94/0x140 [ 66.832741][ T4325] ? __x64_sys_mount+0x1c/0xc0 [ 66.837556][ T4325] do_syscall_64+0x4c/0xa0 [ 66.842016][ T4325] ? clear_bhb_loop+0x30/0x80 [ 66.846737][ T4325] ? clear_bhb_loop+0x30/0x80 [ 66.851546][ T4325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.857496][ T4325] RIP: 0033:0x7ff6a0e91a0a [ 66.861955][ T4325] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 66.881801][ T4325] RSP: 002b:00007ff69f0e9e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 66.890316][ T4325] RAX: ffffffffffffffda RBX: 00007ff69f0e9ee0 RCX: 00007ff6a0e91a0a [ 66.898326][ T4325] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007ff69f0e9ea0 [ 66.906335][ T4325] RBP: 0000200000000400 R08: 00007ff69f0e9ee0 R09: 0000000000210401 [ 66.914341][ T4325] R10: 0000000000210401 R11: 0000000000000246 R12: 0000200000012500 [ 66.922351][ T4325] R13: 00007ff69f0e9ea0 R14: 000000000001263f R15: 0000200000000000 [ 66.928812][ T4264] BTRFS info (device loop3): left=0, need=98304, flags=34 [ 66.930369][ T4325] [ 66.932823][ T4325] gfs2: fsid=syz:syz.0: my journal (0) is bad: -5 [ 66.979446][ T4264] BTRFS info (device loop3): space_info 2 has 0 free, is not full [ 66.987695][ T4264] BTRFS info (device loop3): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 67.001430][ T4264] BTRFS info (device loop3): global_block_rsv: size 851968 reserved 851968 [ 67.010628][ T4264] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0 [ 67.018350][ T4264] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0 [ 67.026177][ T4264] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0 [ 67.028181][ T4276] XFS (loop2): Starting recovery (logdev: internal) [ 67.034070][ T4264] BTRFS info (device loop3): delayed_refs_rsv: size 0 reserved 0 [ 67.043228][ T4264] BTRFS info (device loop3): relocating block group 1048576 flags system [ 67.238435][ T4276] XFS (loop2): Ending recovery (logdev: internal) [ 67.260181][ T4264] BTRFS info (device loop3): balance: ended with status: 0 [ 67.673744][ T26] audit: type=1800 audit(1774066782.678:3): pid=4276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6" name="file2" dev="loop2" ino=7431 res=0 errno=0 [ 67.818624][ T4199] XFS (loop2): Unmounting Filesystem [ 68.211457][ T4385] loop3: detected capacity change from 0 to 128 [ 68.324947][ T4385] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,barrier=0x0000000000000001,,errors=continue. Quota mode: none. [ 68.351628][ T4385] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.388714][ T4385] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:406: inode #2: comm syz.3.37: No space for directory leaf checksum. Please run e2fsck -D. [ 68.452924][ T4385] EXT4-fs error (device loop3): htree_dirblock_to_tree:1083: inode #2: comm syz.3.37: Directory block failed checksum [ 68.509022][ T4401] genirq: Flags mismatch irq 4. 00000000 (pcl816) vs. 00000000 (ttyS0) [ 68.585788][ T4405] netlink: 8 bytes leftover after parsing attributes in process `syz.1.45'. [ 68.598063][ T4404] device vlan3 entered promiscuous mode [ 68.607554][ T4404] device bridge0 entered promiscuous mode [ 68.631825][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): vlan3: link becomes ready [ 68.763347][ T13] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 68.866214][ T4407] loop1: detected capacity change from 0 to 4096 [ 68.929645][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan3: link becomes ready [ 69.042982][ T13] usb 3-1: Using ep0 maxpacket: 16 [ 69.073036][ T4419] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 69.177018][ T4407] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 69.187607][ T13] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.218394][ T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 69.239108][ T4407] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=12) [ 69.247629][ T13] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 69.281525][ T4426] netlink: 'syz.4.53': attribute type 4 has an invalid length. [ 69.307776][ T4407] Remounting filesystem read-only [ 69.323840][ T4426] netlink: 28 bytes leftover after parsing attributes in process `syz.4.53'. [ 69.372654][ T4407] NILFS (loop1): error -5 truncating bmap (ino=12) [ 69.473144][ T13] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 69.503310][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.517881][ T4434] sp0: Synchronizing with TNC [ 69.529899][ T13] usb 3-1: Product: syz [ 69.542644][ T13] usb 3-1: Manufacturer: syz [ 69.549611][ T13] usb 3-1: SerialNumber: syz [ 69.560567][ T13] usb 3-1: config 0 descriptor?? [ 69.578218][ T4195] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 69.607741][ T13] mcba_usb 3-1:0.0: Can't find endpoints [ 69.898789][ T4364] usb 3-1: USB disconnect, device number 2 [ 69.906157][ T4451] loop3: detected capacity change from 0 to 512 [ 69.951764][ T4451] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 69.987455][ T4455] device bridge1 entered promiscuous mode [ 70.002624][ T4451] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 70.047087][ T4455] team0: Port device bridge1 added [ 70.084917][ T4451] EXT4-fs (loop3): 1 truncate cleaned up [ 70.090711][ T4451] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 70.196021][ T4451] EXT4-fs error (device loop3): ext4_get_parent:1910: comm syz.3.65: inode #2: comm syz.3.65: iget: illegal inode # [ 70.382927][ T4450] loop0: detected capacity change from 0 to 32768 [ 70.455878][ T4450] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.64 (4450) [ 70.536266][ T4450] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 70.569502][ T4450] BTRFS info (device loop0): enabling disk space caching [ 70.602810][ T4450] BTRFS info (device loop0): enabling ssd optimizations [ 70.642813][ T4450] BTRFS info (device loop0): force clearing of disk cache [ 70.650005][ T4450] BTRFS info (device loop0): turning off barriers [ 70.717404][ T4450] BTRFS info (device loop0): setting nodatacow, compression disabled [ 70.757028][ T4450] BTRFS info (device loop0): using spread ssd allocation scheme [ 70.793477][ T4450] BTRFS info (device loop0): disk space caching is enabled [ 70.800754][ T4450] BTRFS info (device loop0): has skinny extents [ 71.138885][ T4450] BTRFS info (device loop0): clearing free space tree [ 71.172306][ T4512] loop2: detected capacity change from 0 to 256 [ 71.178845][ T4450] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.206685][ T4450] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 71.321663][ T4512] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 71.374659][ T26] audit: type=1800 audit(1774066786.378:4): pid=4450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.64" name="file3" dev="loop0" ino=261 res=0 errno=0 [ 71.447302][ T4521] use of bytesused == 0 is deprecated and will be removed in the future, [ 71.469634][ T4521] use the actual size instead. [ 71.507981][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.516576][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.584438][ T4476] loop4: detected capacity change from 0 to 40427 [ 71.723322][ T4526] netlink: 12 bytes leftover after parsing attributes in process `syz.3.90'. [ 71.775736][ T4476] F2FS-fs (loop4): invalid crc value [ 71.881664][ T4476] F2FS-fs (loop4): Found nat_bits in checkpoint [ 72.149984][ T4476] F2FS-fs (loop4): Start checkpoint disabled! [ 72.150000][ T4539] Invalid ELF header magic: != ELF [ 72.311864][ T4476] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 72.379384][ T4557] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 72.566480][ T4562] loop3: detected capacity change from 0 to 4096 [ 72.615179][ T4567] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 72.623249][ T4562] ======================================================= [ 72.623249][ T4562] WARNING: The mand mount option has been deprecated and [ 72.623249][ T4562] and is ignored by this kernel. Remove the mand [ 72.623249][ T4562] option from the mount to silence this warning. [ 72.623249][ T4562] ======================================================= [ 72.684125][ T4364] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 72.732013][ T4571] loop2: detected capacity change from 0 to 1024 [ 72.743670][ T4562] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 72.932785][ T4364] usb 2-1: Using ep0 maxpacket: 32 [ 72.967254][ T4570] Process accounting resumed [ 72.981072][ T4573] loop0: detected capacity change from 0 to 1024 [ 73.009992][ T4562] ntfs3: loop3: ino=5, "/" directory corrupted [ 73.029367][ T4562] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 73.047374][ T4562] ntfs3: loop3: ino=5, "/" directory corrupted [ 73.054484][ T144] hfsplus: b-tree write err: -5, ino 25 [ 73.059403][ T4364] usb 2-1: config index 0 descriptor too short (expected 6701, got 45) [ 73.069696][ T144] hfsplus: b-tree write err: -5, ino 4 [ 73.092661][ T4364] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.106439][ T144] hfsplus: b-tree write err: -5, ino 2 [ 73.112257][ T144] hfsplus: b-tree write err: -5, ino 20 [ 73.147608][ T4364] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 73.189631][ T4573] process 'syz.0.106' launched './file2' with NULL argv: empty string added [ 73.192667][ T4364] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 73.235492][ T4364] usb 2-1: config 0 interface 0 has no altsetting 0 [ 73.266850][ T4364] usb 2-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.9d [ 73.296471][ T4364] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.354480][ T4364] usb 2-1: config 0 descriptor?? [ 73.866874][ T4364] logitech 0003:046D:CA03.0001: unknown main item tag 0x0 [ 73.904841][ T4364] logitech 0003:046D:CA03.0001: unknown main item tag 0x0 [ 73.922401][ T4364] logitech 0003:046D:CA03.0001: unknown main item tag 0x0 [ 73.935202][ T4600] loop3: detected capacity change from 0 to 64 [ 73.951646][ T4364] logitech 0003:046D:CA03.0001: unknown main item tag 0x0 [ 73.970055][ T4364] logitech 0003:046D:CA03.0001: unknown main item tag 0x0 [ 73.977522][ T4364] logitech 0003:046D:CA03.0001: unknown main item tag 0x0 [ 73.997018][ T4364] logitech 0003:046D:CA03.0001: unknown main item tag 0x0 [ 74.074891][ T4364] logitech 0003:046D:CA03.0001: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.1-1/input0 [ 74.117165][ T4364] logitech 0003:046D:CA03.0001: no inputs found [ 74.124441][ T4580] loop4: detected capacity change from 0 to 32768 [ 74.180587][ T4364] usb 2-1: USB disconnect, device number 2 [ 74.186220][ T4577] loop2: detected capacity change from 0 to 32768 [ 74.294001][ T4606] exfat: Deprecated parameter 'utf8' [ 74.353035][ T4606] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6c34595, utbl_chksum : 0xe619d30d) [ 74.408788][ T4580] UFO tlock:0xffffc90002822090 [ 74.571251][ T4580] MetaData crosses page boundary!! [ 74.582749][ T4580] lblock = 6300000010, size = -820051968 [ 74.607947][ T4580] CPU: 1 PID: 4580 Comm: syz.4.109 Not tainted syzkaller #0 [ 74.615309][ T4580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 74.625482][ T4580] Call Trace: [ 74.628799][ T4580] [ 74.631744][ T4580] dump_stack_lvl+0x188/0x250 [ 74.636458][ T4580] ? show_regs_print_info+0x20/0x20 [ 74.641822][ T4580] ? load_image+0x400/0x400 [ 74.646364][ T4580] ? unlock_page+0x17c/0x1f0 [ 74.651104][ T4580] ? release_metapage+0x2f7/0xe10 [ 74.656170][ T4580] ? unlock_page+0x17c/0x1f0 [ 74.660795][ T4580] __get_metapage+0xbfa/0x1060 [ 74.665618][ T4580] dtSearch+0x5d5/0x2050 [ 74.669940][ T4580] dtDelete+0x123/0x2a40 [ 74.674224][ T4580] ? jfs_rmdir+0x265/0x870 [ 74.677856][ T4609] fido_id[4609]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 74.678671][ T4580] ? __mutex_lock_common+0x465/0x2400 [ 74.698320][ T4580] ? dtInsertEntry+0x1270/0x1270 [ 74.703346][ T4580] ? _raw_spin_unlock+0x24/0x40 [ 74.708374][ T4580] ? txBegin+0x4b2/0x650 [ 74.712673][ T4580] jfs_rmdir+0x340/0x870 [ 74.716984][ T4580] ? jfs_mkdir+0xad0/0xad0 [ 74.721449][ T4580] ? rwsem_write_trylock+0x135/0x1c0 [ 74.726789][ T4580] ? clear_nonspinnable+0x60/0x60 [ 74.731870][ T4580] ? bpf_lsm_inode_rmdir+0x5/0x10 [ 74.736926][ T4580] ? security_inode_rmdir+0xcb/0x110 [ 74.742255][ T4580] vfs_rmdir+0x1b2/0x430 [ 74.746533][ T4580] do_rmdir+0x2a1/0x740 [ 74.750719][ T4580] ? __phys_addr_symbol+0x2b/0x70 [ 74.755774][ T4580] ? d_delete_notify+0x150/0x150 [ 74.760806][ T4580] ? strncpy_from_user+0x1fb/0x360 [ 74.766128][ T4580] ? getname_flags+0x1fe/0x500 [ 74.770924][ T4580] __x64_sys_rmdir+0x45/0x50 [ 74.775540][ T4580] do_syscall_64+0x4c/0xa0 [ 74.779980][ T4580] ? clear_bhb_loop+0x30/0x80 [ 74.784689][ T4580] ? clear_bhb_loop+0x30/0x80 [ 74.789406][ T4580] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.795499][ T4580] RIP: 0033:0x7f6afd428799 [ 74.800028][ T4580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.819667][ T4580] RSP: 002b:00007f6afb682028 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 74.828131][ T4580] RAX: ffffffffffffffda RBX: 00007f6afd6a1fa0 RCX: 00007f6afd428799 [ 74.836145][ T4580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000400 [ 74.844330][ T4580] RBP: 00007f6afd4bec99 R08: 0000000000000000 R09: 0000000000000000 [ 74.852328][ T4580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.860325][ T4580] R13: 00007f6afd6a2038 R14: 00007f6afd6a1fa0 R15: 00007fff0c87f278 [ 74.868393][ T4580] [ 74.960277][ T4580] bread failed! [ 75.002020][ T4580] jfs_rmdir: dtDelete returned -5 [ 75.044988][ T4580] ERROR: (device loop4): jfs_rmdir: [ 75.044988][ T4580] [ 75.120088][ T4580] ERROR: (device loop4): remounting filesystem as read-only [ 75.500599][ T4644] set_capacity_and_notify: 1 callbacks suppressed [ 75.500615][ T4644] loop0: detected capacity change from 0 to 1024 [ 75.530718][ T4646] loop1: detected capacity change from 0 to 512 [ 75.537914][ T4649] netlink: 16 bytes leftover after parsing attributes in process `syz.2.138'. [ 75.570468][ T4646] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 75.615814][ T4644] hfsplus: bad catalog entry type [ 75.643558][ T4238] hfsplus: b-tree write err: -5, ino 25 [ 75.649990][ T4238] hfsplus: b-tree write err: -5, ino 4 [ 75.673928][ T4646] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.137: bg 0: block 393: padding at end of block bitmap is not set [ 75.679083][ T4656] loop3: detected capacity change from 0 to 256 [ 75.692663][ T4238] hfsplus: b-tree write err: -5, ino 2 [ 75.724141][ T4656] exfat: Deprecated parameter 'utf8' [ 75.742636][ T4646] EXT4-fs (loop1): Remounting filesystem read-only [ 75.749218][ T4646] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 75.761023][ T4656] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 75.766932][ T4658] mmap: syz.2.143 (4658) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 75.786161][ T4646] EXT4-fs (loop1): Remounting filesystem read-only [ 75.812198][ T4646] EXT4-fs (loop1): 2 truncates cleaned up [ 75.860740][ T4646] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,jqfmt=vfsv0,errors=remount-ro,noquota,. Quota mode: writeback. [ 76.557512][ T4693] loop1: detected capacity change from 0 to 64 [ 76.592999][ T4695] loop4: detected capacity change from 0 to 164 [ 76.680266][ T4693] hfs: unable to locate alternate MDB [ 76.697341][ T4693] hfs: continuing without an alternate MDB [ 76.812649][ T4532] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 76.881061][ T4701] loop0: detected capacity change from 0 to 256 [ 77.061702][ T4708] loop1: detected capacity change from 0 to 512 [ 77.067364][ T4706] syz.4.165 (4706) used obsolete PPPIOCDETACH ioctl [ 77.068336][ T4532] usb 4-1: Using ep0 maxpacket: 32 [ 77.189222][ T4710] loop2: detected capacity change from 0 to 128 [ 77.203123][ T4532] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 77.212788][ T4532] usb 4-1: config 0 has no interface number 0 [ 77.234842][ T4708] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.164: couldn't read orphan inode 26 (err -116) [ 77.251419][ T4708] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 77.314411][ T4710] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 77.346045][ T4708] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.356987][ T1347] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.375200][ T4532] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 77.384446][ T4532] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.392465][ T4532] usb 4-1: Product: syz [ 77.396788][ T4532] usb 4-1: Manufacturer: syz [ 77.401496][ T4532] usb 4-1: SerialNumber: syz [ 77.403756][ T4710] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.418704][ T4532] usb 4-1: config 0 descriptor?? [ 77.484781][ T4532] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 77.493921][ T4532] usb 4-1: selecting invalid altsetting 1 [ 77.499690][ T4532] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 77.528307][ T4532] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 77.544347][ T4532] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 77.553239][ T4532] usb 4-1: media controller created [ 77.577227][ T4532] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 77.660788][ T4719] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 77.672106][ T4719] Zero length message leads to an empty skb [ 77.782804][ T1347] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 77.787445][ T4725] loop2: detected capacity change from 0 to 512 [ 77.795203][ T4724] loop1: detected capacity change from 0 to 64 [ 77.828134][ T4721] EXT4-fs (loop4): Ignoring removed oldalloc option [ 77.839275][ T1347] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 77.852905][ T4721] EXT4-fs (loop4): Ignoring removed bh option [ 77.857741][ T1347] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 77.872656][ T4721] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 77.926814][ T4721] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,bsddf,usrquota,data_err=ignore,init_itable,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 78.016680][ T4724] Trying to free block not in datazone [ 78.058894][ T4725] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 78.093006][ T1347] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 78.102227][ T1347] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.122855][ T1347] usb 1-1: Product: syz [ 78.127766][ T1347] usb 1-1: Manufacturer: syz [ 78.132411][ T1347] usb 1-1: SerialNumber: syz [ 78.363015][ T4733] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.413954][ T1347] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 78.420822][ T1347] cdc_ncm 1-1:1.0: bind() failure [ 78.426231][ T4733] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 78.480299][ T1347] usb 1-1: USB disconnect, device number 2 [ 78.498138][ T4733] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 78.533368][ T4733] System zones: 1-12 [ 78.539113][ T4733] EXT4-fs (loop4): orphan cleanup on readonly fs [ 78.587211][ T4733] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.174: invalid indirect mapped block 2 (level 2) [ 78.631558][ T4733] EXT4-fs (loop4): Remounting filesystem read-only [ 78.638656][ T4733] EXT4-fs (loop4): 1 truncate cleaned up [ 78.645065][ T4733] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,stripe=0x0000000000000006,usrquota,errors=remount-ro,max_dir_size_kb=0x0000000000000009. Quota mode: writeback. [ 78.704202][ T4532] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 78.716321][ T4532] zl10353_read_register: readreg error (reg=127, ret==-110) [ 78.764291][ T4690] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 78.880610][ T4532] usb 4-1: USB disconnect, device number 2 [ 79.066270][ T4756] FAT-fs (loop4): Directory bread(block 64) failed [ 79.075154][ T4756] FAT-fs (loop4): Directory bread(block 65) failed [ 79.112901][ T4756] FAT-fs (loop4): Directory bread(block 66) failed [ 79.119742][ T4756] FAT-fs (loop4): Directory bread(block 67) failed [ 79.143535][ T4756] FAT-fs (loop4): Directory bread(block 68) failed [ 79.155070][ T4760] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 79.214544][ T4756] FAT-fs (loop4): Directory bread(block 69) failed [ 79.221232][ T4756] FAT-fs (loop4): Directory bread(block 70) failed [ 79.292916][ T4756] FAT-fs (loop4): Directory bread(block 71) failed [ 79.323232][ T4756] FAT-fs (loop4): Directory bread(block 72) failed [ 79.329833][ T4756] FAT-fs (loop4): Directory bread(block 73) failed [ 79.616426][ T4768] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 79.726882][ T4772] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66dc59, utbl_chksum : 0xe619d30d) [ 79.990585][ T4750] XFS (loop1): Mounting V5 Filesystem [ 80.167297][ T4778] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 80.222940][ T4750] XFS (loop1): Ending clean mount [ 80.328028][ T4750] XFS (loop1): Quotacheck needed: Please wait. [ 80.341459][ T4802] tmpfs: Bad value for 'mpol' [ 80.449327][ T4778] ntfs3: loop2: failed to convert "c46c" to cp855 [ 80.522436][ T4750] XFS (loop1): Quotacheck: Done. [ 80.671277][ T4814] device veth1_to_team entered promiscuous mode [ 80.792243][ T4195] XFS (loop1): Unmounting Filesystem [ 80.852156][ T4818] netlink: 'syz.2.210': attribute type 3 has an invalid length. [ 80.976035][ T4821] set_capacity_and_notify: 10 callbacks suppressed [ 80.976051][ T4821] loop4: detected capacity change from 0 to 2048 [ 81.024056][ T4826] loop0: detected capacity change from 0 to 128 [ 81.075456][ T4826] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 81.120034][ T4829] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 81.135097][ T4826] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 81.189975][ T4832] loop2: detected capacity change from 0 to 1024 [ 81.314208][ T4834] device veth1_to_team entered promiscuous mode [ 81.355536][ T4238] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 81.414491][ T4228] kernel write not supported for file /input/mouse0 (pid: 4228 comm: kworker/1:6) [ 81.450785][ T4238] hfsplus: b-tree write err: -5, ino 25 [ 81.487795][ T4238] hfsplus: b-tree write err: -5, ino 4 [ 81.513611][ T4238] hfsplus: b-tree write err: -5, ino 2 [ 81.572307][ T4844] loop4: detected capacity change from 0 to 256 [ 81.653224][ T4844] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 81.725335][ T1111] cfg80211: failed to load regulatory.db [ 81.786946][ T4851] loop3: detected capacity change from 0 to 4096 [ 81.857281][ T4857] loop2: detected capacity change from 0 to 764 [ 81.906852][ T4861] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 82.002058][ T4851] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 82.026361][ T4862] loop4: detected capacity change from 0 to 2048 [ 82.127337][ T4865] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 82.154623][ T4851] Remounting filesystem read-only [ 82.280257][ T4188] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 82.409759][ T4869] loop2: detected capacity change from 0 to 512 [ 82.643982][ T4869] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 82.703462][ T4869] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.014994][ T4898] loop4: detected capacity change from 0 to 4096 [ 83.084133][ T4899] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.330718][ T4901] loop2: detected capacity change from 0 to 4096 [ 83.463108][ T4905] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.486023][ T4901] attempt to access beyond end of device [ 83.486023][ T4901] loop2: rw=0, want=26388279066824, limit=4096 [ 83.588909][ T4901] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=1) [ 83.749169][ T4903] EXT4-fs (loop4): Test dummy encryption mode enabled [ 83.786222][ T4903] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback. [ 84.019693][ T4894] XFS (loop3): Mounting V5 Filesystem [ 84.132791][ T4903] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 84.221015][ T4894] XFS (loop3): Ending clean mount [ 84.279860][ T4894] XFS (loop3): Quotacheck needed: Please wait. [ 84.357267][ T4894] XFS (loop3): Quotacheck: Done. [ 84.518026][ T4951] netlink: 44 bytes leftover after parsing attributes in process `syz.1.262'. [ 84.616420][ T4952] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 84.660375][ T4188] XFS (loop3): Unmounting Filesystem [ 84.670222][ T4807] udevd[4807]: incorrect nilfs2 checksum on /dev/loop2 [ 84.728419][ T4957] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 85.066277][ T4963] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 85.341312][ T4973] netlink: 32 bytes leftover after parsing attributes in process `syz.0.271'. [ 85.663546][ T4959] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.264 (4959) [ 85.745173][ T4959] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 85.764339][ T4959] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 85.785645][ T4959] BTRFS info (device loop4): use zstd compression, level 3 [ 85.800419][ T4959] BTRFS info (device loop4): using free space tree [ 85.807827][ T4959] BTRFS info (device loop4): has skinny extents [ 85.824640][ T4990] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 85.876313][ T4996] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 86.175145][ T5009] set_capacity_and_notify: 6 callbacks suppressed [ 86.175162][ T5009] loop0: detected capacity change from 0 to 4096 [ 86.179403][ T4959] BTRFS info (device loop4): enabling ssd optimizations [ 86.304673][ T5009] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 86.381845][ T5009] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 86.427106][ T5009] ntfs3: loop0: Failed to load $Extend. [ 86.512595][ T1111] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 86.641298][ T4991] loop2: detected capacity change from 0 to 32768 [ 86.769728][ T1111] usb 4-1: Using ep0 maxpacket: 8 [ 86.816331][ T26] audit: type=1800 audit(1774066801.818:5): pid=4991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.279" name="file1" dev="loop2" ino=7 res=0 errno=0 [ 86.893221][ T1111] usb 4-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=4d.89 [ 86.915511][ T1111] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.942247][ T1111] usb 4-1: config 0 descriptor?? [ 86.996103][ T1111] gm12u320 4-1:0.0: [drm:gm12u320_set_ecomode] *ERROR* Misc. req. error -22 [ 87.027864][ T1111] gm12u320: probe of 4-1:0.0 failed with error -5 [ 87.069791][ T1111] usb-storage 4-1:0.0: USB Mass Storage device detected [ 87.129624][ T1111] usb-storage 4-1:0.0: device ignored [ 87.235532][ T1111] usb 4-1: USB disconnect, device number 3 [ 87.638867][ T5049] loop2: detected capacity change from 0 to 4096 [ 87.657086][ T5048] loop4: detected capacity change from 0 to 4096 [ 87.694943][ T5048] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 87.789796][ T5048] ntfs3: loop4: Failed to load $Extend. [ 87.864938][ T26] audit: type=1800 audit(1774066802.868:6): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.296" name="file1" dev="loop2" ino=30 res=0 errno=0 [ 88.189185][ T5056] loop3: detected capacity change from 0 to 32768 [ 88.232748][ T5031] loop1: detected capacity change from 0 to 32768 [ 88.265575][ T5059] loop4: detected capacity change from 0 to 4096 [ 88.315398][ T5059] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 88.382401][ T5068] loop0: detected capacity change from 0 to 2048 [ 88.399340][ T5074] netlink: 12 bytes leftover after parsing attributes in process `syz.2.304'. [ 88.410643][ T5059] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 88.431291][ T5056] XFS (loop3): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 88.446033][ T5068] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 88.473622][ T5059] ntfs3: loop4: Failed to load $Extend. [ 88.473832][ T1111] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x192/0x250, xfs_agf block 0x1 [ 88.543207][ T5083] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 88.633794][ T1111] XFS (loop3): Unmount and run xfs_repair [ 88.672636][ T1111] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 88.680079][ T1111] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 10 00 XAGF............ [ 88.747698][ T1111] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 10 00 ................ [ 88.784925][ T1111] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 88.809851][ T1111] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00 ................ [ 88.852665][ T1111] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 88.882111][ T1111] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01 ................ [ 88.911035][ T1111] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 88.926406][ T1111] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 88.951314][ T5056] XFS (loop3): metadata I/O error in "xfs_read_agf+0x252/0x510" at daddr 0x1 len 1 error 74 [ 88.951867][ T5031] XFS (loop1): Mounting V5 Filesystem [ 89.199292][ T5031] XFS (loop1): Ending clean mount [ 89.585811][ T4195] XFS (loop1): Unmounting Filesystem [ 89.678640][ T5105] loop2: detected capacity change from 0 to 256 [ 89.722474][ T5107] loop0: detected capacity change from 0 to 256 [ 89.816778][ T5107] exFAT-fs (loop0): failed to read boot sector [ 89.828222][ T5107] exFAT-fs (loop0): failed to recognize exfat type [ 90.021770][ T5094] ERROR: (device loop4): dbAlloc: the hint is outside the map [ 90.021770][ T5094] [ 90.089800][ T5094] ERROR: (device loop4): remounting filesystem as read-only [ 90.290189][ T5118] netlink: 64 bytes leftover after parsing attributes in process `syz.2.322'. [ 90.315080][ T277] blkno = 5002c, nblocks = 1 [ 90.319832][ T277] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map [ 90.319832][ T277] [ 90.332877][ T5118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.322'. [ 90.706642][ T5131] ntfs3: loop1: ino=3, Correct links count -> 2. [ 90.722449][ T5138] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 90.724151][ T5128] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 90.777382][ T5128] NILFS (loop2): mounting fs with errors [ 90.824332][ T5135] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 90.870164][ T5135] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 91.280317][ T5145] set_capacity_and_notify: 4 callbacks suppressed [ 91.280334][ T5145] loop1: detected capacity change from 0 to 1024 [ 91.752605][ T5027] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 91.908318][ T5163] loop1: detected capacity change from 0 to 4096 [ 92.050837][ T5163] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 92.201823][ T26] audit: type=1800 audit(1774066807.198:7): pid=5163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.340" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 92.302964][ T5027] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 92.323739][ T5027] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.352647][ T5027] usb 3-1: Product: syz [ 92.356965][ T5027] usb 3-1: Manufacturer: syz [ 92.361586][ T5027] usb 3-1: SerialNumber: syz [ 92.385964][ T5179] loop0: detected capacity change from 0 to 8192 [ 92.411687][ T5027] usb 3-1: config 0 descriptor?? [ 92.432328][ T5179] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 92.435028][ T5185] loop3: detected capacity change from 0 to 512 [ 92.462889][ T5179] REISERFS (device loop0): using ordered data mode [ 92.470240][ T5179] reiserfs: using flush barriers [ 92.493022][ T5179] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 92.558747][ T5179] REISERFS (device loop0): checking transaction log (loop0) [ 92.585421][ T5177] loop4: detected capacity change from 0 to 32768 [ 92.589665][ T5185] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2807: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 92.634103][ T5177] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.346 (5177) [ 92.666914][ T5185] EXT4-fs (loop3): 1 truncate cleaned up [ 92.672779][ T5185] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 92.715840][ T5177] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 92.749854][ T5027] usb 3-1: USB disconnect, device number 3 [ 92.767402][ T5177] BTRFS info (device loop4): using free space tree [ 92.823640][ T5177] BTRFS info (device loop4): has skinny extents [ 93.097174][ T5177] BTRFS info (device loop4): enabling ssd optimizations [ 93.135269][ T5179] REISERFS (device loop0): Using tea hash to sort names [ 93.146551][ T5179] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 93.252206][ T5223] loop1: detected capacity change from 0 to 64 [ 93.386788][ T5225] loop3: detected capacity change from 0 to 2048 [ 93.460017][ T5226] hfs: request for non-existent node 24 in B*Tree [ 93.497382][ T5226] hfs: request for non-existent node 24 in B*Tree [ 93.640132][ T5225] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 93.687330][ T5225] EXT4-fs error (device loop3): ext4_ext_precache:608: inode #2: comm syz.3.358: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 93.717084][ T4807] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 9 /dev/loop4 scanned by udevd (4807) [ 93.860511][ T5248] capability: warning: `syz.4.360' uses 32-bit capabilities (legacy support in use) [ 94.217533][ T5261] bridge: RTM_NEWNEIGH with invalid state 0x1 [ 94.310196][ T5262] loop3: detected capacity change from 0 to 1024 [ 94.438764][ T5268] loop2: detected capacity change from 0 to 4096 [ 94.440075][ T5262] hfsplus: bad catalog entry type [ 94.637007][ T5277] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.645927][ T144] hfsplus: b-tree write err: -5, ino 25 [ 94.666224][ T144] hfsplus: b-tree write err: -5, ino 4 [ 94.671851][ T144] hfsplus: b-tree write err: -5, ino 2 [ 95.022041][ T5289] netlink: 16 bytes leftover after parsing attributes in process `syz.3.381'. [ 95.197786][ T5297] loop3: detected capacity change from 0 to 8 [ 95.592850][ T5307] netlink: 8 bytes leftover after parsing attributes in process `syz.0.388'. [ 95.872119][ T5311] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 96.049300][ T5276] F2FS-fs (loop4): build fault injection attr: rate: 684, type: 0x1ffff [ 96.074453][ T5276] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x35f7 [ 96.153239][ T5276] F2FS-fs (loop4): invalid crc value [ 96.170190][ T5276] F2FS-fs (loop4): Found nat_bits in checkpoint [ 96.371850][ T5299] set_capacity_and_notify: 3 callbacks suppressed [ 96.371865][ T5299] loop2: detected capacity change from 0 to 32768 [ 96.386513][ T5276] F2FS-fs (loop4): Start checkpoint disabled! [ 96.420096][ T5322] loop0: detected capacity change from 0 to 4096 [ 96.443816][ T5276] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 96.473558][ T5322] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 96.577086][ T5299] ERROR: (device loop2): dbAlloc: the hint is outside the map [ 96.577086][ T5299] [ 96.641069][ T5299] ERROR: (device loop2): remounting filesystem as read-only [ 96.789016][ T277] blkno = 5002c, nblocks = 1 [ 96.797357][ T277] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 96.797357][ T277] [ 96.803588][ T5322] ntfs3: loop0: failed to convert "c46c" to default [ 97.002208][ T1273] attempt to access beyond end of device [ 97.002208][ T1273] loop4: rw=2049, want=40976, limit=40427 [ 97.283320][ T1347] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 97.562962][ T1347] usb 4-1: Using ep0 maxpacket: 16 [ 97.703192][ T1347] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.732215][ T1347] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.742986][ T1347] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 97.756431][ T1347] usb 4-1: New USB device found, idVendor=045e, idProduct=9994, bcdDevice=fc.3c [ 97.765917][ T1347] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.810490][ T1347] usb 4-1: config 0 descriptor?? [ 97.863591][ T5367] netlink: 'syz.0.426': attribute type 2 has an invalid length. [ 97.987452][ T5343] loop1: detected capacity change from 0 to 32768 [ 98.032419][ T5369] loop4: detected capacity change from 0 to 8192 [ 98.044617][ T5371] loop2: detected capacity change from 0 to 4096 [ 98.111675][ T5369] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 98.165086][ T5369] REISERFS (device loop4): using ordered data mode [ 98.171782][ T5369] reiserfs: using flush barriers [ 98.221531][ T5369] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.316747][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x2 [ 98.321112][ T5343] JBD2: Ignoring recovery information on journal [ 98.332691][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.350830][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.353088][ T5369] REISERFS (device loop4): checking transaction log (loop4) [ 98.358631][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.373869][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.382419][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.390701][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.398727][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.406639][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.414371][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.422216][ T1347] hid-multitouch 0003:045E:9994.0002: unknown main item tag 0x0 [ 98.431942][ T1347] hid-multitouch 0003:045E:9994.0002: hidraw0: USB HID v0.00 Device [HID 045e:9994] on usb-dummy_hcd.3-1/input0 [ 98.436048][ T5343] jbd2_journal_bmap: journal block not found at offset 32 on loop1-75 [ 98.526438][ T1347] usb 4-1: USB disconnect, device number 4 [ 98.581227][ T5343] JBD2: bad block at offset 32 [ 98.600851][ T5384] fido_id[5384]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 98.645400][ T5343] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 98.806961][ T5369] REISERFS (device loop4): Using tea hash to sort names [ 98.826820][ T5343] (syz.1.407,5343,1):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 98.839355][ T5343] (syz.1.407,5343,1):ocfs2_get_suballoc_slot_bit:2719 ERROR: read block 47244640267 failed -12 [ 98.844897][ T5369] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 98.864582][ T5343] (syz.1.407,5343,1):ocfs2_get_suballoc_slot_bit:2751 ERROR: status = -12 [ 98.879662][ T5343] (syz.1.407,5343,1):ocfs2_test_inode_bit:2833 ERROR: get alloc slot and bit failed -12 [ 98.890196][ T5343] (syz.1.407,5343,1):ocfs2_test_inode_bit:2874 ERROR: status = -12 [ 98.920197][ T5343] (syz.1.407,5343,1):ocfs2_get_dentry:78 ERROR: test inode bit failed -12 [ 98.946953][ T5392] loop2: detected capacity change from 0 to 4096 [ 99.025444][ T5392] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 99.088841][ T4195] ocfs2: Unmounting device (7,1) on (node local) [ 99.104998][ T5392] ntfs: volume version 3.1. [ 99.144037][ T5392] ntfs: (device loop2): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set ascii. You might want to try to use the mount option nls=utf8. [ 99.246213][ T5400] netlink: 104 bytes leftover after parsing attributes in process `syz.3.431'. [ 99.262201][ T5401] loop0: detected capacity change from 0 to 1024 [ 99.268886][ T5392] ntfs: (device loop2): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 99.348661][ T5401] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 99.787644][ T5418] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 99.862040][ T5401] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,nobarrier,norecovery,errors=remount-ro,grpid,. Quota mode: writeback. [ 100.093775][ T5432] netlink: 24 bytes leftover after parsing attributes in process `syz.4.444'. [ 100.145739][ T5434] loop2: detected capacity change from 0 to 256 [ 100.179577][ T5432] netlink: 56 bytes leftover after parsing attributes in process `syz.4.444'. [ 100.191182][ T5432] netlink: 'syz.4.444': attribute type 10 has an invalid length. [ 100.212417][ T5401] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 48: comm syz.0.432: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=5, size=1024 fake=0 [ 100.217120][ T5434] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x769352d4, utbl_chksum : 0xe619d30d) [ 100.780282][ T5451] loop0: detected capacity change from 0 to 4096 [ 100.844715][ T5422] loop3: detected capacity change from 0 to 32768 [ 100.882751][ T5245] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 101.065284][ T5451] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 101.076109][ T5422] XFS (loop3): Mounting V5 Filesystem [ 101.112707][ T5455] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #68: fs_generation is 3919078593 [ 101.129078][ T5455] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 101.139031][ T5455] OCFS2: File system is now read-only. [ 101.144581][ T5455] (syz.4.455,5455,1):ocfs2_read_locked_inode:521 ERROR: status = -30 [ 101.153098][ T5455] (syz.4.455,5455,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 101.162073][ T5455] (syz.4.455,5455,1):ocfs2_init_global_system_inodes:462 ERROR: status = -30 [ 101.171020][ T5455] (syz.4.455,5455,1):ocfs2_init_global_system_inodes:464 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 101.171054][ T5455] (syz.4.455,5455,1):ocfs2_init_global_system_inodes:473 ERROR: status = -30 [ 101.192674][ T5245] usb 3-1: Using ep0 maxpacket: 32 [ 101.193838][ T5455] (syz.4.455,5455,1):ocfs2_initialize_super:2281 ERROR: status = -30 [ 101.206820][ T5455] (syz.4.455,5455,1):ocfs2_fill_super:1177 ERROR: status = -30 [ 101.236382][ T5451] ntfs3: loop0: Failed to load $Extend. [ 101.257019][ T5422] XFS (loop3): Ending clean mount [ 101.285392][ T5422] XFS (loop3): Quotacheck needed: Please wait. [ 101.322980][ T5245] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 101.356506][ T5245] usb 3-1: config 0 has no interface number 0 [ 101.384131][ T5245] usb 3-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 101.387124][ T5422] XFS (loop3): Quotacheck: Done. [ 101.473163][ T5245] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 101.512645][ T5245] usb 3-1: config 0 interface 196 has no altsetting 0 [ 101.672295][ T5475] set_capacity_and_notify: 1 callbacks suppressed [ 101.672314][ T5475] loop1: detected capacity change from 0 to 1024 [ 101.692625][ T4230] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 101.711647][ T4188] XFS (loop3): Unmounting Filesystem [ 101.732752][ T5245] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 101.741943][ T5245] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.742980][ T5475] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 101.798656][ T5245] usb 3-1: Product: syz [ 101.811546][ T5245] usb 3-1: Manufacturer: syz [ 101.822591][ T5245] usb 3-1: SerialNumber: syz [ 101.829583][ T5245] usb 3-1: config 0 descriptor?? [ 101.846023][ T5475] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 101.950636][ T5483] usb usb1: check_ctrlrecip: process 5483 (syz.0.464) requesting ep 01 but needs 81 [ 102.075512][ T4230] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 102.096937][ T4230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.138369][ T4230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.153353][ T5245] ipheth 3-1:0.196: Unable to find endpoints [ 102.158878][ T4230] usb 5-1: New USB device found, idVendor=056a, idProduct=006c, bcdDevice= 0.00 [ 102.188776][ T4230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.191521][ T5245] usb 3-1: USB disconnect, device number 4 [ 102.273655][ T4230] usb 5-1: config 0 descriptor?? [ 102.327199][ T5493] netlink: 8 bytes leftover after parsing attributes in process `syz.0.469'. [ 102.435342][ T5491] loop1: detected capacity change from 0 to 4096 [ 102.464971][ T5498] loop3: detected capacity change from 0 to 512 [ 102.524506][ T5498] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 102.537017][ T5498] ext4 filesystem being mounted at /87/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.582592][ T5491] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 102.743951][ T5503] loop3: detected capacity change from 0 to 64 [ 102.816110][ T4230] wacom 0003:056A:006C.0003: unknown main item tag 0x0 [ 102.821728][ T5491] syz.1.468 (5491) used greatest stack depth: 21104 bytes left [ 102.836858][ T4230] wacom 0003:056A:006C.0003: unknown main item tag 0x0 [ 102.877656][ T5503] hfs: hfs: Invalid key length: 94 [ 102.889523][ T4230] wacom 0003:056A:006C.0003: unknown main item tag 0x0 [ 102.914371][ T4230] wacom 0003:056A:006C.0003: unknown main item tag 0x0 [ 102.960102][ T4230] wacom 0003:056A:006C.0003: unknown main item tag 0x0 [ 102.981904][ T5514] loop2: detected capacity change from 0 to 256 [ 103.023180][ T4230] wacom 0003:056A:006C.0003: Unknown device_type for 'HID 056a:006c'. Ignoring. [ 103.051395][ T4230] usb 5-1: USB disconnect, device number 2 [ 103.155764][ T4188] hfs: node 4:3 still has 1 user(s)! [ 103.243139][ T5514] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 103.276997][ T5519] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.480'. [ 103.291932][ T5519] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 103.300805][ T5515] loop1: detected capacity change from 0 to 32768 [ 103.314545][ T26] audit: type=1800 audit(1774066818.318:8): pid=5514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.477" name="file1" dev="loop2" ino=1048604 res=0 errno=0 [ 103.317005][ T5514] FAT-fs (loop2): error, corrupted file size (i_pos 196, 16779008) [ 103.357419][ T5519] openvswitch: netlink: Message has 1 unknown bytes. [ 103.372943][ T5514] FAT-fs (loop2): Filesystem has been set read-only [ 103.383953][ T5515] XFS (loop1): sunit and swidth must be specified together [ 103.435073][ T5524] netlink: 20 bytes leftover after parsing attributes in process `syz.0.481'. [ 103.611579][ T5529] loop0: detected capacity change from 0 to 256 [ 103.750197][ T5529] FAT-fs (loop0): Directory bread(block 64) failed [ 103.750277][ T5529] FAT-fs (loop0): Directory bread(block 65) failed [ 103.750345][ T5529] FAT-fs (loop0): Directory bread(block 66) failed [ 103.750374][ T5529] FAT-fs (loop0): Directory bread(block 67) failed [ 103.750442][ T5529] FAT-fs (loop0): Directory bread(block 68) failed [ 103.750471][ T5529] FAT-fs (loop0): Directory bread(block 69) failed [ 103.750533][ T5529] FAT-fs (loop0): Directory bread(block 70) failed [ 103.750561][ T5529] FAT-fs (loop0): Directory bread(block 71) failed [ 103.750625][ T5529] FAT-fs (loop0): Directory bread(block 72) failed [ 103.750653][ T5529] FAT-fs (loop0): Directory bread(block 73) failed [ 103.842679][ T5242] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 103.987911][ T5540] loop4: detected capacity change from 0 to 512 [ 104.047790][ T5540] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 104.074259][ T5540] EXT4-fs (loop4): 1 truncate cleaned up [ 104.074290][ T5540] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 104.234310][ T5242] usb 2-1: config 1 interface 0 altsetting 12 endpoint 0x81 has an invalid bInterval 131, changing to 11 [ 104.234350][ T5242] usb 2-1: config 1 interface 0 has no altsetting 0 [ 104.325633][ T5553] loop0: detected capacity change from 0 to 256 [ 104.402830][ T5242] usb 2-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.40 [ 104.414853][ T5242] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.414885][ T5242] usb 2-1: Product: syz [ 104.414901][ T5242] usb 2-1: Manufacturer: syz [ 104.414917][ T5242] usb 2-1: SerialNumber: syz [ 104.437892][ T5553] FAT-fs (loop0): Directory bread(block 64) failed [ 104.437935][ T5553] FAT-fs (loop0): Directory bread(block 65) failed [ 104.438011][ T5553] FAT-fs (loop0): Directory bread(block 66) failed [ 104.438042][ T5553] FAT-fs (loop0): Directory bread(block 67) failed [ 104.438111][ T5553] FAT-fs (loop0): Directory bread(block 68) failed [ 104.438142][ T5553] FAT-fs (loop0): Directory bread(block 69) failed [ 104.438210][ T5553] FAT-fs (loop0): Directory bread(block 70) failed [ 104.438242][ T5553] FAT-fs (loop0): Directory bread(block 71) failed [ 104.438309][ T5553] FAT-fs (loop0): Directory bread(block 72) failed [ 104.438339][ T5553] FAT-fs (loop0): Directory bread(block 73) failed [ 104.906075][ T5550] loop4: detected capacity change from 0 to 32768 [ 105.012805][ T5242] usbhid 2-1:1.0: can't add hid device: -71 [ 105.018883][ T5242] usbhid: probe of 2-1:1.0 failed with error -71 [ 105.084100][ T5570] program syz.0.500 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.090690][ T5242] usb 2-1: USB disconnect, device number 3 [ 105.126345][ T5550] XFS (loop4): Mounting V5 Filesystem [ 105.370608][ T5550] XFS (loop4): Ending clean mount [ 105.380327][ T5550] XFS (loop4): Quotacheck needed: Please wait. [ 105.484164][ T5550] XFS (loop4): Quotacheck: Done. [ 105.519896][ T5555] JBD2: Ignoring recovery information on journal [ 105.692699][ T4189] XFS (loop4): Unmounting Filesystem [ 105.822681][ T5555] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 105.932586][ T4272] loop0: p1 < > p4 [ 105.932586][ T4272] p4: [ 106.016395][ T4272] loop0: p4 size 722688 extends beyond EOD, truncated [ 106.032868][ T4272] loop0: p6 start 262464109 is beyond EOD, truncated [ 106.039902][ T4272] loop0: p7 size 2304 extends beyond EOD, truncated [ 106.108279][ T4199] ocfs2: Unmounting device (7,2) on (node local) [ 106.123532][ T5589] loop0: p1 < > p4 [ 106.123532][ T5589] p4: [ 106.172214][ T5589] loop0: p4 size 722688 extends beyond EOD, truncated [ 106.232846][ T5589] loop0: p6 start 262464109 is beyond EOD, truncated [ 106.239598][ T5589] loop0: p7 size 2304 extends beyond EOD, truncated [ 106.659294][ T5612] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 106.683655][ T5612] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.803401][ T4340] udevd[4340]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 106.806525][ T4259] udevd[4259]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 106.834978][ T4266] udevd[4266]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 106.856339][ T4272] udevd[4272]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 106.956286][ T4259] udevd[4259]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 106.969803][ T4266] udevd[4266]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 106.984042][ T4340] udevd[4340]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 107.001789][ T4807] udevd[4807]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 107.112116][ T5633] set_capacity_and_notify: 4 callbacks suppressed [ 107.112132][ T5633] loop1: detected capacity change from 0 to 256 [ 107.120535][ T5634] netlink: 'syz.2.525': attribute type 3 has an invalid length. [ 107.222918][ T5633] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001043e, chksum : 0xdd084882, utbl_chksum : 0xe619d30d) [ 107.404493][ T5640] loop2: detected capacity change from 0 to 2048 [ 107.503299][ T5640] loop2: p1 < > p4 [ 107.503299][ T5640] p4: [ 107.514054][ T5646] loop1: detected capacity change from 0 to 256 [ 107.534857][ T5640] loop2: p4 size 722688 extends beyond EOD, truncated [ 107.580263][ T5640] loop2: p6 start 262464109 is beyond EOD, truncated [ 107.614759][ T5646] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 107.641475][ T5640] loop2: p7 size 2304 extends beyond EOD, truncated [ 107.721618][ T5613] loop0: detected capacity change from 0 to 32768 [ 107.895305][ T5665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.537'. [ 107.904853][ T5665] netlink: 4 bytes leftover after parsing attributes in process `syz.2.537'. [ 107.914105][ T5665] netlink: 'syz.2.537': attribute type 13 has an invalid length. [ 107.949808][ T4807] udevd[4807]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 107.975779][ T4272] udevd[4272]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 108.078360][ T5613] XFS (loop0): Mounting V5 Filesystem [ 108.098320][ T5671] loop1: detected capacity change from 0 to 256 [ 108.280187][ T5671] FAT-fs (loop1): Directory bread(block 64) failed [ 108.293929][ T5613] XFS (loop0): Ending clean mount [ 108.302987][ T5671] FAT-fs (loop1): Directory bread(block 65) failed [ 108.309644][ T5671] FAT-fs (loop1): Directory bread(block 66) failed [ 108.344825][ T5671] FAT-fs (loop1): Directory bread(block 67) failed [ 108.383057][ T5671] FAT-fs (loop1): Directory bread(block 68) failed [ 108.389742][ T5671] FAT-fs (loop1): Directory bread(block 69) failed [ 108.405622][ T5671] FAT-fs (loop1): Directory bread(block 70) failed [ 108.422471][ T5671] FAT-fs (loop1): Directory bread(block 71) failed [ 108.429508][ T5671] FAT-fs (loop1): Directory bread(block 72) failed [ 108.439834][ T5671] FAT-fs (loop1): Directory bread(block 73) failed [ 108.459446][ T4184] XFS (loop0): Unmounting Filesystem [ 108.534256][ T5652] loop4: detected capacity change from 0 to 32768 [ 108.859710][ T5687] loop2: detected capacity change from 0 to 64 [ 108.901630][ T5689] loop1: detected capacity change from 0 to 512 [ 108.959836][ T26] audit: type=1800 audit(1774066823.958:9): pid=5687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.548" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 109.051127][ T5689] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,grpquota,. Quota mode: writeback. [ 109.105074][ T5695] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 109.119831][ T5689] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.188575][ T5677] loop3: detected capacity change from 0 to 32768 [ 109.306469][ T5698] loop2: detected capacity change from 0 to 1024 [ 109.404271][ T5700] EXT4-fs (loop0): Test dummy encryption mode enabled [ 109.416281][ T5700] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 109.500881][ T26] audit: type=1800 audit(1774066824.498:10): pid=5698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.552" name="file1" dev="loop2" ino=20 res=0 errno=0 [ 109.534696][ T5700] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.553: bad orphan inode 131083 [ 109.598337][ T5707] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.555'. [ 109.603735][ T5700] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,nobarrier,noload,,errors=continue. Quota mode: none. [ 109.681588][ T5707] netlink: get zone limit has 8 unknown bytes [ 109.717429][ T5709] rock: directory entry would overflow storage [ 109.724250][ T5709] rock: sig=0x5252, size=5, remaining=3 [ 110.137115][ T5715] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 110.322013][ T5722] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 110.342792][ T5722] NILFS (loop3): mounting unchecked fs [ 110.407866][ T5722] NILFS (loop3): recovery complete [ 110.426550][ T5727] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.592628][ T5243] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 110.898598][ T5243] usb 2-1: Using ep0 maxpacket: 8 [ 110.942342][ T5741] netlink: 'syz.3.569': attribute type 6 has an invalid length. [ 110.951677][ T5737] exfat: Deprecated parameter 'namecase' [ 110.979320][ T5726] (syz.4.562,5726,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.026044][ T5737] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 111.038978][ T5243] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 111.049451][ T5243] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 111.063474][ T5726] (syz.4.562,5726,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.072202][ T5243] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 111.123084][ T5243] usb 2-1: config 250 has no interface number 0 [ 111.152654][ T5243] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 111.160172][ T5726] JBD2: Ignoring recovery information on journal [ 111.174336][ T5243] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 111.185713][ T5243] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 111.197024][ T5243] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 111.207689][ T5243] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 111.221462][ T5243] usb 2-1: config 250 interface 228 has no altsetting 0 [ 111.365418][ T5726] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 111.375243][ T5243] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 111.394019][ T5243] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 111.422780][ T5243] usb 2-1: Product: syz [ 111.427004][ T5243] usb 2-1: SerialNumber: syz [ 111.494039][ T5243] hub 2-1:250.228: bad descriptor, ignoring hub [ 111.500376][ T5243] hub: probe of 2-1:250.228 failed with error -5 [ 111.537784][ T5755] sp0: Synchronizing with TNC [ 111.552968][ T5754] [U] è [ 111.577684][ T4189] ocfs2: Unmounting device (7,4) on (node local) [ 111.609984][ T5753] EXT4-fs (loop2): Ignoring removed nobh option [ 111.618593][ T5753] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 111.667854][ T5753] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.574: iget: bad i_size value: 38620345925642 [ 111.724061][ T5243] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 111.760732][ T5753] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.574: couldn't read orphan inode 15 (err -117) [ 111.793518][ T5753] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,jqfmt=vfsv0,data_err=ignore,,errors=continue. Quota mode: writeback. [ 111.881156][ T5753] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.574: invalid indirect mapped block 3973251072 (level 0) [ 112.060021][ T5766] hfsplus: xattr exists yet [ 112.075457][ T5245] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 112.134724][ T5243] usb 2-1: USB disconnect, device number 4 [ 112.146271][ T5243] usblp0: removed [ 112.220793][ T5772] netlink: 'syz.2.583': attribute type 17 has an invalid length. [ 112.292859][ T1347] Bluetooth: hci0: command 0x0c1a tx timeout [ 112.403020][ T5245] usb 5-1: Using ep0 maxpacket: 32 [ 112.425677][ T5780] sp0: Synchronizing with TNC [ 112.451249][ T5779] [U] è` [ 112.535398][ T5245] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.706819][ T5782] set_capacity_and_notify: 9 callbacks suppressed [ 112.706836][ T5782] loop2: detected capacity change from 0 to 32768 [ 112.763077][ T5245] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 112.799230][ T5245] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.834695][ T5245] usb 5-1: Product: syz [ 112.840161][ T5782] XFS (loop2): Mounting V5 Filesystem [ 112.850236][ T5245] usb 5-1: Manufacturer: syz [ 112.887758][ T5245] usb 5-1: SerialNumber: syz [ 112.933069][ T5782] XFS (loop2): Ending clean mount [ 112.959985][ T5245] usb 5-1: config 0 descriptor?? [ 113.028788][ T4199] XFS (loop2): Unmounting Filesystem [ 113.055255][ T5245] smsc75xx v1.0.0 [ 113.058964][ T5245] smsc75xx 5-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 113.092991][ T5245] smsc75xx: probe of 5-1:0.0 failed with error -22 [ 113.432703][ T5243] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 113.456477][ T5821] loop2: detected capacity change from 0 to 256 [ 113.479749][ T5242] usb 5-1: USB disconnect, device number 3 [ 113.497235][ T5821] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 113.691006][ T5823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.603'. [ 113.741738][ T5819] loop1: detected capacity change from 0 to 32768 [ 113.870818][ T5819] XFS (loop1): Mounting V5 Filesystem [ 113.969108][ T5819] XFS (loop1): Ending clean mount [ 114.013070][ T5243] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 114.024097][ T5243] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.045410][ T5243] usb 4-1: Product: syz [ 114.050025][ T5243] usb 4-1: Manufacturer: syz [ 114.088021][ T5243] usb 4-1: SerialNumber: syz [ 114.103643][ T5847] loop4: detected capacity change from 0 to 8 [ 114.129803][ T5243] usb 4-1: config 0 descriptor?? [ 114.178382][ T5847] SQUASHFS error: lzo decompression failed, data probably corrupt [ 114.259500][ T5847] SQUASHFS error: Failed to read block 0x202: -5 [ 114.272473][ T4195] XFS (loop1): Unmounting Filesystem [ 114.303387][ T5847] SQUASHFS error: Unable to read metadata cache entry [200] [ 114.444035][ T4534] usb 4-1: USB disconnect, device number 5 [ 114.844693][ T5869] netlink: 'syz.2.623': attribute type 4 has an invalid length. [ 114.869995][ T5871] loop4: detected capacity change from 0 to 512 [ 114.899527][ T5871] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 114.913052][ T5871] EXT4-fs (loop4): orphan cleanup on readonly fs [ 114.951475][ T5871] EXT4-fs warning (device loop4): ext4_enable_quotas:6486: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 114.969131][ T5874] loop1: detected capacity change from 0 to 1024 [ 114.994806][ T5871] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 115.019100][ T5871] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2923: inode #16: comm syz.4.624: corrupted xattr block 31 [ 115.040197][ T5871] EXT4-fs warning (device loop4): ext4_evict_inode:302: xattr delete (err -117) [ 115.053435][ T5871] EXT4-fs (loop4): 1 orphan inode deleted [ 115.059796][ T5871] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 115.088052][ T5880] [U] ¹ÉMÙ­ÕÁQ&’Ù Kœ4 [ 115.100112][ T5871] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 115.119640][ T5871] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 115.172122][ T5871] EXT4-fs (loop4): can't change dax mount option while remounting [ 115.184724][ T5874] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 115.190674][ T5885] netlink: 268 bytes leftover after parsing attributes in process `syz.3.628'. [ 115.250956][ T5889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.630'. [ 115.346442][ T5893] loop3: detected capacity change from 0 to 1024 [ 115.436432][ T5893] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 115.459708][ T5893] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869) [ 115.506125][ T5893] EXT4-fs (loop3): invalid journal inode [ 115.537897][ T5893] EXT4-fs (loop3): can't get journal size [ 115.580795][ T5893] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: writeback. [ 115.656544][ T5893] EXT4-fs (loop3): Online resizing not supported with sparse_super2 [ 115.999900][ T5920] loop2: detected capacity change from 0 to 8 [ 116.099279][ T5927] loop1: detected capacity change from 0 to 256 [ 116.240534][ T5927] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 116.248539][ T5935] loop4: detected capacity change from 0 to 128 [ 116.364281][ T5935] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 116.383189][ T5935] ext4 filesystem being mounted at /105/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 116.415300][ C1] vkms_vblank_simulate: vblank timer overrun [ 116.544443][ T5943] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 116.577005][ T5945] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 116.595696][ T5943] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 116.604709][ T4534] Bluetooth: hci4: command 0x0411 tx timeout [ 116.634918][ T5945] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 117.342762][ T4534] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 117.501647][ T5940] F2FS-fs (loop2): invalid crc value [ 117.528668][ T5940] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 117.592722][ T4534] usb 2-1: Using ep0 maxpacket: 8 [ 117.712743][ T4534] usb 2-1: config 0 has an invalid interface number: 30 but max is 0 [ 117.741362][ T4534] usb 2-1: config 0 has no interface number 0 [ 117.771108][ T4534] usb 2-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 117.803729][ T5940] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 117.817811][ T4534] usb 2-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.819986][ T5982] netlink: 132 bytes leftover after parsing attributes in process `syz.4.675'. [ 117.840882][ T5940] F2FS-fs (loop2): Start checkpoint disabled! [ 117.849553][ T4534] usb 2-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.877552][ T4534] usb 2-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 117.892160][ T4534] usb 2-1: config 0 interface 30 has no altsetting 0 [ 117.899689][ T5940] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 117.907545][ T4534] usb 2-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 117.928080][ T4534] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.968628][ T4534] usb 2-1: config 0 descriptor?? [ 118.141852][ T5991] netlink: 16 bytes leftover after parsing attributes in process `syz.3.680'. [ 118.455981][ T4534] uclogic 0003:256C:006E.0004: unknown main item tag 0x0 [ 118.482298][ T4534] uclogic 0003:256C:006E.0004: unknown main item tag 0x0 [ 118.489902][ T4534] uclogic 0003:256C:006E.0004: unknown main item tag 0x0 [ 118.497539][ T4534] uclogic 0003:256C:006E.0004: unknown main item tag 0x0 [ 118.506402][ T4534] uclogic 0003:256C:006E.0004: unknown main item tag 0x0 [ 118.514901][ T4534] uclogic 0003:256C:006E.0004: unknown main item tag 0x0 [ 118.523512][ T4534] uclogic 0003:256C:006E.0004: No inputs registered, leaving [ 118.535805][ T4534] uclogic 0003:256C:006E.0004: hidraw0: USB HID v0.00 Device [HID 256c:006e] on usb-dummy_hcd.1-1/input30 [ 118.723038][ T5245] usb 2-1: USB disconnect, device number 5 [ 118.850110][ T6007] fido_id[6007]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 118.859802][ T5989] set_capacity_and_notify: 5 callbacks suppressed [ 118.859827][ T5989] loop4: detected capacity change from 0 to 32768 [ 119.067285][ T5989] XFS (loop4): Mounting V5 Filesystem [ 119.197407][ T5989] XFS (loop4): Ending clean mount [ 119.440917][ T4189] XFS (loop4): Unmounting Filesystem [ 119.616650][ T6041] loop2: detected capacity change from 0 to 512 [ 119.717705][ T6012] loop3: detected capacity change from 0 to 32768 [ 119.727275][ T6041] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5 [ 119.727275][ T6041] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 119.727275][ T6041] [ 119.748100][ T6047] loop1: detected capacity change from 0 to 16 [ 119.822386][ T6047] erofs: (device loop1): mounted with root inode @ nid 36. [ 119.951589][ T6041] EXT4-fs (loop2): mounted filesystem without journal. Opts: nolazytime,init_itable,nouser_xattr,nobarrier,,errors=continue. Quota mode: writeback. [ 120.042830][ T6041] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.065890][ T6054] loop4: detected capacity change from 0 to 8192 [ 120.086175][ T6056] loop0: detected capacity change from 0 to 256 [ 120.204160][ T6054] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 120.254036][ T6054] REISERFS (device loop4): using ordered data mode [ 120.287669][ T6054] reiserfs: using flush barriers [ 120.298790][ T6054] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 120.316274][ T6054] REISERFS (device loop4): checking transaction log (loop4) [ 120.348581][ T6054] REISERFS (device loop4): Using r5 hash to sort names [ 120.365100][ T6054] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 120.564247][ T6063] loop0: detected capacity change from 0 to 2048 [ 120.622603][ T4533] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 120.702687][ T6063] EXT4-fs (loop0): Unrecognized mount option "obj_role=seclabel" or missing value [ 120.879970][ T6081] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 120.927945][ T6081] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 120.955029][ T6081] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 121.022736][ T4533] usb 2-1: config 0 has an invalid interface number: 199 but max is 1 [ 121.031261][ T4533] usb 2-1: config 0 has no interface number 1 [ 121.062648][ T4533] usb 2-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 121.112654][ T4533] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 121.220172][ T6096] loop2: detected capacity change from 0 to 256 [ 121.243143][ T4533] usb 2-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 121.272726][ T4533] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 121.291027][ T4533] usb 2-1: SerialNumber: syz [ 121.305813][ T4533] usb 2-1: config 0 descriptor?? [ 121.344931][ T4533] usb 2-1: Found UVC 0.00 device (0002:0000) [ 121.344978][ T6100] loop0: detected capacity change from 0 to 256 [ 121.363478][ T4533] usb 2-1: No valid video chain found. [ 121.468054][ T6100] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x09066d1f, utbl_chksum : 0xe619d30d) [ 121.531474][ T6107] netem: change failed [ 121.548404][ T4533] usb 2-1: USB disconnect, device number 6 [ 121.582403][ T6109] tipc: Started in network mode [ 121.599983][ T6109] tipc: Node identity ff020000000000000000000000000001, cluster identity 4711 [ 121.633661][ T6109] tipc: Enabling of bearer rejected, failed to enable media [ 121.878141][ T6125] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 121.892958][ T6125] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 121.932825][ T6125] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 121.959970][ T6125] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4) [ 121.980163][ T6125] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 122.012746][ T6125] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 122.044350][ T6125] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 122.111121][ T6125] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 122.129249][ T6131] loop0: detected capacity change from 0 to 1024 [ 122.147751][ T6125] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 122.162767][ T6125] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 122.177144][ T6125] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 122.190860][ T6125] comedi comedi3: 8255: I/O port conflict (0x7,4) [ 122.235620][ T6125] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 122.265096][ T6125] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 122.265493][ T6131] hfsplus: b-tree write err: -5, ino 2 [ 122.286382][ T6125] comedi comedi3: 8255: I/O port conflict (0xb,4) [ 122.316947][ T6125] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4) [ 122.351981][ T6125] comedi comedi3: 8255: I/O port conflict (0xffffffffffffeadb,4) [ 122.390428][ T6125] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 122.433869][ T5245] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 122.439891][ T6125] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 122.458056][ T144] hfsplus: b-tree write err: -5, ino 25 [ 122.473453][ T144] hfsplus: b-tree write err: -5, ino 4 [ 122.483421][ T144] hfsplus: b-tree write err: -5, ino 2 [ 122.999065][ T5245] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 123.039241][ T5245] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.063447][ T5245] usb 5-1: Product: syz [ 123.069627][ T5245] usb 5-1: Manufacturer: syz [ 123.098282][ T5245] usb 5-1: SerialNumber: syz [ 123.134737][ T5245] usb 5-1: config 0 descriptor?? [ 123.194829][ T5245] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 123.228460][ T5245] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 123.293177][ T5245] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 123.338062][ T5245] usb 5-1: media controller created [ 123.401619][ T6133] digitv: more than 2 i2c messages at a time is not handled yet. TODO. [ 123.436109][ T5245] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 123.680221][ T5245] DVB: Unable to find symbol mt352_attach() [ 123.813607][ T5245] DVB: Unable to find symbol nxt6000_attach() [ 123.819764][ T5245] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 123.839504][ T6199] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.954901][ T5245] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input10 [ 124.084758][ T5245] dvb-usb: schedule remote query interval to 1000 msecs. [ 124.091877][ T5245] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 124.119558][ T6153] set_capacity_and_notify: 2 callbacks suppressed [ 124.119577][ T6153] loop3: detected capacity change from 0 to 40427 [ 124.163126][ T5245] dvb-usb: bulk message failed: -22 (7/0) [ 124.169767][ T5245] dvb-usb: bulk message failed: -22 (7/0) [ 124.263086][ T5245] usb 5-1: USB disconnect, device number 4 [ 124.269376][ T6153] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff [ 124.282934][ T6153] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x2 [ 124.342366][ T6153] F2FS-fs (loop3): invalid crc value [ 124.401553][ T6153] F2FS-fs (loop3): Found nat_bits in checkpoint [ 124.500533][ T5245] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 124.588870][ T6227] loop4: detected capacity change from 0 to 256 [ 124.666793][ T6153] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 124.704201][ T6227] exfat: Deprecated parameter 'utf8' [ 124.709799][ T6227] exfat: Deprecated parameter 'utf8' [ 124.741686][ T6229] loop0: detected capacity change from 0 to 32768 [ 124.752154][ T6227] exfat: Deprecated parameter 'utf8' [ 124.810220][ T6231] loop1: detected capacity change from 0 to 4096 [ 124.872350][ T6231] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 124.921036][ T6227] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 124.985492][ T4188] attempt to access beyond end of device [ 124.985492][ T4188] loop3: rw=2049, want=45104, limit=40427 [ 125.131351][ T6229] XFS (loop0): Mounting V5 Filesystem [ 125.162701][ T6231] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 125.411833][ T6229] XFS (loop0): Starting recovery (logdev: internal) [ 125.429773][ T6229] XFS (loop0): log record CRC mismatch: found 0x0, expected 0x510a7222. [ 125.438501][ T6229] 00000000: 00 00 00 01 00 00 00 08 aa 20 00 00 6e 55 00 00 ......... ..nU.. [ 125.447517][ T6229] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 125.456629][ T6229] XFS (loop0): Internal error xlog_recover_process at line 2919 of file fs/xfs/xfs_log_recover.c. Caller xlog_do_recovery_pass+0x826/0xd50 [ 125.471696][ T6229] CPU: 1 PID: 6229 Comm: syz.0.778 Not tainted syzkaller #0 [ 125.479123][ T6229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 125.489388][ T6229] Call Trace: [ 125.492698][ T6229] [ 125.495651][ T6229] dump_stack_lvl+0x188/0x250 [ 125.500368][ T6229] ? show_regs_print_info+0x20/0x20 [ 125.505720][ T6229] ? xfs_rw_bdev+0x467/0x4e0 [ 125.510357][ T6229] ? xfs_error_report+0x8e/0xc0 [ 125.515238][ T6229] ? xlog_do_recovery_pass+0x826/0xd50 [ 125.520730][ T6229] ? xlog_do_recovery_pass+0x826/0xd50 [ 125.526234][ T6229] xlog_recover_process+0x30c/0x3c0 [ 125.531465][ T6229] xlog_do_recovery_pass+0x826/0xd50 [ 125.536922][ T6229] ? xlog_do_io+0x340/0x340 [ 125.541490][ T6229] ? xlog_alloc_buf_cancel_table+0x1b8/0x1e0 [ 125.547516][ T6229] xlog_do_log_recovery+0x48/0x90 [ 125.552580][ T6229] xlog_do_recover+0xe9/0x4a0 [ 125.557301][ T6229] xlog_recover+0x35d/0x410 [ 125.561974][ T6229] xfs_log_mount+0x393/0x6b0 [ 125.566619][ T6229] xfs_mountfs+0xb37/0x1b30 [ 125.571174][ T6229] ? xfs_default_resblks+0x70/0x70 [ 125.576342][ T6229] ? rcu_is_watching+0x11/0xa0 [ 125.581136][ T6229] ? trace_xfs_inode_timestamp_range+0x84/0x1d0 [ 125.587418][ T6229] xfs_fs_fill_super+0x11a4/0x13f0 [ 125.592387][ T6206] loop2: detected capacity change from 0 to 40427 [ 125.592571][ T6229] get_tree_bdev+0x3f1/0x610 [ 125.603807][ T6229] ? xfs_mount_set_dax_mode+0x100/0x100 [ 125.609454][ T6229] vfs_get_tree+0x88/0x270 [ 125.613906][ T6229] do_new_mount+0x24a/0xa40 [ 125.618540][ T6229] __se_sys_mount+0x2e3/0x3d0 [ 125.618724][ T6206] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1ffff [ 125.623263][ T6229] ? __x64_sys_mount+0xc0/0xc0 [ 125.623297][ T6229] ? lockdep_hardirqs_on+0x94/0x140 [ 125.623319][ T6229] ? __x64_sys_mount+0x1c/0xc0 [ 125.623343][ T6229] do_syscall_64+0x4c/0xa0 [ 125.623361][ T6229] ? clear_bhb_loop+0x30/0x80 [ 125.623381][ T6229] ? clear_bhb_loop+0x30/0x80 [ 125.623402][ T6229] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 125.623422][ T6229] RIP: 0033:0x7fb476a3ca0a [ 125.623443][ T6229] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 125.623463][ T6229] RSP: 002b:00007fb474c94e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 125.623488][ T6229] RAX: ffffffffffffffda RBX: 00007fb474c94ee0 RCX: 00007fb476a3ca0a [ 125.623504][ T6229] RDX: 0000200000000000 RSI: 00002000000096c0 RDI: 00007fb474c94ea0 [ 125.623519][ T6229] RBP: 0000200000000000 R08: 00007fb474c94ee0 R09: 0000000000000000 [ 125.623533][ T6229] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000096c0 [ 125.623547][ T6229] R13: 00007fb474c94ea0 R14: 0000000000009768 R15: 0000200000000040 [ 125.623578][ T6229] [ 125.624480][ T6229] XFS (loop0): log mount/recovery failed: error -117 [ 125.814763][ T6229] XFS (loop0): log mount failed [ 125.830746][ T6206] F2FS-fs (loop2): invalid crc value [ 125.885685][ T6206] F2FS-fs (loop2): Found nat_bits in checkpoint [ 125.887466][ T6259] loop4: detected capacity change from 0 to 512 [ 126.020584][ T6259] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.781: iget: bad i_size value: 38620345925642 [ 126.059953][ T6206] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 126.147098][ T6259] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.781: couldn't read orphan inode 15 (err -117) [ 126.157581][ T6269] loop1: detected capacity change from 0 to 64 [ 126.217545][ T4199] attempt to access beyond end of device [ 126.217545][ T4199] loop2: rw=2049, want=45104, limit=40427 [ 126.289871][ T6259] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=continue,delalloc,data_err=ignore,journal_ioprio=0x0000000000000002,data_err=ignore,nojournal_checksum,,errors=continue. Quota mode: writeback. [ 126.362187][ T6259] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.781: bg 0: block 5: invalid block bitmap [ 126.539048][ T6278] rdma_op ffff8880236f79f0 conn xmit_rdma 0000000000000000 [ 127.092880][ T6295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.796'. [ 127.231344][ T6297] loop4: detected capacity change from 0 to 4096 [ 127.256847][ T6298] loop0: detected capacity change from 0 to 4096 [ 127.284152][ T6300] loop2: detected capacity change from 0 to 4096 [ 127.326759][ T6298] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 127.375873][ T6297] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 127.422681][ T6297] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 127.491897][ T6297] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 127.503621][ T6298] ntfs3: loop0: ntfs_sync_fs r=1a failed, -22. [ 127.510782][ T6298] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 127.540890][ T6297] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 127.595787][ T6298] ntfs3: loop0: ntfs_sync_fs r=1a failed, -22. [ 127.633049][ T6297] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 127.700243][ T6297] ntfs: volume version 3.1. [ 127.752440][ T4184] ntfs3: loop0: ntfs_sync_fs r=1a failed, -22. [ 127.761882][ T6275] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 127.761983][ T6297] ntfs: (device loop4): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 127.777801][ T4184] ntfs3: loop0: ntfs_evict_inode r=1a failed, -22. [ 127.789424][ T4199] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 127.797990][ T6275] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 127.828207][ T4199] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 127.854957][ T6275] F2FS-fs (loop3): invalid crc value [ 127.878684][ T6297] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 127.954273][ T6275] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 127.993201][ T6297] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 128.004730][ T26] audit: type=1326 audit(1774066842.998:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6311 comm="syz.1.804" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff6a0e90799 code=0x0 [ 128.063335][ T6297] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 128.244258][ T6275] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 128.268006][ T6275] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 128.381711][ T6331] syz.2.809 uses obsolete (PF_INET,SOCK_PACKET) [ 128.579541][ T4188] attempt to access beyond end of device [ 128.579541][ T4188] loop3: rw=2049, want=40992, limit=40427 [ 129.147593][ T6360] set_capacity_and_notify: 2 callbacks suppressed [ 129.147610][ T6360] loop3: detected capacity change from 0 to 512 [ 129.274173][ T6360] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.813: invalid indirect mapped block 4294967295 (level 1) [ 129.390629][ T6360] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.813: invalid indirect mapped block 4294967295 (level 1) [ 129.461467][ T6360] EXT4-fs (loop3): 2 truncates cleaned up [ 129.489477][ T6360] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000004004,barrier=0x0000000000000005,,errors=continue. Quota mode: writeback. [ 129.625085][ T6378] netlink: 24 bytes leftover after parsing attributes in process `syz.0.831'. [ 129.748950][ T6384] loop4: detected capacity change from 0 to 256 [ 129.861330][ T6384] exfat: Deprecated parameter 'utf8' [ 129.873228][ T6384] exfat: Deprecated parameter 'utf8' [ 129.911829][ T6400] loop3: detected capacity change from 0 to 64 [ 129.938665][ T6384] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb14608cb, utbl_chksum : 0xe619d30d) [ 130.493049][ T6411] loop4: detected capacity change from 0 to 4096 [ 130.508976][ T6413] netlink: 'syz.3.848': attribute type 1 has an invalid length. [ 130.542356][ T6413] netlink: 224 bytes leftover after parsing attributes in process `syz.3.848'. [ 130.551946][ T6411] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 130.804548][ T6397] loop1: detected capacity change from 0 to 40427 [ 130.869274][ T6397] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff [ 130.918703][ T6397] F2FS-fs (loop1): invalid crc value [ 130.969903][ T6397] F2FS-fs (loop1): Found nat_bits in checkpoint [ 130.991797][ T6405] loop2: detected capacity change from 0 to 32768 [ 131.147289][ T6405] JBD2: Ignoring recovery information on journal [ 131.208200][ T6437] loop3: detected capacity change from 0 to 256 [ 131.221178][ T6405] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 131.272782][ T6397] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 131.336685][ T6437] FAT-fs (loop3): Directory bread(block 64) failed [ 131.361171][ T6405] (syz.2.844,6405,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry too close to end - offset=32, inode=17057, rec_len=280, name_len=10 [ 131.388753][ T6437] FAT-fs (loop3): Directory bread(block 65) failed [ 131.398896][ T4195] attempt to access beyond end of device [ 131.398896][ T4195] loop1: rw=2049, want=45104, limit=40427 [ 131.399236][ T6437] FAT-fs (loop3): Directory bread(block 66) failed [ 131.421403][ T6437] FAT-fs (loop3): Directory bread(block 67) failed [ 131.428625][ T6437] FAT-fs (loop3): Directory bread(block 68) failed [ 131.435553][ T6437] FAT-fs (loop3): Directory bread(block 69) failed [ 131.443069][ T6437] FAT-fs (loop3): Directory bread(block 70) failed [ 131.449701][ T6437] FAT-fs (loop3): Directory bread(block 71) failed [ 131.477224][ T4199] ocfs2: Unmounting device (7,2) on (node local) [ 131.487998][ T6437] FAT-fs (loop3): Directory bread(block 72) failed [ 131.518124][ T6437] FAT-fs (loop3): Directory bread(block 73) failed [ 131.901532][ T6450] loop2: detected capacity change from 0 to 512 [ 131.920100][ T6452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.865'. [ 132.015424][ T6450] EXT4-fs (loop2): 1 orphan inode deleted [ 132.065413][ T6450] EXT4-fs (loop2): mounted filesystem without journal. Opts: abort,errors=remount-ro,debug_want_extra_isize=0x0000000000000036,user_xattr,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none. [ 132.269633][ T6461] loop1: detected capacity change from 0 to 2048 [ 132.316048][ T6466] loop4: detected capacity change from 0 to 512 [ 132.362249][ T6461] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 132.382913][ T6466] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 132.408226][ T6461] UDF-fs: Scanning with blocksize 512 failed [ 132.446585][ T6461] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.498339][ T6466] EXT4-fs (loop4): mounted filesystem without journal. Opts: nouid32,errors=remount-ro,user_xattr,nodiscard,dioread_nolock,. Quota mode: writeback. [ 132.522979][ T6466] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.555617][ T6466] EXT4-fs error (device loop4): ext4_ext_remove_space:2929: inode #15: comm syz.4.870: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 132.641569][ T6466] EXT4-fs (loop4): Remounting filesystem read-only [ 132.650294][ T6466] EXT4-fs error (device loop4): ext4_evict_inode:293: comm syz.4.870: couldn't truncate inode 15 (err -117) [ 132.668592][ T6466] EXT4-fs (loop4): Remounting filesystem read-only [ 132.936056][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.942420][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.996176][ T6482] netlink: 12 bytes leftover after parsing attributes in process `syz.4.878'. [ 133.005924][ T6482] bridge_slave_0: default FDB implementation only supports local addresses [ 133.152590][ T5027] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 133.214314][ T4230] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 133.402836][ T5027] usb 2-1: Using ep0 maxpacket: 8 [ 133.459035][ T4230] usb 3-1: Using ep0 maxpacket: 8 [ 133.525218][ T5027] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 133.591404][ T4230] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 133.607132][ T6486] F2FS-fs (loop4): invalid crc value [ 133.641243][ T6486] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 133.712846][ T5027] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 133.732257][ T5027] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.762841][ T4230] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 133.771934][ T4230] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 133.780400][ T5027] usb 2-1: Product: syz [ 133.784837][ T5027] usb 2-1: Manufacturer: syz [ 133.789484][ T5027] usb 2-1: SerialNumber: syz [ 133.802550][ T4230] usb 3-1: Product: syz [ 133.807685][ T4230] usb 3-1: Manufacturer: syz [ 133.810435][ T6486] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 133.812310][ T4230] usb 3-1: SerialNumber: syz [ 133.819518][ T6486] F2FS-fs (loop4): Start checkpoint disabled! [ 133.824998][ T5027] usb 2-1: config 0 descriptor?? [ 133.839603][ T6486] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 133.876138][ T5027] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 133.892222][ T5027] usb 2-1: setting power ON [ 133.906721][ T5027] dvb-usb: bulk message failed: -22 (2/0) [ 133.927137][ T5027] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 133.962874][ T5027] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 133.978167][ T5027] usb 2-1: media controller created [ 134.014484][ T5027] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 134.039506][ T5027] usb 2-1: selecting invalid altsetting 6 [ 134.045964][ T5027] usb 2-1: digital interface selection failed (-22) [ 134.062693][ T5027] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 134.092385][ T6476] dvb-usb: bulk message failed: -22 (3/0) [ 134.113555][ T4230] usb 3-1: Handspring Visor / Palm OS: No valid connect info available [ 134.132104][ T4230] usb 3-1: Handspring Visor / Palm OS: port 110, is for unknown use [ 134.140641][ T4230] usb 3-1: Handspring Visor / Palm OS: port 40, is for unknown use [ 134.149455][ T5027] usb 2-1: setting power OFF [ 134.154907][ T5027] dvb-usb: bulk message failed: -22 (2/0) [ 134.172294][ T4230] usb 3-1: Handspring Visor / Palm OS: Number of ports: 2 [ 134.180084][ T5027] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 134.192683][ T5027] (NULL device *): no alternate interface [ 134.265696][ T5027] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 134.267613][ T6496] set_capacity_and_notify: 3 callbacks suppressed [ 134.267626][ T6496] loop0: detected capacity change from 0 to 2048 [ 134.278524][ T5027] usb 2-1: USB disconnect, device number 7 [ 134.346338][ T4230] visor 3-1:1.0: Handspring Visor / Palm OS converter detected [ 134.372267][ T6496] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 134.424009][ T4230] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 134.481297][ T4230] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 134.501525][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 134.501542][ T26] audit: type=1800 audit(1774066849.498:12): pid=6496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.883" name="file1" dev="loop0" ino=1367 res=0 errno=0 [ 134.558569][ T1347] usb 3-1: USB disconnect, device number 5 [ 134.593082][ T1347] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 134.625555][ T1347] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 134.661088][ T1347] visor 3-1:1.0: device disconnected [ 135.078604][ T6498] loop3: detected capacity change from 0 to 32768 [ 135.107234][ T6512] netlink: 8 bytes leftover after parsing attributes in process `syz.4.891'. [ 135.169100][ T6516] loop2: detected capacity change from 0 to 8 [ 135.226823][ T6498] JBD2: Ignoring recovery information on journal [ 135.334212][ T6516] overlayfs: upper fs is r/o, try multi-lower layers mount [ 135.465069][ T6498] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 135.499265][ T6504] loop1: detected capacity change from 0 to 32768 [ 135.683811][ T6504] XFS (loop1): Mounting V5 Filesystem [ 135.765518][ T4188] ocfs2: Unmounting device (7,3) on (node local) [ 135.881627][ T6504] XFS (loop1): Ending clean mount [ 135.964127][ T6504] XFS (loop1): Quotacheck needed: Please wait. [ 136.085029][ T6504] XFS (loop1): Quotacheck: Done. [ 136.300557][ T6543] loop2: detected capacity change from 0 to 1024 [ 136.309596][ T4195] XFS (loop1): Unmounting Filesystem [ 136.322860][ T6514] loop0: detected capacity change from 0 to 40427 [ 136.427530][ T6514] F2FS-fs (loop0): invalid crc value [ 136.504467][ T6514] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 136.608173][ T6523] loop4: detected capacity change from 0 to 40427 [ 136.704443][ T6523] F2FS-fs (loop4): invalid crc value [ 136.746499][ T6523] F2FS-fs (loop4): Found nat_bits in checkpoint [ 136.757799][ T6514] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 136.829157][ T6514] F2FS-fs (loop0): Start checkpoint disabled! [ 136.872662][ T6514] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 136.951653][ T6523] F2FS-fs (loop4): Start checkpoint disabled! [ 137.002144][ T6523] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 137.216026][ T6548] loop2: detected capacity change from 0 to 8192 [ 137.380968][ T6556] netlink: 8 bytes leftover after parsing attributes in process `syz.1.907'. [ 137.405442][ T156] attempt to access beyond end of device [ 137.405442][ T156] loop4: rw=2049, want=40976, limit=40427 [ 137.480070][ T6541] loop3: detected capacity change from 0 to 32768 [ 137.716199][ T6541] XFS (loop3): Mounting V5 Filesystem [ 137.812077][ T6579] loop1: detected capacity change from 0 to 1024 [ 137.875797][ T6579] EXT4-fs (loop1): Ignoring removed oldalloc option [ 137.932596][ T6579] EXT4-fs (loop1): Ignoring removed bh option [ 137.938334][ T6581] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 137.938744][ T6579] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 137.964669][ T6541] XFS (loop3): Ending clean mount [ 138.080305][ T6579] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,nobarrier,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 138.126963][ T6585] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.215233][ T4188] XFS (loop3): Unmounting Filesystem [ 138.571500][ T6595] netlink: 4 bytes leftover after parsing attributes in process `syz.2.920'. [ 138.713224][ T6599] netlink: 16 bytes leftover after parsing attributes in process `syz.2.921'. [ 139.089451][ T6570] XFS (loop0): Mounting V5 Filesystem [ 139.252767][ T6622] erofs: (device loop1): mounted with root inode @ nid 36. [ 139.271659][ T26] audit: type=1326 audit(1774066854.268:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6626 comm="syz.4.929" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6afd428799 code=0x0 [ 139.367020][ T6570] XFS (loop0): Ending clean mount [ 139.385213][ T6570] XFS (loop0): Quotacheck needed: Please wait. [ 139.567575][ T6570] XFS (loop0): Quotacheck: Done. [ 139.571900][ T6638] set_capacity_and_notify: 3 callbacks suppressed [ 139.571916][ T6638] loop2: detected capacity change from 0 to 128 [ 139.668985][ T6638] FAT-fs (loop2): Directory bread(block 162) failed [ 139.719558][ T6638] FAT-fs (loop2): Directory bread(block 163) failed [ 139.771065][ T4184] XFS (loop0): Unmounting Filesystem [ 139.789870][ T6638] FAT-fs (loop2): Directory bread(block 164) failed [ 139.822073][ T6638] FAT-fs (loop2): Directory bread(block 165) failed [ 139.867011][ T6638] FAT-fs (loop2): Directory bread(block 166) failed [ 139.875743][ T6638] FAT-fs (loop2): Directory bread(block 167) failed [ 139.902872][ T6638] FAT-fs (loop2): Directory bread(block 168) failed [ 139.921223][ T6638] FAT-fs (loop2): Directory bread(block 169) failed [ 139.930288][ T6638] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 139.957242][ T6638] FAT-fs (loop2): Directory bread(block 162) failed [ 140.039530][ T6641] netlink: 'syz.1.936': attribute type 9 has an invalid length. [ 140.040567][ T6638] FAT-fs (loop2): Directory bread(block 163) failed [ 140.112320][ T6641] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.936'. [ 140.116473][ T6638] attempt to access beyond end of device [ 140.116473][ T6638] loop2: rw=3, want=232, limit=128 [ 140.201390][ T6638] attempt to access beyond end of device [ 140.201390][ T6638] loop2: rw=2051, want=234, limit=128 [ 140.231285][ T6643] netlink: 'syz.1.936': attribute type 9 has an invalid length. [ 140.273330][ T6643] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.936'. [ 140.690733][ T6664] loop0: detected capacity change from 0 to 8 [ 140.766088][ T1111] hid-generic 0004:0004:FFFF0001.0005: unknown main item tag 0x0 [ 140.797286][ T1111] hid-generic 0004:0004:FFFF0001.0005: unknown main item tag 0x0 [ 140.809847][ T1111] hid-generic 0004:0004:FFFF0001.0005: unknown main item tag 0x0 [ 140.886980][ T6676] loop4: detected capacity change from 0 to 128 [ 140.910371][ T1111] hid-generic 0004:0004:FFFF0001.0005: hidraw0: HID v0.b3 Device [syz0] on syz1 [ 141.187290][ T6694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.959'. [ 141.254410][ T6696] loop4: detected capacity change from 0 to 2048 [ 141.330652][ T6696] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 141.353375][ T6700] loop3: detected capacity change from 0 to 4096 [ 141.434548][ T6708] loop0: detected capacity change from 0 to 128 [ 141.462526][ T6711] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 141.651918][ T6717] netlink: 'syz.4.967': attribute type 4 has an invalid length. [ 141.725073][ T6717] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.967'. [ 142.065702][ T6730] netlink: 'syz.0.975': attribute type 5 has an invalid length. [ 142.237880][ T6731] fido_id[6731]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 142.530977][ T6749] loop2: detected capacity change from 0 to 256 [ 142.541755][ T6752] netlink: 72 bytes leftover after parsing attributes in process `syz.4.985'. [ 142.672382][ T6749] attempt to access beyond end of device [ 142.672382][ T6749] loop2: rw=0, want=276, limit=256 [ 142.709584][ T6749] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198) [ 142.722599][ T5242] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 142.738402][ T6749] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198) [ 143.252796][ T6770] mkiss: ax0: crc mode is auto. [ 143.312926][ T5242] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 143.331677][ T6766] loop4: detected capacity change from 0 to 4096 [ 143.344563][ T5242] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.374262][ T5242] usb 2-1: Product: syz [ 143.378882][ T5242] usb 2-1: Manufacturer: syz [ 143.392628][ T5242] usb 2-1: SerialNumber: syz [ 143.406088][ T5242] usb 2-1: config 0 descriptor?? [ 143.475538][ T6776] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 143.496892][ T5242] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 143.562953][ T5242] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 143.622926][ T5242] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 143.650697][ T5242] usb 2-1: media controller created [ 143.691399][ T6766] NILFS (loop4): nilfs_palloc_commit_free_entry (ino=6): entry number 14 already freed [ 143.700641][ T6744] dvb-usb: bulk message failed: -22 (7/0) [ 143.713581][ T5242] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 143.788940][ T6780] loop3: detected capacity change from 0 to 8192 [ 143.890525][ T5242] DVB: Unable to find symbol mt352_attach() [ 143.956828][ T6780] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 144.022959][ T6780] REISERFS (device loop3): using ordered data mode [ 144.029746][ T5242] DVB: Unable to find symbol nxt6000_attach() [ 144.042553][ T5242] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 144.053653][ T6780] reiserfs: using flush barriers [ 144.097788][ T6780] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 144.122757][ T6765] loop2: detected capacity change from 0 to 32768 [ 144.131701][ T5242] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input11 [ 144.143330][ T6788] mmap: syz.4.999 (6788): VmData 49217536 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 144.164471][ T5242] dvb-usb: schedule remote query interval to 1000 msecs. [ 144.182973][ T6780] REISERFS (device loop3): checking transaction log (loop3) [ 144.194724][ T5242] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 144.222582][ T5242] dvb-usb: bulk message failed: -22 (7/0) [ 144.240401][ T5242] dvb-usb: bulk message failed: -22 (7/0) [ 144.269902][ T5242] usb 2-1: USB disconnect, device number 8 [ 144.437962][ T5242] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 144.629775][ T6780] REISERFS (device loop3): Using tea hash to sort names [ 144.656200][ T6780] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 144.742375][ T26] audit: type=1800 audit(1774066859.738:14): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.997" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 144.762736][ C0] vkms_vblank_simulate: vblank timer overrun [ 144.937315][ T6798] loop4: detected capacity change from 0 to 256 [ 145.082975][ T6798] FAT-fs (loop4): Directory bread(block 64) failed [ 145.092621][ T6798] FAT-fs (loop4): Directory bread(block 65) failed [ 145.099455][ T6798] FAT-fs (loop4): Directory bread(block 66) failed [ 145.167111][ T6798] FAT-fs (loop4): Directory bread(block 67) failed [ 145.184320][ T6798] FAT-fs (loop4): Directory bread(block 68) failed [ 145.204512][ T6798] FAT-fs (loop4): Directory bread(block 69) failed [ 145.230814][ T6806] loop2: detected capacity change from 0 to 512 [ 145.251600][ T6798] FAT-fs (loop4): Directory bread(block 70) failed [ 145.293124][ T6798] FAT-fs (loop4): Directory bread(block 71) failed [ 145.311656][ T6798] FAT-fs (loop4): Directory bread(block 72) failed [ 145.334579][ T6798] FAT-fs (loop4): Directory bread(block 73) failed [ 145.343483][ T6806] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c198, mo2=0002] [ 145.361876][ T6806] System zones: 1-12 [ 145.398628][ T6806] EXT4-fs error (device loop2): ext4_iget_extra_inode:4566: inode #15: comm syz.2.1009: corrupted in-inode xattr [ 145.525045][ T6806] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1009: couldn't read orphan inode 15 (err -117) [ 145.576470][ T6806] EXT4-fs (loop2): mounted filesystem without journal. Opts: block_validity,minixdf,noblock_validity,lazytime,noauto_da_alloc,block_validity,init_itable=0x000000000000000b,debug,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 145.671890][ T6816] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1012'. [ 145.806515][ T6806] overlayfs: upper fs needs to support d_type. [ 145.842332][ T6794] loop1: detected capacity change from 0 to 40427 [ 145.911253][ T6823] tipc: Started in network mode [ 145.916995][ T6823] tipc: Node identity aaaaaaaaaa41, cluster identity 4711 [ 145.928017][ T4199] EXT4-fs error (device loop2): ext4_iget_extra_inode:4566: inode #15: comm syz-executor: corrupted in-inode xattr [ 145.931117][ T6823] tipc: Enabled bearer , priority 12 [ 145.966419][ T4199] EXT4-fs error (device loop2): ext4_iget_extra_inode:4566: inode #15: comm syz-executor: corrupted in-inode xattr [ 145.979732][ T6794] F2FS-fs (loop1): invalid crc value [ 146.038301][ T6794] F2FS-fs (loop1): Found nat_bits in checkpoint [ 146.193294][ T4199] [ 146.195696][ T4199] ====================================================== [ 146.202742][ T4199] WARNING: possible circular locking dependency detected [ 146.209838][ T4199] syzkaller #0 Not tainted [ 146.214273][ T4199] ------------------------------------------------------ [ 146.221319][ T4199] syz-executor/4199 is trying to acquire lock: [ 146.227495][ T4199] ffff8880780ad120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x142/0x360 [ 146.237976][ T4199] [ 146.237976][ T4199] but task is already holding lock: [ 146.245363][ T4199] ffffffff8d582d28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa4/0x220 [ 146.255062][ T4199] [ 146.255062][ T4199] which lock already depends on the new lock. [ 146.255062][ T4199] [ 146.265489][ T4199] [ 146.265489][ T4199] the existing dependency chain (in reverse order) is: [ 146.274522][ T4199] [ 146.274522][ T4199] -> #2 (hci_cb_list_lock){+.+.}-{3:3}: [ 146.282298][ T4199] __mutex_lock_common+0x1e3/0x2400 [ 146.288146][ T4199] mutex_lock_nested+0x17/0x20 [ 146.293465][ T4199] hci_remote_features_evt+0x5f5/0xa40 [ 146.299481][ T4199] hci_event_packet+0x63a/0x1370 [ 146.304982][ T4199] hci_rx_work+0x255/0xa10 [ 146.309961][ T4199] process_one_work+0x85f/0x1010 [ 146.315758][ T4199] worker_thread+0xaa6/0x1290 [ 146.320983][ T4199] kthread+0x436/0x520 [ 146.325607][ T4199] ret_from_fork+0x1f/0x30 [ 146.330578][ T4199] [ 146.330578][ T4199] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 146.338002][ T4199] __mutex_lock_common+0x1e3/0x2400 [ 146.343749][ T4199] mutex_lock_nested+0x17/0x20 [ 146.349173][ T4199] sco_sock_connect+0x18f/0x910 [ 146.354574][ T4199] __sys_connect+0x3cb/0x450 [ 146.359713][ T4199] __x64_sys_connect+0x76/0x80 [ 146.365159][ T4199] do_syscall_64+0x4c/0xa0 [ 146.370134][ T4199] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 146.376583][ T4199] [ 146.376583][ T4199] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 146.385737][ T4199] __lock_acquire+0x2c42/0x7d10 [ 146.391315][ T4199] lock_acquire+0x19e/0x400 [ 146.396371][ T4199] lock_sock_nested+0x44/0x100 [ 146.401701][ T4199] sco_conn_del+0x142/0x360 [ 146.406762][ T4199] hci_conn_hash_flush+0x107/0x220 [ 146.412592][ T4199] hci_dev_do_close+0x991/0x1030 [ 146.418160][ T4199] hci_unregister_dev+0x2d7/0x580 [ 146.423819][ T4199] vhci_release+0x73/0xc0 [ 146.428690][ T4199] __fput+0x234/0x930 [ 146.433223][ T4199] task_work_run+0x125/0x1a0 [ 146.438356][ T4199] do_exit+0x626/0x20c0 [ 146.443137][ T4199] do_group_exit+0x12e/0x300 [ 146.448264][ T4199] __x64_sys_exit_group+0x3b/0x40 [ 146.453835][ T4199] do_syscall_64+0x4c/0xa0 [ 146.458800][ T4199] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 146.465245][ T4199] [ 146.465245][ T4199] other info that might help us debug this: [ 146.465245][ T4199] [ 146.475501][ T4199] Chain exists of: [ 146.475501][ T4199] sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock [ 146.475501][ T4199] [ 146.489969][ T4199] Possible unsafe locking scenario: [ 146.489969][ T4199] [ 146.497613][ T4199] CPU0 CPU1 [ 146.503091][ T4199] ---- ---- [ 146.508471][ T4199] lock(hci_cb_list_lock); [ 146.512996][ T4199] lock(&hdev->lock); [ 146.519648][ T4199] lock(hci_cb_list_lock); [ 146.526695][ T4199] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 146.532643][ T4199] [ 146.532643][ T4199] *** DEADLOCK *** [ 146.532643][ T4199] [ 146.541413][ T4199] 3 locks held by syz-executor/4199: [ 146.546712][ T4199] #0: ffff888073ff4ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x5f/0x1030 [ 146.556511][ T4199] #1: ffff888073ff4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x3f4/0x1030 [ 146.566041][ T4199] #2: ffffffff8d582d28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa4/0x220 [ 146.576091][ T4199] [ 146.576091][ T4199] stack backtrace: [ 146.581995][ T4199] CPU: 1 PID: 4199 Comm: syz-executor Not tainted syzkaller #0 [ 146.589647][ T4199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.599814][ T4199] Call Trace: [ 146.603117][ T4199] [ 146.606089][ T4199] dump_stack_lvl+0x188/0x250 [ 146.610816][ T4199] ? load_image+0x400/0x400 [ 146.615423][ T4199] ? show_regs_print_info+0x20/0x20 [ 146.620655][ T4199] ? print_circular_bug+0x12b/0x1a0 [ 146.625876][ T4199] check_noncircular+0x296/0x330 [ 146.630840][ T4199] ? add_chain_block+0x940/0x940 [ 146.635242][ T6794] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 146.635875][ T4199] ? lockdep_lock+0xf1/0x1f0 [ 146.635906][ T4199] ? mark_lock+0x94/0x320 [ 146.652370][ T4199] __lock_acquire+0x2c42/0x7d10 [ 146.657275][ T4199] ? verify_lock_unused+0x140/0x140 [ 146.662494][ T4199] ? verify_lock_unused+0x140/0x140 [ 146.667711][ T4199] ? __mutex_trylock_common+0x155/0x260 [ 146.673464][ T4199] ? __mutex_trylock_common+0x155/0x260 [ 146.679121][ T4199] lock_acquire+0x19e/0x400 [ 146.683740][ T4199] ? sco_conn_del+0x142/0x360 [ 146.688450][ T4199] ? sco_conn_del+0x12f/0x360 [ 146.693160][ T4199] ? read_lock_is_recursive+0x10/0x10 [ 146.698562][ T4199] ? __lock_acquire+0x7d10/0x7d10 [ 146.703619][ T4199] ? do_raw_spin_lock+0x128/0x2f0 [ 146.708821][ T4199] lock_sock_nested+0x44/0x100 [ 146.713607][ T4199] ? sco_conn_del+0x142/0x360 [ 146.718307][ T4199] sco_conn_del+0x142/0x360 [ 146.722841][ T4199] ? sco_connect_cfm+0xa60/0xa60 [ 146.727806][ T4199] hci_conn_hash_flush+0x107/0x220 [ 146.732944][ T4199] hci_dev_do_close+0x991/0x1030 [ 146.737917][ T4199] ? blocking_notifier_chain_unregister+0x115/0x210 [ 146.744527][ T4199] hci_unregister_dev+0x2d7/0x580 [ 146.749625][ T4199] vhci_release+0x73/0xc0 [ 146.754295][ T4199] ? vhci_open+0x290/0x290 [ 146.758764][ T4199] __fput+0x234/0x930 [ 146.762783][ T4199] task_work_run+0x125/0x1a0 [ 146.767418][ T4199] do_exit+0x626/0x20c0 [ 146.771593][ T4199] ? put_task_struct+0x80/0x80 [ 146.776374][ T4199] ? lock_chain_count+0x20/0x20 [ 146.781235][ T4199] do_group_exit+0x12e/0x300 [ 146.785837][ T4199] __x64_sys_exit_group+0x3b/0x40 [ 146.790959][ T4199] do_syscall_64+0x4c/0xa0 [ 146.795384][ T4199] ? clear_bhb_loop+0x30/0x80 [ 146.800063][ T4199] ? clear_bhb_loop+0x30/0x80 [ 146.804737][ T4199] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 146.810719][ T4199] RIP: 0033:0x7f5332f7d799 [ 146.815141][ T4199] Code: Unable to access opcode bytes at RIP 0x7f5332f7d76f. [ 146.822786][ T4199] RSP: 002b:00007ffe44a291d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 146.831217][ T4199] RAX: ffffffffffffffda RBX: 00007f5333013075 RCX: 00007f5332f7d799 [ 146.839363][ T4199] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 146.847334][ T4199] RBP: 0000000000000075 R08: 0000000000000000 R09: 00007f5333013050 [ 146.855397][ T4199] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe44a2a490 [ 146.863365][ T4199] R13: 00007f5333013050 R14: 00000000000239b7 R15: 00007ffe44a2b560 [ 146.871342][ T4199] [ 146.884345][ T4195] attempt to access beyond end of device [ 146.884345][ T4195] loop1: rw=2049, want=45104, limit=40427 [ 146.994159][ T5245] tipc: Node number set to 15444650 [ 147.197266][ T144] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.258091][ T144] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.306344][ T144] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.355899][ T144] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.943090][ T144] IPVS: stopping backup sync thread 5418 ... [ 148.093028][ T144] device hsr_slave_0 left promiscuous mode [ 148.099734][ T144] device hsr_slave_1 left promiscuous mode [ 148.114367][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.121793][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.144801][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.152579][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.160314][ T144] device bridge_slave_1 left promiscuous mode [ 148.166738][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.178557][ T144] device bridge_slave_0 left promiscuous mode [ 148.185216][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.196101][ T144] device veth1_macvtap left promiscuous mode [ 148.202683][ T144] device veth0_macvtap left promiscuous mode [ 148.208846][ T144] device veth1_vlan left promiscuous mode [ 148.216317][ T144] device veth0_vlan left promiscuous mode [ 148.419094][ T144] team0 (unregistering): Port device team_slave_1 removed [ 148.440595][ T144] team0 (unregistering): Port device team_slave_0 removed [ 148.456542][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 148.471850][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 148.537042][ T144] bond0 (unregistering): Released all slaves