last executing test programs: 2.705826054s ago: executing program 2 (id=5743): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1000000}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb8}}, 0x0) 2.569984408s ago: executing program 2 (id=5747): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000080)={0x48}) 2.414167043s ago: executing program 2 (id=5750): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1010010, &(0x7f0000000a40)=ANY=[@ANYBLOB="756e695f786c6174653d312c726f6469722c756e695f786c6174653d312c757466383d312c696f636861727365743d64656661756c742c73686f72746e616d653d6c6f7765722c757466383d302c726f6469722c73686f72746e616d653d6d697865642c757466383d312c696f636861727365743d69736f383835392d332c636f6465706167653d3737352c757466383d302c73686f72746e616d653d77696e6e742c636865636b3d72656c617865642c757466383d302c6e6f6e756d7461696c3d302c0031fd002b844b2aaa4820a0d2e307947f6278bbb8f5e89aff03ab9fbbd0839e94f356860eb9c347055e912896996eac98851a210b5906796dcdfa5009005e43fddbb770e5acc11c45a65f053990d67c5028e5671ed90a040d9843c3d066d4dea2b80b70fa1453ab95cacc85d77ea70f36825196cad218d59a3fe24328046096f26c62f8df8203019d568c7eb7c73c37209c"], 0x1, 0x37e, &(0x7f0000001000)="$eJzs3U1oXEUcAPD/5m1204pmb6IgrN4EDW1verFFUigGQWXx4yAuNlXJRiHBYHvoNh4Uj4JHPXlT0IMH8aYIiggePHhVQariQXsrWBzZfW93X/YjTZVEgr8fdHc6M/+Z//vI7svydvLMyVg7Ox/nrly5HAsLlaiefPBkXK1EI7IYuBSTalPqAIDD4WpK8Ueqpp7xtoXpIZUDSAsA2Ef99//nIqIZjbzm1S9265+8+wPAoZf//p+O7NZnxucAES/tS0oAwD4r3v9Hn//ftaO51v9XHfy3WrorAAA4rB578qmHTq1EPNpsLkSsv77V2mrF/aP2U+fihejEahyLxbgWkV8o9B4q/cfTZ1aWjzWbzW783IhWRMwVga38SuFU1o+vx/FYjEYRX1xtpJSy0x+tLB9v9kXEpW5//livbLXm42gx//dHY3V04TEYpP8UcWZl+USzGKC1PojvRmyPblTo5b8Ui/Hts8NhUhrcwbiyfPH4IOlR/FarHmeHe2HmJyAAAAAAAAAAAAAAAAAAAAAAAPCPLDWHGsP1c1LvOV8pZ2lpSnt/fZw8vlgfaDtfHyjVU6T0+yv3tt7IYsf6QOPr82xZSBAAAAAAAAAAAAAAAAAAAACGNs/Xot3prG5snr+wVi50NzbPz0VEr+bFrz74/EhM9rlOoZpPUY8YTtEspr2w1k7ZoHPKIibDs97kg5r3Ph5mXO5TH27F1DTqs5s6nZvv/OntUc0d2WDkv0Z9spi+gVkpjQfGRl6/JU/pRnbUsHCiXFOfmP3TiEilmtfK4RefnhwwKhHVXQ7cw9/MaJqL2ammXuHLy8/fNtj77c9S7u57Fh//4a13f11rd3ozR/8I1jY2r6W1dmXQeQ97oxgu9Q/B6NyoRF6olM+E6kI2e4dv76xpZ9/99sTtb369t4OSyjUv987nsT5ZvjkfjofX8kIvzbGmI6Pw+WIjOqvzU07+6xVu/Ifxwq3vfPJ+Sj/+sucpRuYmXjaKQ9D4ty8/AAAAAAAAAAAAAAAAAABASem74sWXrrt5w/xuUfc9ckDpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCBGP39/1Jh+6aidbJpl8Kf3Zhsqq9ubEbU/uOtBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+7vAAAA///tMFzW") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 2.371263641s ago: executing program 4 (id=5752): syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000940)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x249, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x20, 0x2, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x2, 0x9, {0x9, 0x21, 0xcd, 0xd, 0x1, {0x22, 0xf4c}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x7, 0x6, 0xff}}}}}]}}]}}, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(0xffffffffffffffff, 0xc0385720, 0x0) 2.265525114s ago: executing program 0 (id=5753): r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000000480)={0x8, 0x4, 0x4, 0x1000, &(0x7f0000001280)=""/4096, 0x0, 0x0, 0x0, 0x0}) 2.052779595s ago: executing program 0 (id=5758): r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000400)={0xf0f01f}) 1.843829842s ago: executing program 0 (id=5760): r0 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/87, 0x57}, {0x0}, {0x0, 0x4000}, {&(0x7f0000000300)=""/202, 0xca}], 0x4, 0x0, 0x0) 1.843523965s ago: executing program 2 (id=5762): r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000100)={0xf020000, 0x1, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x1, '\x00', @p_u16=0x0}}) 1.656274525s ago: executing program 2 (id=5765): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000)=0x8081, 0x4) 1.359848641s ago: executing program 2 (id=5769): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMyoxwQ6FjzvPAcGYYPfOFgTsz53M4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA68fZHfMdWXtp1+aFrbM3hPb83P8hhOFkcf/z3rbQFUL4+mXqdFihLXSV+n8zPjNavWrye2//6MPrw8nq6y/+t7huZ0jSgWXHO5M0HRhYff8b1Z3+Z5P9SQhp7EKIYm7kyZlGCKEtdiFE8fPj7MXs9/2/2IUQRe+Hux3Z/W/ELoQotu7+1NPI3/Gon/PNC/3Ln/2tngNreEVnHXp78sq71E2tvZf593+Sb74H62H6xJH3z2MXQTTTMxNHY9cAAAD8Xeda5P9hy+L+/ctJ6Oqs5v7fSvl/d6n/lfP/Jfe23xiZWlMIsa0yNpkdD+5bS58b36m+q7dfN4z31JX8v97k//Um/683+X+9lfP/VlGwqHhjkf+TeSX/r6XHN/fMv4hdBNHI/wEAoH4OHR+baA4OZR//m360V/P6nrxt5nn6g1uTfY+WjRvJD/9th4+NHTg4OJTf9+qA4NL6D+nC2e/5fI9yWxgvzbtotf5D99O52Wvt1b9o/uH8jaK+4rrWfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgF7tzT8MgGIVh9LutiNpoVTRh4SfBBxoYEYAUZjSggwkDMBACChjIOcu9ybO8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzfv8rr4vtLY6TXGpGmssuu/XM8zX7mvh2W99njxq0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPBQAA///Wgss9") syz_mount_image$exfat(0x0, &(0x7f0000000280)='./bus\x00', 0x90c40, 0x0, 0x4, 0x0, &(0x7f0000000000)) 1.269152792s ago: executing program 1 (id=5770): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x5, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x1, @pix_mp={0x80000000, 0x49, 0x50323234, 0x1, 0x0, [{0x5, 0x4}, {0x8, 0xd}, {0x4, 0x80}, {0xfffeffff, 0x8000}, {0x10, 0xe}, {0x4, 0xa00}, {0x4, 0xfffffffb}, {0x1, 0x7}], 0x9, 0x81, 0x4, 0x0, 0x6}}) 1.211959609s ago: executing program 3 (id=5771): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x1008400, &(0x7f0000000a00)=ANY=[@ANYRES32=0x0, @ANYRES64], 0x88, 0x68f, &(0x7f0000000b80)="$eJzs3ctvXFcZAPDvjsdjTyiJmyZtiirFaiRAWCR+yAWzaUAIeVGhqixYW4mTjDJJiz1FToWoeW8rkT+gLLxjgZDYR5QNG9h1O8tKCDZZgFkNuo8Zj+dlOyEeO/39ouNz7j33vL65d+48YjmAz63VuSg/iiRW597aSrebO0v15s7SvXY5IqYiohRRzrNI/tNqtT6JuB55ilfTnUV3ybBxHtZW3vn0cfOzfKtcpOz40qh2h7NdpJiNiIkifzK/7evvxkH9TR/UZ9JZYRqwK+3AwbhNRkQr88+H+Z4f/fWFTk2X6qDWB575wCmQ5PfNPjMRZ4oLPX0dkN8V83v2qbY97gkAAADAMTi3G7uxFWfHPQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4TYq//58UqdQuz0bS/vv/lWJfFOWT5fLRDn/0rOYBAAAAAAAAAMfo8m7sxlacbX+X30qy7/xfzyovZD+/EO/HZqzHRlyNrViLRjRiIxYiYqaro8rWWqOxsdBp2f6fAf0tFwe2XDxgolNFXv1/rRwAAAAAAAAAnis/j9Xs+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxkoiJPMvShXZ5JkrliJiOiEp63HbE39vl0+zRuCcAAAAAT6F1yOPO7cZubMXZTrske8//cva+fzrej/vRiFo0oh7rcTP7LCB/119q7izVmztL99LU3++3/3Wk6WY9Rv7Zw+CRL2VHVONW1LI9V+NGvBtJcjNKWcvUpfZ8Bs/rZ+mckjdzk6Om0xW9m0WervyjIu/z4ZEWO8wRP0yZySIy2YnIfDG3NBovjo7EER+d3pEWotSZ7IWekXoWsS/mbx5yvDNFnq7n18NiPha9kVjsOvteHh3ziK/86fc/vFO/f/fOrc25k7Okw2l/KJhfGdX+SCx1ReKV5zkSfeazSFzsbK/G9+IHMRez8XZsRC1+HGvRiPWYje9mpbXifE66Lvkhkbq+b+vtveK/S4NmUinO0PxZdP+c4oA5vZ61PRu1+H68GzdjPd7I/i3GQnwjlmM5Vroe4YvNnQfn8uLQZ9rSkKu+9cWBYbzy1aJQjYjfFHnmdnlgg+OTxvXFrrh2P+fOZHXde/aidP4I96N2lP4weirlLxWFdIxfFPnJ0BuJha5IvDQ6Er/LnlY26/fvbtxZe+9ww53/qCik19GvTtRdIj1fzqcPVra1/+xI614q6iaztBevSvGNS96u1Fd3sVOXX6nbQ6/USvEarr+nxazulYF1S1ndpa663tdb9c7roefhyx+A59aZr52pVP9R/Vv14+ovq3eqb01/Z+qbU69VYvIvk98qz098ufRa8sf4OH669/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4cpsPPri7Vq+vb/QUWq3Wh0OqTnNholj2MQ766gsR41pyJSJORuT/22q1ij3JSZjP6EIrNRWtJ2z+54g43MHliBhUdXn8QRjzExPwzF1r3Hvv2uaDD75eu7d2e/32+v2V5eWV+ZXlN5au3arV1+fzn+OeJfAs7N30j9hw4hlNCAAAAAAAAAAAADjQcfw6wfDRp49zqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAptToX5UeRxML81fl0u7mzVE9Tu7x3ZDkiShGR/CQi+STieuQpZrq6S4aN87C28s6nj5uf7fVVbh9fGtVuoFLvju0ixWxETBT5U9jX342n6C9bZLa6fIVpwK60Awfj9r8AAAD//xxPBPk=") listxattr(&(0x7f0000000200)='./file1\x00', 0x0, 0x34) 1.100305577s ago: executing program 1 (id=5772): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x1, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x2b20d, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TRUST={0xc, 0x9, {0x7, 0x4}}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x41}, 0x0) 992.813059ms ago: executing program 3 (id=5773): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000011dc0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff0008000340000000385ca600000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000080003800400008028a60380b0040080f8000280c5000100deca2180070ac64ec8f5a2659a16bbe309d6cdb2901162004ce7b8c4f9790d4e3e21e632b95e3b08816b94d78f01c5acd24b316cb44646a10783dba8e1f6112500d78f07a884c4ac8e7b7873b6bfd469a25191d06572dcb49110a8740fa4347c0caa5ec34e46cc08cbc1c87953d9ce18572a67c9b633bd88b627ad0abc3097cf7be9e5934cdb0b1503e49ca050dd96d8a2ce4259d779a2ed8970d47f4b5ba33eb49a60b64a8ebca2494459066391a443934fb98b28e9e8f3122129cd4c38c06bab0000002c000280080003400000000408000180fffffffc08000340000000010800034000000003080001803af7fba40c0004400000000000008000b40201801400028008000180ffffffff0800034000000002b30001006a095b646e5d537d2ca00efac281ab52f4c6426c3cbe1f8b532e2783420c9a876df4c25002471be388cccd3d216031981099f586d24a041ed3b494b42187cb576d58ee8f20028e3e8f967e2e07b09f491ae4af3b76700c3697dcbf79ede88ea24753ebe0aa2d6230ab6f62a9193bf33b7a9f93c8243f3ef41ff18b4dcdd1d45237c2aacbef1447f4e3141635ffc34fab72cb34abe53efe60f1635179b946b0073fe7731de80d19aa2863af6c8887fb00100002800900020073797a3000000000fb0001000571817091b90349205e14620ba83dcda8d30bb4aa0ce25c3925cc6ac845237158614a272239cec1da6f717a8e2daf5be591af81bd7ab11c5bd3bc25994629ee6abb4674d65c7e5d462c03c3a97d4ca7f8bf5d25c428c339dd6505fa8b141b1f2f1ce79fb32c031fed8d289a298ec7dd0c55b3a1842ecc699bea92931b06170397332655d88fa817b7afe416950008408f51e6663ccd41e9c0f8edd187af724576d81ba95b0ec2a179eade22608170c336833e6411e181bd6ad92f330f3794b466f13973fc6b75d10e5991ce40dfdd7a4962dbf727d79a730a4229e11f00c18bc8fe4b9a4d030fa5c8162421d92fe1f3bac36f7f4299d10004000100b5000100a5fae45de15accdb47b74dbf397751cd25af455463ff6becd10554ed97d40b65b0f83e5b9be8610eb45dda664d3fa5990a93cebf62985f9f0a979df2ccf3e9b28cb61fa4c8df80de76acbfa57fe8c5afd2d4dce11ccae31ba322d64b0d79ea073edda2943ebd81b5a72655ff9cb355eca71fa53e7a6ab3fd40846817e6a36ce68caddeab0088b8057a5004547be6f2359afd510cccd10455a56c058db8aa98ad4ad49921be156106e894095bc43a3d1a880000002000028008000340000000010900020073797a320000000008000180fffffffe040001800c00054000000000000000090c0005400000000000000002090009"], 0xa6f0}, 0x1, 0x0, 0x0, 0x1}, 0x0) 875.932853ms ago: executing program 1 (id=5774): r0 = socket(0x40000000015, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2719, &(0x7f0000000580)=""/102393, &(0x7f0000000400)=0x18ff9) 834.376703ms ago: executing program 0 (id=5775): r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x2) 783.663979ms ago: executing program 4 (id=5776): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x7b}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10002}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 700.532018ms ago: executing program 1 (id=5777): r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') read(r0, &(0x7f0000001180)=""/4096, 0x1000) 696.53259ms ago: executing program 3 (id=5778): write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000080)={0xb, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0x1, 0x9, 0x4, 0xd, 0x6, 0x7ff, "1b"}}, 0x119) syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x2}, 0x7a) 601.381335ms ago: executing program 4 (id=5779): r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_buf(r0, 0x1, 0xf, 0x0, &(0x7f0000000140)) 583.539575ms ago: executing program 1 (id=5780): syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x80c406, &(0x7f0000000540)=ANY=[@ANYBLOB='dots,dots,dmask=000000000200000,nodots,discard,nfs=nostale_ro,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ffffffff303030303031373737373737373756c0f39fdb37372c004c0f1208ec0c34b7df4ba1c1e6b76697434db8574db9bcaef6a61a12c3f260bebc7ac5b1b11361119b83f1cf9f686b715b8e58fd37cea6623dc422c2ddbcefe94e5c255b5e8c90613e6b598b3b7a2c05de53dab7"], 0x1, 0x291, &(0x7f0000000280)="$eJzs3M9r034YwPGn6dZ0+7Ifpy/oxQe96CXMelQPVTYQC0q3inoQMpZpaG1HErQVwZw97e8YHr0J4j+w/8LbEGSnnYyszbKs+4Wza2f7fkHJkzz5tE8SUp5PId16uv66uupbq3YgRl7FEAllR2RWXNmTiZe5dpxLtsvdgoRyY+7N9sfFZ88fFkul+bLqQnHpVkFVp698ffv+09VvwX9PPk+bpmzOvtj6Wfi++f/mpa1fS69cX11f641AbV1uNAJ7ueboiutXLdXHNcf2HXXrvuMdyK/WGmtrLbXrK1OTa57j+2rXW2pIS4OG5uOq6mpZlk5N7sZ5GSG5Px5R2SiX7eK5FIMLw/OKdlZEJg7dDZWNwVQEAAAG6fj+30j22ev/je7+X+SU/v9DvNf0l573/1lJ+v+q0+7/A6+l9kvbTff/ONHZ+n/jfIrB38iEqZV7B1KeV5w4ehD9PwAAAAAAAAAAAAAAAAAAAAAA/4KdKJqJomhmd2mISBSvmyKSTa0fMXSknq0fVunrH6VeZnyBT7j+GAKpB/fyIj/CZqVZybSXnfzCg9L8nLalHvzbbjYr2SR/s5PXg/lxmYzzhSPzObl+rZPfzd1/VErn15uVCVk5sfKwV6cAAAAAAIChZ2liNtmYl2R+b1lqSne+PX/vROH+7wNd8/sxuTzWv+MAAAAAAADH81vvqnat5nj9CbJ9/KwzByJnG347MntSRlZETtmnvCgy+BN1KDDlQpQxzMGdnr1hlBHpbBmPvwy67gIAAAAAw2V/PjDoSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF39+OuyQR8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFH8DgAA//8sg70h") mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0) 581.901532ms ago: executing program 0 (id=5781): syz_mount_image$exfat(&(0x7f0000006c00), &(0x7f0000000200)='./file0\x00', 0x208008de, &(0x7f00000004c0)=ANY=[], 0x80, 0x1503, &(0x7f0000000580)="$eJzs3AuYj1XXMPC99t43Y5L+TXIY9trr5p8G2yRJDgk5JEmSJDklJCZJEhJDTklDEnKcJIchJIdpTBrn8yHnpMkjTZKE5BT2d+np/Tzv0/O+fe9X3+e93lm/69qXvdz/tf7rnjXX3Pf9v66Z73uOqtu8Xq2mRCT+FPj7P8lCiBghxDAhxA1CiEAIUTGuYtyV4/kUJP+5N2F/rUfTrnUH7Fri+eduPP/cjeefu/H8czeef+7G88/deP65G8+fsdxs+5yiN/LKvYs//8/N+Pr/P0hOuclfbyx3c6//QgrPP3fj+eduPP/cjeefu/H8czee//98Nf+TYzz/3I3nz1hudq0/f+Z1bde1/v5jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZY7nPNXaSHEv+2vdV+MMcYYY4wxxhj76/i817oDxhhjjDHGGGOM/b8HQgoltAhEHpFXxIh8IlZcJ/KL60UBcYOIiBtFnLhJFBQ3i0KisCgiiop4UUwUF0agsIJEKEqIkiIqbhGlxK0iQZQWZURZ4UQ5kShuE+XF7aKCuENUFHeKSuIuUVlUEVVFNXG3qC7uETVETVFL3Ctqizqirqgn7hP1xf2igXhANBQPikbiIdFYPCyaiEdEU/GoaCYeE83F46KFeEK0FK1Ea9FGtP2/yn9Z9BWviH6iv0gWA8RA8aoYJAaLIWKoGCZeE8PF62KEeEOkiJFilHhTjBZviTHibTFWjBPjxTtigpgoJonJYoqYKlLFu2KaeE9MF++LGWKmmCVmizQxR8wVH4h5Yr5YID4UC8VHYpFYLJaIpSJdfCwyxDKRKT4Ry8WnIkusECvFKrFarBFrxTqxXmwQG8UmsVlsEVvFNrFdfCZ2iJ1il9gt9oi9Yp/4XOwXX4gD4kuRLb76L+af/af8XiBAgAQJGjTkgTwQAzEQC7GQH/JDASgAEYhAHMRBQSgIhaAQFIEiEA/xUByKAwICAUEJKAFRiEIpKAUJkABloAw4cJAIiVAebocKUAEqQkWoBJWgMlSBKlANqkF1qA41oAbUglpQG2pDXagL98F9cD80gAbQEBpCI2gEjaExNIEm0BSaQjNoBs2hObSAFtASWkJraA1toS20g3bQHtpDR+gInaATdIbOkARJ0BW6QjfoBt2hO/SAHtATekIv6A294WV4GV6BV6A/1JYDYCAMhEEwCIbAUBgKr8FweB1ehzcgBUbCKHgT3oS3YAycgbEwDsbDeKguJ8IkmAwkp0IqpMI0mAbTYTrMgJkwE2ZDGsyBuTAX5sF8mA8fwkL4CD6CxbAYlkI6pEMGLINMyITlcBayYAWshFWwGtbAalgH62EdbIRNsBG2wBbYBtvgM/gMdsJO2A27YS/shc/hc/gCvoAUyIZsOAgH4RAcgsNwGHIgB47AETgKR+EYHIPjcBxOwEk4BSfhNJyGM3AWzsE5uAAX4CK8GP9ts72lN6QIeYWWWuaReWSMjJGxMlbml/llAVlARmRExsk4WVAWlIVkIVlEFpHxMl4Wl8UlSpQkQ1lClogRQshSspRMkAmyjCwjnXQyUSbK8rK8rCAryIryTllJ3iUryyqyg6smq8nqsqOrIWvKWrKWrC3ryLqynqwn68v6soFsIBvKhrKRbCQby4dlEzkAhsCj8spkmsuR0EKOgpaylWwt28i34EnZTo6B9rKD7CifluNgLHSW7VySfFZ2lZOgm3xeToYXZA85FXrKl2Qv2Vv2kS/LvrK96yf7yxkwQA6Us2GQHCyHyKFyHtSRVyZWV74hU+RIOUq+KZfCW3KMfFuOlePkePmOnCAnyklyspwip8pU+a6cJt+T0+X7coacKWfJ2TJNzpFz5QdynpwvF8gP5UL5kVwkF8slcqlMlx/LDLlMZspP5HL5qcySK+RKuUqulmvkWrlOrpcb5Ea5SW6WW+RWuU1ul5/JHXKn3CV3yz1yr9wnP5f75RfygPxSZsuv5EH5N3lIfi0Py29kjvxWHpHfyaPye3lM/iCPyx/lCXlSnpI/ydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaDyqLwqRuVTseo6lV9drwqoG1RE3aji1E2qoLpZFVKFVRFVVMWrYqq4MgqVVaRCVUKVVFF1iyqlblUJqrQqo8oqp8qpRHWbKq9uVxXUHaqiulNVUnepyqqKqqqqqbtVdXWPqqFqqlrqXlVb1VF1VT11n6qv7lcN1AOqoXpQNVIPqcbqYdVEPaKaqkdVM/WYaq4eVy3UE6qlaqVaqzaqrXpStVNPqfaqg+qonlad1DOqs+qiktSzqqt6TnVTz6vu6gXVQ72oeqqXVC/VW/VRl9Rl5VU/1V8lqwFqoHpVDVKD1RA1VA1Tr6nh6nU1Qr2hUtRINUq9qUart9QY9bYaq8ap8eodNUFNVJPUZDVFTVWp6l01Tb2npqv31Qw1U81Ss1WamqOG/FZpwT/lD/jtqvuP+e/9i/wRv777NrVdfaZ2qJ1ql9qt9qi9ap/ap/ar/eqAOqCyVbY6qA6qQ+qQOqwOqxyVo46oI+qoOqqOqWPquDquTqiT6rz6SZ1WP6sz6qw6q86rC+qCuvjb10Bo0FIrrXWg8+i8Okbn07H6Op1fX68L6Bt0RN+o4/RNuqC+WRfShXURXVTH62K6uDYatdWkQ11Cl9RRfYsupW/VCbq0LqPLaqfL6UR925/O/6P+2uq2up1up9vr9rqj7qg76U66s+6sk3SS7qq76m66m+6uu+seuofuqXvqXrqX7qP76L66r+6n++lknawH6lf1ID1YD9FD9TD9mh6uh+sReoRO0Sl6lB6lR+vReoweo8fqsXq8Hq8n6Al6kp6kp+gpOlWn6ml6mp6up+sZeoaepWfpNJ2m5+q5ep6epxfoBXqhXqgX6UV6iV6i03W6ztAZOlNn6uV6uc7SK/QKvUqv0mv0Gr1Or9Mb9Aa9SW/SW/QWnaW36+16h96hd+ldeo/eo/fpfXq/3q8P6AM6W2frg/qgPqQP6cP6sM7ROfqIPqKP6qP6mD424Lg+rk/oE/qUPqVP69P6jD6jz+lz+oK+oC/qi/qyvnzlti+QgQx0oIM8QZ4gJogJYoPYIH+QPygQFAgiQSSIC+KCgsHNQaGgcFAkKBrEB8WC4oEJMLABBWFQIigZRINbglLBrUFCUDooE5QNXFAuSAxuC8oHtwcVgjuCisGdQaXgrqByUCWoGlQL7g6qB/cENYKaQa3g3qB2UCeoG9QL7gvqB/cHDYIHgobBg0Gj4KGgcfBw0CR4JGgaPBo0Cx4LmgePBy2CJ4KWQaugddAmaPuX1vf+TOGnXD/T3ySbAWagedUMMoPNEDPUDDOvmeHmdTPCvGFSzEgzyrxpRpu3zBjzthlrxpnx5h0zwUw0k8xkM8VMNanmXTPNvGemm/fNDDPTzDKzTZqZY+aaD8w8M98sMB+aheYjs8gsNkvMUpNuPjYZZpnJNJ+Y5eZTk2VWmJVmlVlt1py/UQiz3mwwG80ms9lsMVvNNrPdfGZ2mJ1ml9lt9pi9Zp/53Ow3X5gD5kuTbb4yB83fzCHztTlsvjE55ltzxHxnjprvzTHzgzlufjQnzElzyvxkTpufzRlz1pwz580F84u5aC6Zy8Zfubm/cnlHjRrzYB6MwRiMxVjMj/mxABbACEYwDuOwIBbEQlgIi2ARjMd4LI7F8QpCwhJYAqMYxVJYChMwActgGXToMBETsTyWxwpYAStiRayElbAyVsaqWBXvxrvxHrwHa2JNvBfvxTpYB+thPayP9bEBNsCG2BAbYSNsjI2xCTbBptgUm2EzbI7NsQW2wJbYEltja2yLbbEdtsP22B47YkfshJ2wM3bGJEzCrtgVu2E37I7dsQf2wJ7YE3thL+yDfbAv9sV+2A+TMRkH4kAchINwCA7BYTgMh+NwHIEjMAVTcBSOwtE4GsfgGByL43A8voMTcCJOwsk4BadiKqbiNJyG03E6zsAZOAtnYRqm4Vyci/NwHi7ABbgQF+IiXIRLcAmmYzpmYAZmYiYux+WYhVm4ElfialyNa3Etrsf1uBE34mbcjFtxK27H7bgDd+Au3IV7cA/uw324H/fjATyA2ZiNB/EgHsJDeBgPYw7m4BE8gkfxKB7DY3gcj+MJPIGn8BSextN4Bs/gOTyHF/AXvIiX8DJ6jLFSxNrrbH57vS1gb7AxNp/9x7iILWrjbTFb3BpbyBb+dzFaaxNsaVvGlrXOlrOJ9rbfxZVtFVvVVrN32+r2Hlvjd3F9e79tYB+wDe2Dtp6977c4769xI/uQbWwft03sE7apbWWb2Ta2uX3ctrBP2Ja2lW1t29hO9hnb2XaxSfZZ29U+97s4wy6z6+0Gu9FusvvtF/acPW+P2u/tBfuL7Wf722H2NTvcvm5H2Ddsih35u3i8fcdOsBPtJDvZTrFTfxfPsrNtmp1j59oP7Dw7/3dxuv3YLrSZdpFdbJfYpb/GV3rKtJ/Y5fZTm2VX2JV2lV1t19i1dt3/7nWV3WK32m12n/3c7rA77S672+6xe3+Nr5zHAfulzbZf2SP2O3vIfm0P22M2x377a3zl/I7ZH+xx+6M9YU/aU/Yne9r+bM/Ys7+e/5Vz/8lespett4KAJCnSFFAeyksxlI9i6TrKT9dTAbqBInQjxdFNVJBupkJUmIpQUYqnYlScDCFZIgqpBJWkKN1CpehWSqDSVIbKkqNylEi3UXm6nSrQHVSR7qRKdBdVpipUlarR3VSd7qEaVJNq0b1Um+pQXapH91F9up8a0APUkB6kRvQQNaaHqQk9Qk3pUWpGj1Fzepxa0BPUklpRa2pDbelJakdPUXvqQB3paepEz1Bn6kJJ9Cx1peeoGz1P3ekF6kEvUk96iXpRb+pDL1NfeoX6UX9KpgE0kF6lQTSYhtBQGkav0XB6nUbQG5RCI2kUvUmj6S0aQ2/TWBpH4+kdmkATaRJNpik0lVLpXTqb3qXIlXu9GTSTZtFsSqM5NJc+oHk0nxbQh7SQPqJFtJiW0FJKp48pg5ZRJn1Cy+lTyqIVtJJW0WpaQ2tpHa2nDbSRNtFm2kJbaRttp89oB+2kXbSb9tBe2kef0376gg7Ql5RNX9FB+hsdoq/pMH1DOfQtHaHv6Ch9T8foBzpOP9IJOkmn6Cc6TT/TGTpL5+g8XaBf6CJdosvkSYQQylCFOgzCPGHeMCbMF8aG14X5w+vDAuENYSS8MYwLbwoLhjeHhcLCYZGwaBgfFguLhybE0IYUhmGJsGQYDW8JS4W3hglh6bBMWDZ0YbkwMbwtLB/eHlYI7wgrhneGlcK7wsphlfDxB6uFd4fVw3vCGmHNsFZ4b1g7rBPWDeuF94X1w/vDBuEDYcPwwbBC+FDYOHw4bBI+EjYNHw2bhY+FzcPHwxbhE2HLsFXYOmwTtg2fDNuFT4Xtww5hx/DpsFP4TNg57BImhc+GXcPn/vB4cjggHBi+Gr4aev+AWhJdGk2PfhzNiC6LZkY/iS6PfhrNiq6Iroyuiq6Oromuja6Lro9uiG6Mbopujm6Jbo1ui3pfL69w4KRTTrvA5XF5XYzL52LddS6/u94VcDe4iLvRxbmbXEF3syvkCrsirqiLd8VccWccOuvIha6EK+mi7hZXyt3qElxpV8aVdc6Vc4mujWvr2rp27inX3nVwHd3T7mn3jHvGdXFd3LOuq3vOdXPPu+7uBdfDvehedC+5Xq636+Nedn3dK66f6++SXbIb6Aa6QW6QG+KGuGFumBvuhrsRboRLcSlulBvlRrvRbowb48a6sW68G+8muAlukpvkprgpLtWlumlumpvuprsZboab5Wa5NJfm5rq5bp6b5xa4BW5hwkK3yC1yS9wSl+7SXYbLcJku0y13y12Wy3Ir3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt8vtcnvcHrfP7XP73X53wB1w2S7bHXQH3SF3yB1237gc96074r5zR9337pj7wR13P7oT7qQ75X5yp93P7ow768658+6C+8VddJfcZeddauTdyLTIe5HpkfcjMyIzI7MisyNpkTmRuZEPIvMi8yMLIh9GFkY+iiyKLI4siSyNpEc+jmRElkUyI59Elkc+jWRFVkRWRlZFVkfWRLwvtiP0JXxJH/W3+FL+Vp/gS/syvqx3vpxP9Lf58v52X8Hf4Sv6O30lf5ev7Kv4qv4J39K38q19G9/WP+nb+ad8e9/Bd/RP+07+Gd/Zd/FJ/lnf1T/nu/nnfXf/gu/hX/Q9/Uu+l+/t+/iXfV//iu/n+/tkP8AP9K/6QX6wH+KH+mH+NT/cv+5H+Dd8ih/pR/k3/Wj/lh/j3/Zj/Tg/3r/jJ/iJfpKf7Kf4qT7Vv+un+ff8dP++n+Fn+ll+tk/zc/xc/4Gf5+f7Bf5Dv9B/5Bf5xX6JX+rT/cc+wy/zmf4Tv9x/6rP8Cr/Sr/Kr/Rq/1q/z6/0Gv9Fv8pv9Fr/Vb/Pb/Wd+h9/pd/ndfo/f6/f5z/1+/4U/4L/02f4rf9D/zR/yX/vD/huf47/1R/x3/qj/3h/zP/jj/kd/wp/0p/xP/rT/2Z/xZ/05f95f8L/4i/6Sv8y/s8YYY4wx9n9E/cHxAf/i/+Rv64qBQojrdxbN+eeamwv9fT9YxneKCCGe7d/z0X9btWsnJyf/9tosJYKSi4UQkav5ecTVeIXoKJ4RSaKDKP8v+xsse1+gP6gfvVOI2KuVfxUr/rn+7f9B/SefHp9RKTwX95/UXyxEQsmrOfnE1fhq/Qr/Qf3C7f6g/3xfpwrR/h9y8our8dX6ieIp8ZxI+nevZIwxxhhjjDHG/m6wrNr9j56frzyfx+urOXnF1fiPns8ZY4wxxhhjjDF27b3Qu0+XJ5OSOnTnzZ/Y1Pjv0QZvePOXba71TybGGGOMMcbYX+3qTf+17oQxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMu9/n/8ObFrfY6MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYtfa/AgAA///mJjhh") mount$nfs4(&(0x7f0000000040)='.>**', &(0x7f00000000c0)='./file0\x00', 0x0, 0x10090ce, 0x0) 528.423431ms ago: executing program 3 (id=5782): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, 0x0, &(0x7f0000000040)) 407.361682ms ago: executing program 3 (id=5783): r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x181241) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000002080)={0x9, 0x4, {}, {}, 0x93b2, 0x2}) 374.041082ms ago: executing program 4 (id=5784): pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) execveat(r0, &(0x7f0000000400)='\x00', 0x0, 0x0, 0x1000) 292.176996ms ago: executing program 1 (id=5785): syz_mount_image$cramfs(&(0x7f0000000100), &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000140)=ANY=[], 0xfa, 0x154, &(0x7f00000001c0)="$eJzskL9rGmEAhp9Pzx8ttVqw0BZaCh0qFut5YrcOGiJxMAcJLpkCeiGCRlEIbvkxZ8gf4JAsmcQhZMyQmMlEIZi/wy0QyGL47k4hY/bvWe7ueV/eu/uW/49jRMCLw1Kj3mxZ7bZV+blmFvPr5xeXH6UPAEG7UW+2ZLni9K+ysC2vGkwPHH0T8gA162+5Uav4gSzEgJwGVH3oON330kWDbFVrVsp1sV8w+IztjLmTG65Lu+6bBrmw4/RnmJ3Cb7n3icXeI9Dp+tw/S8TPvnuz7gOd7p9+73Z1NCwk4j+sIyP/1T6BkiXfJWT+kBwm7pP93mQ8mu2ZRXOcNox/aT2l65mJeTcqZPaP0VY+7MKGeL3nlxslOBTQFdCz8+m1CAGDkyczGA5E34FnJwLCTYSd1IX7fU5S3vzimxsWNwqFQqFQKBQKhUKhULyVlwAAAP//qYZcdg==") renameat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0xffffffffffffff9c, 0x0, 0x0) 254.819342ms ago: executing program 0 (id=5786): r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r0, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x6}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time}], 0x70) 200.277225ms ago: executing program 4 (id=5787): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x20, 0x25, 0x301, 0x70bd2d, 0x25dfdbfb, {0x15}, [@nested={0xc, 0x131, 0x0, 0x1, [@typed={0x8, 0x2a, 0x0, 0x0, @fd}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x61559bf62741f655}, 0x3e59cdaa2f3e420c) 118.206611ms ago: executing program 3 (id=5788): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) 0s ago: executing program 4 (id=5789): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x10, {{@in6=@remote, @in6=@private1, 0x0, 0x0, 0x4e21, 0xfffc, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xfffffffffffffffe}, {0x1, 0x0, 0x80, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@remote, 0x0, 0xff}, 0x0, @in=@local, 0x1, 0x3}]}]}, 0xfc}}, 0x44) kernel console output (not intermixed with test programs): d-cd80a5b93e5d [ 486.919198][ T5915] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 486.933862][T15823] BTRFS info (device loop2): using crc32c checksum algorithm [ 486.943287][T15825] BTRFS info (device loop3): using sha256 checksum algorithm [ 486.951406][T15825] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 486.970430][T15823] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 487.095095][T15835] loop4: detected capacity change from 0 to 32768 [ 487.102991][ T5915] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 487.113150][ T5915] usb 2-1: config 1 has no interface number 0 [ 487.124810][T15823] BTRFS info (device loop2): rebuilding free space tree [ 487.132250][ T5915] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 487.134298][T15825] BTRFS info (device loop3): rebuilding free space tree [ 487.165042][ T5915] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 487.192338][ T5915] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 487.209570][T15823] BTRFS info (device loop2): disabling free space tree [ 487.225600][ T5915] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 487.236959][T15823] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 487.244924][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.259798][ T5915] usb 2-1: Product: syz [ 487.264426][ T5915] usb 2-1: Manufacturer: syz [ 487.269344][ T5915] usb 2-1: SerialNumber: syz [ 487.271720][T15835] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 487.282800][T15823] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 487.295589][T15843] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 487.304064][T15825] BTRFS info (device loop3): disabling free space tree [ 487.328854][T15823] BTRFS info (device loop2): checking UUID tree [ 487.343384][T15825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 487.355403][T15823] BTRFS info (device loop2): setting nodatasum [ 487.388044][T15823] BTRFS info (device loop2): setting nodatacow [ 487.416182][T15825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 487.434700][T15823] BTRFS info (device loop2): enabling ssd optimizations [ 487.458219][T15835] XFS (loop4): Ending clean mount [ 487.479889][T15823] BTRFS info (device loop2): using spread ssd allocation scheme [ 487.497497][T15825] BTRFS info (device loop3): enabling ssd optimizations [ 487.519035][T15843] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 487.529826][T15825] BTRFS info (device loop3): enabling disk space caching [ 487.536924][T15825] BTRFS info (device loop3): force clearing of disk cache [ 487.537033][ T5915] usb 2-1: No status endpoint found [ 487.556454][T15823] BTRFS info (device loop2): disabling tree log [ 487.562775][T15823] BTRFS info (device loop2): enabling disk space caching [ 487.584394][T15825] BTRFS info (device loop3): enabling auto defrag [ 487.601891][T15825] BTRFS info (device loop3): max_inline set to 0 [ 487.616245][T15823] BTRFS info (device loop2): force clearing of disk cache [ 487.701020][ T5828] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 487.749669][ T5914] usb 2-1: USB disconnect, device number 75 [ 487.762144][ T5820] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 488.052298][ T5821] BTRFS info (device loop2): last unmount of filesystem 9e369013-5955-4c99-8f42-84b11f7f4a9b [ 488.814582][ T5914] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 488.991985][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 489.017204][ T5914] usb 4-1: config 2 has an invalid interface number: 88 but max is 0 [ 489.056476][ T5914] usb 4-1: config 2 has no interface number 0 [ 489.084985][ T5914] usb 4-1: config 2 interface 88 has no altsetting 0 [ 489.107865][ T5914] usb 4-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 489.129193][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.149210][ T5914] usb 4-1: Product: syz [ 489.172328][ T5914] usb 4-1: Manufacturer: syz [ 489.183762][ T5914] usb 4-1: SerialNumber: syz [ 489.197931][T15923] SET target dimension over the limit! [ 489.367239][T15901] loop4: detected capacity change from 0 to 32768 [ 489.391208][T15901] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4289 (15901) [ 489.444721][T15901] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 489.472954][T15901] BTRFS info (device loop4): using sha256 checksum algorithm [ 489.612165][ T5914] asix 4-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 489.626439][ T29] audit: type=1400 audit(3917539619.607:55): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=15932 comm="syz.0.4308" [ 489.709359][ T5914] asix 4-1:2.88: probe with driver asix failed with error -71 [ 489.737262][ T5914] usb 4-1: USB disconnect, device number 85 [ 489.847958][T15901] BTRFS info (device loop4): rebuilding free space tree [ 489.938256][T15901] BTRFS info (device loop4): disabling free space tree [ 489.966786][T15901] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 490.001663][T15954] netlink: 'syz.2.4312': attribute type 15 has an invalid length. [ 490.007699][T15901] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 490.067370][T15901] BTRFS info (device loop4): enabling ssd optimizations [ 490.103229][T15901] BTRFS info (device loop4): turning on async discard [ 490.128451][T15901] BTRFS info (device loop4): force clearing of disk cache [ 490.135651][T15901] BTRFS info (device loop4): enabling auto defrag [ 490.165475][T15957] netlink: 'syz.0.4313': attribute type 2 has an invalid length. [ 490.194088][T15901] BTRFS info (device loop4): max_inline set to 4096 [ 490.430881][T15959] loop2: detected capacity change from 0 to 4096 [ 490.439089][ T5828] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 490.503393][T15959] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 490.834417][T15946] loop1: detected capacity change from 0 to 32768 [ 490.923086][T15946] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 490.992098][T15980] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4322'. [ 491.031346][T15984] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 491.069043][T15946] XFS (loop1): Ending clean mount [ 491.112776][T15946] XFS (loop1): Quotacheck needed: Please wait. [ 491.272922][T15946] XFS (loop1): Quotacheck: Done. [ 491.531875][ T5819] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 491.554346][T16001] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 491.992126][T16017] cgroup: Unexpected value for 'nofavordynmods' [ 492.173476][T16023] loop0: detected capacity change from 0 to 1024 [ 492.431781][T16035] netdevsim netdevsim0: Firmware load for './file0/file0/..' refused, path contains '..' component [ 493.106328][T16067] syz_tun: entered promiscuous mode [ 493.244952][T16073] program syz.4.4368 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 493.439048][T16081] loop4: detected capacity change from 0 to 128 [ 493.573209][T16081] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 493.604195][T16081] ext4 filesystem being mounted at /807/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 493.686044][T16096] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4377'. [ 493.695797][ T5828] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 493.941560][ T29] audit: type=1326 audit(3917539624.231:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16104 comm="syz.4.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 494.003033][ T29] audit: type=1326 audit(3917539624.231:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16104 comm="syz.4.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 494.082077][T16108] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4382'. [ 494.099610][ T29] audit: type=1326 audit(3917539624.263:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16104 comm="syz.4.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 494.192272][ T29] audit: type=1326 audit(3917539624.263:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16104 comm="syz.4.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 494.231282][ T29] audit: type=1326 audit(3917539624.263:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16104 comm="syz.4.4376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 494.377585][T16121] comedi comedi0: adq12b: I/O port conflict (0xffffffffffffffff,16) [ 494.415149][T16123] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4388'. [ 494.499966][T16129] netlink: 'syz.4.4392': attribute type 5 has an invalid length. [ 494.658188][T16135] netlink: 'syz.0.4395': attribute type 1 has an invalid length. [ 494.665993][T16135] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4395'. [ 495.044331][ T5915] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 495.213990][ T5915] usb 3-1: Using ep0 maxpacket: 16 [ 495.266276][ T5915] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 495.282730][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.294501][ T5915] usb 3-1: Product: syz [ 495.298847][ T5915] usb 3-1: Manufacturer: syz [ 495.313156][ T5915] usb 3-1: SerialNumber: syz [ 495.331468][ T5915] usb 3-1: config 0 descriptor?? [ 495.348041][ T5915] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 495.386200][ T9] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 495.590058][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 495.633910][ T9] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 495.660623][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.688299][ T9] usb 5-1: Product: syz [ 495.700686][ T9] usb 5-1: Manufacturer: syz [ 495.709295][ T9] usb 5-1: SerialNumber: syz [ 495.719143][ T5915] usb 3-1: clie_3_5_startup: get interface number failed: -71 [ 495.738417][ T9] r8152-cfgselector 5-1: Unknown version 0x0000 [ 495.748411][ T5915] visor 3-1:0.0: probe with driver visor failed with error -71 [ 495.767292][ T9] r8152-cfgselector 5-1: config 0 descriptor?? [ 495.788547][ T5915] usb 3-1: USB disconnect, device number 83 [ 495.865517][T16186] netdevsim0: mtu less than device minimum [ 496.172328][ T5915] r8152-cfgselector 5-1: USB disconnect, device number 85 [ 496.687136][T16225] netlink: 'syz.0.4440': attribute type 10 has an invalid length. [ 496.714644][T16225] macvlan0: entered promiscuous mode [ 496.746773][T16225] macvlan0: entered allmulticast mode [ 496.759617][T16230] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4443'. [ 496.788644][T16225] veth1_vlan: entered allmulticast mode [ 496.832396][T16225] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 496.878802][T16228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 496.905148][T16228] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 496.924798][T16228] bond0: (slave gre0): Error -95 calling set_mac_address [ 496.943640][T16230] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4443'. [ 496.944210][T16231] loop2: detected capacity change from 0 to 8192 [ 496.979793][T16230] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4443'. [ 497.020152][T16231] vfat filesystem being mounted at /941/file1 supports timestamps until 2107-12-31 (0x10391447e) [ 497.225979][T16241] loop0: detected capacity change from 0 to 1764 [ 497.339411][T16246] loop1: detected capacity change from 0 to 8 [ 497.424725][T16246] SQUASHFS error: Failed to read block 0x6e6: -5 [ 497.471594][T16246] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 497.498877][T16246] SQUASHFS error: Unable to read directory block [631:26] [ 498.121025][T16270] loop0: detected capacity change from 0 to 4096 [ 498.163024][T16270] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512). [ 498.297642][T16270] ntfs3: Couldn't remount rw because journal is not replayed. Please umount/remount instead [ 498.297642][T16270] [ 498.322238][T16281] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 498.403482][T16284] loop2: detected capacity change from 0 to 1024 [ 498.798976][T16297] nbd: must specify a device to reconfigure [ 500.005635][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff88804b5f4000 (11)(erspan0) start [ 500.070714][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff88804b5f4000 (4)(erspan0) end [ 500.139037][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (17)(bond_slave_1) cookie=ffff88804b5f4000 (4)(erspan0) start [ 500.203408][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff88804b5f4000 (4)(erspan0) end [ 500.268118][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff88806983e000 (4)(gretap0) start [ 500.294404][T16312] loop0: detected capacity change from 0 to 32768 [ 500.331596][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff88806983e000 (3)(gretap0) end [ 500.349137][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff88806983e000 (3)(gretap0) start [ 500.367076][ T12] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff88806983e000 (3)(gretap0) end [ 500.394561][T16312] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 500.560920][T16368] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4494'. [ 500.733076][T16312] XFS (loop0): Ending clean mount [ 500.772245][T16312] XFS (loop0): Quotacheck needed: Please wait. [ 501.073373][T16312] XFS (loop0): Quotacheck: Done. [ 501.087075][T16389] program syz.1.4500 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 501.104642][T16389] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 501.289313][ T5823] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 501.453168][T16400] loop1: detected capacity change from 0 to 256 [ 501.501781][T16400] vfat filesystem being mounted at /929/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 502.247981][T16396] loop4: detected capacity change from 0 to 32768 [ 502.252368][T16419] loop1: detected capacity change from 0 to 256 [ 502.293141][T16396] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4502 (16396) [ 502.354211][T16419] FAT-fs (loop1): Directory bread(block 64) failed [ 502.373675][T16396] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 502.395344][T16419] FAT-fs (loop1): Directory bread(block 65) failed [ 502.402063][T16419] FAT-fs (loop1): Directory bread(block 66) failed [ 502.431935][T16396] BTRFS info (device loop4): using sha256 checksum algorithm [ 502.471375][T16419] FAT-fs (loop1): Directory bread(block 67) failed [ 502.525626][T16419] FAT-fs (loop1): Directory bread(block 68) failed [ 502.532238][T16419] FAT-fs (loop1): Directory bread(block 69) failed [ 502.640225][T16419] FAT-fs (loop1): Directory bread(block 70) failed [ 502.672255][T16396] BTRFS info (device loop4): enabling ssd optimizations [ 502.695690][T16419] FAT-fs (loop1): Directory bread(block 71) failed [ 502.716938][T16396] BTRFS info (device loop4): turning on async discard [ 502.728819][T16446] loop0: detected capacity change from 0 to 64 [ 502.735339][T16419] FAT-fs (loop1): Directory bread(block 72) failed [ 502.748462][T16396] BTRFS info (device loop4): enabling free space tree [ 502.755536][T16419] FAT-fs (loop1): Directory bread(block 73) failed [ 502.826361][T16446] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. [ 502.888466][T16419] vfat filesystem being mounted at /932/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 502.927068][T16446] hfs: filesystem is marked locked, mounting read-only. [ 502.954308][T16450] MTD: Couldn't look up '': -22 [ 503.156372][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 503.163597][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.327257][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 503.433633][T16465] loop2: detected capacity change from 0 to 16 [ 503.440886][T16457] loop3: detected capacity change from 0 to 4096 [ 503.464228][T16465] erofs (device loop2): DAX unsupported by block device. Turning off DAX. [ 503.510356][T16467] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 503.550647][T16465] erofs (device loop2): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk! [ 503.574574][T16465] erofs (device loop2): mounted with root inode @ nid 36. [ 503.678294][T16465] syz.2.4529: attempt to access beyond end of device [ 503.678294][T16465] loop2: rw=0, sector=131157, nr_sectors = 1 limit=16 [ 503.746425][T16465] syz.2.4529: attempt to access beyond end of device [ 503.746425][T16465] loop2: rw=0, sector=46, nr_sectors = 1 limit=16 [ 503.765407][T16465] erofs (device loop2): read error -5 @ 0 of nid 36 [ 504.072594][T16478] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 504.138355][T16482] loop4: detected capacity change from 0 to 512 [ 504.179348][T16484] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4537'. [ 504.187162][T16482] EXT4-fs: Ignoring removed nobh option [ 504.279152][T16482] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 504.300964][T16482] ext4 filesystem being mounted at /834/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 504.428795][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.694604][T16504] loop3: detected capacity change from 0 to 2048 [ 504.787133][T16504] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 505.371668][T16536] netlink: 'syz.1.4560': attribute type 10 has an invalid length. [ 505.406001][T16536] veth1_macvtap: left promiscuous mode [ 505.820951][T16554] loop1: detected capacity change from 0 to 512 [ 505.838488][T16554] EXT4-fs: Ignoring removed orlov option [ 505.885921][T16554] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 505.915251][T16554] EXT4-fs (loop1): orphan cleanup on readonly fs [ 505.938070][T16554] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.4569: bg 0: block 248: padding at end of block bitmap is not set [ 506.017846][ T29] audit: type=1326 audit(3917539637.181:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16556 comm="syz.3.4571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 506.040635][T16554] loop1: lost filesystem error report for type 5 error -117 [ 506.041329][T16554] Quota error (device loop1): write_blk: dquota write failed [ 506.048737][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 506.048760][ C1] EXT4-fs (loop1): last error at time 3917539637: ext4_validate_block_bitmap:441 [ 506.074547][ T29] audit: type=1326 audit(3917539637.224:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16556 comm="syz.3.4571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 506.100255][T16554] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 506.122523][ T29] audit: type=1326 audit(3917539637.256:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16556 comm="syz.3.4571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 506.154546][T16554] EXT4-fs error (device loop1): ext4_acquire_dquot:7006: comm syz.1.4569: Failed to acquire dquot type 1 [ 506.168318][T16554] loop1: lost filesystem error report for type 5 error -117 [ 506.170152][T16554] EXT4-fs (loop1): 1 truncate cleaned up [ 506.203416][T16523] loop0: detected capacity change from 0 to 40427 [ 506.257222][T16554] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 506.278930][ T29] audit: type=1326 audit(3917539637.470:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16556 comm="syz.3.4571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 506.304743][T16523] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 506.322342][T16523] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 506.346707][T16523] F2FS-fs (loop0): build fault injection rate: 17008 [ 506.361073][T16554] EXT4-fs: Ignoring removed orlov option [ 506.367735][ T29] audit: type=1326 audit(3917539637.470:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16556 comm="syz.3.4571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 506.387551][T16523] F2FS-fs (loop0): invalid crc value [ 506.400390][T16554] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 506.455533][T16554] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 506.530042][T16554] EXT4-fs error (device loop1): __ext4_remount:6809: comm syz.1.4569: Abort forced by user [ 506.580375][T16554] EXT4-fs (loop1): Remounting filesystem read-only [ 506.617286][T16554] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 506.663487][T16554] ext4 filesystem being remounted at /942/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 506.730292][T16523] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 506.760367][T16523] F2FS-fs (loop0): Start checkpoint disabled! [ 506.786244][T16576] No control pipe specified [ 506.814911][ T5819] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.871171][T16523] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 506.880136][T16575] bond2: down delay (262144) is not a multiple of miimon (5), value rounded to 262140 ms [ 506.928081][T16523] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 506.973297][T16523] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 507.072042][T16586] netlink: 144 bytes leftover after parsing attributes in process `syz.1.4579'. [ 507.091532][T16588] netlink: 'syz.4.4582': attribute type 1 has an invalid length. [ 507.184586][ T35] kworker/u8:2: attempt to access beyond end of device [ 507.184586][ T35] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 507.231159][ T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 507.231191][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 507.231206][ T35] Workqueue: writeback wb_workfn (flush-7:0) [ 507.231245][ T35] Call Trace: [ 507.231254][ T35] [ 507.231264][ T35] dump_stack_lvl+0xe8/0x150 [ 507.231299][ T35] f2fs_handle_critical_error+0x37c/0x540 [ 507.231336][ T35] f2fs_write_end_io+0xcdb/0xff0 [ 507.231390][ T35] __submit_merged_bio+0x256/0x700 [ 507.231426][ T35] __submit_merged_write_cond+0x3c3/0x4e0 [ 507.231464][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 507.231519][ T35] f2fs_write_data_pages+0x2970/0x35e0 [ 507.231546][ T35] ? unwind_next_frame+0xa5/0x23c0 [ 507.231574][ T35] ? lock_release+0x4b/0x3d0 [ 507.231646][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 507.231693][ T35] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 507.231767][ T35] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 507.231851][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 507.231883][ T35] do_writepages+0x32e/0x550 [ 507.231922][ T35] ? reacquire_held_locks+0x104/0x190 [ 507.231954][ T35] ? writeback_sb_inodes+0x43d/0x19a0 [ 507.231987][ T35] __writeback_single_inode+0x133/0x11a0 [ 507.232023][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 507.232049][ T35] writeback_sb_inodes+0x944/0x19a0 [ 507.232104][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 507.232128][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 507.232199][ T35] ? rcu_is_watching+0x15/0xb0 [ 507.232241][ T35] wb_writeback+0x456/0xb70 [ 507.232271][ T35] ? queue_io+0x1f1/0x4a0 [ 507.232309][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 507.232332][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 507.232377][ T35] wb_workfn+0x414/0xf50 [ 507.232402][ T35] ? look_up_lock_class+0x57/0x110 [ 507.232445][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 507.232473][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 507.232499][ T35] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 507.232551][ T35] ? process_one_work+0x87c/0x1650 [ 507.232579][ T35] process_one_work+0x949/0x1650 [ 507.232637][ T35] ? __pfx_process_one_work+0x10/0x10 [ 507.232662][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 507.232707][ T35] worker_thread+0xb46/0x1140 [ 507.232750][ T35] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 507.232793][ T35] kthread+0x388/0x470 [ 507.232816][ T35] ? __pfx_worker_thread+0x10/0x10 [ 507.232842][ T35] ? __pfx_kthread+0x10/0x10 [ 507.232867][ T35] ret_from_fork+0x51e/0xb90 [ 507.232900][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 507.232928][ T35] ? __switch_to+0xc7d/0x1450 [ 507.232959][ T35] ? __pfx_kthread+0x10/0x10 [ 507.232984][ T35] ret_from_fork_asm+0x1a/0x30 [ 507.233047][ T35] [ 507.509634][T16593] lo: entered promiscuous mode [ 507.517005][T16593] netlink: 1 bytes leftover after parsing attributes in process `syz.4.4583'. [ 507.531164][T16594] loop1: detected capacity change from 0 to 512 [ 507.553935][ T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 507.709368][T16594] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 507.773031][T16594] ext4 filesystem being mounted at /944/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 507.822200][T16611] loop2: detected capacity change from 0 to 512 [ 507.907426][T16611] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 507.986142][ T5819] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 508.018771][T16611] EXT4-fs warning (device loop2): dx_probe:837: inode #2: comm syz.2.4593: Unimplemented hash flags: 0x0001 [ 508.098863][T16611] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.4593: Corrupt directory, running e2fsck is recommended [ 508.159530][T16618] loop3: detected capacity change from 0 to 16 [ 508.222298][T16618] erofs (device loop3): mounted with root inode @ nid 36. [ 508.251792][T16618] erofs (device loop3): inline data across blocks @ nid 86 [ 508.313119][T16618] erofs (device loop3): inline data across blocks @ nid 86 [ 508.326621][ T29] audit: type=1800 audit(3917539639.670:66): pid=16618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4597" name="file1" dev="loop3" ino=86 res=0 errno=0 [ 508.550908][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 508.746099][T16626] xt_CT: You must specify a L4 protocol and not use inversions on it [ 508.762325][T16630] loop2: detected capacity change from 0 to 512 [ 508.793219][T16630] EXT4-fs (loop2): Test dummy encryption mode enabled [ 508.801856][T16630] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 508.829616][T16630] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.4599: bad orphan inode 131083 [ 508.870929][T16630] loop2: lost filesystem error report for type 5 error -117 [ 508.884949][T16630] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 509.144046][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 509.154903][T16640] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4606'. [ 509.157793][T16641] loop0: detected capacity change from 0 to 128 [ 509.165279][T16620] loop1: detected capacity change from 0 to 32768 [ 509.212734][T16641] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 509.246831][T16641] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 509.272529][T16620] jfs filesystem being mounted at /945/file0 supports timestamps until 2106-02-07 (0xffffffff) [ 509.465858][T16641] EXT4-fs (loop0): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 509.638358][ T5823] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 509.794072][T16662] loop4: detected capacity change from 0 to 2048 [ 509.870472][T16667] loop0: detected capacity change from 0 to 1024 [ 509.906570][ T7459] loop4: p1 < > p4 [ 509.940104][ T7459] loop4: p4 start 42180 is beyond EOD, truncated [ 509.987628][T16670] overlayfs: unescaped trailing colons in lowerdir mount option. [ 510.002348][T16662] loop4: p1 < > p4 [ 510.033076][T16662] loop4: p4 start 42180 is beyond EOD, truncated [ 510.048571][ T1005] hfsplus: b-tree write err: -5, ino 4 [ 510.211235][T16676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4623'. [ 510.309922][ T6161] udevd[6161]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 510.446550][T16684] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 510.512057][ T5955] udevd[5955]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 510.512363][T16684] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 510.592731][T16694] xt_hashlimit: size too large, truncated to 1048576 [ 510.776636][T16702] loop0: detected capacity change from 0 to 128 [ 510.821173][T16702] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 510.849425][T16702] vfat filesystem being mounted at /945/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2107-12-31 (0x10391447e) [ 511.083449][ T1005] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 511.420211][T16728] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4649'. [ 511.770462][T16704] loop3: detected capacity change from 0 to 32768 [ 511.825759][T16704] jfs filesystem being mounted at /887/file1 supports timestamps until 2106-02-07 (0xffffffff) [ 512.032265][T16751] netlink: 'syz.0.4660': attribute type 1 has an invalid length. [ 512.233360][T16758] loop0: detected capacity change from 0 to 256 [ 512.250041][T16758] exfat: Deprecated parameter 'utf8' [ 512.255437][T16758] exfat: Deprecated parameter 'utf8' [ 512.287260][T16758] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 512.365708][T16758] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 512.415247][T16758] exfat filesystem being mounted at /951/file0 supports timestamps until 2107-12-31 (0x10391447f) [ 512.491608][T16770] loop2: detected capacity change from 0 to 128 [ 512.555460][T16770] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 512.593760][T16770] ext4 filesystem being mounted at /998/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 512.734231][ T5821] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 513.225005][ T5897] usb 1-1: new full-speed USB device number 87 using dummy_hcd [ 513.415207][ T5897] usb 1-1: config 0 has an invalid interface number: 110 but max is 0 [ 513.433446][ T5897] usb 1-1: config 0 has no interface number 0 [ 513.458178][ T5897] usb 1-1: config 0 interface 110 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0 [ 513.484602][ T5897] usb 1-1: config 0 interface 110 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 513.508307][ T5897] usb 1-1: config 0 interface 110 has no altsetting 0 [ 513.525762][ T5897] usb 1-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55 [ 513.543810][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.560578][ T5897] usb 1-1: Product: syz [ 513.569320][ T5897] usb 1-1: Manufacturer: syz [ 513.598670][ T5897] usb 1-1: SerialNumber: syz [ 513.625032][ T5897] usb 1-1: config 0 descriptor?? [ 513.877685][T16829] loop4: detected capacity change from 0 to 256 [ 513.918589][T16829] vfat filesystem being mounted at /876/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 514.037361][T16835] tmpfs: Group quota block hardlimit too large. [ 514.067409][ T3173] usb 1-1: USB disconnect, device number 87 [ 514.327821][T16846] loop2: detected capacity change from 0 to 1024 [ 514.460381][ T29] audit: type=1326 audit(3917539646.247:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16851 comm="syz.3.4710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 514.523349][ T29] audit: type=1326 audit(3917539646.247:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16851 comm="syz.3.4710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 514.634691][ T29] audit: type=1326 audit(3917539646.290:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16851 comm="syz.3.4710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 514.703871][T16860] loop3: detected capacity change from 0 to 512 [ 514.712727][ T29] audit: type=1326 audit(3917539646.290:70): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=16851 comm="syz.3.4710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 514.794647][ T29] audit: type=1326 audit(3917539646.290:71): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=16851 comm="syz.3.4710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa416d9aeb9 code=0x7ffc0000 [ 514.867580][T16860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 514.940613][T16860] ext4 filesystem being mounted at /896/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 515.068564][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.363107][T16888] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 515.752607][ T29] audit: type=1326 audit(3917539647.631:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16907 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c59aeb9 code=0x7ffc0000 [ 515.851600][ T29] audit: type=1326 audit(3917539647.631:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16907 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c59aeb9 code=0x7ffc0000 [ 515.933096][ T29] audit: type=1326 audit(3917539647.631:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16907 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7fbb5c59aeb9 code=0x7ffc0000 [ 516.058705][ T29] audit: type=1326 audit(3917539647.631:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16907 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c59aeb9 code=0x7ffc0000 [ 516.120750][ T29] audit: type=1326 audit(3917539647.631:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16907 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c59aeb9 code=0x7ffc0000 [ 516.296885][T16928] loop0: detected capacity change from 0 to 4096 [ 516.349517][T16928] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 516.398864][T16936] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 516.414807][T16928] ntfs3(loop0): It is recommended to use chkdsk. [ 516.871681][T16946] loop2: detected capacity change from 0 to 4096 [ 516.900541][T16954] loop1: detected capacity change from 0 to 164 [ 516.907089][T16946] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 516.948316][T16954] Unable to read rock-ridge attributes [ 516.990808][T16954] Unable to read rock-ridge attributes [ 517.033591][T16954] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 517.061789][T16946] ntfs3(loop2): ino=1a, mi_enum_attr [ 517.102761][T16946] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 517.233991][T16964] loop3: detected capacity change from 0 to 256 [ 517.337435][T16964] FAT-fs (loop3): Directory bread(block 64) failed [ 517.344048][T16964] FAT-fs (loop3): Directory bread(block 65) failed [ 517.402723][T16964] FAT-fs (loop3): Directory bread(block 66) failed [ 517.432722][T16964] FAT-fs (loop3): Directory bread(block 67) failed [ 517.484856][T16964] FAT-fs (loop3): Directory bread(block 68) failed [ 517.491487][T16964] FAT-fs (loop3): Directory bread(block 69) failed [ 517.533404][T16964] FAT-fs (loop3): Directory bread(block 70) failed [ 517.550854][T16964] FAT-fs (loop3): Directory bread(block 71) failed [ 517.557721][T16964] FAT-fs (loop3): Directory bread(block 72) failed [ 517.596165][T16964] FAT-fs (loop3): Directory bread(block 73) failed [ 517.663873][T16964] vfat filesystem being mounted at /906/bus supports timestamps until 2107-12-31 (0x10391447e) [ 518.090864][T16988] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 518.126524][T16988] batadv_slave_0: entered promiscuous mode [ 518.160324][T16988] batadv_slave_0: entered allmulticast mode [ 518.286253][T16962] loop0: detected capacity change from 0 to 32768 [ 518.324246][T16962] BTRFS info: device /dev/loop0 (7:0) using temp-fsid e0d579ab-3285-4dc3-942b-115ab7c4248a [ 518.372076][T16962] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4764 (16962) [ 518.456631][T17000] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4782'. [ 518.471310][T16962] BTRFS info (device loop0 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 518.512712][T16962] BTRFS info (device loop0 state S): using crc32c checksum algorithm [ 518.558351][T17000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4782'. [ 518.586310][ T12] BTRFS warning (device loop0 state ES): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0xf6479a7e level 0, ignored [ 518.670531][ T12] BTRFS warning (device loop0 state ES): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xbeadaddc level 0, ignored [ 518.718468][ T1336] BTRFS warning (device loop0 state ES): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x32c165c1 level 0, ignored [ 518.797344][ T1336] BTRFS warning (device loop0 state ES): checksum verify failed on logical 5328896 mirror 1 wanted 0x51ec978b found 0x0bc7de37 level 0, ignored [ 518.852486][T16962] BTRFS error (device loop0 state ES): logical 6881280 len 1638400 found bg but no related chunk [ 518.870980][T17024] loop1: detected capacity change from 0 to 164 [ 518.898265][T17028] netlink: 'syz.2.4788': attribute type 4 has an invalid length. [ 518.913879][T17024] Unable to read rock-ridge attributes [ 518.929623][T16962] BTRFS info (device loop0 state ES): enabling ssd optimizations [ 518.967648][T16962] BTRFS info (device loop0 state ES): turning on async discard [ 518.975319][T16962] BTRFS info (device loop0 state ES): force clearing of disk cache [ 519.025302][T16962] BTRFS info (device loop0 state ES): ignoring bad roots [ 519.046423][T16962] BTRFS info (device loop0 state ES): ignoring meta csums [ 519.210922][T17039] loop1: detected capacity change from 0 to 256 [ 519.276908][T17039] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 519.300933][T17039] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 519.340606][ T5823] BTRFS info (device loop0 state ES): last unmount of filesystem e0d579ab-3285-4dc3-942b-115ab7c4248a [ 519.382775][T17039] exfat filesystem being mounted at /992/file0 supports timestamps until 2107-12-31 (0x10391447f) [ 519.674380][T17051] netlink: 'syz.1.4802': attribute type 8 has an invalid length. [ 519.778529][ T5897] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 519.975262][ T5897] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 519.989428][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.026876][ T5897] usb 3-1: Product: syz [ 520.048000][ T5897] usb 3-1: Manufacturer: syz [ 520.052700][ T5897] usb 3-1: SerialNumber: syz [ 520.114574][ T5897] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 520.145640][ T5898] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 520.236943][T17072] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvtap0, syncid = 2, id = 0 [ 520.539063][ T3173] usb 3-1: USB disconnect, device number 84 [ 520.596911][T17084] libceph: resolve '0..' (ret=-3): failed [ 520.661200][T17088] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4817'. [ 520.708736][T17088] openvswitch: netlink: Missing key (keys=40, expected=80) [ 520.756210][T17091] openvswitch: netlink: Unexpected mask (mask=200840, allowed=10048) [ 520.916463][T17101] netlink: 'syz.4.4826': attribute type 2 has an invalid length. [ 520.942200][T17099] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4824'. [ 521.123261][ T5898] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 521.156422][ T5898] ath9k_htc: Failed to initialize the device [ 521.158728][T17110] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4829'. [ 521.192004][ T3173] usb 3-1: ath9k_htc: USB layer deinitialized [ 521.717014][T17136] openvswitch: netlink: Unknown key attributes 2 [ 522.021939][T17152] netlink: 'syz.0.4850': attribute type 9 has an invalid length. [ 522.269789][T17164] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 522.697130][T17188] loop4: detected capacity change from 0 to 512 [ 522.721348][T17188] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 522.732143][ T5897] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 522.763084][T17188] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 522.782579][T17188] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 522.796079][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 522.796106][ C1] EXT4-fs (loop4): initial error at time 3917539655: ext4_mb_generate_buddy:1315 [ 522.796155][ C1] EXT4-fs (loop4): last error at time 3917539655: ext4_mb_generate_buddy:1315 [ 522.823503][T17188] EXT4-fs (loop4): 1 truncate cleaned up [ 522.836626][T17188] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 522.921516][ T5897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 522.937639][ T5897] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 522.950572][ T5897] usb 2-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 522.961975][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.975025][ T5897] usb 2-1: config 0 descriptor?? [ 522.987113][ T5897] gspca_main: spca501-2.14.0 probing 0000:0000 [ 523.051217][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.190818][ T5915] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 523.366176][ T5915] usb 3-1: Using ep0 maxpacket: 16 [ 523.375874][ T5897] gspca_spca501: reg write: error -71 [ 523.392265][ T5897] spca501 2-1:0.0: Reg write failed for 0x02,0xa048,0x00 [ 523.408454][ T5915] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 523.413873][T17212] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 523.421711][ T5897] spca501 2-1:0.0: probe with driver spca501 failed with error -22 [ 523.433267][ T5915] usb 3-1: config 0 has no interface number 0 [ 523.452890][ T5915] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 523.475068][ T5897] usb 2-1: USB disconnect, device number 76 [ 523.479635][T17212] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 523.485491][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.519948][ T5915] usb 3-1: Product: syz [ 523.536535][ T5915] usb 3-1: Manufacturer: syz [ 523.541262][ T5915] usb 3-1: SerialNumber: syz [ 523.561925][ T5915] usb 3-1: config 0 descriptor?? [ 523.572687][ T5915] hub 3-1:0.132: bad descriptor, ignoring hub [ 523.582564][ T5915] hub 3-1:0.132: probe with driver hub failed with error -5 [ 523.600089][ T5915] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input37 [ 524.059709][ T5897] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 524.168138][ T9] usb 1-1: new full-speed USB device number 88 using dummy_hcd [ 524.213755][ T5897] usb 5-1: Using ep0 maxpacket: 8 [ 524.229442][ T5897] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0 [ 524.249411][ T5897] usb 5-1: config 0 interface 0 has no altsetting 0 [ 524.265767][ T5897] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 524.281181][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.289809][ T5897] usb 5-1: Product: syz [ 524.294403][ T5897] usb 5-1: Manufacturer: syz [ 524.300951][ T5897] usb 5-1: SerialNumber: syz [ 524.310340][ T5897] usb 5-1: config 0 descriptor?? [ 524.339231][ T5897] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 found [ 524.350199][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 524.365180][ T9] usb 1-1: not running at top speed; connect to a high speed hub [ 524.382803][ T9] usb 1-1: config 3 has an invalid interface number: 106 but max is 0 [ 524.399927][ T9] usb 1-1: config 3 has no interface number 0 [ 524.407045][ T9] usb 1-1: config 3 interface 106 altsetting 10 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 524.437089][ T9] usb 1-1: config 3 interface 106 altsetting 10 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 524.474153][ T9] usb 1-1: config 3 interface 106 has no altsetting 0 [ 524.498825][ T9] usb 1-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a [ 524.517532][ T5897] snd_usb_toneport 5-1:0.0: cannot get proper max packet size [ 524.529630][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.553187][ T9] usb 1-1: Product: syz [ 524.564365][ T5897] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected [ 524.573268][ T9] usb 1-1: Manufacturer: syz [ 524.597700][ T5897] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 524.607490][ T9] usb 1-1: SerialNumber: syz [ 524.631450][T17228] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 524.653011][T17228] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 524.714602][ T3173] usb 5-1: USB disconnect, device number 86 [ 524.829198][ T5958] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 524.888077][ T9] kobil_sct 1-1:3.106: KOBIL USB smart card terminal converter detected [ 524.916204][ T9] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 524.948909][ T9] usb 1-1: USB disconnect, device number 88 [ 524.983947][ T9] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 525.000169][ T5958] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 525.009959][ T9] kobil_sct 1-1:3.106: device disconnected [ 525.028350][ T5958] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 525.048523][ T5958] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 525.074010][ T5958] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 525.087400][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.095851][ T5958] usb 2-1: Product: syz [ 525.101477][ T5958] usb 2-1: Manufacturer: syz [ 525.107759][ T5958] usb 2-1: SerialNumber: syz [ 525.229842][ T6054] usb 3-1: reset high-speed USB device number 85 using dummy_hcd [ 525.263833][ T6054] usb 3-1: device reset changed ep0 maxpacket size! [ 525.288034][ T5915] usb 3-1: USB disconnect, device number 85 [ 525.366108][ T5958] usb 2-1: 0:2 : does not exist [ 525.465340][ T5915] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 525.470162][ T5958] usb 2-1: USB disconnect, device number 77 [ 525.523073][ T5955] udevd[5955]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 525.565705][ T3173] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 525.654456][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 525.685257][ T5915] usb 3-1: unable to get BOS descriptor or descriptor too short [ 525.696480][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 525.714445][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 525.717799][T17280] loop3: detected capacity change from 0 to 512 [ 525.733238][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 525.743006][ T3173] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 525.757669][ T3173] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 525.761537][ T5915] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 525.769528][ T3173] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 525.799642][ T3173] usb 5-1: config 220 has no interface number 2 [ 525.810617][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 525.821203][ T5915] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 525.833195][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.841943][ T3173] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 525.856655][ T5915] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 525.856690][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.856711][ T5915] usb 3-1: Product: syz [ 525.856727][ T5915] usb 3-1: Manufacturer: syz [ 525.856744][ T5915] usb 3-1: SerialNumber: syz [ 525.895296][T17280] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #3: comm syz.3.4914: corrupted inode contents [ 525.904386][ T5915] usb 3-1: config 0 descriptor?? [ 525.919266][T17266] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 525.935247][ T5915] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 525.944907][T17280] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 525.947309][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 525.962972][ C0] EXT4-fs (loop3): initial error at time 3917539658: ext4_do_update_inode:5596: inode 3 [ 525.972806][ C0] EXT4-fs (loop3): last error at time 3917539658: ext4_do_update_inode:5596: inode 3 [ 525.987641][ T3173] usb 5-1: config 220 interface 0 has no altsetting 0 [ 525.995619][ T3173] usb 5-1: config 220 interface 76 has no altsetting 0 [ 526.002534][ T3173] usb 5-1: config 220 interface 1 has no altsetting 0 [ 526.022346][T17280] EXT4-fs error (device loop3): ext4_dirty_inode:6477: inode #3: comm syz.3.4914: mark_inode_dirty error [ 526.034136][T17280] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 526.041366][T17280] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #3: comm syz.3.4914: corrupted inode contents [ 526.062855][ T3173] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 526.072172][ T3173] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.080503][ T3173] usb 5-1: Product: syz [ 526.084841][ T3173] usb 5-1: Manufacturer: syz [ 526.090424][ T3173] usb 5-1: SerialNumber: syz [ 526.096225][T17280] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 526.102848][T17280] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #3: comm syz.3.4914: mark_inode_dirty error [ 526.165705][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 526.165726][ T29] audit: type=1326 audit(3917539658.810:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.1.4915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 526.176700][T17280] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 526.236411][T17280] Quota error (device loop3): write_blk: dquota write failed [ 526.253454][ T29] audit: type=1326 audit(3917539658.843:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.1.4915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 526.274459][T17280] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 526.296291][T17280] EXT4-fs error (device loop3): ext4_acquire_dquot:7006: comm syz.3.4914: Failed to acquire dquot type 0 [ 526.321847][T17280] loop3: lost filesystem error report for type 5 error -117 [ 526.334867][ T29] audit: type=1326 audit(3917539658.843:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.1.4915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 526.347592][T17280] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.4914: corrupted inode contents [ 526.380891][ T29] audit: type=1326 audit(3917539658.843:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.1.4915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 526.409400][ T3173] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 526.429151][ T3173] uvcvideo 5-1:220.0: No valid video chain found. [ 526.438834][ T3173] usb 5-1: selecting invalid altsetting 0 [ 526.448456][ T29] audit: type=1326 audit(3917539658.843:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.1.4915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 526.495162][T17280] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 526.497193][ T5915] usb 3-1: USB disconnect, device number 86 [ 526.497571][ T3173] usb 5-1: selecting invalid altsetting 0 [ 526.522277][T17280] EXT4-fs error (device loop3): ext4_dirty_inode:6477: inode #16: comm syz.3.4914: mark_inode_dirty error [ 526.522486][ T3173] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 526.542630][T17278] loop0: detected capacity change from 0 to 32768 [ 526.556493][T17280] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 526.556972][T17280] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.4914: corrupted inode contents [ 526.592820][T17278] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4913 (17278) [ 526.606608][T17280] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 526.607066][T17280] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #16: comm syz.3.4914: mark_inode_dirty error [ 526.637675][T17280] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 526.638199][T17280] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.4914: corrupted inode contents [ 526.660677][T17280] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 526.661128][T17280] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 526.680200][T17280] loop3: lost filesystem error report for type 5 error -117 [ 526.693451][T17278] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 526.699991][ T3173] usb 5-1: USB disconnect, device number 87 [ 526.717689][T17280] EXT4-fs error (device loop3): ext4_do_update_inode:5596: inode #16: comm syz.3.4914: corrupted inode contents [ 526.738579][T17278] BTRFS info (device loop0): using sha256 checksum algorithm [ 526.748345][T17280] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 526.761409][T17280] EXT4-fs error (device loop3): ext4_truncate:4614: inode #16: comm syz.3.4914: mark_inode_dirty error [ 526.807474][ T5983] udevd[5983]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 526.846961][T17280] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 526.895640][T17280] loop3: lost filesystem error report for type 5 error -117 [ 526.896942][T17280] EXT4-fs (loop3): 1 truncate cleaned up [ 526.917255][T17280] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 526.963705][T17280] ext4 filesystem being mounted at /949/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 526.977935][T17278] BTRFS info (device loop0): enabling ssd optimizations [ 527.038952][T17278] BTRFS info (device loop0): turning on async discard [ 527.045809][T17278] BTRFS info (device loop0): enabling free space tree [ 527.175242][T17280] EXT4-fs warning (device loop3): ext4_es_cache_extent:1082: inode #3: comm syz.3.4914: ES cache extent failed: add [1,1,41,0x1] conflict with existing [1,-2,576460752303423487,0x18] [ 527.175242][T17280] [ 527.389859][ T5823] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 527.506602][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.533355][T17319] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4926'. [ 527.556824][T17319] netlink: 108 bytes leftover after parsing attributes in process `syz.2.4926'. [ 527.616802][T17319] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4926'. [ 527.637840][T17319] netlink: 108 bytes leftover after parsing attributes in process `syz.2.4926'. [ 527.774481][T17319] netlink: 84 bytes leftover after parsing attributes in process `syz.2.4926'. [ 528.028280][T17337] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4934'. [ 528.061489][T17337] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4934'. [ 528.077352][T17340] loop2: detected capacity change from 0 to 256 [ 528.103246][T17340] exfat: Deprecated parameter 'namecase' [ 528.120433][T17337] netlink: 22 bytes leftover after parsing attributes in process `syz.4.4934'. [ 528.139991][T17340] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x3f800a9b, utbl_chksum : 0xe619d30d) [ 528.185478][T17340] exfat filesystem being mounted at /1042/file0 supports timestamps until 2107-12-31 (0x10391447f) [ 528.496085][T17351] x_tables: unsorted entry at hook 2 [ 528.520433][ T5883] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 528.685790][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 528.719170][ T5883] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 528.725489][T17359] netlink: 'syz.0.4945': attribute type 1 has an invalid length. [ 528.757828][ T5883] usb 2-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 528.779886][T17359] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4945'. [ 528.789118][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.800215][T17359] netlink: 658 bytes leftover after parsing attributes in process `syz.0.4945'. [ 528.812938][ T5883] usb 2-1: config 0 descriptor?? [ 528.945734][T17335] loop3: detected capacity change from 0 to 32768 [ 529.006460][T17335] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 529.019360][ T5883] usb 2-1: string descriptor 0 read error: -71 [ 529.233800][ T5883] usb 2-1: USB disconnect, device number 78 [ 529.260429][T17335] XFS (loop3): Ending clean mount [ 529.334067][T17335] XFS (loop3): Quotacheck needed: Please wait. [ 529.430943][T17335] XFS (loop3): Quotacheck: Done. [ 529.581629][ T5820] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 530.167156][T17405] loop3: detected capacity change from 0 to 512 [ 530.217579][T17405] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.4956: inode has both inline data and extents flags [ 530.235504][T17405] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.4956: couldn't read orphan inode 15 (err -117) [ 530.247520][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 530.247550][ C1] EXT4-fs (loop3): initial error at time 3917539663: ext4_orphan_get:1391: inode 15 [ 530.247588][ C1] EXT4-fs (loop3): last error at time 3917539663: ext4_orphan_get:1391: inode 15 [ 530.356371][T17411] netlink: 'syz.1.4965': attribute type 10 has an invalid length. [ 530.366424][T17405] loop3: lost filesystem error report for type 5 error -117 [ 530.370972][T17405] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 530.625874][T17387] loop2: detected capacity change from 0 to 32768 [ 530.640154][T17387] BTRFS error: failed to parse compression option 'zstd:nobarrier' [ 530.700571][ T5883] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 530.792367][ T5955] udevd[5955]: incorrect btrfs checksum on /dev/loop2 [ 530.849919][ T5883] usb 4-1: Using ep0 maxpacket: 16 [ 530.864931][ T5883] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 530.873442][T17425] netlink: 'syz.2.4969': attribute type 1 has an invalid length. [ 530.897998][ T5883] usb 4-1: config 0 has no interface number 0 [ 530.924834][ T5883] usb 4-1: config 0 interface 214 altsetting 0 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 530.948721][ T5883] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x8D has invalid maxpacket 26389, setting to 1024 [ 530.984769][ T5883] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 530.999553][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.028068][ T5883] usb 4-1: Product: syz [ 531.039655][ T5883] usb 4-1: Manufacturer: syz [ 531.054760][ T5883] usb 4-1: SerialNumber: syz [ 531.095210][ T5883] usb 4-1: config 0 descriptor?? [ 531.110427][T17405] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 531.143614][ T1336] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888144abc000 (10)(wlan0) start [ 531.220947][ T1336] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888144abc000 (10)(wlan0) end [ 531.284044][ T29] audit: type=1107 audit(3917539664.261:87): pid=17429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 531.284669][ T1336] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888144abc000 (9)(wlan0) start [ 531.430813][ T5883] usbtouchscreen 4-1:0.214: Failed to read FW rev: -71 [ 531.438306][ T5883] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 531.453637][ T5883] usb 4-1: USB disconnect, device number 86 [ 531.528465][ T1336] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888144abc000 (9)(wlan0) end [ 531.924207][T17448] loop0: detected capacity change from 0 to 1024 [ 532.139038][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.238645][ T5915] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 532.428098][ T5915] usb 1-1: config 48 has an invalid descriptor of length 107, skipping remainder of the config [ 532.448038][ T5915] usb 1-1: config 48 interface 0 altsetting 98 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 532.479109][ T5915] usb 1-1: config 48 interface 0 altsetting 98 endpoint 0x4 has invalid wMaxPacketSize 0 [ 532.520991][ T5915] usb 1-1: config 48 interface 0 altsetting 98 endpoint 0x8 has invalid maxpacket 29206, setting to 1024 [ 532.555681][ T5915] usb 1-1: config 48 interface 0 altsetting 98 bulk endpoint 0x8 has invalid maxpacket 1024 [ 532.593559][ T5915] usb 1-1: config 48 interface 0 altsetting 98 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 532.634201][ T5915] usb 1-1: config 48 interface 0 has no altsetting 0 [ 532.656229][ T5915] usb 1-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 532.679211][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.707865][ T5915] usb 1-1: Product: syz [ 532.712107][ T5915] usb 1-1: Manufacturer: syz [ 532.742398][ T5915] usb 1-1: SerialNumber: syz [ 532.768193][T17448] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 532.800991][T17479] netlink: 'syz.3.4988': attribute type 1 has an invalid length. [ 533.083853][ T5915] usb 1-1: USB disconnect, device number 89 [ 533.554959][ T12] hfsplus: b-tree write err: -5, ino 4 [ 533.636778][T17506] __nla_validate_parse: 4 callbacks suppressed [ 533.636801][T17506] netlink: 80 bytes leftover after parsing attributes in process `syz.4.4999'. [ 533.747474][T17514] ip6t_srh: unknown srh match flags 4000 [ 534.123181][T17523] loop2: detected capacity change from 0 to 4096 [ 534.158875][T17523] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 534.347672][T17523] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 535.107476][T17559] bond2 (unregistering): Released all slaves [ 535.113667][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888056db4000 (37)(bond2) start [ 535.152798][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888056db4000 (36)(bond2) end [ 535.214639][T17574] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5025'. [ 535.226638][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888056db4000 (25)(bond2) start [ 535.243892][T17574] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5025'. [ 535.244014][T17574] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5025'. [ 535.298500][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888056db4000 (9)(bond2) end [ 535.422485][T17524] loop4: detected capacity change from 0 to 32768 [ 535.508170][T17524] jfs filesystem being mounted at /952/wÅü5ÔTÕÔ)­`)YFæ¾nA­½@T<Ÿ3»Ú‚$¢ó×rçcnH³<¿pƒrèñ¹“>ÅwC¾" žð-ùËòöè€Ó8 supports timestamps until 2106-02-07 (0xffffffff) [ 535.924820][T17583] loop0: detected capacity change from 0 to 8192 [ 535.968719][T17583] msdos: Unknown parameter 'time_offseu' [ 536.147206][T17600] tmpfs: Bad value for 'mpol' [ 536.206493][T17605] kernel profiling enabled (shift: 6) [ 536.454862][T17613] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 536.823733][T17631] loop0: detected capacity change from 0 to 256 [ 536.853980][T17631] exfat: Deprecated parameter 'namecase' [ 536.859758][T17631] exfat: Deprecated parameter 'utf8' [ 536.925065][T17638] loop4: detected capacity change from 0 to 22 [ 536.958311][T17638] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 537.012301][T17631] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 537.024579][T17638] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 537.083809][T17644] syz.3.5053 (17644): /proc/17641/oom_adj is deprecated, please use /proc/17641/oom_score_adj instead. [ 537.097814][T17631] exfat filesystem being mounted at /1010/file0 supports timestamps until 2107-12-31 (0x10391447f) [ 537.384198][T17652] netlink: 'syz.2.5056': attribute type 8 has an invalid length. [ 537.451440][T17656] netlink: 'syz.4.5058': attribute type 4 has an invalid length. [ 537.530027][T17660] JFS: discard option not supported on device [ 537.553472][T17660] Mount JFS Failure: -5 [ 538.262007][ T5897] usb 2-1: new full-speed USB device number 79 using dummy_hcd [ 538.470689][ T5897] usb 2-1: config 8 has an invalid interface number: 223 but max is 0 [ 538.489097][ T5897] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 538.541991][ T5897] usb 2-1: config 8 has no interface number 0 [ 538.548187][ T5897] usb 2-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 538.600958][ T5897] usb 2-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 538.621820][T17712] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5080'. [ 538.666570][ T5897] usb 2-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 538.679053][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.701121][ T5897] usb 2-1: Product: syz [ 538.705789][ T5897] usb 2-1: Manufacturer: syz [ 538.744151][ T5897] usb 2-1: SerialNumber: syz [ 538.796617][T17712] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5080'. [ 538.986781][ T5897] usb 2-1: USB disconnect, device number 79 [ 539.001122][T17724] loop3: detected capacity change from 0 to 128 [ 539.036286][T17726] loop0: detected capacity change from 0 to 64 [ 539.069616][T17724] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 539.085846][T17726] minix filesystem being mounted at /1017/file2 supports timestamps until 2106-02-07 (0xffffffff) [ 539.103147][T17728] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5089'. [ 539.123378][T17724] hpfs: filesystem error: improperly stopped [ 539.163766][T17724] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 539.210948][T17724] hpfs: You really don't want any checks? You are crazy... [ 539.247877][T17724] hpfs: hpfs_map_sector(): read error [ 539.264220][T17724] hpfs: code page support is disabled [ 539.296620][T17724] hpfs: hpfs_map_4sectors(): unaligned read [ 539.302694][T17724] hpfs: hpfs_map_4sectors(): unaligned read [ 539.344570][T17724] hpfs: filesystem error: unable to find root dir [ 539.661084][T17746] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.5098'. [ 539.707525][T17746] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 539.774760][T17750] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5100'. [ 539.829984][T17754] loop1: detected capacity change from 0 to 128 [ 539.897381][T17754] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 540.021982][T17754] ext4 filesystem being mounted at /1051/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 540.049506][T17736] loop2: detected capacity change from 0 to 32768 [ 540.128692][T17736] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 540.253392][ T5819] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 540.327034][T17736] XFS (loop2): Ending clean mount [ 540.339592][T17736] XFS (loop2): Quotacheck needed: Please wait. [ 540.440402][T17780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5110'. [ 540.470042][ T5883] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 540.496006][T17736] XFS (loop2): Quotacheck: Done. [ 540.502389][T17780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5110'. [ 540.645608][ T5883] usb 4-1: Using ep0 maxpacket: 32 [ 540.703443][ T5883] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 540.713043][ T5821] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 540.730626][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.753057][ T5883] usb 4-1: Product: syz [ 540.776732][ T5883] usb 4-1: Manufacturer: syz [ 540.786115][ T5883] usb 4-1: SerialNumber: syz [ 540.806651][ T5883] usb 4-1: config 0 descriptor?? [ 541.015538][ T5883] snd-usb-6fire 4-1:0.0: unknown device firmware state received from device: [ 541.046665][ T5883] eb 2a 3b 80 9b e4 7a f0 [ 541.051295][ T5883] snd-usb-6fire 4-1:0.0: probe with driver snd-usb-6fire failed with error -5 [ 541.082017][T17796] loop1: detected capacity change from 0 to 64 [ 541.104828][T17796] MINIX-fs: bad superblock [ 541.278485][ T5883] usb 4-1: USB disconnect, device number 87 [ 541.671846][T17788] loop0: detected capacity change from 0 to 32768 [ 541.705821][T17788] jfs filesystem being mounted at /1023/file1 supports timestamps until 2106-02-07 (0xffffffff) [ 542.039508][T17803] loop2: detected capacity change from 0 to 32768 [ 542.094959][T17803] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 542.170494][T17837] loop4: detected capacity change from 0 to 256 [ 542.207381][T17803] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50. [ 542.255405][T17803] XFS (loop2): Tail block (0x29) overwrite detected. Updated to 0x30 [ 542.326249][T17837] FAT-fs (loop4): Directory bread(block 64) failed [ 542.367091][T17837] FAT-fs (loop4): Directory bread(block 65) failed [ 542.386092][T17837] FAT-fs (loop4): Directory bread(block 66) failed [ 542.397428][T17837] FAT-fs (loop4): Directory bread(block 67) failed [ 542.408362][T17803] XFS (loop2): Ending clean mount [ 542.452859][T17837] FAT-fs (loop4): Directory bread(block 68) failed [ 542.492505][T17837] FAT-fs (loop4): Directory bread(block 69) failed [ 542.499199][T17837] FAT-fs (loop4): Directory bread(block 70) failed [ 542.506314][T17803] XFS (loop2): Quotacheck needed: Please wait. [ 542.524663][T17837] FAT-fs (loop4): Directory bread(block 71) failed [ 542.531901][T17837] FAT-fs (loop4): Directory bread(block 72) failed [ 542.538524][T17837] FAT-fs (loop4): Directory bread(block 73) failed [ 542.554294][T17837] vfat filesystem being mounted at /982/file1 supports timestamps until 2107-12-31 (0x10391447e) [ 542.590488][ T12] XFS (loop2): Metadata corruption detected at xfs_dinode_verify+0x1a9/0x1590, inode 0x1803 dinode [ 542.605440][T17843] overlayfs: overlapping lowerdir path [ 542.620227][ T12] XFS (loop2): Unmount and run xfs_repair [ 542.648317][ T12] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 542.668488][ T12] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00 INA............. [ 542.702390][ T12] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 542.726106][ T12] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 e2 bf 3d 4.Xh....4.Xh...= [ 542.752807][ T12] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 20 4.Xh...=....... [ 542.779936][ T12] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 542.813879][ T12] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 ca e6 3d c1 ..............=. [ 542.833467][ T12] 00000060: ff ff ff ff 6e d0 e3 2d 00 00 00 00 00 00 00 04 ....n..-........ [ 542.837435][T17847] loop3: detected capacity change from 0 to 512 [ 542.858960][ T12] 00000070: 00 00 00 03 00 00 00 10 00 00 00 00 00 00 00 06 ................ [ 542.877822][ T12] fserror_report: 2 callbacks suppressed [ 542.877841][ T12] loop2: lost file I/O error report for ino 0 type 5 pos 0x0 len 0x0 error -117 [ 542.920244][T17847] EXT4-fs: Ignoring removed mblk_io_submit option [ 542.957996][T17803] XFS (loop2): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 542.992782][T17803] loop2: lost filesystem error report for type 5 error -117 [ 543.005644][T17847] EXT4-fs: Ignoring removed bh option [ 543.066800][T17847] EXT4-fs (loop3): Test dummy encryption mode enabled [ 543.116113][T17847] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 543.141023][T17847] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal [ 543.174560][ T5821] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 543.204515][ T5821] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair. [ 543.745576][T17879] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5152'. [ 544.272999][T17900] dvmrp0: entered allmulticast mode [ 544.468934][T17906] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5163'. [ 544.510852][T17906] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5163'. [ 544.534436][T17883] loop4: detected capacity change from 0 to 32768 [ 544.561934][T17883] BTRFS warning: excessive commit interval 2147483647, use with care [ 544.619240][T17883] BTRFS info: device /dev/loop4 (7:4) using temp-fsid 7ef98d2f-f52f-480b-bafb-6629cfa2891d [ 544.640239][T17883] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5153 (17883) [ 544.686722][ T6054] udevd[6054]: incorrect btrfs checksum on /dev/loop4 [ 544.701006][T17912] netlink: 'syz.2.5166': attribute type 4 has an invalid length. [ 544.709385][T17912] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5166'. [ 544.725439][T17883] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 544.759175][T17883] BTRFS info (device loop4): using crc32c checksum algorithm [ 544.769283][T17912] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 544.789849][T17883] BTRFS error (device loop4): superblock checksum mismatch [ 544.798409][T17883] BTRFS error (device loop4): open_ctree failed: -22 [ 545.131108][T17894] loop1: detected capacity change from 0 to 32768 [ 545.151903][T17922] loop3: detected capacity change from 0 to 2048 [ 545.210289][T17922] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 545.213540][T17894] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 545.310265][T17894] XFS (loop1): Ending clean mount [ 545.342868][T17894] XFS (loop1): Quotacheck needed: Please wait. [ 545.418246][ T3515] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888031394000 (6)(bridge1) start [ 545.435032][ T3173] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 545.511435][ T3515] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888031394000 (6)(bridge1) end [ 545.575691][T17894] XFS (loop1): Quotacheck: Done. [ 545.613395][ T3515] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888031394000 (3)(bridge1) start [ 545.633268][ T3173] usb 3-1: Using ep0 maxpacket: 8 [ 545.708339][ T3173] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 545.717544][ T3173] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.726177][ T3515] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888031394000 (3)(bridge1) end [ 545.757485][T17946] netlink: 'syz.4.5180': attribute type 39 has an invalid length. [ 545.764774][ T3173] usb 3-1: Product: syz [ 545.771053][ T3173] usb 3-1: Manufacturer: syz [ 545.790652][ T3173] usb 3-1: SerialNumber: syz [ 545.813102][ T3173] usb 3-1: config 0 descriptor?? [ 545.826834][ T3173] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 545.857606][ T5819] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 546.216440][ T3173] gspca_sonixj: reg_r err -71 [ 546.226356][ T3173] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 546.262112][ T3173] usb 3-1: USB disconnect, device number 87 [ 546.269778][T17954] netlink: 1244 bytes leftover after parsing attributes in process `syz.3.5186'. [ 546.648450][ T3173] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 546.689018][T17974] program syz.3.5195 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 546.711191][T17974] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 546.741610][ T5897] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 546.826195][ T3173] usb 2-1: Using ep0 maxpacket: 16 [ 546.846828][T17980] loop2: detected capacity change from 0 to 128 [ 546.868194][ T3173] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 546.904783][ T5897] usb 5-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 546.909422][ T3173] usb 2-1: config 0 has no interface number 0 [ 546.918577][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.923300][T17980] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 546.937712][ T5897] usb 5-1: Product: syz [ 546.946787][ T5897] usb 5-1: Manufacturer: syz [ 546.951508][ T5897] usb 5-1: SerialNumber: syz [ 546.965540][T17980] ext4 filesystem being mounted at /1085/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 546.984901][ T5897] usb 5-1: config 0 descriptor?? [ 546.998511][ T3173] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 547.012273][ T3173] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.064514][ T3173] usb 2-1: Product: syz [ 547.078670][ T3173] usb 2-1: Manufacturer: syz [ 547.087893][ T3173] usb 2-1: SerialNumber: syz [ 547.108915][ T3173] usb 2-1: config 0 descriptor?? [ 547.116069][ T5821] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 547.136687][ T3173] hub 2-1:0.132: bad descriptor, ignoring hub [ 547.151347][ T3173] hub 2-1:0.132: probe with driver hub failed with error -5 [ 547.185844][ T3173] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input39 [ 547.194027][ T5897] int51x1 5-1:0.0: probe with driver int51x1 failed with error -22 [ 547.383223][ T3173] usb 5-1: USB disconnect, device number 88 [ 547.454151][ T29] audit: type=1400 audit(3917539681.642:88): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":(%#{//(@\)//&@},['%%&\#*" pid=17991 comm="syz.2.5203" [ 547.604836][T17984] loop0: detected capacity change from 0 to 32768 [ 547.627729][T17984] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.5198 (17984) [ 547.663011][T17984] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 547.673728][T17984] BTRFS info (device loop0): using sha256 checksum algorithm [ 547.831048][T17984] BTRFS info (device loop0): enabling ssd optimizations [ 547.866585][T17984] BTRFS info (device loop0): turning on async discard [ 547.906989][T17984] BTRFS info (device loop0): enabling free space tree [ 548.136264][ T5823] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 548.355611][T18032] loop2: detected capacity change from 0 to 256 [ 548.412032][T18032] msdos filesystem being mounted at /1093/file0 supports timestamps until 2107-12-31 (0x1039099de) [ 548.672976][T18043] netlink: 'syz.3.5220': attribute type 1 has an invalid length. [ 548.869083][T18046] delete_channel: no stack [ 549.302767][T18025] loop4: detected capacity change from 0 to 40427 [ 549.328104][T18025] F2FS-fs: heap/no_heap options were deprecated [ 549.366690][T18025] F2FS-fs (loop4): build fault injection rate: 19 [ 549.387577][T18025] F2FS-fs (loop4): build fault injection type: 0x3bfe8c [ 549.420982][T18025] F2FS-fs (loop4): invalid crc value [ 549.492601][T18025] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 549.732748][T18083] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5238'. [ 549.795513][T18025] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410 [ 549.912031][T18085] veth2: entered allmulticast mode [ 549.923402][T18025] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 549.930216][T18089] netlink: 'syz.2.5241': attribute type 1 has an invalid length. [ 549.952261][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff88806b466000 (12)(veth2) start [ 549.952433][T18025] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 549.981533][T18089] netlink: 'syz.2.5241': attribute type 2 has an invalid length. [ 550.009726][T18091] loop0: detected capacity change from 0 to 256 [ 550.015971][T18089] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5241'. [ 550.025809][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff88806b466000 (3)(veth2) end [ 550.059276][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff88806b466000 (3)(veth2) start [ 550.124121][ T35] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff88806b466000 (3)(veth2) end [ 550.184379][T18091] FAT-fs (loop0): Directory bread(block 64) failed [ 550.193423][T18091] FAT-fs (loop0): Directory bread(block 65) failed [ 550.212320][T18091] FAT-fs (loop0): Directory bread(block 66) failed [ 550.263959][T18091] FAT-fs (loop0): Directory bread(block 67) failed [ 550.291931][T18091] FAT-fs (loop0): Directory bread(block 68) failed [ 550.301763][T18091] FAT-fs (loop0): Directory bread(block 69) failed [ 550.308463][T18091] FAT-fs (loop0): Directory bread(block 70) failed [ 550.357398][T18091] FAT-fs (loop0): Directory bread(block 71) failed [ 550.395321][T18091] FAT-fs (loop0): Directory bread(block 72) failed [ 550.420662][T18091] FAT-fs (loop0): Directory bread(block 73) failed [ 550.481896][T18091] vfat filesystem being mounted at /1048/file1 supports timestamps until 2107-12-31 (0x10391447e) [ 550.706230][ T5958] usb 2-1: USB disconnect, device number 80 [ 551.098692][T18122] netlink: 'syz.4.5245': attribute type 21 has an invalid length. [ 551.193260][T18129] loop0: detected capacity change from 0 to 512 [ 551.358275][T18129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 551.461242][T18129] ext4 filesystem being mounted at /1051/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 551.512725][T18140] netlink: 'syz.1.5264': attribute type 46 has an invalid length. [ 551.599481][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.048850][T18160] loop3: detected capacity change from 0 to 2048 [ 552.086692][T18160] EXT4-fs: Ignoring removed i_version option [ 552.191852][T18160] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 552.246101][T18160] EXT4-fs error (device loop3): ext4_find_extent:941: inode #2: comm syz.3.5273: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 552.361903][T18165] loop4: detected capacity change from 0 to 4096 [ 552.416698][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.479756][T18173] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 552.536799][T18165] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 552.616050][T18165] Remounting filesystem read-only [ 552.928396][T18188] IPv6: Can't replace route, no match found [ 553.076706][T18191] loop1: detected capacity change from 0 to 512 [ 553.118858][T18191] EXT4-fs (loop1): DAX unsupported by block device. [ 553.308767][T18200] ieee802154 phy0 wpan0: encryption failed: -22 [ 553.380445][T18204] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5294'. [ 553.410318][T18204] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5294'. [ 553.433639][T18204] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5294'. [ 553.565367][ T29] audit: type=1326 audit(3917539688.176:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 553.570584][T18210] netlink: 'syz.0.5297': attribute type 10 has an invalid length. [ 553.624035][T18210] veth1_macvtap: left promiscuous mode [ 553.638520][T18212] loop1: detected capacity change from 0 to 512 [ 553.639269][ T29] audit: type=1326 audit(3917539688.176:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 553.717851][T18212] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 553.731793][ T29] audit: type=1326 audit(3917539688.251:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 553.782211][T18212] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.5298: inode has both inline data and extents flags [ 553.818166][ T58] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888057b1a000 (15)(macsec0) start [ 553.837740][T18212] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 553.843928][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 553.854570][ T29] audit: type=1326 audit(3917539688.251:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 553.859912][ C0] EXT4-fs (loop1): initial error at time 3917539688: ext4_orphan_get:1391: inode 15 [ 553.859951][ C0] EXT4-fs (loop1): last error at time 3917539688: ext4_orphan_get:1391: inode 15 [ 553.900902][ T58] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888057b1a000 (12)(macsec0) end [ 553.918405][ T58] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888057b1a000 (12)(macsec0) start [ 553.938585][T18212] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.5298: couldn't read orphan inode 15 (err -117) [ 553.940352][ T29] audit: type=1326 audit(3917539688.251:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 553.975690][T18212] loop1: lost filesystem error report for type 5 error -117 [ 553.977379][ T58] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888057b1a000 (12)(macsec0) end [ 554.002783][ T29] audit: type=1326 audit(3917539688.251:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 554.044322][T18212] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 554.048942][ T29] audit: type=1326 audit(3917539688.251:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 554.123003][ T29] audit: type=1326 audit(3917539688.272:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 554.196130][ T29] audit: type=1326 audit(3917539688.272:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18207 comm="syz.4.5296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f797e59aeb9 code=0x7ffc0000 [ 554.263956][ T5819] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 555.030661][T18248] loop0: detected capacity change from 0 to 64 [ 555.150510][T18248] minix filesystem being mounted at /1064/file1 supports timestamps until 2106-02-07 (0xffffffff) [ 555.627024][T18274] loop1: detected capacity change from 0 to 1024 [ 555.784194][ T1336] hfsplus: b-tree write err: -5, ino 4 [ 555.974026][T18288] loop1: detected capacity change from 0 to 256 [ 556.020397][T18288] msdos filesystem being mounted at /1096/file0 supports timestamps until 2107-12-31 (0x1039099de) [ 556.082494][T18292] netlink: 284 bytes leftover after parsing attributes in process `syz.3.5336'. [ 556.500181][T18305] syz_tun: refused to change device tx_queue_len [ 556.657022][T18279] loop2: detected capacity change from 0 to 32768 [ 556.752510][T18279] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 556.895119][T18279] XFS (loop2): Ending clean mount [ 556.922662][T18279] XFS (loop2): Quotacheck needed: Please wait. [ 556.971178][T18333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 557.066598][T18279] XFS (loop2): Quotacheck: Done. [ 557.224768][ T5821] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 557.604189][T18348] loop1: detected capacity change from 0 to 4096 [ 557.637789][T18348] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 557.728009][T18360] loop4: detected capacity change from 0 to 65 [ 557.737675][T18348] ntfs3(loop1): ino=19, mi_enum_attr [ 557.753908][T18348] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 557.773273][T18360] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway [ 557.786593][T18362] openvswitch: netlink: IP tunnel dst address not specified [ 557.835751][T18348] ntfs3(loop1): failed to convert "c46c" to cp437 [ 557.864523][T18360] bfs filesystem being mounted at /1025/éq‰Y’3aK supports timestamps until 2106-02-07 (0xffffffff) [ 557.879469][T18348] ntfs3(loop1): ino=20, mi_enum_attr [ 558.201324][T18374] netlink: 'syz.4.5373': attribute type 1 has an invalid length. [ 558.501958][ T5915] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 558.532495][T18364] loop0: detected capacity change from 0 to 32768 [ 558.542204][T18364] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.5368 (18364) [ 558.567574][T18364] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 558.587998][T18382] bond3: entered allmulticast mode [ 558.618847][T18382] 8021q: adding VLAN 0 to HW filter on device bond3 [ 558.631991][T18364] BTRFS info (device loop0): using sha256 checksum algorithm [ 558.657629][T18391] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5380'. [ 558.708790][ T5915] usb 2-1: Using ep0 maxpacket: 16 [ 558.730388][ T5915] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 558.747838][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.768645][ T5915] usb 2-1: Product: syz [ 558.782969][ T5915] usb 2-1: Manufacturer: syz [ 558.793144][ T5915] usb 2-1: SerialNumber: syz [ 558.819464][ T5915] usb 2-1: config 0 descriptor?? [ 558.905593][T18364] BTRFS info (device loop0): enabling ssd optimizations [ 558.912652][T18364] BTRFS info (device loop0): turning on async discard [ 558.941921][T18364] BTRFS info (device loop0): enabling free space tree [ 559.142368][ T5823] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 559.272174][ T5915] dvb_usb_dtv5100 2-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 559.321218][ T5915] usb 2-1: USB disconnect, device number 81 [ 559.401991][T18424] openvswitch: netlink: IP tunnel dst address not specified [ 559.690677][T18433] loop2: detected capacity change from 0 to 512 [ 559.709175][T18431] IPv6: sit1: Disabled Multicast RS [ 559.732562][T18431] sit1: entered allmulticast mode [ 559.874813][T18433] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 559.975812][T18433] ext4 filesystem being mounted at /1115/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 560.286565][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 560.424324][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 560.430835][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 560.678490][ T5958] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 560.708672][T18471] loop1: detected capacity change from 0 to 256 [ 560.725210][T18475] ieee802154 phy0 wpan0: encryption failed: -22 [ 560.827908][T18471] FAT-fs (loop1): Directory bread(block 64) failed [ 560.852262][ T5958] usb 4-1: Using ep0 maxpacket: 16 [ 560.858575][T18471] FAT-fs (loop1): Directory bread(block 65) failed [ 560.870526][ T5958] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 560.882588][T18471] FAT-fs (loop1): Directory bread(block 66) failed [ 560.901786][ T5958] usb 4-1: config 0 has no interface number 0 [ 560.907972][ T5958] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 560.919598][T18471] FAT-fs (loop1): Directory bread(block 67) failed [ 560.926366][T18471] FAT-fs (loop1): Directory bread(block 68) failed [ 560.954043][T18471] FAT-fs (loop1): Directory bread(block 69) failed [ 560.961501][ T5958] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 560.971844][T18471] FAT-fs (loop1): Directory bread(block 70) failed [ 560.992551][ T5958] usb 4-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 561.021164][ T5958] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.026014][T18471] FAT-fs (loop1): Directory bread(block 71) failed [ 561.040703][T18471] FAT-fs (loop1): Directory bread(block 72) failed [ 561.047320][T18471] FAT-fs (loop1): Directory bread(block 73) failed [ 561.066059][ T5958] usb 4-1: Product: syz [ 561.076116][ T5958] usb 4-1: Manufacturer: syz [ 561.076142][ T5958] usb 4-1: SerialNumber: syz [ 561.086845][T18471] vfat filesystem being mounted at /1109/bus supports timestamps until 2107-12-31 (0x10391447e) [ 561.096037][T18485] xt_NFQUEUE: number of queues (65535) out of range (got 65541) [ 561.154299][T18488] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5419'. [ 561.180378][ T5958] usb 4-1: config 0 descriptor?? [ 561.215557][ T5958] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 561.453821][ T5958] usb 4-1: USB disconnect, device number 88 [ 561.816975][T18506] bond2: entered allmulticast mode [ 561.823402][T18506] 8021q: adding VLAN 0 to HW filter on device bond2 [ 562.040062][T18523] Cannot find set identified by id 65534 to match [ 562.595052][T18551] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5448'. [ 562.708210][T18556] loop0: detected capacity change from 0 to 512 [ 562.736759][T18556] EXT4-fs: Ignoring removed nomblk_io_submit option [ 562.819798][T18556] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 562.843532][T18559] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 562.860686][T18556] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 562.873132][T18559] netdevsim netdevsim3 netdevsim0: refused to change device tx_queue_len [ 562.882461][T18559] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 562.912931][T18556] EXT4-fs (loop0): orphan cleanup on readonly fs [ 562.920208][T18556] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0 [ 562.930400][T18556] EXT4-fs warning (device loop0): ext4_enable_quotas:7241: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 562.945667][T18556] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 562.957352][T18556] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.5450: bg 0: block 40: padding at end of block bitmap is not set [ 562.972263][T18556] loop0: lost filesystem error report for type 5 error -117 [ 562.977878][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 562.991793][ C1] EXT4-fs (loop0): initial error at time 3917539698: ext4_validate_block_bitmap:441 [ 563.001268][ C1] EXT4-fs (loop0): last error at time 3917539698: ext4_validate_block_bitmap:441 [ 563.011821][T18556] EXT4-fs (loop0): Remounting filesystem read-only [ 563.025047][T18556] EXT4-fs (loop0): 1 truncate cleaned up [ 563.068736][T18556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 563.148751][T18568] loop2: detected capacity change from 0 to 256 [ 563.182509][T18568] exfat: Deprecated parameter 'utf8' [ 563.198833][T18571] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5459'. [ 563.208060][T18568] exfat: Deprecated parameter 'namecase' [ 563.241697][T18568] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 563.264459][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 563.287317][T18568] exfat filesystem being mounted at /1128/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 564.210273][T18612] loop3: detected capacity change from 0 to 8 [ 564.255625][T18616] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 564.292335][T18612] SQUASHFS error: Failed to read block 0x636: -5 [ 564.318332][T18612] SQUASHFS error: Unable to read metadata cache entry [634] [ 564.487935][T18626] netlink: 'syz.4.5483': attribute type 89 has an invalid length. [ 564.724044][ T29] audit: type=1326 audit(3917539700.171:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18637 comm="syz.1.5489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 564.747041][ T29] audit: type=1326 audit(3917539700.171:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18637 comm="syz.1.5489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 564.784915][ T29] audit: type=1326 audit(3917539700.235:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18637 comm="syz.1.5489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 564.808952][ T29] audit: type=1326 audit(3917539700.235:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18637 comm="syz.1.5489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 564.831756][ T29] audit: type=1326 audit(3917539700.235:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18637 comm="syz.1.5489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f8d39aeb9 code=0x7ffc0000 [ 564.883409][T18636] bond4: option updelay: invalid value (18446744073709531912) [ 564.893032][T18636] bond4: option updelay: allowed values 0 - 2147483647 [ 564.912781][ T1005] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888056db4000 (41)(bond4) start [ 564.929581][T18636] bond4 (unregistering): Released all slaves [ 564.961780][ T1005] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88807b7d0000 (11)(syz1) rdma_ndev=ffff8880766c4000 (31)(bond0) cookie=ffff888056db4000 (20)(bond4) end [ 564.999203][ T1005] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888056db4000 (12)(bond4) start [ 565.016995][ T1005] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff888052268000 (11)(syz0) rdma_ndev=ffff88807d8ba000 (16)(bond_slave_1) cookie=ffff888056db4000 (10)(bond4) end [ 565.422335][T18664] netlink: 830 bytes leftover after parsing attributes in process `syz.0.5501'. [ 565.644360][T18674] xt_TPROXY: Can be used only with -p tcp or -p udp [ 565.697723][T18677] loop1: detected capacity change from 0 to 764 [ 565.722025][T18678] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 565.848919][T18683] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 566.302325][T18704] xt_TPROXY: Can be used only with -p tcp or -p udp [ 566.426871][T18710] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5524'. [ 566.479378][T18710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5524'. [ 566.604104][T18715] loop0: detected capacity change from 0 to 2048 [ 566.631265][T18715] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 566.710017][T18724] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 566.759345][T18726] openvswitch: netlink: Tunnel attr 183 out of range max 16 [ 567.068989][T18733] loop3: detected capacity change from 0 to 4096 [ 567.128608][T18733] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 567.185182][T18733] ntfs3(loop3): ino=1a, mi_enum_attr [ 567.208924][T18733] ntfs3(loop3): ino=1a, mi_enum_attr [ 567.239652][T18733] ntfs3(loop3): Failed to initialize $Extend/$Reparse. [ 567.277894][T18733] ntfs3(loop3): ino=5, "/" indx_read_ra [ 567.638337][T18757] loop4: detected capacity change from 0 to 1024 [ 567.776996][ T3515] hfsplus: b-tree write err: -5, ino 4 [ 567.987604][T18772] loop1: detected capacity change from 0 to 1024 [ 568.073841][T18772] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 568.343591][ T5819] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.365283][T18814] netlink: 512 bytes leftover after parsing attributes in process `syz.4.5573'. [ 569.488203][T18816] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5574'. [ 570.011041][T18798] loop3: detected capacity change from 0 to 40427 [ 570.052926][T18798] F2FS-fs (loop3): Wrong SSA boundary, start(3584) end(4096) blocks(0) [ 570.090303][T18798] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 570.137599][T18798] F2FS-fs (loop3): build fault injection type: 0x6 [ 570.175971][T18798] F2FS-fs (loop3): invalid crc value [ 570.192667][T18810] loop0: detected capacity change from 0 to 32768 [ 570.216919][T18810] jfs filesystem being mounted at /1117/file1 supports timestamps until 2106-02-07 (0xffffffff) [ 570.290520][T18810] ERROR: (device loop0): dtSearch: DT_GETPAGE: dtree page corrupt [ 570.290520][T18810] [ 570.387746][T18810] ERROR: (device loop0): remounting filesystem as read-only [ 570.420628][T18810] jfs_lookup: dtSearch returned -5 [ 570.578437][T18798] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 570.602154][T18798] F2FS-fs (loop3): Start checkpoint disabled! [ 570.625218][T18798] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 570.640244][T18798] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 570.647977][T18798] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 570.658537][ T9] usb 2-1: new full-speed USB device number 82 using dummy_hcd [ 570.705831][T18842] nftables ruleset with unbound chain [ 570.735465][T18798] syz.3.5565: attempt to access beyond end of device [ 570.735465][T18798] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 570.815696][ T1005] kworker/u8:5: attempt to access beyond end of device [ 570.815696][ T1005] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 570.845451][ T9] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 570.847447][ T1005] CPU: 1 UID: 0 PID: 1005 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) [ 570.847532][ T1005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 570.847572][ T1005] Workqueue: writeback wb_workfn (flush-7:3) [ 570.847659][ T1005] Call Trace: [ 570.847687][ T1005] [ 570.847711][ T1005] dump_stack_lvl+0xe8/0x150 [ 570.847801][ T1005] f2fs_handle_critical_error+0x37c/0x540 [ 570.847897][ T1005] f2fs_write_end_io+0xcdb/0xff0 [ 570.848038][ T1005] __submit_merged_bio+0x256/0x700 [ 570.848130][ T1005] __submit_merged_write_cond+0x3c3/0x4e0 [ 570.848226][ T1005] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 570.848375][ T1005] f2fs_write_data_pages+0x2970/0x35e0 [ 570.848599][ T1005] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 570.848725][ T1005] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 570.848918][ T1005] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 570.849114][ T1005] ? __pfx_f2fs_inode_chksum_set+0x10/0x10 [ 570.849187][ T1005] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 570.849271][ T1005] do_writepages+0x32e/0x550 [ 570.849377][ T1005] ? reacquire_held_locks+0x104/0x190 [ 570.849454][ T1005] ? writeback_sb_inodes+0x43d/0x19a0 [ 570.849549][ T1005] __writeback_single_inode+0x133/0x11a0 [ 570.849630][ T1005] ? do_raw_spin_unlock+0xf5/0x210 [ 570.849704][ T1005] writeback_sb_inodes+0x944/0x19a0 [ 570.849790][ T1005] ? ret_from_fork_asm+0x1a/0x30 [ 570.849930][ T1005] ? __lock_acquire+0x6b5/0x2cf0 [ 570.850017][ T1005] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 570.850080][ T1005] ? do_raw_spin_lock+0x12b/0x2f0 [ 570.850262][ T1005] ? rcu_is_watching+0x15/0xb0 [ 570.850374][ T1005] wb_writeback+0x456/0xb70 [ 570.850450][ T1005] ? queue_io+0x1f1/0x4a0 [ 570.850553][ T1005] ? __pfx_wb_writeback+0x10/0x10 [ 570.850615][ T1005] ? do_raw_spin_lock+0x12b/0x2f0 [ 570.850729][ T1005] wb_workfn+0x414/0xf50 [ 570.850797][ T1005] ? look_up_lock_class+0x57/0x110 [ 570.850904][ T1005] ? __pfx_wb_workfn+0x10/0x10 [ 570.850976][ T1005] ? do_raw_spin_lock+0x12b/0x2f0 [ 570.851048][ T1005] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 570.851182][ T1005] ? process_one_work+0x87c/0x1650 [ 570.851270][ T1005] process_one_work+0x949/0x1650 [ 570.851424][ T1005] ? __pfx_process_one_work+0x10/0x10 [ 570.851502][ T1005] ? do_raw_spin_lock+0x12b/0x2f0 [ 570.851620][ T1005] worker_thread+0xb46/0x1140 [ 570.851788][ T1005] kthread+0x388/0x470 [ 570.851850][ T1005] ? __pfx_worker_thread+0x10/0x10 [ 570.851921][ T1005] ? __pfx_kthread+0x10/0x10 [ 570.851983][ T1005] ret_from_fork+0x51e/0xb90 [ 570.852069][ T1005] ? __pfx_ret_from_fork+0x10/0x10 [ 570.852136][ T1005] ? __switch_to+0xc7d/0x1450 [ 570.852219][ T1005] ? __pfx_kthread+0x10/0x10 [ 570.852282][ T1005] ret_from_fork_asm+0x1a/0x30 [ 570.852412][ T1005] [ 570.893068][ T1005] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 570.997326][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.211667][ T9] usb 2-1: config 0 descriptor?? [ 571.383410][T18851] loop4: detected capacity change from 0 to 256 [ 571.415090][ T9] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 571.448810][T18851] FAT-fs (loop4): Directory bread(block 64) failed [ 571.456849][T18851] FAT-fs (loop4): Directory bread(block 65) failed [ 571.473872][T18851] FAT-fs (loop4): Directory bread(block 66) failed [ 571.497343][T18851] FAT-fs (loop4): Directory bread(block 67) failed [ 571.504123][T18851] FAT-fs (loop4): Directory bread(block 68) failed [ 571.523746][T18851] FAT-fs (loop4): Directory bread(block 69) failed [ 571.543555][T18851] FAT-fs (loop4): Directory bread(block 70) failed [ 571.550150][T18851] FAT-fs (loop4): Directory bread(block 71) failed [ 571.583375][T18851] FAT-fs (loop4): Directory bread(block 72) failed [ 571.602467][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 571.612854][T18851] FAT-fs (loop4): Directory bread(block 73) failed [ 571.656624][T18851] vfat filesystem being mounted at /1083/bus supports timestamps until 2107-12-31 (0x10391447e) [ 571.673995][ T9] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 571.700894][ T9] [drm] Initialized udl on minor 2 [ 571.729717][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 571.763852][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 571.773617][ T5897] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 571.800548][ T5897] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 571.818719][ T9] usb 2-1: USB disconnect, device number 82 [ 571.851575][ T5897] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 572.148034][T18847] loop0: detected capacity change from 0 to 32768 [ 572.268152][T18847] jfs filesystem being mounted at /1118/file0 supports timestamps until 2106-02-07 (0xffffffff) [ 572.348629][T18847] ERROR: (device loop0): dbAllocAG: unable to allocate blocks [ 572.348629][T18847] [ 572.440317][T18867] [U] ^R [ 573.072192][T18897] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5613'. [ 573.238639][T18904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5617'. [ 573.957351][T18935] netlink: 'syz.0.5632': attribute type 1 has an invalid length. [ 574.089652][T18941] loop2: detected capacity change from 0 to 64 [ 574.117315][T18941] minix filesystem being mounted at /1154/file2 supports timestamps until 2106-02-07 (0xffffffff) [ 574.165878][T18941] Trying to free block not in datazone [ 574.413233][T18914] loop3: detected capacity change from 0 to 32768 [ 574.477797][T18914] jfs filesystem being mounted at /1098/file1 supports timestamps until 2106-02-07 (0xffffffff) [ 574.537015][T18914] ERROR: (device loop3): diAllocBit: iag inconsistent [ 574.537015][T18914] [ 574.549445][T18956] netlink: 'syz.1.5642': attribute type 6 has an invalid length. [ 574.595651][T18914] ialloc: diAlloc returned -5! [ 575.062507][ T29] audit: type=1400 audit(3917539711.265:103): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18972 comm="syz.2.5652" [ 575.178963][T18978] loop4: detected capacity change from 0 to 1024 [ 575.196568][T18978] hfsplus: unable to change nls mapping [ 575.634789][ T5883] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 575.805884][ T5883] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 575.845514][ T5883] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 575.874770][ T5883] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 575.901017][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 575.920028][ T5883] usb 4-1: SerialNumber: syz [ 575.936681][T19004] veth3: entered promiscuous mode [ 575.953452][T19004] veth3: entered allmulticast mode [ 576.013616][T19007] loop0: detected capacity change from 0 to 8192 [ 576.064981][T19007] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 576.079203][T19007] vfat filesystem being mounted at /1134/file2 supports timestamps until 2107-12-31 (0x10391447e) [ 576.141836][T19007] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 576.167564][T19007] FAT-fs (loop0): Filesystem has been set read-only [ 576.174989][ T5883] usb 4-1: invalid UAC_HEADER (v1) [ 576.363748][ T5883] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 576.407911][ T5883] usb 4-1: USB disconnect, device number 89 [ 576.574842][ T5955] udevd[5955]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 576.687372][T19028] loop1: detected capacity change from 0 to 1024 [ 577.075255][T19046] netlink: 'syz.3.5687': attribute type 1 has an invalid length. [ 577.098694][T19046] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5687'. [ 577.144321][T19046] netlink: 658 bytes leftover after parsing attributes in process `syz.3.5687'. [ 577.195381][T19046] netlink: 1 bytes leftover after parsing attributes in process `syz.3.5687'. [ 577.305303][T19054] loop0: detected capacity change from 0 to 16 [ 577.366065][T19054] erofs (device loop0): mounted with root inode @ nid 36. [ 577.467749][ T5840] erofs (device loop0): failed to decompress (lz4) corrupted compressed data @ pa 4096 size 4096 => 9000 [ 577.501876][T19054] erofs (device loop0): failed to decompress (lz4) unexpected end of stream @ pa 4096 size 4096 => 8192 [ 577.600834][T19054] erofs (device loop0): read error -117 @ 1 of nid 89 [ 577.631040][ T29] audit: type=1800 audit(3917539714.011:104): pid=19054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5691" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 577.880884][T19079] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 578.105933][T19090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5708'. [ 578.631743][T19116] netlink: 'syz.2.5722': attribute type 1 has an invalid length. [ 578.639899][T19116] netlink: 228 bytes leftover after parsing attributes in process `syz.2.5722'. [ 578.721554][ T9] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 578.845432][ T5897] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 578.910516][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 578.932470][ T9] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 578.952241][ T9] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 578.965988][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 578.978477][ T9] usb 4-1: config 0 has no interface number 0 [ 578.987537][ T9] usb 4-1: config 0 interface 104 altsetting 0 endpoint 0x8 has an invalid bInterval 48, changing to 9 [ 578.999506][ T9] usb 4-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid maxpacket 8240, setting to 1024 [ 579.010863][ T5897] usb 5-1: Using ep0 maxpacket: 32 [ 579.017234][ T9] usb 4-1: config 0 interface 104 has no altsetting 1 [ 579.026499][ T5897] usb 5-1: config 4 has an invalid interface number: 128 but max is 0 [ 579.035786][ T5897] usb 5-1: config 4 has no interface number 0 [ 579.042338][ T5897] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 579.054468][ T5897] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 579.081130][ T9] usb 4-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 579.100272][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.108434][ T5897] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 579.127249][ T9] usb 4-1: Product: syz [ 579.132470][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.141107][ T9] usb 4-1: Manufacturer: syz [ 579.158156][ T9] usb 4-1: SerialNumber: syz [ 579.180310][ T9] usb 4-1: config 0 descriptor?? [ 579.197215][ T9] asix 4-1:0.104: probe with driver asix failed with error -22 [ 579.217664][ T5897] hub 5-1:4.128: USB hub found [ 579.389458][ T9] usb 4-1: USB disconnect, device number 90 [ 579.410099][ T5897] hub 5-1:4.128: 2 ports detected [ 579.415237][ T5897] hub 5-1:4.128: Using single TT (err -22) [ 579.606693][ T5897] hub 5-1:4.128: hub_hub_status failed (err = -71) [ 579.613868][ T5897] hub 5-1:4.128: config failed, can't get hub status (err -71) [ 579.690553][ T5897] usb 5-1: USB disconnect, device number 89 [ 580.257582][T19173] loop2: detected capacity change from 0 to 256 [ 580.341337][T19173] FAT-fs (loop2): Directory bread(block 64) failed [ 580.350308][T19173] FAT-fs (loop2): Directory bread(block 65) failed [ 580.372219][T19173] FAT-fs (loop2): Directory bread(block 66) failed [ 580.378824][T19173] FAT-fs (loop2): Directory bread(block 67) failed [ 580.417873][T19173] FAT-fs (loop2): Directory bread(block 68) failed [ 580.450475][T19173] FAT-fs (loop2): Directory bread(block 69) failed [ 580.473153][T19173] FAT-fs (loop2): Directory bread(block 70) failed [ 580.479974][T19173] FAT-fs (loop2): Directory bread(block 71) failed [ 580.510262][T19173] FAT-fs (loop2): Directory bread(block 72) failed [ 580.516875][T19173] FAT-fs (loop2): Directory bread(block 73) failed [ 580.568571][ T794] usb 5-1: new low-speed USB device number 90 using dummy_hcd [ 580.576852][T19173] vfat filesystem being mounted at /1186/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 580.756453][ T794] usb 5-1: unable to get BOS descriptor or descriptor too short [ 580.798989][ T794] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1023, setting to 8 [ 580.847590][ T794] usb 5-1: config 1 interface 0 has no altsetting 0 [ 580.877197][ T794] usb 5-1: string descriptor 0 read error: -22 [ 580.891769][ T794] usb 5-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice= 0.40 [ 580.923063][ T794] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.953516][T19176] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 581.036336][ T794] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input41 [ 581.209829][ T5175] bcm5974 5-1:1.0: could not read from device [ 581.257562][ T5175] bcm5974 5-1:1.0: could not read from device [ 581.264174][ T794] usb 5-1: USB disconnect, device number 90 [ 581.276455][ T5175] bcm5974 5-1:1.0: could not read from device [ 581.443344][T19215] loop3: detected capacity change from 0 to 1024 [ 581.567480][T19217] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 581.691709][T19219] netlink: 204 bytes leftover after parsing attributes in process `syz.3.5773'. [ 581.731244][T19219] netlink: 204 bytes leftover after parsing attributes in process `syz.3.5773'. [ 582.042649][T19211] loop2: detected capacity change from 0 to 32768 [ 582.073219][T19211] (syz.2.5769,19211,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 582.087126][T19234] loop1: detected capacity change from 0 to 128 [ 582.125409][T19211] (syz.2.5769,19211,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 582.134714][T19237] loop0: detected capacity change from 0 to 256 [ 582.169623][T19234] msdos filesystem being remounted at /1194/file1 supports timestamps until 2107-12-31 (0x10391447e) [ 582.194856][T19237] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 582.221469][T19237] exfat filesystem being mounted at /1155/file0 supports timestamps until 2107-12-31 (0x10391447f) [ 582.245328][T19211] JBD2: Ignoring recovery information on journal [ 582.384137][T19211] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 582.457210][T19247] loop1: detected capacity change from 0 to 8 [ 582.483864][T19248] dlm: no locking on control device [ 582.497141][T19247] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 582.560060][T19211] [ 582.562490][T19211] ====================================================== [ 582.569633][T19211] WARNING: possible circular locking dependency detected [ 582.576709][T19211] syzkaller #0 Not tainted [ 582.581162][T19211] ------------------------------------------------------ [ 582.588203][T19211] syz.2.5769/19211 is trying to acquire lock: [ 582.594300][T19211] ffff88806afd09c0 (&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_lock_global_qf+0x1da/0x290 [ 582.606870][T19211] [ 582.606870][T19211] but task is already holding lock: [ 582.614253][T19211] ffff888020b524e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x3ab/0x700 [ 582.624605][T19211] [ 582.624605][T19211] which lock already depends on the new lock. [ 582.624605][T19211] [ 582.635035][T19211] [ 582.635035][T19211] the existing dependency chain (in reverse order) is: [ 582.644072][T19211] [ 582.644072][T19211] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 582.652622][T19211] down_read+0x47/0x2e0 [ 582.657333][T19211] ocfs2_start_trans+0x3ab/0x700 [ 582.662826][T19211] ocfs2_modify_bh+0xe3/0x4d0 [ 582.668046][T19211] ocfs2_local_read_info+0x1454/0x1810 [ 582.674221][T19211] dquot_load_quota_sb+0x791/0xbd0 [ 582.679877][T19211] dquot_load_quota_inode+0x2e1/0x5d0 [ 582.685793][T19211] ocfs2_enable_quotas+0x1c8/0x4a0 [ 582.691531][T19211] ocfs2_fill_super+0x5305/0x6900 [ 582.697097][T19211] get_tree_bdev_flags+0x431/0x4f0 [ 582.702746][T19211] vfs_get_tree+0x92/0x2a0 [ 582.707744][T19211] do_new_mount+0x341/0xd30 [ 582.712815][T19211] __se_sys_mount+0x31d/0x420 [ 582.718062][T19211] do_syscall_64+0x14d/0xf80 [ 582.723217][T19211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.729660][T19211] [ 582.729660][T19211] -> #2 (sb_internal#2){.+.+}-{0:0}: [ 582.737162][T19211] ocfs2_start_trans+0x2ac/0x700 [ 582.742655][T19211] ocfs2_write_info+0x118/0x360 [ 582.748057][T19211] quota_setinfo+0x316/0x320 [ 582.753193][T19211] __se_sys_quotactl+0x2cd/0x9e0 [ 582.758697][T19211] do_syscall_64+0x14d/0xf80 [ 582.763834][T19211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.770354][T19211] [ 582.770354][T19211] -> #1 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}: [ 582.779268][T19211] down_write+0x96/0x200 [ 582.784158][T19211] ocfs2_lock_global_qf+0x201/0x290 [ 582.789908][T19211] ocfs2_write_info+0xd1/0x360 [ 582.795218][T19211] quota_setinfo+0x316/0x320 [ 582.800362][T19211] __se_sys_quotactl+0x2cd/0x9e0 [ 582.805854][T19211] do_syscall_64+0x14d/0xf80 [ 582.810995][T19211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.817449][T19211] [ 582.817449][T19211] -> #0 (&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}: [ 582.828020][T19211] __lock_acquire+0x15a5/0x2cf0 [ 582.833437][T19211] lock_acquire+0xf0/0x2e0 [ 582.838440][T19211] down_write+0x96/0x200 [ 582.843241][T19211] ocfs2_lock_global_qf+0x1da/0x290 [ 582.848990][T19211] ocfs2_acquire_dquot+0x3fa/0xb30 [ 582.854659][T19211] dqget+0x7b1/0xf10 [ 582.859110][T19211] __dquot_initialize+0x3ba/0xd30 [ 582.864762][T19211] ocfs2_get_init_inode+0x147/0x1c0 [ 582.870505][T19211] ocfs2_mknod+0xa67/0x2290 [ 582.875565][T19211] ocfs2_mkdir+0x181/0x490 [ 582.880549][T19211] vfs_mkdir+0x413/0x630 [ 582.885358][T19211] filename_mkdirat+0x285/0x510 [ 582.890749][T19211] __se_sys_mkdirat+0x35/0x150 [ 582.896055][T19211] do_syscall_64+0x14d/0xf80 [ 582.901201][T19211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.907647][T19211] [ 582.907647][T19211] other info that might help us debug this: [ 582.907647][T19211] [ 582.917951][T19211] Chain exists of: [ 582.917951][T19211] &ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE] --> sb_internal#2 --> &journal->j_trans_barrier [ 582.917951][T19211] [ 582.934604][T19211] Possible unsafe locking scenario: [ 582.934604][T19211] [ 582.942088][T19211] CPU0 CPU1 [ 582.947471][T19211] ---- ---- [ 582.952862][T19211] rlock(&journal->j_trans_barrier); [ 582.958254][T19211] lock(sb_internal#2); [ 582.965039][T19211] lock(&journal->j_trans_barrier); [ 582.972866][T19211] lock(&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]); [ 582.980256][T19211] [ 582.980256][T19211] *** DEADLOCK *** [ 582.980256][T19211] [ 582.988585][T19211] 7 locks held by syz.2.5769/19211: [ 582.993792][T19211] #0: ffff888030e76420 (sb_writers#28){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 583.003055][T19211] #1: ffff88806afd5f40 (&type->i_mutex_dir_key#21/1){+.+.}-{4:4}, at: filename_create+0x200/0x370 [ 583.013808][T19211] #2: ffff888057fda640 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x16a/0x4940 [ 583.027639][T19211] #3: ffff888023bfb6a8 (&dquot->dq_lock){+.+.}-{4:4}, at: ocfs2_acquire_dquot+0x271/0xb30 [ 583.037695][T19211] #4: ffff888030e76610 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x3d5/0xb30 [ 583.047568][T19211] #5: ffff888020b524e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x3ab/0x700 [ 583.058306][T19211] #6: ffff888044f08950 (jbd2_handle#2){.+.+}-{0:0}, at: start_this_handle+0x2054/0x2290 [ 583.068179][T19211] [ 583.068179][T19211] stack backtrace: [ 583.074084][T19211] CPU: 0 UID: 0 PID: 19211 Comm: syz.2.5769 Not tainted syzkaller #0 PREEMPT(full) [ 583.074106][T19211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 583.074117][T19211] Call Trace: [ 583.074126][T19211] [ 583.074134][T19211] dump_stack_lvl+0xe8/0x150 [ 583.074161][T19211] print_circular_bug+0x2e1/0x300 [ 583.074192][T19211] check_noncircular+0x12e/0x150 [ 583.074221][T19211] __lock_acquire+0x15a5/0x2cf0 [ 583.074254][T19211] lock_acquire+0xf0/0x2e0 [ 583.074275][T19211] ? ocfs2_lock_global_qf+0x1da/0x290 [ 583.074303][T19211] down_write+0x96/0x200 [ 583.074326][T19211] ? ocfs2_lock_global_qf+0x1da/0x290 [ 583.074347][T19211] ? __pfx_down_write+0x10/0x10 [ 583.074368][T19211] ? preempt_schedule_thunk+0x16/0x30 [ 583.074389][T19211] ocfs2_lock_global_qf+0x1da/0x290 [ 583.074413][T19211] ? __pfx_ocfs2_lock_global_qf+0x10/0x10 [ 583.074435][T19211] ? dqget+0x732/0xf10 [ 583.074453][T19211] ocfs2_acquire_dquot+0x3fa/0xb30 [ 583.074479][T19211] ? __pfx_ocfs2_acquire_dquot+0x10/0x10 [ 583.074507][T19211] dqget+0x7b1/0xf10 [ 583.074525][T19211] __dquot_initialize+0x3ba/0xd30 [ 583.074553][T19211] ? __pfx___dquot_initialize+0x10/0x10 [ 583.074570][T19211] ? do_raw_spin_unlock+0xf5/0x210 [ 583.074587][T19211] ? from_vfsgid+0x72/0xa0 [ 583.074606][T19211] ? inode_init_owner+0x1ed/0x390 [ 583.074625][T19211] ocfs2_get_init_inode+0x147/0x1c0 [ 583.074645][T19211] ? __pfx_ocfs2_get_init_inode+0x10/0x10 [ 583.074668][T19211] ocfs2_mknod+0xa67/0x2290 [ 583.074687][T19211] ? kasan_save_track+0x4f/0x80 [ 583.074703][T19211] ? kfree+0x1c1/0x630 [ 583.074727][T19211] ? tomoyo_path_number_perm+0x501/0x630 [ 583.074752][T19211] ? __pfx_ocfs2_mknod+0x10/0x10 [ 583.074773][T19211] ? do_raw_spin_unlock+0xf5/0x210 [ 583.074791][T19211] ? _raw_spin_unlock+0x28/0x50 [ 583.074806][T19211] ? ocfs2_inode_lock_full_nested+0xaec/0x1bd0 [ 583.074831][T19211] ? __lock_acquire+0x6b5/0x2cf0 [ 583.074855][T19211] ? kasan_quarantine_put+0xbb/0x1f0 [ 583.074886][T19211] ? __lock_acquire+0x6b5/0x2cf0 [ 583.074912][T19211] ? do_raw_spin_unlock+0xf5/0x210 [ 583.074932][T19211] ? do_raw_spin_lock+0x12b/0x2f0 [ 583.074953][T19211] ? do_raw_spin_unlock+0xf5/0x210 [ 583.074972][T19211] ? put_pid+0xe9/0x130 [ 583.075000][T19211] ocfs2_mkdir+0x181/0x490 [ 583.075019][T19211] ? __pfx_from_kgid+0x10/0x10 [ 583.075045][T19211] ? __pfx_ocfs2_mkdir+0x10/0x10 [ 583.075066][T19211] ? inode_permission+0x346/0x5f0 [ 583.075088][T19211] ? bpf_lsm_inode_mkdir+0x9/0x20 [ 583.075107][T19211] vfs_mkdir+0x413/0x630 [ 583.075128][T19211] filename_mkdirat+0x285/0x510 [ 583.075149][T19211] ? __pfx_filename_mkdirat+0x10/0x10 [ 583.075170][T19211] ? do_getname+0x151/0x250 [ 583.075191][T19211] __se_sys_mkdirat+0x35/0x150 [ 583.075211][T19211] do_syscall_64+0x14d/0xf80 [ 583.075230][T19211] ? trace_irq_disable+0x3b/0x150 [ 583.075256][T19211] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.075274][T19211] ? clear_bhb_loop+0x40/0x90 [ 583.075295][T19211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.075326][T19211] RIP: 0033:0x7f7767199d97 [ 583.075345][T19211] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 583.075361][T19211] RSP: 002b:00007f7767f83e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 583.075379][T19211] RAX: ffffffffffffffda RBX: 00007f7767f83ee0 RCX: 00007f7767199d97 [ 583.075393][T19211] RDX: 00000000000001ff RSI: 0000200000000280 RDI: 00000000ffffff9c [ 583.075405][T19211] RBP: 0000000000000000 R08: 0000200000000000 R09: 0000000000000000 [ 583.075415][T19211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000280 [ 583.075427][T19211] R13: 00007f7767f83ea0 R14: 0000000000000000 R15: 0000000000000000 [ 583.075445][T19211] [ 583.454997][ T7459] udevd[7459]: incorrect cramfs checksum on /dev/loop1 [ 583.473054][ T5955] udevd[5955]: incorrect cramfs checksum on /dev/loop1 [ 583.508310][T19211] (syz.2.5769,19211,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xe37077ba. Applying ECC. [ 583.545766][T19211] (syz.2.5769,19211,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0xe37077ba [ 583.560927][T19211] (syz.2.5769,19211,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 583.571115][T19211] (syz.2.5769,19211,0):ocfs2_quota_read:201 ERROR: status = -5 [ 583.580599][T19211] Quota error (device loop2): find_block_dqentry: Can't read quota tree block 6 [ 583.590275][T19211] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 583.600424][T19211] (syz.2.5769,19211,0):ocfs2_acquire_dquot:895 ERROR: status = -5 [ 583.608759][T19211] (syz.2.5769,19211,0):ocfs2_mknod:318 ERROR: status = -5 [ 583.616242][T19211] (syz.2.5769,19211,0):ocfs2_mknod:506 ERROR: status = -5 [ 583.623729][T19211] (syz.2.5769,19211,0):ocfs2_mkdir:662 ERROR: status = -5 [ 583.674133][ T5821] ocfs2: Unmounting device (7,2) on (node local)